Blog

News and articles

The Carnac protocol – or how to read the contents of a sealed envelope

03 Aug, 2016 by Dr Michael Scott

<p>Johnny Carson as long time host of the Tonight show often appeared in the spoof role of Carnac the Magnificent, a mentalist who could magically read the contents of a sealed envelope. This is in fact a well known stock-in-trade trick of the mentalist’s craft, known as “billet reading”. Here we propose a cryptographic solution to the problem of billet reading, apparently allowing a ciphertext to be decrypted without direct knowledge of the ciphertext, and present both a compelling use case and a practical implementation.</p>…

Missing a trick: Karatsuba variations

26 May, 2016 by Dr Michael Scott

<p>There are a variety of ways of applying the Karatsuba idea to multi-digit multiplication. These apply particularly well in the context where digits do not use the full word-length of the computer, so that partial products can be safely accumulated without fear of overflow. Here we re-visit the “arbitrary degree” version of Karatsuba and show that the cost of this little-known variant has been over-estimated in the past. We also attempt to definitively answer the question as to the cross-over point where Karatsuba performs better than the classic method.</div></p>…

MIRACL, NTT i3 and NTT Labs initiative in the Apache® Incubator

11 May, 2016 by Brian Spector

<h3 id="apache-milagro-incubating-creates-an-alternative-to-outdated-and-problematic-monolithic-trust-hierarchies-providing-a-more-secure-infrastructure-thats-built-for-todays-internet">Apache Milagro (incubating) creates an alternative to outdated and problematic monolithic trust hierarchies, providing a more secure infrastructure that’s built for today’s internet</h3> <p>VANCOUVER, BC – May 11, 2016 – Leading into one of The Apache Software Foundation’s largest developer events, ApacheCon North America, <a href="/">MIRACL</a>, NTT Innovation Institute, Inc. (<a href="http://www.ntti3.com">NTT i<sup>3</sup></a>) and NTT Labs join forces to contribute their security and authentication code to a new open­source project within the Apache Incubator called Apache Milagro (incubating).</p>…

Going Post-Quantum

03 May, 2016 by Dr Michael Scott

<img src="/assets/images/miracl-blog-atomium.png" alt="miracl-blog-atomium.png" title="miracl-blog-atomium.png" width="320"> <p><em>image source: Atomium Public Domain</em></p> <p>In about a decade (or so we are told) we may reach a tipping point in the world of cryptography, as a practical quantum computer will become a reality. Personally I think it will take longer than that, perhaps even a lot longer. Often the people who anticipate quantum computers in the shorter term are the very same people that are looking for funding to do quantum research. A classic conflict of interest, but let’s face it no-one these days is going to fund research that may not pay off in their lifetime!</p>…

CertiVox announces Company name change to MIRACL

08 Jan, 2016 by MIRACL Blogger

<h3 id="repositioning-reflects-the-growth-in-opportunities-to-advance-cloud-computing-and-move-the-internet-into-the-post-pki-era">Repositioning reflects the growth in opportunities to advance Cloud Computing and move the Internet into the post-PKI era.</h3> <p><strong>London / Dublin / Tokyo</strong>. We are excited to announce today that CertiVox has changed its name to MIRACL. As CertiVox, we have grown from a small start-up to a respected organisation attracting five rounds of funding through investment partners in North America, Asia and Europe based on the strength of our products and the promise of providing more secure solutions to users, businesses, and the online services that connect the two.</p>…

HMRC Phishing Season Opens in January – Consumers Overrun with Scams

06 Jan, 2016 by MIRACL Blogger

<p>New research highlights attitudes to personal security on the Internet in the lead-up to online tax return self-assessment deadline at end of January.</p> <p><strong>LONDON, 6 January 2016</strong> – As ten million people prepare to complete their tax returns online in January, British citizens are being bombarded with scams. Forty per cent have received phishing emails which appeared to be from HMRC, and identity fraud is rife – with many people still unaware of the potential risks involved, according to new research from digital authentication provider, MIRACL.</p>…

