Today’s blog is written by our Chief Crypto Officer and expert Dr Michael Scott who shares his thoughts on to how to keep a secret - and more importantly how it assists when it comes to reliable and highly secure authentication.
Many people think that cryptography is just about encryption. But saying that cryptography is just about encryption is rather like saying that geography is just about mountains. (What have mountains got to do with cryptography? See below…). At a second attempt people might say that cryptography is about keeping secrets. But that is not strictly true either. For example a blockchain doesn’t encrypt anything, and requires no secrets. But a crypto currency is certainly an application of cryptography.
So cryptography is clearly a broad science, but one that can be used to resolve the complex issues of confidentiality, privacy, and authenticity that arise in our inter-connected digital world.
However most applications of cryptography do involve secrets, and so one important issue that arises is that of protecting these secrets.
The simplest method is to simply memorise them. However there are problems with this. First of all most of us find it difficult to memorise more than a handful of them, and then only if the secrets are relatively small. Most of us probably memorise a couple of longish passwords that we rotate and re-use for multiple purposes (oops!), and a couple of PIN numbers as well.
Which do you need, a long password or a PIN? Depends on the context in which they are used.
You need a password if its likely that an attacker can somehow engineer a situation where they can at their leisure make multiple guesses using a password dictionary and a computer. In which case its your (probably vain) hope that your password isn’t in that dictionary. But if such an attack is not possible then a simple PIN number will suffice.
Some secrets are more important than others, given that if they are lost or stolen the impact could be significant. The keys used to unlock bitcoin wallets would be an example, and people go to extra-ordinary efforts to protect them using air-gapped computers not connected to the internet, and storing them in temperature controlled vaults hidden deep inside (you guessed it)a mountain – see https://qz.com/1103310/photos-the-secret-swiss-mountain-bunker-where-millionaires-stash-their-bitcoins/.
But clearly secure hardware has a role to play, even if you are not a millionaire. A nice analogy is with those cheap vaults in hotel rooms into which we place our valuables, and lock with an easily remembered PIN number. Secure hardware with similar functionality now exists in our mobile phones, laptops and desk-top computers. Strong protection of large impossible-to-memorise secrets combined with ease of access. You may have noticed that you now authenticate to your PC using a PIN rather than a password – secure hardware is the reason why this is now possible.
But there is an obvious problem with secure hardware, other than the cost. Is it really secure? Good luck if a design bug is found and you need an upgrade. This is hardware we are talking about, not software.And do you trust the manufacturer? I suspect that 90% of secure hardware providers have their own “backdoor” way of accessing the vault. You really believe that if you forget your PIN the hotel manager doesn’t have a way of popping open that vault and retrieving your valuables for you? Maybe there is even a backdoor into that Swiss mountain…
Fortunately there is another disjoint idea we can turn to, that can be used in conjunction with memorisation and secure hardware - but does not require either. Protect the secret by simply splitting it into different parts that are stored in different places. In our two factor authentication technology (M-Pin) the secret is split into a stored blob of data and a memorised PIN number. But even a PIN number itself can be divided into multiple parts, as can a blob of data.
A more flexible idea is to split a secret into n shares such that any m of the shares can be used to reconstruct the secret. We would like that an attacker with m-1 shares and infinite computing power is as close to knowing the secret as an attacker with no shares at all. Sounds like a bit of an ask, but cryptography is full of surprises and such a protocol exists, called Shamir secret sharing.
The more parts to the secret, the less value is associated with each individual part, and therefore the less effort we have to go to in order to protect each part. So secret sharing clearly has a role to play. But of course the more parts there are, the more complex is the management of them.
As such an elegant protocol may have many uses, we have recently include a module to implement Shamir secret sharing in our Miracl Core library (https://github.com/miracl/core). It may well have a role to play in your key management strategy.
Dr Michael Scott is Chief Crypto Officer at MIRACL, one of the pioneers of Pairing-based Cryptography and the “S” in the widely used BLS and KSS families of elliptic curves. Following a distinguished career of almost 30 years at Dublin City University and an active consultant to both public and private sector, his unmatched depth in knowledge is drawn not only from his academic expertise - he’s published over 100 highly cited papers – but his genuine love of cryptography and the science behind this.