In Praise of ‘Roll Your Own Crypto’?
May 30, 2016
‘Roll your own crypto’ is an oft & casually tossed IT security pejorative… with good reason. Cryptography is complex. The security assumptions implicit within individual mathematical facets can easily cancel one another out when wielded indiscriminately.
Stretching the analogy further, one might also surmise that the quality of the security ‘smoke’ is very much & mightily dependent upon the type of leaf you’re rolling!
Presently, we find ourselves in the midsts of an undeclared ‘Crypto-War 2.0’. The first casualty of war being truth etc., then perhaps the bona-fides of the various legitimate actors are also worthy of examination? There is much misdirection & misinformation…
The major players occupy two corners of a supposedly three-cornered conflict. In one corner, the ‘Kong’ like proportions of the government-security State. In the other, the corporate Godzillas that are the trans-national entities such as Google, Facebook & Apple. Privacy & civil liberty interests are two chihuahuas called ‘EFF’ & ‘ACLU’, on leashes in the far corner .
A large amount of analysis has been written on the tensions at stake between State-sponsored issues over surveillance & privacy. Little attention to date, has focused upon the corporate world’s vectors of self-interest. Shoshana Zuboff’s excellent article; ‘The Secrets of Surveillance Capitalism‘, highlighted the conflicted posturing that underscores much collective corporate proselytizing upon privacy matters.
Recently, fresh evidence emerged of the vertical integration between State & academia in support of surveillance, (not that that should be surprising from an historical ‘spying’ perspective.) See: Carnegie-Mellon re; TOR de-anonymization.)
Perhaps what is surprising though, is the State’s co-option of research into weaponised-math, when it is so tightly tied up in support of an unparalleled expansion of dragnet scale surveillance? This state of affairs prompted Phillip Rogaway of UCLA to publish a missive plea for academic efforts towards protection of privacy last December in; ‘The Moral Character of Cryptographic Work‘.
And then, there was the NSA’s ill-considered sabotage of the NIST standard for Dual-EC cryptography.
At this years RSA Conference, Prof. Adi Shamir intimated at the dissonance between the supposed practical state of Quantum Computing and the NSA/NIST policy advice on the imperative for migration towards post-quantum cryptography standards. He conjectured that the NSA has likely made some advance (non quantum hardware related) in breaking elliptic curve cyptography.
Well worth watching; his views on quantum crypto & the move away from ECC @ 30:00.
And so it goes…
On that note, I’d like to largely close out my interest in, and promotion of cryptography on these pages. The efforts of this blog have been those of an honest (amateur) broker, the worth of the method(s) put forward remain for others to assess. I can state with certainty, that no ‘Elliptic Flake’ was used in their manufacture!
As cryptography and complexity essentially represent two-sides of the same coin, I perhaps would like, in the future, to make one or two very general posts about complexity issues as they relate to ‘free-lunch’ theorems and matters P & NP, as they apply to neuroscience. Beyond that, my work here is probably done.
Thankyou for your interest!
NB; I’ve been pondering this post for some time, & ended up knocking it out in short order. Edits may appear subsequent.