Slashdot Mirror
Israeli Firm Claims Unbreakable Encryption
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]
Which is unfortunately 2x the size of the original message.
Ho hum...
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
Take input file and pipe it to dev/nul,
Take dev/random and pipe it to output file.
Guaranteed unbreakable encryption!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.
It's snakeoil. Just marketing, no security. Move along. Nothing to see here.
Belief is the currency of delusion.
From the press release or whatever that is:
Even though this is probably bogus, the prize for breaking it looks interesting
First, let's consider the source of this article. Here is what Israel21c says about themselves.
"ISRAEL21c is a not-for-profit corporation organized under the laws of California that works with existing institutions and the media to inform Americans about 21st century Israel, its people, its institutions and its contributions to global society. ISRAEL21c creates, aggregates and broadly disseminates high-quality information to the American public about the Israel that exists beyond the pervasive imagery of conflict that characterizes so much of western media reporting. Our goal is to strengthen the vibrant and enduring partnership between the United States and Israel, and between Americans and Israelis."
Translation: They are a part of the American pro-Israel lobby, whose job it is to pull the blinkers over the eyes of Americans regarding whatever Israel is doing at the moment. In this case, they don't handle the Arab-Israeli conflict (they mention a sister org for that -- israelinsider). Rather, they propagandize for the Israeli high-tech industry, an industry largely created by American taxpayers and which directly competes with American companies. We won't talk about the underhanded way that came about.
So fair enough, they are pimping their nation's product. Let's look at what the article actually says, however.
"Meganet offers a patented non-linear data mapping technology, called VME (Virtual Matrix Encryption), that creates exceptionally random cipher text and combines it with a one million-bit key, which is unheard of in today's data security markets. Competing solutions offer a maximum of 256 bits."
Cut through the marketing bullshit, and this sounds like a variation on the old one-time pad. This isn't the first company to discover how wonderfully secure the one-time pad is. It it difficult to believe that this company has achieved a quantum leap in computer power such as would be necessary to support a one million bit key for any other kind of algorithm.
"All other encryption methods have been compromised in the last five to six years."
This is a quote from the founder of the company, a former IDF (Israeli Defense Force) tank commander. The statement is deceptive. Any form of encryption, OTHER THAN A ONE-TIME PAD, is susceptible to brute force attack if the key size is small enough. Some encryption methods, such as DES, are more vulnerable than others. PGP and GnuPG use default encryption that is pretty darn secure, and there hasn't been a successful cracking attempt a key of any reasonable size. The quote, by being deceptive, makes the product claims suspect.
"Backal stumbled onto the mathematical algorithm behind VMS when he was working as an engineer in the field of Wide Area Networking."
Highly unlikely story to begin with. One does not "stumble onto" mathematical algorithms -- not reliable ones, anyway. There is mention of a patent application, but no reference to any peer review. The fact that this company was ignored for two years is instructive -- if there was any substance to this, someone in the cryptography field would have taken a look at it. There is also the following:
"In an attempt to prove VME's strength, Meganet began offering prizes such as a Ferrari or $1m. to anyone who could break into a VME-protected file. So far, two million people have attempted to crack the code, but none have managed."
I try not to use bad language on public forums, but the most descriptive word I can come up with for this is "bullshit". If VME had ever put this out for that kind of money for a genuine trial, it would have been all over the Net. There is NO evidence I can discover that supports this claim. None. Nada. Zilch. This whole thing is really starting to smell bad.
The following two quotes give reason for pause as well.
"In November 1999, Meganet launched the company at the Comdex computer show in LA, California, hoping to attract corporate users. The company packed its 1,000 sq. ft booth with attractions, including a $1m. giveaway of Meganet software. Meganet proved a runaway success, and in the wake of the show it raised $5m. at a valuation of $50 to $60m. from new investors, most of them small, private investors. To date, the company has raised $10m., none of which comes from VCs."
"By December 2000, however, Meganet was in trouble. The company may have gained industry recognition, but it did not have sales. Nor could it raise money as the stock market had begun to crash."
You know what it means that money is raised from "small investors" without VC involvement? It generally means that you a dealing with a corporate con artist. I have some personal experience in dealing with a tech company that refused to take VC money. The reason for not raising money from VCs is simple. A venture capital firm will, on behalf of its funders, demand access to and a thorough review of the technology, something small investors aren't in a position to demand. If this was the real thing, there wouldn't be any need to hide the ball from the money guys. If you are a small investor, beware of companies that raise their money from small investors exclusively. It is a fundraising method that is the foundation of a great many frauds and impositions. If this is for real, somebody big would have invested -- but then, that might pose the same problem for the founder as having a VC involved, right?
Here is the part that worries me, however.
"Today, Meganet is rapidly becoming a significant US government vendor. Though it remains a small company, with just 25 employees, it won three out of four tenders released by the US government in this sector last year, beating giants like Verisign, RSA, Network Associates, Computer Associates, and IBM, to become sole-contractor on the projects."
