Snippings

From the earliest days of the web, people have been wondering about what exactly death means in an online age. I have been reminded about this in the most unpleasant way recently, having lost a family member way to soon and having observed how the sadness and stress associated with such an event is multiplied and amplified because of modern life.

We are now in a situation where our data can cause endless complications for loved ones. Here’s an illustrative example: “I cursed my father every step of the way,” says Richard, a Canadian engineer who was executor of his father’s estate. Although his father had left behind a list of passwords, none of them were still valid and Richard could not access any of his father’s online accounts, his email or even log on to his home computer.

I genuinely did not know this, having never been to either of the noted lap-dancing clubs Secrets or Platinum Lace, but such establishments require customers to buy vouchers, a private currency, to pay the dancers. The dancers do not, as you might expect in the modern world, accept credit cards (even contactless fnar fnar).

The customers are charged an entirely reasonable commission on the exchange of fiat currencies for the private currency. Presumably there are safety and security issues that drive the use of the private currency but I do remember reading about problems that occur in transactions of a similar context where the recipient, generally a marginalised woman, is presented with a collapsing currency (eg, Sterling) and cannot be sure of the value and therefore whether to accept the cash of note. I imagine the vouchers are seen as a sort of “stablecoin”, since the dancers can be sure of their value, whatever mechanisms or currencies are used to buy them.

Anyway, for whatever reason, there is a private currency is circulation. As a result, the clubs are in a dispute with HM Revenue & Customs over whether they should pay VAT on the commission they charge for exchanging customers’ cash for vouchers to pay dancers. The clubs believe this commission, about 20%, is a financial transaction and so should be exempt from VAT. HMRC thinks differently.

(Wait, what? 20%? Are they using my agent?)

This story is an interesting example of the use of what you might call “company money”. It’s akin to the use of chips in casinos or Disney Dollars. You change fiat currency that is good anywhere into a form of electronic money that is useful in only one area, but in the case it’s not useful because it is money. The function it performs 

xxx

We found that an SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

From Google Online Security Blog: New research: How effective is basic account hygiene at preventing hijacking.

xxx

National Institute for Standards  and Technology (NIST) 8105 Report on Post-Quantum Cryptography (April 2016) frames the situation nicely, noting that in recent years there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The UK National Cyber Security Centre concurs that the security of current approaches to asymmetric cryptography, as deployed in real-world systems that usually rely on either the difficulty of factoring integers (RSA) or calculating discrete logarithms (Diffie-Hellman, Elliptic Curve) is compromised in the presence of quantum computers.

Today, there are two known algorithms that quantum computers can use for cryptanalysis: Shor’s algorithm and Grover’s algorithm.

Shor’s algorithm first. The ability to quickly factor large numbers would break both RSA and discrete log-based cryptography. The fastest algorithm for integer factorization is the general number field sieve, which runs in sub-exponential time. However, in 1994 Peter Shor developed a quantum computer algorithm for integer factorisation that runs in polynomial time, and therefore would be able to break any RSA or discrete log-based crypto-system (including those using elliptic curves). This implies that all widely used public key cryptography would be insecure if someone were to build a quantum computer.

The other algorithm is Grover’s, which is able to invert functions in O(√n) time. This algorithm would reduce the security of symmetric key cryptography by a root factor, so AES-256 would only offer 128-bits of security. Since increasing the security of a hash function or AES by a factor of two is not very burdensome, Grover’s algorithm does not pose a serious threat to symmetric cryptography. Furthermore, none of the pseudorandom number generators suggested for cryptographic use would be affected by the invention of a quantum computer, other than perhaps the O(√n) factor incurred by Grover’s algorithm.

So, symmetric cryptography, and also forms of asymmetric cryptography built entirely from symmetric primitives, such as hash-based signatures, are not regarded as being vulnerable to quantum computation, as the best attacks are considered to be infeasible provided one uses large enough key (and block) sizes. In particular, when used with 256-bit keys, the AES block-cipher is currently considered to be safe from attack by any future conventional or quantum computer.

Vulnerabilities

A summary of the current situation is shown in the table below, which lists the impact of quantum computer on different cryptographic algorithms and thus highlights where vulnerabilities are.

Cryptography Use Case	Example in Common Use	Impact of Quantum Computer
Hashing	SHA2, SHA3	None
Symmetric	AES	Longer key sizes needed
Asymmetric	Factoring (RSA)	Devastating
Asymmetric	Discrete Log (DH)	Devastating

To attack asymmetric cryptography, the bad guys need to perform an active attack (which would require access to a quantum computer) to forge a signature, but may passively collect data now and then break key agreements in the future once a quantum computer becomes available. This is worth doing in order to obtain the session keys that are used to encrypt message contents (in, for example, PGP). So even if you can’t read messages now it is still worth collecting them to break them in the future. This means that transitioning current systems to use quantum-safe key agreement schemes should be considered as a higher priority than transitioning to quantum-safe digital signatures.

