Be Skeptical of Innovative Crypto

Nearly every week, I get someone who wants me to evaluate their brand-new cryptographic algorithm or solution they have that they are sure will take the world by storm. They claim it is amazing and that no one else has anything like it. It is the solution to our dreams. It’s the crypto we’ve been waiting for. I even get asked a few times a year to be on that company’s Board of Directors or to be an advisor.

Please stop.

I don’t mean this in a mean way. I’m being polite. But I’ve been hearing about fantastically new, innovative, crypto for three decades and they never go anywhere. It’s not even that they are always bad solutions. It’s just that they are unneeded in the marketplace…and sometimes, very bad. Let me explain more.

I consider myself a mentee and disciple of Bruce Schneier (https://www.schneier.com/). Half of what I think about in computer security was because of his previous writings. If you want to get better at computer security and do not already subscribe to his newsletter (https://www.schneier.com/crypto-gram/subscribe/) and blog, you should. Buy one or more of his many excellent books (https://www.schneier.com/product/click-here-to-kill-everybody-paperback/). They tell you the root causes behind all computer security problems…the ones that if we do not fix, we will never make significantly better computer security.

Bruce’s free Crypto-Gram newsletter had been around for decades. Although Bruce does not do it as much anymore, one of my favorite sections of his earlier newsletters was The Doghouse, where he would just eviscerate snake oil salesmen selling bogus cryptography and other worthless defenses. Bruce is unsparing when he thinks you have been pushing a fake product or claim.

If you want to read one of his last eviscerating takedowns from two years ago, read this (https://www.schneier.com/blog/archives/2019/09/the_doghouse_cr_1.html and https://www.schneier.com/blog/archives/2019/09/crown_sterling_.html), where Bruce called out some extraordinary claims being made by a company…again. In this case, a group was claiming they could easily break some previously uncrackable encryption and that they had the better, new encryption with all sorts of new buzzwords, that we all needed. Turns out they were not breaking previously unbreakable cryptography and it did not go well when they presented their claims a at serious computer conference where real cryptographers were paying attention. People literally laughed at the company during the talk. The company then went on to threaten to sue unidentified people who laughed at them. Let’s just saying threatening to sue other cryptographers at a conference for laughing at you without then presenting real evidence why they should not laugh at you does not endear said company to the general cryptography community.

Bruce wrote two critical articles of that company and their claims. They did not threaten to sue Bruce, however. Likely because Bruce is one of the world’s best experts on cryptography and if you try to sue him, the claimant’s lawyer would have a hard time finding an expert witness to testify against Bruce, or if they did find one, one who was more respected than Bruce. Bruce is the gold standard.

Bruce’s many The Doghouse columns over the years taught me and others to be wary of new, fantastically encryption claims. He taught us all to be wary of any claim that had the following traits (I am summarizing):

·????????New, from a company without any long-term, respected, cryptographic experts/Ph.D.s

·????????No public release of the cryptographic algorithm so it could be evaluated (this includes secret, “patent-pending” algorithms)

·????????Making false claims…(i.e., “Our encryption can’t be broken”, “We can break something no one else can”, etc.)

·????????Any solution with “one-time pads”

·????????Any solution that spreads the keys over multiple, distant computers (spreading the key is supposedly part of its protection)

·????????Original, highly innovative ideas with no cryptographic evolutionary precursors or support

·????????Solutions full of new jargon and buzzwords

·????????Very large key sizes (for the type of cryptography it is)

And let me say, over the 20-plus years I have been evaluating computer security products, Bruce’s advice has served me well. I often get people and companies who want me to evaluate their great, new, innovative cryptography solution. And 99.9% of the time, those products are unneeded or junk, and it is hard to tell the difference between the two.

Many of the solutions are good cryptographic solutions. They just will not get a lot of support in the marketplace because the marketplace really isn’t that interested in new, innovative crypto. The current stuff is working well enough. ?

And some of the proposals are outright lying. Con jobs. My personal favorite was two years ago where a computer security company was running around with a supposed quantum computer in a backpack at multiple computer security conferences. It had all sorts of LEDs and tubes coming out of it, like something out of Back to the Future. The vendor claimed that their quantum computer was a quantum emulator which could do things no other non-quantum computer could do. My friends loved this computer. They were taking pictures with it and asking me if it was real?

I never laughed so hard in my life. I had just written my book on quantum computers (https://www.amazon.com/dp/1119618193) and I was pretty up on what the current state-of-the-art technology was…and it was not quantum laptops sitting in backpacks. The funniest part, without actually evaluating the product in person, was the vendor said it was a “quantum emulator” doing what no non-quantum computer could do. Think about that! A quantum emulator means it is not quantum! It is a regular computer! So, essentially, they were saying it was a regular computer doing what a regular computer could not do. Hilarious!

On the good side, when I called the vendor to evaluate their claims, they quickly revealed it was a marketing ploy and that it was a regular laptop running quantum-emulation software (i.e., not a quantum computer). They even volunteered that they had added the LED and tubes to make it look cooler for the computer conferences to attract attention. I give the A+ for marketing effort. It worked. And they stopped promoting that nonsense as a quantum computer “which could do what no other non-quantum computer could do”!

Hey, they were not that serious. But there are dozens, if not hundreds, of companies trying to sell you either completely fake, junk, cryptography or cryptography that works as advertised, but just is not needed because our current stuff is working just fine. We do not need “innovative” cryptography. The non-innovative stuff is working pretty well. We do not need one-time pads (they do not exist). We do not need bazillion-bit keys (that would actually mean your cryptographic algorithm is weak). We do not need keys spread all over the Internet (again, this would mean your ciphers or implementation are weak or simple unneeded). You NOT sharing your algorithm means it is likely to have flaws. Official, well-supported cryptographic algorithms are strong because the creators shared those algorithms publicly and lots of cryptographic geniuses tested them over many years looking for big flaws, found none, and they withstood the test of time. We do not need something a lot different than what we have. What we have is actually working well enough. And when the officially supported stuff stops working, we slowly replace it with the new officially supported working stuff that works better. No need for secret crypto or strange stuff that no one has ever used before.

The best advice I can give anyone regarding cryptography is to use the worldwide official standards (as promoted by NIST and other international cryptography standards organizations). Until one of those groups says to use a particular cryptographic standard, do not use it. And they are not telling you to use “secret” algorithms, distributed keys, one-time pads, or keys with lots of strange jargon created by only one vendor.

And try not to take this the wrong way if you are a vendor with a great new cryptographic solution that everyone should be using instead of the current stuff, but I do not want to learn about it. I’m sure it’s great. I’m sure you are a great guy. I’m sure your board of directors are brilliant (although it would be nice if at least a few of them were actual cryptography experts). Either way, no need to send it to me. I will read about the officially tested stuff on the blogs of the official cryptographic standards. With that said, I wish you much luck and success. It is a tough world out there and the cryptographic world is one of the toughest markets to break into. I’m just more into common, open standards, promoted by internationally-respected cryptographic standards bodies.?