Blog

<p>Here we introduce the M-Pin client-server protocol, which features two-factor client authentication as an alternative to Username/Password. Despite the mathematical complexity of the protocol we demonstrate that an M-Pin client can be implemented in an environment with limited computational capability.</p> <p><a href="/assets/pdf-downloads/mpin4.pdf" target="_blank">Download this paper on M-Pin Authentication Protocol</a></p> <h3 id="1-executive-summary">1 Executive Summary</h3> <p>The M-Pin protocol is intended to replace the well-known Username/Password authentication mechanism which is widely considered to be effectively broken. The main problem is the existence of a “password file” on the server, which is commonly stolen and hacked, revealing most user passwords.</p>…

<h3 id="dimension-data-signs-on-as-global-distribution-partner-to-capture-bradditional-share-of-4-billion-user-authentication--market"><em>Dimension Data Signs on as Global Distribution Partner to Capture <br>Additional Share of $4 Billion User Authentication & Market</em></h3> <img src="/assets/images/Screen_Shot_2016-09-11_at_6.30.45_PM.png" alt="Screen_Shot_2016-09-11_at_6.30.45_PM.png"> <p><strong>LONDON, September 12 , 2016 —</strong> MIRACL, a leading internet cyber-­security company, announced today the launch of its disruptive multi­factor authentication platform that allows security solution and managed service providers to expand their businesses in the $4.0 billion user authentication market and immediately capture revenue from current and net new customers.</p>…

<p>With the elections looming in America, the issue of the security of electronic voting is back in the news. Both major parties are making serious allegations that the election may well be rigged. Its outcome may even be determined by interference from a foreign government. This extraordinary movie-plot possibility is made plausible by the widespread use of Electronic Voting machines – which are based on computers which may be vulnerable to undetectable hacking.</p>…

<h3 id="here-we-attempt-a-simple-explanation-of-the-blockchain-for-a-not-overly-technical-audience">Here we attempt a simple explanation of the blockchain for a not overly technical audience.</h3> <p><a href="/assets/pdf-downloads/block.pdf" target="_blank">Download the Essence of the Blockchain PDF</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>The blockchain is a testament to the power of a single cryptographic primitive – the hash function. Really nothing else is required, so if you can get your head around the hash function, you can understand the basics of the blockchain.</p> <h3 id="2-the-hash-function">2 The Hash Function</h3> <p>A cryptographic hash function takes one input and calculates one output. For example for the input “We hold these truths to be self-evident”, the well known hash function SHA256 produces the output</p>…

<p>We introduce a multi-lingual crypto library, specifically designed to support the Internet of Things.</p> <p><a href="/assets/pdf-downloads/amcl.pdf" target="_blank">Download this paper on The Apache Milagro Crypto Library</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>There are many crypto libraries out there. Many offer a bewildering variety of cryptographic primitives, at different levels of security. Many use extensive assembly language in order to be as fast as possible. Many are very big, even bloated. Some rely on other external libraries. Many were designed by academics for academics, and so are not really suitable for commercial use. Many are otherwise excellent, but not written in our favourite language.</p>…

<p>You are a programmer that uses the Internet a lot. You don’t want to be one of those unfortunates that gets their password hacked, due to some asshole’s failure to properly protect the password file on a remote server. You don’t want to change the world, you just want to work securely with the world as it is. You haven’t the patience for elaborate procedures. You don’t want it to cost you. How can you live with the broken Username/Password system, and yet feel certain that while the rest of the world may be vulnerable, you will be OK?</p>…

<p><img src="/assets/images/computerlanguages.png" alt="Multiple Computer Languages" title="Multiple Computer Languages"></p> <p>In this article we describe our experience in implementing a high performance cryptographic library in multiple Computer Languages</p> <p><a href="/assets/pdf-downloads/blog.pdf" target="_blank" class="cta_button hero-button hvr-radial-out">Download this paper on Another Computer Language Comparison</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>Most people have a favourite language they like to program in. Or they may have two or three on a horses-for-courses basis. Maybe they like one language for high level scripting, and another for low level stuff. Me I have always liked C and C++, and have many years experience using them. In the past I couldn’t really comment on the competition, as I had no experience of them. Some I would have looked down on - Java was for people who can’t get their head around pointers, Rust for high falutin academic types. In fact I would have held all sorts of absurd prejudices, but all based on no actual experience whatsoever.</p>…

<p>The Internet community is up in a heap about Username/Password, and what to replace it with. Here we try to shed a little light.</p> <p><a href="/assets/pdf-downloads/up.pdf" target="_blank">Download paper and learn about the Authentication Dilemma</a></p> <h3 id="what-can-hackers-actually-do">What can Hackers actually do?</h3> <p>They can by sneaky methods plant viruses on your computer and, to varying extents, take control of it. Often this is done by fooling you into opening an email attachment. Sometimes they can exploit bugs in the software to remotely break into your computer without any recourse to your foolishness.</p>…

<p>Johnny Carson as long time host of the Tonight show often appeared in the spoof role of Carnac the Magnificent, a mentalist who could magically read the contents of a sealed envelope. This is in fact a well known stock-in-trade trick of the mentalist’s craft, known as “billet reading”. Here we propose a cryptographic solution to the problem of billet reading, apparently allowing a ciphertext to be decrypted without direct knowledge of the ciphertext, and present both a compelling use case and a practical implementation.</p>…

<p>There are a variety of ways of applying the Karatsuba idea to multi-digit multiplication. These apply particularly well in the context where digits do not use the full word-length of the computer, so that partial products can be safely accumulated without fear of overflow. Here we re-visit the “arbitrary degree” version of Karatsuba and show that the cost of this little-known variant has been over-estimated in the past. We also attempt to definitively answer the question as to the cross-over point where Karatsuba performs better than the classic method.</div></p>…

<h3 id="apache-milagro-incubating-creates-an-alternative-to-outdated-and-problematic-monolithic-trust-hierarchies-providing-a-more-secure-infrastructure-thats-built-for-todays-internet">Apache Milagro (incubating) creates an alternative to outdated and problematic monolithic trust hierarchies, providing a more secure infrastructure that’s built for today’s internet</h3> <p>VANCOUVER, BC – May 11, 2016 – Leading into one of The Apache Software Foundation’s largest developer events, ApacheCon North America, <a href="/">MIRACL</a>, NTT Innovation Institute, Inc. (<a href="http://www.ntti3.com">NTT i³</a>) and NTT Labs join forces to contribute their security and authentication code to a new open­source project within the Apache Incubator called Apache Milagro (incubating).</p>…

<img src="/assets/images/miracl-blog-atomium.png" alt="miracl-blog-atomium.png" title="miracl-blog-atomium.png" width="320"> <p><em>image source: Atomium Public Domain</em></p> <p>In about a decade (or so we are told) we may reach a tipping point in the world of cryptography, as a practical quantum computer will become a reality. Personally I think it will take longer than that, perhaps even a lot longer. Often the people who anticipate quantum computers in the shorter term are the very same people that are looking for funding to do quantum research. A classic conflict of interest, but let’s face it no-one these days is going to fund research that may not pay off in their lifetime!</p>…