Prime numbers might just have lost their mystery – and online security could change forever.
At a basic level, prime numbers are relatively simple to understand. They can only be divided by themselves and the number ‘1’: so 3, 5, or 97, for instance. But they’re much more complex than they look – and that makes them crucial in cryptography.
This is down to their unpredictable nature. We know prime numbers when we see them, but we can’t easily tell where they might appear in a sequence. Importantly, while it’s easy to multiply two large prime numbers together, it’s difficult to pick apart the prime numbers that were used in that equation.
In other words, they’re extremely hard to factorize, meaning any attempts to break the cryptography would involve huge amounts of time and difficulty. That all changes if prime numbers are in fact predictable – and new research claims to have cracked the code.
Periodic Table of Primes
The research was developed by Han-Lin Li and Way Kuo from the City University of Hong Kong and Shu-Cherng Fang from North Carolina State University. They believe they have “devised a way to accurately and swiftly predict when prime numbers will appear”, according to Kuo.
The research focuses on a Periodic Table of Primes (PTP). The periodic table is built on 48 natural numbers between 11 and 211 which do not contain factors of 2, 3, 5 and 7. According to the paper, these 48 numbers are the roots for generating all primes and composites without those four factors.
By using these 48 roots as the ‘genes’ of primes, “we can easily find the next prime of any given prime number and identify the next pair of twin primes,” the paper states. “No primes, twin primes, or primes-related issues can ever surface if such issues are not rooted to the 48 integers. After all, prime numbers are not as random as many believe.”
What does this mean for cryptography? Algorithms like RSA are built upon the sheer difficulty of factoring integers. However, the grid developed through PTP would make it far easier to locate prime numbers in a sequence, or to work out the biggest possible gap between primes. It would mean that “counting the total primes below, say, one quintillion could shrink from supercomputer months to desktop minutes,” as earth.com has noted.
Security Challenges and Opportunities
This could have negative implications for cybersecurity, because it may make it easier for cybercriminals to pick apart a prime number-based cryptographic security setup.
However, the flipside is also true: the insights generated through the PTP could also bolster cybersecurity. They could be used to enhance the effectiveness of cryptographic keys, for instance. Kuo has noted that because primes are a fundamental part of cryptography and encryption, the ability to predict prime numbers can actually be used to make data more secure.
There are other plus sides to consider. For example, blockchain might become more efficient and less energy-intensive.
Besides, the rise of other security threats has already prompted research into the need to enhance cryptography beyond the reliance on factoring primes. Most notably, leading organizations are looking to a future of quantum computing and the steps that will need to be taken to boost security.
As the National Institute of Standards and Technology (NIST) has noted, conventional cryptographic algorithms rely on “the difficulty conventional computers have with factoring large numbers”. However, a powerful quantum computer could sort through all potential prime factors to break an encryption much more quickly than a conventional computer: it could do this in days or hours, rather than the billions of years required by normal systems. And that’s without any Periodic Table of Primes.
In response, NIST has released new post-quantum cryptography (PQC) encryption standards that are designed to withstand attacks from quantum computers. The first three finalized standards were released in August 2024.
Password Power
One thing is clear: the world is already shifting from the reliance on prime numbers for cryptography and security, building algorithms on hash functions and other approaches. That should help bolster security, even if prime numbers become more predictable.
But this isn’t enough in isolation. A multi-factor approach offers the strongest possible security, keeping accounts safe even if one line of defense is breached or compromised.
In this landscape, passwords remain crucial. Most people still rely on passwords for at least part of their online security. And if advances reduce the effectiveness of some areas of security, passwords may even grow in relative importance, with longer and more complex options becoming even more important in the new security environment.
As the security landscape grows increasingly complex, you need to be confident in your password security. With Specops Password Policy, you can prevent end users from choosing weak passwords while also continuously scanning your Active Directory continuously for more than 4 billion compromised passwords.
To build comprehensive, holistic defenses, it’s vital to look to the future of cryptography, while also securing the passwords on which organizations and individuals still depend. Book a live demo for Specops Password Policy today.
