RSA Laboratories is pleased to announce the establishment of a series
of new cryptographic contests. The goal of the contests described here
is to quantify the security offered by the government-endorsed data
encryption standard (DES) and other secret-key ciphers with keys of
various sizes. The information obtained from these contests is
anticipated to be of value to researchers and developers alike as they
estimate the strength of an algorithm or application against
It is widely agreed that 56-bit keys, such as those offered by the government's DES standard, offer marginal protection against a committed adversary. By inertia as much as anything else, however, DES is still used for many applications.
Theoretical studies have been performed showing that it is possible to build for a modest sum a specialized computer "DES cracker" that could crack keys in mere hours by exhaustive search. However, no one is known to have built such a machine in the private sector, and it is generally unknown whether or not one has been built by any government, either.
The successful factorizations achieved as part of the RSA Factoring Challenge (launched by RSA Data Security, Inc. in 1991) show that for some types of problems, it is possible to recruit spare cycles on a large number of machines distributed around the Internet.
Therefore, by offering a suitable incentive, it might well be possible to recruit sufficient computational power across the Internet to exhaustively search the DES keyspace (or the keyspace of a cipher with a comparable keysize) in a matter of weeks.
The RSA Secret-Key Challenge consists of one DES challenge and twelve contests based around the block cipher RC5. DES has a fixed key of length 56 bits, and the ciphertext produced by DES-encrypting some unknown plaintext will be posted as part of the DES challenge.
RC5 is a fully parameterized block cipher, and twelve RC5 contests will be posted. As well as having a variable key size, RC5 also has a variable block size and a variable number of rounds; however, all the RC5 contests posted as part of the RSA Secret-Key Challenge will use 12-round RC5 with a 32-bit word size.
The different RC5 contests will involve secret keys of different lengths. The first RC5 contest will consist of some unknown plaintext encrypted using a 40-bit key; the second will consist of some unknown plaintext encrypted using a 48-bit key; and so forth to the twelfth contest, which will consist of some unknown plaintext message encrypted using a 128-bit key.
For each contest, the unknown plaintext message is preceded by three known blocks of text that contain the 24-character phrase "The unknown message is: ". While the mystery text that follows will clearly be known to a few employees of RSA Security, the secret key itself used for the encryption was generated at random and never revealed to the challenge administrators. The goal of each contest is for participants to recover the secret randomly-generated key that was used in the encryption.
In addition to the "real" contests, thirteen "pseudo-contests" will be posted. These pseudo-contests have no prizes attached to them and the solutions to each pseudo-contest is not secret. The pseudo-contests are only supplied so that contest participants can test out their software in a "contest" scenario with a known solution. RSA Security requests that participants not submit solutions to the practice contests, except possibly to test out the formatting of output produced by their software.
Bedford, MA, Thursday, September 26, 2002 — RSA Laboratories, the
research center of RSA Security Inc. (Nasdaq: RSAS), the most trusted
name in e-security®, today announced that a coordinated team of
computer programmers and enthusiasts, known as distributed.net, has
solved the RC5-64 Secret-Key Challenge. |
The distributed.net team solved the challenge in approximately four years, using 331,252 volunteers and their machines. Distributed.net receives a cash prize of $10,000 for solving the challenge. Established in 1997, RSA Laboratories’ Secret-Key Challenge is offered to quantify the strength of symmetric encryption algorithms such as DES and the RC5® algorithm with various key sizes.
By sponsoring an actual contest, RSA Laboratories helps the industry confirm theoretical estimates, and through this constant evaluation, vendors are motivated to continue to improve their security solutions. The distributed.net consortium utilized the idle time of computers throughout the world to search through the list of all possible 64-bit keys for RSA Security’s RC5 algorithm to find the one secret key selected at random by RSA Laboratories that decrypts a given message correctly.
RSA Laboratories sponsors a series of cryptographic challenges that allow individuals or groups to attempt to solve various encryption “puzzles” for cash prizes. The RC5-64 Challenge is one of a series of contests held to determine the difficulty of finding a symmetric encryption key by exhaustive search (trial-and-error). Previous contests include the DES Challenge, the RC5-40 Challenge and the RC5-56 Challenge.
“We’re very appreciative of all the volunteers who offered their time and computer’s idle processing time to help solve this challenge,” said David McNett, distributed.net co-founder and president. “We have once again shown how collective computing power can be applied to security technology with ordinary PC’s. We look forward to future RSA Laboratories-sponsored challenges that will assist in helping the cryptographic community gauge the strength of an algorithm or application against exhaustive key search.”
“RSA Security congratulates the distributed.net team in solving the RC5-64 Secret-Key Challenge,” said Burt Kaliski, chief scientist at RSA Laboratories. “We appreciate the persistence of distributed.net and the many individuals involved in completing the search for this one key. Their work helps the industry confirm how much work is involved to search exhaustively for a key — and how a huge volume of computing time can be harnessed. The various challenges we sponsor are very useful for tracking the state of cryptographic achievements and helping ensure that organizations are maintaining the highest levels of security to protect their most critical data assets.”