On January 3rd 2009, the first bitcoin block was processed, or mined.

Known as the genesis block, its special for a variety of reasons.

Most notable is the colossal achievement in establishing a secure digital store of value, or currency, a culmination of some 30 years mathematics, cryptography, game theory and coding.

Some hundred years earlier, Marconi demonstrated it was possible to transmit radio waves across the Atlantic.

Ironically, his innovation had multiple detractors, from his Italian compatriots who showed little interest in his work, to those who believed radio waves would not follow the curvature of the earth.

Marconis radio waves didnt follow the curvature of the earth, but with a little help from the ionosphere, did reach Newfoundland.

In 1909, Marconi received the Nobel prize. Radio is a foundational technology.

It created new bedrock for economies, transforming how we understand ourselves and our place in the universe.

But it took more than a hundred years of innovation to reach where we are today.

Bitcoin, and its underlying transaction record, blockchain, has a cryptographic elegance allowing the creation of digital events that are persistent, secure and unique enough, to which value can be ascribed.

It can be thought of as a collapsing protocol, combining the ability to store value, indelibly record ownership and make payments.

Interestingly, some eight years after the genesis block was created it still contains encoded, for as long as a single bitcoin node exists, in hexadecimal, the text: The Times 03/Jan/2009 Chancellor on brink of second bailout for banks.

This was a nod to the economic difficulties of those few months included by bitcoins creator, the pseudonymous Satoshi Nakamoto.

It took only a further year for bitcoin to acquire value when in May 2010, after a four day quest, Laszlo Hanyecz convinced Jeremy Sturdivant, to exchange 10,000 bitcoins for two Papa Johns pizzas.

At todays bitcoin price of roughly $2,500, those were special pizzas.

Over the next few years, what was a triumph in coding and cryptography, ran into rougher waters. Dogged by a reputation for extreme volatility, criminal activity, money laundering and financing terrorism, bitcoin suffered a lot of bad press.

Silk Road, using bitcoin as a medium of exchange, was probably the low point, the FBI eventually shutting the site down and seizing control of some 26,000 bitcoin in October 2013. Notwithstanding, the curious technology persisted, with hobbyists and enthusiasts working hard to develop and evolve the open source protocol, spawning in turn numerous derivatives.

As of today there are some 800 cryptocurrencies, all leveraging the thinking behind the original bitcoin protocol.

Many thought technology would lead nowhere, and mass adoption of bitcoin, or some other derivative cryptocurrency, was considered ridiculous.

And whilst the concept of bitcoin does seem ridiculous, it works.

Its nigh on impossible to shut down because of the distributed nature of the record of ownership; every single node needs to be destroyed.

It is easily accessible via a mobile phone allowing payments to be made with relative ease without the need for fiat currency, central counterparties, payment systems or general ledgers.

And the protocol itself has never been hacked.

In 2014, it started attracting the attention of the Bank of England.

In their third quarterly review of the year, examining payment technologies and the emergence of digital currencies, the authors conclude the key innovation is the distributed ledger allowing payment systems to operate in an entirely decentralised way, without intermediaries such as banks.

A year later, the Economist ran a piece called the Trust Machine, proclaiming how the technology behind bitcoin could change the world. And Ginni Rometty, CEO of IBM, made an equally bold claim in The Wall Street Journal, late in 2016, that blockchain, once widely adopted would transform the world.

IBC2017 -Blockchain and Broadcasters: A Masterclass Exploring the Opportunities for Broadcasters - in Distribution, Transparency, Anti-Piracy and Other Areas.

So where are we? For the media, entertainment and broadcast industry, there is little reference to the technology, which is strange, given the opportunity.

Aside from the obvious use cases relating to transaction processing, content is unique information, which is exactly what digital currencies are.

This means the cryptographic ecosystem created to record ownership can be applied to video, audio and text.

Content can be cryptographically secured, key pairs generated to control authorship and progress through production phases.

Blockchain allows a family tree of variants to be created, each with its own metadata, and cryptographic index, accessible anywhere.

