No, RSA Hasn’t Been Cracked. But Crown Sterling Is Very Confused
A recent demonstration by a new cryptography company raises eyebrows. Amazingly, the company claims to have broken the 256-bit encryption that protects just about everything from your banking to this very internet website.
They’re also implying that blockchains and cryptocurrencies are now obsolete. So, you know: small stuff.
The fine fellow pictured is Robert Grant, CEO of said company—Crown Sterling Limited, LLC. He’s a self-described “Modern polymath combining innovation, mathematics, artistic design and entrepreneurship into balanced creations intended to benefit all.”
Which is nice. But people who actually understand cryptography are using words such as “absurd … bogus … delusional … fraud … scam … shady,” and some even compare the company to Theranos. In today’s SB Blogwatch, we seek the wood in the trees.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: tiny things.
Mind Your p and q
What’s the craic? Sean Gallagher calls it a, “Medicine show”:
In a conference room … in Newport Beach, California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of programmers staged a demonstration of Grant’s claimed cryptography-cracking algorithm. … Grant and Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and then derive the prime numbers … from the public key in about 50 seconds.
…
Grant claimed that the work could be used to “decrypt” a 512-bit RSA key in “as little as five hours.” [But it] only raises more skepticism about Grant’s work and about Crown Sterling. … Grant’s efforts [were] met with … derision by a number of cryptography and security experts.
…
Grant said that the presentation was only to demonstrate the vulnerability of the RSA algorithm. Grant insisted that weak RSA keys were still widely in use.
O RLY? Bruce Schneier makes fun of the claim “to Factor RSA Keylengths First Factored Twenty Years Ago”:
Earlier this month, I made fun of a company called Crown Sterling … for being a company that deserves being made fun of. [256-bit] is so small it has never been considered secure.
…
They’ve matched a factoring record set in 1999. … Is anyone taking this company seriously anymore?
…
People, this isn’t hard. Find an RSA Factoring Challenge number that hasn’t been factored yet and factor it. Once you do, the entire world will take you seriously. Until you do, no one will.
And you thought 256-bit crypto was strong? Paragon Initiative Enterprises—@ParagonIE—exposes the confusion:
256-bit RSA keys do not offer 256 bits of security. 256-bit AES keys do.
…
Charlatans often like to exploit this discrepancy. … When someone demonstrates breaking 256-bit RSA, they’re trying to impress you by exploiting this confusion.
…
If you want 256 bits of RSA security, you need 15360-bit keys. Which are impractical and slow.
…
The cost to break 256-bit AES is on the order of magnitude of the energy released by a billion supernovae.
So why such a small key? CEO Robert Grant explains it all away:
It’s not practical to crack larger keys in a live session: 512bit is about five hours. … Our new algorithm of 1/x Reciprocal Factoring is our next approach and will be using that to factor ‘large’ Keys next.
…
The 1/x Reciprocal value of a number is its literal DNA, it includes all the information you need to understand the number, including its factors and exponential powers (in both directions). And we believe it also may unlock the nature of space-time itself.
Exciting times are upon us.
Wait, what? Mark Carney papers over the cracks: [You’re fired — Ed.]
Grant’s paper demonstrates how to take the 24 opportunities (mod 24) and reduce them down to 8 opportunities, which is a significant reduction in the search space. [But] these are still CPU expensive arithmetical operations – checking if something is prime or not is a computationally expensive thing to do.
…
As such there is little effective difference between these optimizations and simply pre-computing all primes below a certain bit-length. … Whilst there may be some m which gives significant reductions in the upper search space above m knowing information about coprime numbers below m, the efficiency does not scale.
Does all this remind you of another mysterious California company? Markus Ottela is somewhat scathing:
I’ve been looking into the Crown Sterling stuff a bit. … The most interesting part here is IMO that apparently the Knight’s Templar have predicted primes with the help of tomatoes.
…
Writing down the entire period takes … 10^83 petabytes (there are only 10^82 atoms in the observable universe). … So, if RSA-100 is too slow, what chance does Crown Sterling have against the RSA-2048 challenge?
…
My guess is they did what Theranos did and tried to convince people they have something by running existing technology: e.g. GNFS on AWS. … I think it’s possible that if they did what Theranos did, this was created to please the investors: Another spooky phenomenon that is easy to follow, appears to offer big results, and that requires a course on algorithm design to determine it’s useless.
…
I think the fraud here seems to be misleading the audience and especially the investors.
That’s a serious allegation. nneonneo pours gasoline on the flames:
They posted a video of their attempt on YouTube demonstrating their claim – which was quickly taken down. … They apparently surveyed 500 CISOs and claimed only 5% understood the math of RSA (well … duh).
…
It was a really amateurish demo with pre-selected keys, not even remotely convincing. … They claim it was 50 seconds on a laptop … but they’re clearly SSHed into a Linux box with 32 cores.
…
It’s so utterly absurd … I don’t see how they could be serious about this. … The thing is [it] does work – it’s just not their work. They repackaged CADO-NFS (a well-respected factoring program) and pretended that they’d invented a new factoring algorithm.
…
It’s pretty hard to ignore the evidence that this is a scam.
Whoa. What if they lawyer up? Nicholas Weaver—@ncweaver—is ready to party:
It was previously an open question whether Mr Grant was a fraud or just delusional. His new press release now makes me certain he is a deliberate fraud. … But at this point, ignorance is not an excuse. He’s already been called on his … bull****.
…
I think he stumbled into the wrong field here. The security field reacts to legal threats and implied threats, umm, poorly. [But] I bet it’s his business model: Get naive investors, and backing down would be seen as a sign of weakness. I’d not be surprised if his other companies are similarly bogus.
…
If Mr Grant and Crown Sterling wish to sue for libel as their litigiousness is well known, ask me and I’ll give an address for service … you litigious fraudulent ****wits. If you consider my statements that you are fraudulent ****wits based on this release & demonstration libel, I’ll gladly tell you a good address for service, just DM for info.
…
Remember, accept only genuine stupidity from these litigious frauds.
Time for a colorful metaphor? Rob Graham—@ErrataRob—offers this analogy:
Magicians sawing women in half on stage are more convincing than a laptop a factoring 256-bit RSA keys in a hotel room. … In any event, 50 seconds to factor a 256-bit (77-decimal digit) RSA key on a standard laptop is about exactly what you’d expect from the existing “number sieve” algorithms we have today.
Oops. But Steve Weis—@sweis—finds at least the tiniest truthiness in the company’s claims:
Shady people are making dumb claims right now. [But] in 2019, almost nobody should be using RSA for new projects.
…
256-bit RSA keys were factorable in the 1980s. … 1024-bit RSA was already suspect 15 years ago. … The NSA explicitly says not to use 2048-bit RSA and to upgrade anything less than 3072-bit RSA.
Meanwhile, @bitologist drips with sarcasm:
Holy ****, what a discovery! You are definitely going to be the talk of the town during the 1989 edition of Defcon.
And Finally:
Relax and Enjoy the View (of Tiny Things)
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.
Image source: strathspeycrown.com
