back to article Brit and Danish boffins propose NSA-proof crypto for cloud computing

It's more likely that the NSA has devoted its efforts to key capture and side-channel attacks rather than brute-forcing its way through ciphertext en masse - but it's also true that our crypto maths won't last forever. Which draws attention to projects like this one (PDF), which is looking at protection of multi-party …


This topic is closed for new posts.
  1. amanfromMars 1 Silver badge

    For All of your Secret Intelligence Service Security Needs and Feeds ......Ab Fab Fabless Seeds

    SPDZ is a close ally and true friend of steganography and when working well and in tandem together with smarter third parties are they all quite awesome enough to be quite unbelievably powerful in anything they may be suspected of doing by interested snooping parties bereft of any evidence to prove anything untoward and/or amazing.

    1. Michael H.F. Wilkinson Silver badge
      Black Helicopters

      Re: For All of your Secret Intelligence Service Security Needs and Feeds ......Ab Fab Fabless Seeds

      I think you're hiding something


      1. amanfromMars 1 Silver badge

        The Truth .... but Not as you were Really Expecting it and its IT Phorm to Be?

        I think you're hiding something ;-) ...... Michael H.F. Wilkinson Posted Tuesday 10th September 2013 11:52 GMT

        Well, the quantum/qubit truth may be also revealing something too, MHFW, and now pumping and pimping it securely to flash crash and beta test public and private and pirate establishment intelligence and money markets into the process of floating offers of/to novel smarter proprietary and not ignoble executive intellectual property holdings ...... NEUKlearer Virtual Machine HyperRadioProActive IT.

        And I would and surely most clearly do, obviously wholeheartedly disagree with the likes of a Sir David Attenborough who would posit that humanity has stopped evolving, and especially so whenever it is into quantum leaping across domains and species and into CyberIntelAIgent Space Flight Travel for Live Operational Virtual Environment Man Management ...... Advanced IntelAIgent Being Control with Universal Commands.

        A little something Bletchley Park Station XSSXXXXish for ODNI Seekers of Universal Command and Control everywhere.

        And yes, that is available to all those into making a killing on markets with market leaders today, and tomorrow , and the day after that too and all subsequent future days, for such that is, is, and that cannot be denied even though it be may wished studiously ignored to maintain and sustain a perversely corrupt and comfortably inequitable status quo base politicised system and monied power elites.

        1. BorkedAgain

          Re: The Truth .... but Not as you were Really Expecting it and its IT Phorm to Be?

          Heavens, how I missed you, amanfromMars1!

  2. Graham Marsden
    Big Brother

    "your data will remain secure even if everybody else is compromised"

    Great, but who are you going to tell...?!

  3. Daniel Johnson
    Paris Hilton

    Political Correctness Gone Mad

    "As The Register understands the system, this might also be useful in cloud-based collaboration, since it would protect Average Joe's data against the rest of the world, including Average Joe's boss, if it so happened that her machine were compromised."

    I'm confused. Is Average Joe meant to be a woman (strange name for a lady) or is his boss meant to be a woman?

    Paris, because I'm sure she's a woman (I was going to say 'lady' but I've seen the video).

    1. M Gale

      Re: Political Correctness Gone Mad


      Admittedly "Jo" is more usually used as the female version. However, this is the 21st century, and it takes allsorts to make Bassetts.

    2. R Callan

      Re: Political Correctness Gone Mad

      Umm not really. Paris was a real man when he ran off with Helen and started the Trojan war. The video you saw was of a very good impersonator.

  4. Anonymous Coward

    I don't think ANY sort of cryptogaphy is safe from the so called "monkey wrench and rubber hose" attack...

    1. M Gale

      However, multiple containers and plausible deniability do provide some help, even against the ol' rubber hose. Look see, there's the password. It validly decrypts the file. I told you that was just a load of furry pr0ns. Why the hell else do you think I encrypted it?