Assuming this is true, it is disturbing. Let's look at what we have here. We have a former IDF officer who has come up with supposedly "unbreakable" encryption. It isn't peer reviewed, and he is apparently seeking security through obscurity (i.e. hides the ball) rather than publishing this wonder technology where others can take a look at it and see if there are any flaws. The company's R&D is in Israel, and when the company fails commercially, it starts getting U.S. Government contracts, presumably through the kinds of political connections that the America-Israel lobby (such as AIC and Israel21c) foster.
The Israelis have demonstrated that, despite the fact that the United States is their only real allies in the world, they won't hesitate to stab the Americans in the back when it serves Israeli interests. The Pollard spy case was only the tip of the iceberg for Israeli espionage in the US. Our own State Department has established that Israel has the most aggressive spying program in the U.S. of any ally, surpassing even such supposedly unfriendly nations as China. Remember the three Israelis in the van who were picked up by police after they were filmed cheering while the WTC collapsed? All former IDF members. They were released after a few weeks and rushed home, and the company they worked for simply disappeared.
I doubt VME has any wonder technology. I don't doubt that the Israeli intelligence apparatus would love to have us using their technology companies to protect our vital national secrets. Then they won't have a need for embarrassments like active intelligence agents in the US. They could simply download the information themselves, courtesy of our blindness in working with this somewhat unreliable ally.
Based on what I see in the article and the source, I wouldn't touch VME with a ten-foot pole.
This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/
Have Linux installed at your place in Amsterdam, for cheap
There used to be a Windows program called "Unbreakable security" which, among other things, could encrypt a file and put it in self opening .exe file (you had to enter the password).
So I tried to crack the program and found out it was fairly easy to do (took me a few hours). But then I discovered that the program had a bug which caused the blank password to be accepted as valid password. So much about Unbreakable security.
Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:
"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
A deficiency of one-time-pad is a man-in-the-middle with plaintext known. Given the known plaintext he can solve for the key and then use it to substitute an identical-length message of his own choosing.
...") for the long-winded header. The tail disolves into noise, but that could be expected from a code-clerk (or machine) under attack, which might make a synchronization error in the key. For automated systems you can still spoof the checksum at the end even if you can't spoof the tail of the message. Tweak the protocol and you might, say, slip some malware's infection header into a known buffer-overflow bug behind a firewall.
This is a non-trivial problem, as the start of a message may be known to an attacker, in both manual systems (where messages often start out with stock stuff) and automated ones (where the start may be automated protocol headers or well-known payload starts, which is all he really wants to spoof). Further, the entire content may have been discovered by other means - means which still didn't give him the encryption key.
Substituting only the start can still spoof both manual and automated systems. With a manual system you can substitute a short, urgent message ("They're coming over the hill at us from the east armed with
A solution to that was proposed back in the '70s by (ahem) me: Use Gallois fields, TWICE as much one-time pad as message, and encrypt in small blocks by multiplying by the first block of key and adding the second. (You also discard any block of key that would result in a multiply-by-zero in the first step.)
For any product of N primes there is at least one gallois field, and two is prime, so there is at least one gallois field of 2^n members for any n, i.e. you can encrypt blocks of n bits for any value of n greater than 1. (For n=1 this degenerates to ordinary one-time pad, as the first block of key is always 1.)
Suppose you encrypt in 8-bit blocks. (What a coincidence!) Even if the man-in-the-middle knows the message, for each byte he can either leave it alone or make a random choice among the other possible bytes. He's reduced to a malicious noise-generator. (He can pick the worst spot(s) to inject noise, but that's the limit.)
I called this the "GLOPS" cycpher, by analogy with GLOPS codes (a term-of-art for codes composed of arbitrary pairings of typically 5-letter groups with messages). With a GLOPS code knowing "GLOPS" means "attack at dawn" doesn't tell you whether "GLOPT" means "attack at dusk", "send a gross of toilet paper", or anything else. Similarly, with a GLOPS cypher, knowing 0x33 means "A" in this position doesn't tell you anything about 0x34 (except that it isn't "A" - unlike a GLOPS code where GLOPT might ALSO mean "attack at dawn".)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
What is being advertised here is not unbreakable in the sense used by most mathematician or serious cryptographers. (When a cryptographer says unbreakable, s/he means that the system is secure even against an adversary with unlimited computing power.)
Ideal use of a one time pad does have this property. There was a nice breakthrough in the EuroCrypt conference last year, where it was shown that one can obtain similar behavior even with keys that are shorter than the message to be encrypted, as long as the messages that you wish to encrypt are fairly random.
In any case, if you'd like to really understand what is going on here, for goodness' sake don't bother with Schneier's book; have a look at Goldreich's, "Foundations of Cryptography".