TWINKLE, which stands for 'The Weizman INstitute Key Locating Engine', was developed by famous computer scientist Adi Shamir. Shamir's device, if built, could greatly speed up the process of finding a 512 bit RSA key, the standard length for 95% of the ecommerce applications used on the internet today. One TWINKLE device can theoretically equal the equivalent of 100 to 1000 personal computers working simultaneously on factoring the large numbers necessary to find the RSA key. This would make a 512 bit key attempt take only a matter of days, as opposed from the weeks that most systems require.

The RSA system is based on the public key cryptography system, in which the security of the system is leveraged in the mathematical fact that it is difficult to find two prime factors of another number. Factoring the large numbers can take a good deal of time and computer processor usage. TWINKLE works by moving away from traditional electronic computer design and using optoelectronics instead. With some brilliant system design, the TWINKLE device uses the unique characteristics of the optoelectronics to speed up the factoring process.

The device consists primarily of a several thousand light emitting diodes spread over a small circular wafer several inches in diameter. The device would run around 10 Ghz and light 100,000 tiny LEDs at very precise times. A special photoreceptor would read the intensity of the combined LEDs. Each LEDs state (flashing or not) would be determined by a special sieving algorithm. Although there are several engineering difficulties that must be overcome before the device would work, it's theoretically quite possible. So, has RSA been cracked for good for the TWINKLE?

When the TWINKLE device premiered at EuroCrypt 99 in September, a lot of attention was given to TWINKLE because of its capability of cracking 95% of the ecommerce cryptography in use today in a matter of hours or days. However, by the time a TWINKLE device could be built, 95% of the ecommerce applications could be secured.

RSA public key cryptography supports variable key length, which means that the number that must be factored can change. Larger number provides more security, but also a bit more time in the encoding/deciphering process. Until the TWINKLE device, 512 bit keys were deemed adequate for security. Special systems build for cracking public key cryptography has not achieved a 512 bit key breakdown, with lesser key lengths taking weeks. However, with the prospect of 512 bit keys being compromised in a matter of hours with TWINKLE, clearly a larger key size should be used. If companies take heed to RSA Data Securities advisement in May that the minimum key length should be increase to 768 bit and 1024 bit then the TWINKLE device will become ineffective (It would not be able to crack a 768 bit key for several months).

The most amazing part of the entire story is that the inventor of the TWINKLE device, Adi Shamir, was the co inventor of the RSA (Shamir is the 'S') public key algorithm and has created the most dangerous weapon against it.

Of course, TWINKLE wasn't the only paper presented at the CHES conference. Some focused on the reoccurring problem of creating truly random numbers with some unique techniques. Two discussed technologies more applicable to current technology such as smart card systems that could be the next biggest step in consumer cryptography in the 21st century.

In addition to the technical knowledge we learned at the conference, the authors also realized that cryptologists are very nice people, too. We were allowed to attend the speeches and lectures for free even though the conference was completely booked. Everyone was nice to us and seemed to be interested in what some teenagers were doing at a conference about such esoteric topics of hardware crypto. And the most surprising aspect of the conference: the humor. A lot of the speeches were lightened up by a good deal of dry, Dilbert-ish humor, that to the shock of these authors was often very funny.