News and articles
<p>The American National Institute for Standards in Technology (NIST) is considering proposals for several modes of operation for Format Preserving Encryption (FPE). The idea behind FPE is quite simple: A plaintext should encipher to a ciphertext with exactly the same format and length. The classic example would be a credit card number, in which case the 18 decimal digit plaintext should encrypt to an 18 decimal digit ciphertext. This is clearly very convenient.</p>…
<p>We propose a new Elliptic curve at a security level significantly greater than the standard 128 bits, that fills a gap in current proposals while bucking the expected security vs cost curve by exploiting the new trick recently described by Granger and Scott. This essentially reduces the cost of field multiplication to that of a field squaring.</p> <p><a href="./curve.pdf" target="_blank" class="cta_button hero-button hvr-radial-out">Download paper and learn about an alternative Elliptic Curve</a></p> <h3 class="sectionHead"><span class="titlemark">1 </span> <a id="x1-10001"></a>Introduction</h3> <p>If a non-cryptographer were asked to guess how much stronger TOP SECRET cryptography is compared with commercial strength cryptography, I would imagine that most would suggest a hundred times, maybe a thousand times, maybe even a million times. But I think many would be surprised that in fact its at least 9,223,372,036,854,775,808 times, a number so big that it is unspeakable. But thats the difference between an elliptic curve at the 128-bit level of security and an elliptic curve at the 192-bit level. Most might consider this a little excessive. </p>…
<p><em>New Service Adopted by NTT Software to Expand Offerings While Eliminating the Largest Security Threat To Enterprise Customers In Digital Businesses (The Password Database).</em></p> <p><strong>Tokyo, Japan, October 19, 2016</strong> — <a href="/">MIRACL</a>, a leading internet cyber-security company, announced today the launch of NTT Software as a Global Distribution Partner for its Multi-Factor Authentication security solution platform.</p> <p>NTT Software has added to its portfolio MIRACL’s world-class security product that can comprehensively address the need for secure and scalable authentication in highly regulated industries such as banking, government, and healthcare. NTT Software’s new “TrustBind® MFA (multi-factor authentication)” is a hosted-cloud service that will allow the company to continue providing the best Identity Management Solutions to security focused enterprise customers.</p>…
<p>We have been tasked to harden the M-Pin protocol against a “key-escrow” attacker, who has the authority to demand and be issued with all of the secrets from all of the distributed trust authorities (D-TAs) and the M-Pin server, and use them to try to create valid credentials in the identities of valid clients in order to impersonate them and gain access to their accounts on a remote server via the normal M-Pin authentication process. As a purely identity-based protocol M-Pin is open to this kind of attack. Our recommended response is to use ideas from so-called Certificateless cryptography, which is a standard and established response to the key-escrow property of pure identity-based schemes.</p>…
<p>M-Pin is a Multi-Factor identity based authentication protocol. Secret authentication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL.</p> <p><a href="geo.pdf" target="_blank">Download paper using M-Pin with Geo-location/Geo-fencing</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>M-Pin is a Multi-Factor identity based authentication protocol. Secret authen-tication keys are issued to clients from a Distributed Trusted Authority (DTA). Typically there are two DTAs, one belonging to the customer and the other to MIRACL. Once the client has its secret, formed by adding the two components received from each DTA, it can use it to authenticate to an M-Pin server that has been issued by the DTAs with a single secret of its own. The client secret can be chopped up into individual factors, which are re-united only at the point where authentication is required.</p>…
<p>The non-interactive authenticated key exchange protocol known as SOK after its inventors Sakai, Oghishi and Kasahara, is one of the original pairing-based protocols. Like many such early protocols it was designed to work with a symmetric pairing. However now it is known that symmetric pairings are inefficient. So the issue arises of how to migrate it successfully to the setting of an efficient asymmetric pairing. In this short research note we consider the challenges and opportunities.</p>…
<p>M-Pin is a two-factor authentication protocol which has been proposed as an alternative to Username/Password, which works in conjunction with SSL/TLS. Here we derive a more complex M-Pin derivative called M-Pin-Full which also supplants the functionality of SSL/TLS.</p> <p><a href="/assets/pdf-downloads/mpinfull_3.1.pdf" target="_blank">Download Paper to learn about Full M-pin Technology</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>M-Pin is a zero-knowledge authentication protocol which authenticates a client to a server. Its unique feature is that it allows a short PIN number to be extracted from the client secret to create a token+PIN combination, facilitating two factor authentication. The idea can easily be extended to support multifactor authentication.</p>…
<p>The M-Pin protocol has been proposed for use in a setting which uses multiple Trusted Authorities. One way to realise M-Pin is to use “early binding”. With early binding the client secret shares issued by each authority are combined immediately after they are issued to each client, inside of the client process. Here we consider the possibilities of “late binding” whereby client secret shares are kept distinct. Conceptually with early binding all of the client secret shares are added to create a single secret, which is used to authenticate. Unless all shares are present and correct the authentication will not succeed. With late binding multiple individual secrets are issued as before, but each is used to authenticate separately. Unless all authentications succeed the overall authentication will fail. So in both cases the outcome is the same. However here we argue that late binding, at some extra cost, results in a more flexible system.</p>…
<p>Here we introduce the M-Pin client-server protocol, which features two-factor client authentication as an alternative to Username/Password. Despite the mathematical complexity of the protocol we demonstrate that an M-Pin client can be implemented in an environment with limited computational capability.</p> <p><a href="/assets/pdf-downloads/mpin4.pdf" target="_blank">Download this paper on M-Pin Authentication Protocol</a></p> <h3 id="1-executive-summary">1 Executive Summary</h3> <p>The M-Pin protocol is intended to replace the well-known Username/Password authentication mechanism which is widely considered to be effectively broken. The main problem is the existence of a “password file” on the server, which is commonly stolen and hacked, revealing most user passwords.</p>…
<h3 id="dimension-data-signs-on-as-global-distribution-partner-to-capture"><em>Dimension Data Signs on as Global Distribution Partner to Capture <br>Additional Share of $4 Billion User Authentication & Market</em></h3> <img src="./Screen_Shot_2016-09-11_at_6.30.45_PM.png" alt="Screen_Shot_2016-09-11_at_6.30.45_PM.png"> <p><strong>LONDON, September 12 , 2016 —</strong> MIRACL, a leading internet cyber-security company, announced today the launch of its disruptive multifactor authentication platform that allows security solution and managed service providers to expand their businesses in the $4.0 billion user authentication market and immediately capture revenue from current and net new customers.</p>…
<p>With the elections looming in America, the issue of the security of electronic voting is back in the news. Both major parties are making serious allegations that the election may well be rigged. Its outcome may even be determined by interference from a foreign government. This extraordinary movie-plot possibility is made plausible by the widespread use of Electronic Voting machines – which are based on computers which may be vulnerable to undetectable hacking.</p>…
<h3 id="here-we-attempt-a-simple-explanation-of-the-blockchain-for-a-not-overly-technical-audience">Here we attempt a simple explanation of the blockchain for a not overly technical audience.</h3> <p><a href="./block.pdf" target="_blank">Download the Essence of the Blockchain PDF</a></p> <h3 id="1-introduction">1 Introduction</h3> <p>The blockchain is a testament to the power of a single cryptographic primitive – the hash function. Really nothing else is required, so if you can get your head around the hash function, you can understand the basics of the blockchain.</p> <h3 id="2-the-hash-function">2 The Hash Function</h3> <p>A cryptographic hash function takes one input and calculates one output. For example for the input “We hold these truths to be self-evident”, the well known hash function SHA256 produces the output</p>…