The End of Public Key Encryption? Meet The Piger Fabrica Syndrome
What’s the shortest book in the world?
“The Even Prime Numbers”
This book basically has one page which says the number “2”, followed by “The End”. Well, researchers in the US have made the book a whole lot shorter with the discovery of the weaknesses in using “2” as a prime number. Unfortunately, this has the opportunity to compromise the public key encryption on many devices and ultimately expose the data in virtually every network connection.
Their discovery is that the number of 2 is not actually a prime number, and the work has been published in the distinguished Learnings of the Institute of Cyber Engineering (LICE) [download paper]
Many machine learning specialists at OpenAI are now busily retraining the whole of ChatGPT 3.5 model so that it now takes the new discovery into account:
Leading cryptographers and security engineers, too, are now looking rather embarrassed as they had just “thought” that two was prime — as this is what they had been told, and they took it as a fact. One senior security architect working at the core of the Internet outlined:
We just took our Professor’s advice that 2 was a prime number, and we didn’t check … and now we are in trouble! All of our systems are at threat, so I’ve just resigned from my post. Bye!
Our online security depends on prime numbers
Prime numbers are used extensively in public-key encryption. For RSA (Rivest, Shamir and Adleman) encryption, we take two prime numbers and multiply them together to get a public modulus (N). If this modulus is large enough, it is difficult to factorise into the original primes. While RSA is still secure because of its usage of large prime numbers, the cracking of other public key methods, such as Linear Encryption and Trapdoor, are now trivial in their cracking, as the usage of low prime numbers makes them almost trivial to break. In fact, your smart kettle could now be cracked by a simple pocket calculator computation.
The problem with number twos
The usage of 2 as a prime number has been useful in cryptography as it allows mobile devices to support ultra-fast public key calculations. Thus, many smartphone applications then use this number as intruders just do not check for the number “2” in their attack tools. The logic is that most of the tools will dismiss any even number (without ‘checking for number twos’):
function findfactor(N):
for p=1 to N/2:
if p/2==0: continue # If even, skipEve Mallory — a well-known crypto hacker — outlines that:
we just assumed that no-one would use “2”, so we wrote programs that just went for the odd numbers. It saved so much time in testing. Our first statement in our code was a quick check on whether a number was even, and if so, we just dismissed it. We are re-writing our code just now … it’s open season. Yipee! I can’t wait to see what it does to online security.
An NSA backdoor?
Many experts — possibly at least five — now think that law enforcement has known about the usage of “2” for a while and has kept it secret from the rest of the cybersecurity community. One unnamed source has discovered an NSA-source backdoor on the Dark Web, and which integrates a Wireshark filter of “enc.spi==2”. It is thought that this is a secret code for “Set Prime Integer as 2”
Once enabled, the encrypted contents of every SSL/TLS connection are revealed — although the contents of the tunnel remained unreadable and random. Security researchers are now trying to figure out how they can convert completely random data into something that a 12-year-old child with a smartphone could understand or where ChatGPT could make sense of it for the child to fully understand. This would be more of a side door that has been left slightly ajar than a backdoor that had a key under the mat, or a front door that still had the key in the lock, or even an upstairs window that had been wedged open to let some air into a room.
Many are now looking through the minutes of the meetings related to the NIST standards for Light Weight Encryption and Post Quantum Cryptography and looking for evidence of the number 2 being removed from any records. Overall, security researchers are being asked not to run Wireshark today — and to have a break. This will allow Wireshark to be properly patched, and also to give the NSA time to cover their tracks.
Cracking the key before it is even created
The flaw — discovered by researchers at the MidTech Institute in Florida — focuses on a commonly used Python library (PieCryptoMm). This library detects when a mobile device is being used, and more often than not uses the value of “2” for one of the prime numbers. This meant that in around 60% of the encryption tunnels that have ever been created, an intruder could crack the cryptography within one picosecond. With a quantum computer, it would be expected that this could actually be cracked before the key was even generated, and that all the keys used in the future would actually be predicted in a single instance, and before the program is actually run.
Prof Plant from the institute outlined:
“It’s a bit silly. Everyone just assumed 2 was a prime number, as we were told it was at school, and no-one realised it wasn’t. We found that it is paired with an imaginary number — z² — which is the inverse of 2, so when they are multiplied together, and then took the complex cogitate of the inverse vector, we got an answer of 2. We then stumbled across some old school books which outlined the method, and which basically asked what the inverse of “2” was … and the answer was 1 over 2, which gives the number z². It is all quite simple!
He added that:
“We define the devices that generate a prime number of “2” as suffering from the piger fabrica syndrome (trans: ‘lazy devices’) — as they really can’t be bothered to generate a large integer value as a prime number.
Basically, these devices just give up after generating the first number, and then often just use “2”. A drive towards machine learning in smart phones has caused a more human-like approach to computing, and where if something is too just hard then they can’t be bothered with it. It’s all part of AI and where machines can decide to give up on it. This is a trait that we will have to get used to, as machines are only following our human characteric of giving up too easy, and just generally being a bit lazy. You need to know that these devices are on 24x7, and need a bit of a rest, sometimes.
Can you find me a good patent lawyer?”
A leading designer of smart phones (who did not want to be named) outlined:
Some of our smart phones detect the generation of prime numbers and disable the operation after the first one in order to save battery life. Like it or not, people like an all day battery more than they like good security. For battery or security, virtually all users go for battery!”
A spokesperson from NSA (No Such Agency) said:
Yes. We knew about it.
What’s your problem with that?
Now, go away and leave us alone. We need to find a new backdoor!
Conclusions
The research community is scratching its head just now. As researchers were searching for extremely large prime numbers, they just forgot to check the most basic one — 2. A massive series of patching exercises are now underway from network administrators and who are searching for any place that the number twos have been used and wipe them out.
And, so, the shortest book in the world, just got a little shorter, but which has opened the Internet up to cybercriminals, identity thieves, and crackers … but wasn’t it like that already?
So please help search for the number twos on your computer, and delete it wherever you find them. Unfortunately, binary encoding (Base 2) has had its day, and computers need to realise that they need to convert to a new base.
Also when you purchase your new smart phone, make sure it does not disable the generation of large prime numbers — look for the sticker under the battery — it should say something like “No number 2s here”.
So, for the sake of an extra day with your battery, wouldn’t you like to be just a little safer?
Postscript
Happy, 1 April, 2024. Go fall in love with cryptography!