Digital identities, anonymous or otherwise, can be created, capturing consumption data, and linking that to payment frameworks, operating without the need for fiat currency. This would also allow the synchronisation of payment at the point of consumption, at a micro level.

Finally, capital can be raised by issuing digital tokens, similar to bitcoin, funds being held in escrow, released in tranches, after peer-to-peer validation of the different phases from the treatment to preview.

Unique digital experiences can even be attached to those tokens; augmented and virtual reality, content gamification and curated viewing. I have even had a conversation about using a blockchain-jam to reach consensus as part of originating music or video content.

In exploring the immense opportunity this technology offers, there are seemingly three challenges. The first is understanding.

Presentation of blockchain and digital currency technology, largely focuses on describing it as a distributed ledger, or database, that maintains a continuously growing list of records, called blocks. Whilst technically correct, this doesnt engage the imagination.

Its the equivalent of describing radio as the simultaneous periodic variation of electric and magnetic fields.

Both of these descriptions do little to highlight the importance of their underlying importance.

The second is the general omission of any reference to the digital currency part. Most articles discuss blockchain, making some passing reference to bitcoin, without discussing the higher order of efficiency possible when considered together.

The net result are blockchain projects, that are nothing more than databases, still referencing the real world via fiat currency, versus including the digital currency part.

Finally, bitcoin is generally perceived as bad, so nobody talks about it, despite having current aggregate value of some $42bn.

Blockchain is a collapsing protocol; it acts as a store of value, a payments platform, and a ledger to record changes in data, whether an ownership record, or otherwise.

True blockchains are also immutable. Their distributed nature, the cryptography they employ and the consensus mode of operation which ignores bad actors creates a trust fabric, where every node on the network can trust every other node, without the need for a trusted intermediary.

The store of value is a unique cryptographic event, in the same way content is, making the blockchain ecosystem perfectly suited for managing the secure capture, creation, distribution and consumption of content asymmetrically; it puts the author back in control.

Ignoring or dismissing the technology at this stage is as dangerous as ignoring Marconi.

Founder and Managing Director of Blockchain Hub, an advisory company promoting and supporting the use of Blockchain across business sectors.

He is a former General Manager of Fujitsu and has held senior operational and technology strategy roles in the Bank of England, A.T. Kearney and Deutsche Bank.

Next week: Mark Mayne examines the size and scope of the blockchain market.

Original post:
Blockchain: a new foundation for media, entertainment and broadcast - IBC365 (registration)

June 23, 2017

Four Cornell computer science researchers will receive $2.5 million from the National Science Foundation to develop software tools that will improve cybersecurity. The project is exploring a new approach that will make it easier to use cryptography to build more-secure systems. Computing and Information Science researchers on the project are Andrew Myers, Elaine Shi, Greg Morrisett and Rafael Pass (Cornell Tech).

Cryptography, which involves complex mathematical manipulations of data, demands high-level expertise. It's easy to make security-critical mistakes when using cryptography to build systems, Myers said. The new secure chips must be programmed almost at the level of the computers machine language of ones and zeros, and also require expertise in cryptography.

If we are serious about remaining globally competitive, we must continue to invest in research to develop new computer engineering techniques that will stop hackers in their tracks, said Sen. Charles Schumer, D-New York. The work coming out of Cornell will improve our nations cybersecurity and help foster technological innovations that will make us safer and more productive. This funding will allow our brightest minds to find solutions to current and future challenges.

Research funds will be used to develop a high-level programming language called Viaduct.

The Viaduct system will automatically translate this high-level code into provably secure implementations that use sophisticated cryptography, said Myers, lead principal investigator.

Its clear that our society desperately needs new approaches to security and privacy, said researcher and CIS Dean Morrisett. The approach we are exploring should shift the burden of the security details from the programmer to the language environment.

Leslie Morris is director of communications for Computing and Information Science.

