This is a copy of a mail I sent to the UK Crypto mailing list earlier today about this story. Sorry in advance for the long sig, but I'm writing in an official capacity.
As far as the patents go, the algorithm is based on ideas of ours and so she and we would have to talk about legal issues before we made any move in that direction. Baltimore is very aware, though, of how hard it would actually be to make any money off a public-key algorithm, given that RSA and DSA/DH are more-or-less hard-wired into the standards, and given that (for understandable reasons) the Internet community is wary of crypto algorithms that have licensing issues associated with them.
The algorithm that Sarah won the Young Scientist Competition with is based on work that Sarah did in Baltimore when she was here on a student work placement last March. We've been looking at algorithms based on 2x2 matrices for a while and gave her the idea to see what she could do with it.
The idea we were working on was to use 2x2 matrices with entries modulo n, n the product of 2 primes (ie an RSA number). The security is therefore exactly the same as the security of an RSA key with the same modulus. However, the encryption and decryption processes require only a small number of matrix multiplications rather than modular exponentiation, so both public-key operations (16 multiplications over the finite field) and private-key operations are as fast as a normal RSA private-key operation (17 multiplications). The downside is that both the key and the ciphertext are about eight times the length of the modulus, rather than more-or-less the length of the modulus as with RSA.
That was our idea, anyway. I haven't had time to look at Sarah's project in great detail so I don't know how far (or even whether) she's taken it beyond where we had it.
Sarah, by the way, is level-headed enough to know that new public-key algorithms only made you millions if you invented them in the Seventies. Her real problem is trying to stop the journalists talking up the stupid parts of the story while still emphasising that there's a real story in there.
Slashdot Mirror
The word "brilliant" was a direct quote from the judges. That's why it was in inverted commas.
William
Hi,
= =
= =============================
This is a copy of a mail I sent to the UK Crypto mailing list earlier today about this story. Sorry in advance for the long sig, but I'm writing in an official capacity.
As far as the patents go, the algorithm is based on ideas of ours and so she and we would have to talk about legal issues before we made any move in that direction. Baltimore is very aware, though, of how hard it would actually be to make any money off a public-key algorithm, given that RSA and DSA/DH are more-or-less hard-wired into the standards, and given that (for understandable reasons) the Internet community is wary of crypto algorithms that have licensing issues associated with them.
William
===============================================
The algorithm that Sarah won the Young Scientist Competition with is based on work that Sarah did in Baltimore when
she was here on a student work placement last March. We've been
looking at algorithms based on 2x2 matrices for a while and
gave her the idea to see what she could do with it.
The idea we were working on was to use 2x2 matrices with entries
modulo n, n the product of 2 primes (ie an RSA number). The
security is therefore exactly the same as the security of an RSA key with
the same modulus. However, the encryption and decryption processes
require only a small number of matrix multiplications rather than
modular exponentiation, so both public-key operations (16 multiplications
over the finite field) and private-key operations are as fast as a
normal RSA private-key operation (17 multiplications). The downside
is that both the key and the ciphertext are about eight times the
length of the modulus, rather than more-or-less the length of the
modulus as with RSA.
That was our idea, anyway. I haven't had time to look at Sarah's
project in great detail so I don't know how far (or even whether)
she's taken it beyond where we had it.
Sarah, by the way, is level-headed enough to know that new public-key
algorithms only made you millions if you invented them in the Seventies.
Her real problem is trying to stop the journalists talking up the
stupid parts of the story while still emphasising that there's a real
story in there.
Cheers,
William
===============================================
William Whyte, Senior Cryptographer, Baltimore-Zergo
Zergo & Baltimore Technologies merge in $55m deal !
The new company name will be "Baltimore"
See Baltimore at Stands 235 & 425
RSA Data Security Conference, 17-21 Jan '99
Baltimore Ltd, IFSC House, International Financial Services Centre,
Custom House Quay, Dublin 1, Ireland.
Tel. +353 1 605 4399 Fax. +353 1 605 4388
Email: info@baltimore.ie
Website http://www.baltimoreinc.com/
Baltimore - Global e-Security