    2. amanfromMars 1 Silver badge

      No Joking Matter :-) .... Poe's Law Rules:-)

      I don't think ANY sort of cryptogaphy is safe from the so called "monkey wrench and rubber hose" attack... ... malle-herbert Posted Tuesday 10th September 2013 13:45 GMT

      There are always exceptions to contrived rules and current regulations and crazy notions and they be invariably that which leads and drivers reality and spawns forever after the fact legislation/activity safeguards to protect the masses from smarter abuses?

      The simple fantastic truth freely shared is quite unbelievably more than enough to circumvent and/or enter any present and all future systems using information for processing into knowledge for applications and/or activities designed for intelligent beings and mass audiences/receptive spectators ..... and there will always only be just a few canny souls smart enough enabled to be able to make a greater perfectly reasonable sense of what is boldly shared and lead with it in Collaborative Ventures and Potent ZerodDay Exploits/Expeditions/Expositions ..... and Serially Practically Realise with IT and Virtual AI ReprogramMING of Humanised Assets and their SCADA Systems of Operation, a New Orderly World Order with Command and Control Ceded and Seeded to Virtual Machinery Operations Executive Admin.

      And the safeguards are really most futile but they do generate activity and the exercise of a certain kind of intellect/modes and nodes of a more primitive/sub-prime based command and control hierarchy.

      1. Tchou

        Re: No Joking Matter :-) .... Poe's Law Rules:-)

        You nailed it.

  5. Anonymous Coward
    Anonymous Coward


    There isn't a snowball chance in Hell of an NSA-proof crypto so perish the thought. Eventually people will figure out that the cloud is their worst enemy and not because of the NSA, because of crims.

    1. Trevor_Pott Gold badge

      Re: Laughable're an idiot.

      You do realize that proper hard crypto would take a computer with the mass of the universe several times the lifetime of the universe to crack, eh? And that at least some of those algorithms were developed with enough oversight that the NSA could not realistically have compromised them to have back doors?

      If you honestly believe that the NSA can violate the laws of physics then you're a chump. And no, "quantum computers" will not crack that kind of hard crypto in a meaningful timeframe...even assuming we could make one (we can't). D-wave doesn't count; we're still arguing over if the damned thing behaves in a quantum manner. It sure isn't much faster than traditional computing at these sorts of tasks.

      It is theoretically possible that a quantum computer could one day take apart RSA 4096, though we haven't the foggiest idea in hell how to build one that could do so. The chances of that happening within our lifetimes are slim to none. The chances of taking apart a 15360-bit RSA key within our lifetime are nil.

      AES is another interesting one. It's symmetric, so it doesn't require as many bits to be funcitonally unfrackable. AES 256 requires polycosmic time to crack. Even after the dude from Microsoft found a flaw in the algorithm, we're only talking about 3-5 times faster. 3-5 times faster than polycosmic time is still longer than our solar system will exist.

      Now, is it possible that the NSA has subverted the AES and RSA standards and have some means of decoding them without "cracking" in the traditional sense? Yes, it is possible.

      Is it likely? No.

      Too many people have been attacking those algorithms for too long. Attacks on them by the NSA are far more likely to be "get the key from a MITM attack" or "get the key from the service provider."

      There are a lot of others encryption standards that I am absolutely positive were backdoored by the NSA (see: DES). I think, however, it's reasonable to assume that AES 256 and RSA 15360 remain uncrackable for the next few years, at least.

      1. scrubber

        Re: Laughable

        "You do realize that proper hard crypto would take a computer with the mass of the universe several times the lifetime of the universe to crack, eh?"

        There are several problems with your assumption:

        1. That the NSA don't have a quantum computer with (at least) 2048 qbits

        2. "Proper hard crypto" doesn't have a backdoor

        3. The (likely Intel) chips doing the "proper hard crypto" don't have NSA backdoors

        4. The OS (Windows for most people) doesn't have an NSA backdoor

        The NSA and their ilk have been poisoning the well for years, releasing code with known weaknesses, being employed in corporations to snoop and find weaknesses, threatening corporations to comply to their wishes, inventing the 'crime' of not telling cops your password(s) etc. etc.

