* Posts by Nigel Smart

18 publicly visible posts • joined 5 Jun 2008

Contact-tracing or contact sport? Defections and accusations emerge among European COVID-chasing app efforts

Nigel Smart

Re: Quick prediction.

DP-3T is almost ready and we are in discussion with some governments already on deployment.

Nigel Smart
Thumb Up


Note ETH, EPFL and KU Leuven also pulled out of the PEPP-PT project over the weekend.

NIST requests ideas for crypto that can survive quantum computers

Nigel Smart


Again another fail from The Register re basic Crypto....

NST are trying to find a POST Quantum Crypto algorithm (PQC in the jargon). That is a classical algorithm which resists a quantum computer. The current top favourite is based on lattices, which is something Google has been testing, based on a technique developed at Microsoft.

The reference to the Microsoft work in the article is about Quantum Key Distribution (QKD). This is something very different, which uses quantum mechanics to solve a very very tiny part of the security problems.

Its in the letters folks PQC != QKD

Crypto needs more transparency, researchers warn

Nigel Smart

Bug in article

The Reg article says " it would be hard to spot by looking at the numbers, but factorisation would be feasible". Primes cannot be factored, since they are prime.

The attack is against a discrete log system and not a factoring based system. The Reg Hack might have been getting confused between RSA type systems in which big primes are multiplied together to form a public key. The schemes in this paper are different. Nothing is ever factored.

The aspect the researchers exploit is to write the prime in a "special way". Not all primes can be written in such a way, and the chances are quite small. Thus they call for primes to be generated verifiably at random.

Researchers crack homomorphic encryption

Nigel Smart

Not interesting

The scheme broken here is not that interesting in the first place. Of course "The Register" should probably validate any article which appears on the IACR ePrint archive for "interestingness" before they just write an article on it. :-)

More interesting, was the break presented at CRYPTO yesterday here in Santa Barbara (https://www.iacr.org/conferences/crypto2016/) of the NTRU based FHE scheme (http://eprint.iacr.org/2016/127.pdf). This is the FHE scheme used by the Microsoft Research Labs demo applications of FHE talked about in previous Register articles.

Luckily though, even if the scheme in this article and the NTRU based FHE scheme have attacks, the main FHE scheme proposed by most researchers is the BGV one; which is the one implemented in the IBM library HELib (based on earlier code by yours truly).

In addition the break on the NTRU based FHE scheme does not apply to the "standard" NTRU scheme; which is kind of important as NTRU encryption is one of the prime contenders to replace standard schemes like RSA and ECC once a quantum computer is available.

As for the other points above. Any crypto paper worth its salt is open access in any case, as it would be published by the IACR and hence would be cross-posted to IACR ePrint. So if a crypto paper is behind a paywall; either it is rubbish or the paper can be obtained via ePrint.

How do you securely exchange encrypted-decrypted-recrypted data? Ask Microsoft

Nigel Smart

Re: Magic encryption dust

How about Wikipedia as a place to start...


And for the latest work with the current best performance there is this...


Nigel Smart

Re: Magic encryption dust

You can decrypt without holding the key anywhere. The key is split into pieces, the pieces stored in different locations and they are never brought back together. There is no one point where you decrypt, the plaintext pops out of a decryption "protocol".

I have loads of scientific papers on this. It sounds like magic, but it is actually quite simple.

Currently record is to do about 1 million AES encryptions per second using a key which is shared and never placed in one place (paper by Lindell and others to appear at ACM CCS in late October).

Suggest you look up the products produced by the company Lindell and I founded (Dyadic Security), or maybe some of mine and others papers on this topic...


Nigel Smart

Re: Magic encryption dust

> If it is decrypted anywhere outside of the organisational boundaries then that

> means keys have to be sent...

Nope. Thats the point. The key is held in a split form and decryption is performed without anyone ever knowing the key.

Nigel Smart

Re: And Microsoft.

Microsoft do not have a product. Its a Microsoft Labs project. You cannot go buy it from MS

Nigel Smart

Re: Magic encryption dust

Indeed the MS protocol is pretty basic, it assumes a "semi-honest" cloud and a single cloud actor. The key to MPC to have different mutually mistrusting actors and to use protocols which are secure against "active" actors. So using multiple clouds, or a hybrid cloud, makes much more sense.

MPC also makes a lot of sense when trying to remove single points of security failure, you can take a sensitive piece of information and then distribute it around an organization; knowing you can use the data without it ever having to reside in a single place.

Nigel Smart

There are already companies with products using Multi-Party Computation to allow computation on data without seeing the data. Examples include Cybernetica, Partisia and DyadicSecurity.

Someone has broken into your systems. Now what?

Nigel Smart

Re: All good stuff but...

The fact that SMEs find this stuff hard, and that a lot of breaches get the hashed password file, and then just brute force it (since most humans pick dumb passwords) is one of the reasons Dyadic Security created its DSM technology (http://www.dyadicsec.com/technology/). One of the main use cases is to encrypt the entire password file using probabilistic encryption, and so render such brute force hacking impossible. Of course the DSM can be used to protect all sorts of similar applications. But the protection of the password file/DB from breaches is probably the easiest to understand, and it also protects against law enforcement asking you to reveal users passwords as well by spreading the trust over many countries.

Cameras roll on 'blockbuster' new Who series

Nigel Smart


> eqyptians IN SPAAAACE!!!!

Old Fourth Doctor story of Pyramids of Mars. Not exactly Egyptions, but mummies galore

: Sherlock since there is no Dr Who icon

1 euro in every 7 spent on a Visa card

Nigel Smart

> Fraud moving to the internet where chip/pin can't help.

Actually they COULD roll out the CAP system used for online banking in the UK to authenticate the web based credit card transaction. This would be better than the Verified by Visa rubbish

Nigel Smart

> Fraud moving to the internet where chip/pin can't help.

They could use the CAP system which is used for online banking in the UK. After all they have this set up in most banks

HP boffin claims million-dollar maths prize

Nigel Smart

Factoring and NP

Factoring is indeed not believed to be NP complete. But it certainly lies in NP, since if I gave you a factor you could check whether my factor was correct very fast.

So if P=NP then factoring would be easy and factoring based crypto (indeed almost all practically deployed crypto) would be broken.

But if P<>NP we still have no idea whether factoring is easy or hard.

Confusion over 'secret code' in US military Cyberforce crest

Nigel Smart

But MD5 is broken...

They are still using MD5! I suspect there is another text which collides and that finding this is the real challenge

Bletchley Park rattles tin for urgent repairs

Nigel Smart

Online Donations

If you want to donate online to the Computing Museum part then go to....


Would also recommend the place for a visit, it also quite a good place

to hold meetings etc