Top Mathematics discussions
NishMath - #vulnerability
|
@medium.com
//
Google Quantum AI has published a study that dramatically lowers the estimated quantum resources needed to break RSA-2048, one of the most widely used encryption standards. The study, authored by Craig Gidney, indicates that RSA cracking may be possible with fewer qubits than previously estimated, potentially impacting digital security protocols used in secure web browsing, email encryption, VPNs, and blockchain systems. This breakthrough could significantly accelerate the timeline for "Q-Day," the point at which quantum computers can break modern encryption.
Previous estimates, including Gidney's 2019 study, suggested that cracking RSA-2048 would require around 20 million qubits and 8 hours of computation. However, the new analysis reveals it could be done in under a week using fewer than 1 million noisy qubits. This reduction in hardware requirements is attributed to several technical innovations, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes & sparse lookups. These improvements minimize the overhead in fault-tolerant quantum circuits, enabling better scaling. Google's researchers have discovered that, thanks to new error correction tricks and smarter algorithms, the encryption could be broken with under 1 million qubits and in less than a week, given favorable assumptions like a 0.1% gate error rate and a 1-microsecond gate time. This significantly faster encryption breaking capability, potentially 20x faster than previously anticipated, raises concerns about the security of Bitcoin wallets and other financial systems that rely on RSA encryption. The findings could potentially make Bitcoin wallets and financial systems vulnerable much sooner than expected.
Share:
References :
Classification:
@thecyberexpress.com
//
A critical security vulnerability has been discovered in OpenPGP.js, a widely used JavaScript library that implements the OpenPGP standard for email and data encryption. Tracked as CVE-2025-47934, the flaw allows attackers to spoof both signed and encrypted messages, effectively undermining the trust inherent in public key cryptography. Security researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that the vulnerability stems from the `openpgp.verify` and `openpgp.decrypt` functions, and it essentially undermines the core purpose of using public key cryptography to secure communications.
The vulnerability impacts versions 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0 of the OpenPGP.js library. According to an advisory posted on the library's GitHub repository, a maliciously modified message can be passed to one of these functions, and the function may return a result indicating a valid signature, even if the message has not been legitimately signed. This flaw affects both inline signed messages and signed-and-encrypted messages. The advisory also states that to spoof a message, an attacker needs a single valid message signature along with the plaintext data that was legitimately signed. They can then construct a fake message that appears legitimately signed. Users are strongly advised to upgrade to versions 5.11.3 or 6.1.1 as soon as possible to mitigate the risk. Versions 4.x are not affected by the vulnerability. While a full write-up and proof-of-concept exploit are expected to be released soon, the current advisory offers enough details to highlight the severity of the issue. The underlying problem is that OpenPGP.js trusts the signing process without properly verifying it, leaving users open to having signed and encrypted messages spoofed. This vulnerability allows message signature verification to be spoofed.
Share:
References :
Classification:
|
Blogs
|