Re: Quick prediction.
DP-3T is almost ready and we are in discussion with some governments already on deployment.
Posts by Nigel Smart
18 publicly visible posts • joined 5 Jun 2008
Contact-tracing or contact sport? Defections and accusations emerge among European COVID-chasing app efforts
NIST requests ideas for crypto that can survive quantum computers
Friday 23rd December 2016 15:13 GMT
PQC != QKD
Again another fail from The Register re basic Crypto....
NST are trying to find a POST Quantum Crypto algorithm (PQC in the jargon). That is a classical algorithm which resists a quantum computer. The current top favourite is based on lattices, which is something Google has been testing, based on a technique developed at Microsoft.
The reference to the Microsoft work in the article is about Quantum Key Distribution (QKD). This is something very different, which uses quantum mechanics to solve a very very tiny part of the security problems.
Its in the letters folks PQC != QKD
Crypto needs more transparency, researchers warn
Monday 10th October 2016 16:43 GMT 
Bug in article
The Reg article says " it would be hard to spot by looking at the numbers, but factorisation would be feasible". Primes cannot be factored, since they are prime.
The attack is against a discrete log system and not a factoring based system. The Reg Hack might have been getting confused between RSA type systems in which big primes are multiplied together to form a public key. The schemes in this paper are different. Nothing is ever factored.
The aspect the researchers exploit is to write the prime in a "special way". Not all primes can be written in such a way, and the chances are quite small. Thus they call for primes to be generated verifiably at random.
Researchers crack homomorphic encryption
Tuesday 16th August 2016 18:16 GMT
Not interesting
The scheme broken here is not that interesting in the first place. Of course "The Register" should probably validate any article which appears on the IACR ePrint archive for "interestingness" before they just write an article on it. :-)
More interesting, was the break presented at CRYPTO yesterday here in Santa Barbara (https://www.iacr.org/conferences/crypto2016/) of the NTRU based FHE scheme (http://eprint.iacr.org/2016/127.pdf). This is the FHE scheme used by the Microsoft Research Labs demo applications of FHE talked about in previous Register articles.
Luckily though, even if the scheme in this article and the NTRU based FHE scheme have attacks, the main FHE scheme proposed by most researchers is the BGV one; which is the one implemented in the IBM library HELib (based on earlier code by yours truly).
In addition the break on the NTRU based FHE scheme does not apply to the "standard" NTRU scheme; which is kind of important as NTRU encryption is one of the prime contenders to replace standard schemes like RSA and ECC once a quantum computer is available.
As for the other points above. Any crypto paper worth its salt is open access in any case, as it would be published by the IACR and hence would be cross-posted to IACR ePrint. So if a crypto paper is behind a paywall; either it is rubbish or the paper can be obtained via ePrint.
How do you securely exchange encrypted-decrypted-recrypted data? Ask Microsoft
Friday 12th August 2016 16:47 GMT
Re: Magic encryption dust
You can decrypt without holding the key anywhere. The key is split into pieces, the pieces stored in different locations and they are never brought back together. There is no one point where you decrypt, the plaintext pops out of a decryption "protocol".
I have loads of scientific papers on this. It sounds like magic, but it is actually quite simple.
Currently record is to do about 1 million AES encryptions per second using a key which is shared and never placed in one place (paper by Lindell and others to appear at ACM CCS in late October).
Suggest you look up the products produced by the company Lindell and I founded (Dyadic Security), or maybe some of mine and others papers on this topic...
http://dblp.uni-trier.de/pers/hd/s/Smart:Nigel_P=
Friday 12th August 2016 15:57 GMT
Re: Magic encryption dust
Indeed the MS protocol is pretty basic, it assumes a "semi-honest" cloud and a single cloud actor. The key to MPC to have different mutually mistrusting actors and to use protocols which are secure against "active" actors. So using multiple clouds, or a hybrid cloud, makes much more sense.
MPC also makes a lot of sense when trying to remove single points of security failure, you can take a sensitive piece of information and then distribute it around an organization; knowing you can use the data without it ever having to reside in a single place.
Someone has broken into your systems. Now what?
Tuesday 11th November 2014 09:19 GMT
Re: All good stuff but...
The fact that SMEs find this stuff hard, and that a lot of breaches get the hashed password file, and then just brute force it (since most humans pick dumb passwords) is one of the reasons Dyadic Security created its DSM technology (http://www.dyadicsec.com/technology/). One of the main use cases is to encrypt the entire password file using probabilistic encryption, and so render such brute force hacking impossible. Of course the DSM can be used to protect all sorts of similar applications. But the protection of the password file/DB from breaches is probably the easiest to understand, and it also protects against law enforcement asking you to reveal users passwords as well by spreading the trust over many countries.
Cameras roll on 'blockbuster' new Who series
1 euro in every 7 spent on a Visa card
HP boffin claims million-dollar maths prize
Thursday 12th August 2010 17:55 GMT
Factoring and NP
Factoring is indeed not believed to be NP complete. But it certainly lies in NP, since if I gave you a factor you could check whether my factor was correct very fast.
So if P=NP then factoring would be easy and factoring based crypto (indeed almost all practically deployed crypto) would be broken.
But if P<>NP we still have no idea whether factoring is easy or hard.
Biting the hand that feeds IT