Re-imagining Internet Security Infrastructure

22 Apr, 2015 by MIRACL Blogger

<p>It’s time for a re-boot of the Internet’s security infrastructure. The last two years have been anything but uneventful in the realm of information security. Let’s start with the <a href="https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded" target="_blank">Snowden revelations</a>. The fallout from the treasure trove of classified information is still ongoing, but taking a geo-political view we can see that the Internet is now moving towards a “trust no one” model, whereby local service providers will spring up to satisfy the jurisdictional demands of their customers. Indeed, when industry titans such as Facebook, Google, Microsoft, Cisco and others join together to take on the U.S. Federal government and treat the NSA as their most sophisticated threat actor, you know the dynamics of the industry have changed.</p>…

Whatever it is, it needs security

21 Feb, 2015 by Dr Michael Scott

<p>The ubiquity of “things” is both a strength and a weakness when considering the potential of the Internet of things. The possibilities of what can be connected are, literally, endless. Firstly, there will not be just one IoT, there will be multiple, and each will differ and be largely disjointed from the rest. The things may be identical or different in terms of computing capability and overall significance. The things may be mobile or stationary, and it’s not immediately clear if security will be an issue in every use-case.</p>…

Crypto Security - How many bits?

02 Feb, 2015 by Dr Michael Scott

<p>Very recently we have seen some progress in the cryptanalysis of Elliptic curves. <a href="https://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;7ac99539.1501" target="_blank">This Austrian group</a> have reportedly broken an elliptic curve at the 113-bit level of security, using 10 FPGAs.</p> <p>Before proceeding lets put a number against “security level”. Consider the Advanced Encryption Standard (AES) with a 128-bit random key. Lets call this AES-128. Now for elliptic curves we need twice as many bits for the same level of security. So a 256-bit curve is roughly comparable with AES-128.</p>…

A Brief History of Authentication

20 Nov, 2014 by Dr Michael Scott

<img src="/assets/images/miracl-blog-download4.jpg" alt="miracl-blog-download4"> <p><strong>We authenticate ourselves multiple times every day. Every time we open a door with a key we are authenticating ourselves to the building we are entering, simply by demonstrating possession of the key. When we buy something with a bankcard we authenticate ourselves via possession of the card and knowledge of the associated PIN. This is known as two factor authentication. We use passports to authenticate ourselves when we travel. Sometimes we authenticate by simply recognising each other, although this is not a very scalable method. Failure to authenticate quickly or accurately can have fatal consequences – in the American Civil War the famous confederate General Stonewall Jackson was killed by his own troops for failing to authenticate himself.</strong></p>…

Backdoors in NIST elliptic curves

24 Oct, 2013 by Dr Michael Scott

<p>Cryptography is a lot about trust. And in the real world cryptography depends on standards, as the standardization of cryptographic algorithms is how cryptography is projected into the real world.</p> <p>For years people have trusted the US based NIST – National Institute for Standards in Technology, with headquarters in Gaithersburg just outside Washington DC. I was there once at a conference*.</p> <p>But now thanks to the reckless actions of the NSA (National Security Agency), as exposed by various whistle-blowers, that trust has been blown, with incalculable consequences. Already there is a strong and well founded suspicion that at least one standard was “dumbed-down” to suit the NSA agenda.</p>…

2 step verification vs 2 factor authentication

21 Aug, 2013 by MIRACL Blogger

<p>Several super high profile smash and grab attacks on global scale cloud service providers have prompted stronger authentication to be deployed on Google, Twitter, Evernote and many more providers. The balance between user friendliness and credible security is a key issue for these providers or any web site owner needing to increase secure authentication. There is no point in making the service exorbitantly difficult to use of course. When looking at the security they choose, however it raises the question why they would bother at all! In the interest to make things easy for users the secure authentication systems they deploy aren’t actually secure. Perhaps it’s just cost. Adding strong user authentication to any service is naturally a cost issue.</p>…