        Plus, the wetware is usually the weakest part of any security system.

        1. Tchou

          Re: Laughable

        2. Trevor_Pott Gold badge

          Re: Laughable

          1) 2048 qbits doesn't help you crack 4096 bit keys. Actually, it's dubious it will help you crack 2048-bit keys. I remain confident the NSA does not have a quantum computer with that capability because they just aren't that well funded.

          You see, in order to get a quantum computer like that, they'd have had to have developed it outside the mainstream of academia and industry. We're missing all sorts of precursor technologies to get us there, which means that to assume the NSA have a quantum computer that can crack hard crypto you have to assume they managed to get enough of the right people to develop it in total secrecy without ever publishing a paper on it. Have you met the kinds of people who have the ability to do that kind of research? Convincing them not to publish a paper on it is damned near impossible.

          2) As I said in my previous post, I am pretty sure the proper hard crypto algorthims remain uncompromising simply because so many people have attacked them for so long. These are not algorithms that were developed in secret and that remain secret. (Bitlocker, as one example.) These are public knowledge and the best minds in the world are constantly trying to break them. So far, with little success.

          3) Explain to me how you feel you can "compromise" hardware processors in such a way that they specifically create a back door in any cryptographic algorithm they generate? This might be possible with specialist chips like TPM, but a general purpose CPU or GPU? Do you honestly believe the CHinese wouldn't have found that by now and exploited the living piss out of it?

          4) Windows has all sorts of backdoors. Bitlocker is a great example. If you don't use the operating system's libraries to generate your crypto you're fine...or are you going to tell me that suddenly there's magic voodoo within Windows that has heretofore gone unnoticed that simply "knows" (how?) when a library or thread is running "some form of cryptography" and magically backdoors it?

          A crypto library that Microsoft ships as part of their OS certainly can be compromised. They probably all are. TPM is probably completely untrustworthy as well. ("Trusted platform module" my fat, jiggly ASCII.)

          But the generic computing stuff? CPUs, GPUs, basic execution of libraries written by third parties? To compromise that? We're not talking about your run of the mill engineer here. We're talking about potentially requiring the single smartest individual the human race has ever produced. Someone who would be able to learn so much - to know and retain so much - about how so many different things worked that he would make Leonardo Da Vinci look like Honey Boo Boo.

          If such a person existed and were identified by the United States Government before anyone you honestly believe - really and truly, deep down in your heart of hearts - that they would waste that person's talent so utterly by having that individual come up with new and interesting ways to compromise cryptography in generic computing systems?

          Why? Where's the logic in that? What possible reason could they have for that when there are way easier methods available? Man in the middle fibre taps. $5 wrench. Secret letters demanding keys from providers and crypto implementers.

          I think your tinfoil hat is on too tight, buddy. You should visit my guy. He custom-manufactures mine and it's quite comfortable to wear.

      2. annodomini2

        Re: Laughable

        If there's a way in, you can get in.

        If not, someone will make one.

  6. IT Hack

    Primary Sources

    So I click on the link to the pdf -

    and firefox tells me - uses an invalid security certificate.

    The certificate is not trusted because no issuer chain was provided.

    (Error code: sec_error_unknown_issuer)

    Make of that what you will.

    1. Dan 55 Silver badge

      Re: Primary Sources

      Well my version of Firefox 23.0.1 says it's secured by TERENA.

      (I therefore trust this connection completely, who wouldn't with a name like that?)

      1. IT Hack

        Re: Primary Sources

        @ Dan 55

        Yep...23.0.1 here as well...and I'd have thought TERENA would be pretty solid...what with it being the Trans-European Research and Education Networking Association...

        And to think Janet never refused me!

This topic is closed for new posts.

Other stories you might like