Mathematical Solution Might Undermine Data Encryption
Sep 7, 2004 9:56 AM PT
Eyeing a million-dollar prize, a mathematician claims to have made progress in solving a 150-year-old riddle. The solution to the problem could render secure payments and other sensitive Internet transactions vulnerable.
A Purdue University professor has begun to publish what he claims is a proof of the Riemann hypothesis. The hypothesis, which dates from 1859, attempts to show that there in fact are connections in apparently random sets of prime numbers, which are heavily used in developing cryptographic code.
If true, the solution could undermine Internet security by making predictable and solvable random data encryption. Encryption has been the backbone of secure Web transactions from the earliest days of e-commerce and also is used to secure e-mail and even stored data that contains corporate secrets or private information.
The professor, Louis de Branges, has posted his proof to his personal Web site, but has not yet moved forward with the process of publishing the paper. Other researchers have expressed skepticism about the proof and say that because of its enormous complexity, it could be some time before his peers can say if it holds up to scrutiny.
Pursuing Fame, Fortune
De Branges and others have redoubled efforts to solve Riemann since the Clay Mathematics Institute in Cambridge, Massachusetts, launched the Millennium Prize Problems in 2000, promising to award US$1 million to researchers who could solve any of seven long-standing math puzzles.
Jim Carlson, president of the Institute, told the E-Commerce Times that it's difficult to predict what the practical implications of the solution of the Riemann hypothesis might be, just as no one imagined that random number theory would give rise to Internet security technologies.
"No one would have ever guessed that number theory would be the key to strong cryptography, which the Internet could essentially not function without -- it was a totally unexpected development," Carlson said. "I expect that if some practical spin-off arises from solving Riemann, we can't yet predict what it might be."
Carlson said it will be some time before the potential solution can be considered for one of the Millennium prizes because publication in a peer-reviewed journal and then a two-year waiting period are part of the process for obtaining the cash award.
The Riemann riddle is one of seven Millennium problems the Clay Institute announced in 2000. The institute said it hoped the prizes would heighten public awareness of the importance of mathematics.
In addition to the cryptography riddle, a Russian researcher is believed to be very close to solving another conundrum, known as the Poincaré conjecture, which deals with the shape, or topology, of space and time.
Carlson said Russian researcher Grigori Perelman has now published three papers on Poincaré to Arxiv.org, which is heavily used by theoretical researchers as a preliminary proofing ground for research they intend to publish. "It's looking very interesting, but we don't know for sure yet," Carlson said.
Some scientists believe Perelman might not take the next step, however, because the reclusive mathematician has said he would not pursue formal publication.
Least of Their Worries
Meanwhile, the solution of the Riemann hypothesis could spell disaster if it enables hackers to build algorithms that could unlock the seemingly random code behind even strong cryptography.
Still, most security experts say that is a long-term problem in an industry facing many more immediate threats.
Gartner research director Ray Wagner said recent flaws in encryption methodologies would take years of research to develop and exploit for, something hackers are less likely to do while other security flaws are easier to take advantage of.
"Encryption is seen as a powerful tool, but even it needs to be constantly updated and improved upon if it is going to remain viable in the long run," Wagner told the E-Commerce Times.
"This is one area where we can stay ahead of the thieves," said Alan Canton, president of security consulting and software firm Adams-Blake Company. "It does not take nearly as long to come up with a new code or encryption methodology as it does to crack it."
"No matter what happens," he added, "it will always be safer to enter your credit card in an e-commerce transaction than to give it to the waiter at the restaurant or to a mail-order company via phone."