The timescales are obviously unknown, but bear in mind that even a small 30-qubit universal quantum computer could, theoretically, run at the equivalent of a classical computer operating at 10 teraflops (10 trillion flops, or 10¹²), according to David Deutsch, at the University of Oxford’s Centre for Quantum Computation. NIST’s current estimate is that the first cryptographically relevant quantum computer could be built by 2030 for a cost of about one billion US dollars.

Countermeasures

Broadly speaking, there are two very different approaches to protecting against the threat posed by quantum computation. One is quantum key distribution, or QKD, which exploits quantum properties of physical systems, and so requires specialised hardware. The other is post-quantum cryptography, or PQC, which, as with existing forms of asymmetric cryptography, exploits the intractability of certain mathematical problems, and so can be implemented in hardware or software.

The goal of PQC (also called quantum-resistant cryptography, QRC) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. Based on current understanding, the NCSC believe that for most real-world communications systems, and particularly for government systems, PQC will offer much more effective and efficient security mitigations than QKD.

NIST initiated a “traditional” multi-round process to solicit, evaluate, and standardise one or more PQC public-key algorithms. The Round 2 candidates were announced January 30, 2019. There are 17  candidate public-key encryption and key-establishment algorithms together with nine different digital signature algorithms.

These algorithms are, essentially, in three different “families” that rely on different sources of mathematical difficulty. Lattice cryptosystems are built using geometric structures known as lattices and are represented using matrices. Code-based systems use error-correcting codes, as have been used in information security for decades. Multivariate systems depend on the difficulty of solving a system of quadratic polynomial equations over a finite field. Early opinion sees lattices as the most actively studied and the most flexible. They are capable of key exchanges, digital signatures, and far more sophisticated constructions like fully homomorphic encryption which, while not widely used now, we might expect to see at the heart of future business infrastructure in response to the continuing cyberwar around us.

Therefore, it seems to me that if we are to take a first step in the space (eg, sponsoring an M.Sc, maybe at Royal Holloway, or perhaps even sponsoring a Ph.D again) then the area to focus on is quantum-safe key agreement schemes using lattices. Is it reasonable goal to  have someone build one of these to run on a quantum computer simulator that we could use in a real payment system in, say, three years?

xxx

“The security incident stemmed from cybercriminals breaching Checkers’ systems and installing malware on point of sale systems across more than 100 of its stores. The malware is designed to collect data stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date… The incident impacted 102 stores Checkers across 20 states – which were all exposed at varying dates, including as early as December 2015 to as recently as April 2019”

From “POS Malware Found at 102 Checkers Restaurant Locations | Threatpost”.

xxx

xxx

“NDI is a digital credential for users to transact with Government and businesses using a single trusted digital identity. Industry can make use of the NDI to build new services and improve the security and user experience of existing services. By the third quarter of FY19, the Government will launch ‘SG-Verify’, a facility for businesses to perform secure identity verification and data transfer through QR scanning. This will provide businesses an alternative for visitor registration and access, customer acquisition at roadshows, or any other use cases that require identification;”

From “More Citizens and Businesses Satisfied with Government Digital Services”.

xxx

xxx

“In an initial trial conducted with Carphone Warehouse, more than half of customers chose to use the new NatWest service rather than using their card,”

From “NatWest leverages open banking to cut transaction fees by 25% • NFC World”.

xxx

xxx

The system could also read the serial number on the banknotes accepted, and allow casinos to “track every single transaction to an individual piece of paper or currency,” he added.

From GGRAsia – JCM Global promotes its casino banknote tracking tech.

xxx

When Facebucks were first announced, the FT Lex column asksed why, if Facebook launched a “cryptocurrency” (let’s not get into whether it is a cryptocurrency or not again), “why would anyone want to use it?”. The column says that since purchases can be done “safely and easily with credit cards in stable, government-backed currencies” there is no market for a Zuckbuck. This is wrong, for three main reasons.

First, not all of Facebook’s two billion plus users have credit cards or bank accounts, and even if they do, it’s a pfaff tohave to come out of Facebook, log in to some web site somewhere and type in card details etc. Especially when you personal information is none of the business of the person you are buying from.

Second, a credit card works if you are paying a shop but it’s not that much use if you are paying a person, or you’re one of a group of kids trying reconcile and settle money for a party or something.

There are many reasons why Libra won’t work –

We’ll have to wait and see what it finally looks like when we get to the launch a year or so from now, but

So what is the business model? The FT notes that almost two-thirds of WeChat revenue comes from payments and less than a third is from advertising, which is Facebook’s business now. Clearly that data that flows from the payments business could be used to make the advertising business more effective.

xxx

“Close to 60 per cent of WeChat revenue comes from payments. Less than a third is from advertising. If Facebook could create a digital currency that ties together multiple payments services it would also gain access to a wealth of new information that would make its advertising business more valuable.”

From “Facebook: coining it | Financial Times”.

xxx