View original post here:
CIS researchers receive $2.5M NSF grant for cybersecurity - Cornell Chronicle

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Keep current company name

Update Company name to:

Keep current company role

Update company role to: Technical Team Lead Senior Developer / Engineer Software Developer / Programmer/ Engineer Ops Engineer Architect: Technical/Application (platform specific) Architect: Solution/Systems (integration focused) Enterprise Architect / Chief Architect Senior Management (VP, CTO, CIO, Director) Technical Project Manager Ops Manager Product Manager / Business Analyst Product Owner Testing / QA Engineer Scrum Master / Team Facilitator Agile Coach Systems Analyst UX Specialist Other

Keep current company Size

100 or less 101-250 251-500 501-1,000 1001-2500 2,501+

Keep current country/zone

Update country/zone to: --- Select a country --- Afghanistan land Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Asia/Pacific Region Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius, and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo (Democratic Republic) Congo (People's Republic) Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Curaao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island North Korea Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Saint-Barthlemy Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Serbia and Montenegro Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Korea South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Minor Outlying Islands Uruguay USA Uzbekistan Vanuatu Vatican City (Holy See) Venezuela Vietnam Virgin Islands (British) Virgin Islands (U.S.) Wallis and Futuna Western Sahara Yemen Zaire Zambia Zimbabwe

Keep current state/province/region

Update state/province/region to:

Subscribe to our newsletter?

Subscribe to our industry email notices?

You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.

Read more from the original source:
Practical Cryptography & Blockchain Panel - InfoQ.com

The Espressif ESP8266 chipset makes three-dollar Internet of Things development boards an economic reality. According to the popular automatic firmware-building site nodeMCU-builds, in the last 60 days there have been 13,341 custom firmware builds for that platform. Of those, only 19% have SSL support, and 10% include the cryptography module.

Were often critical of the lack of security in the IoT sector, and frequently cover botnets and other attacks, but will we hold our projects to the same standards we demand? Will we stop at identifying the problem, or can we be part of the solution?

This article will focus on applying AES encryption and hash authorization functions to the MQTT protocol using the popular ESP8266 chip running NodeMCU firmware. Our purpose is not to provide a copy/paste panacea, but to go through the process step by step, identifying challenges and solutions along the way. The result is a system thats end-to-end encrypted and authenticated, preventing eavesdropping along the way, and spoofing of valid data, without relying on SSL.

Were aware that there are also more powerful platforms that can easily support SSL (e.g. Raspberry Pi, Orange Pi, FriendlyARM), but lets start with the cheapest hardware most of us have lying around, and a protocol suitable for many of our projects. AES is something you could implement on an AVR if you needed to.

MQTT is a lightweight messaging protocol that runs on top of TCP/IP and is frequently used for IoT projects. Client devices subscribe or publish to topics (e.g. sensors/temperature/kitchen), and these messages are relayed by an MQTT broker. More information on MQTT is available on their webpage or in our own getting-started series.

The MQTT protocol doesnt have any built-in security features beyond username/password authentication, so its common to encrypt and authenticate across a network with SSL. However, SSL can be rather demanding for the ESP8266 and when enabled, youre left with much less memory for your application. As a lightweight alternative, you can encrypt only the data payload being sent, and use a session ID and hash function for authentication.

A straightforward way to do this is using Lua and the NodeMCU Crypto module, which includes support for the AES algorithm in CBC mode as well as the HMAC hash function. Using AES encryption correctly requires three things to produce ciphertext: a message, a key, and an initialization vector (IV). Messages and keys are straightforward concepts, but the initialization vector is worth some discussion.

When you encode a message in AES with a static key, it will always produce the same output. For example, the message usernamepassword encrypted with key 1234567890ABCDEF might produce a result like E40D86C04D723AFF. If you run the encryption again with the same key and message, you will get the same result. This opens you to several common types of attack, especially pattern analysis and replay attacks.

In a pattern analysis attack, you use the knowledge that a given piece of data will always produce the same ciphertext to guess what the purpose or content of different messages are without actually knowing the secret key. For example, if the message E40D86C04D723AFF is sent prior to all other communications, one might quickly guess it is a login. In short, if the login system is simplistic, sending that packet (a replay attack) might be enough to identify yourself as an authorized user, and chaos ensues.

IVs make pattern analysis more difficult. An IV is a piece of data sent along with the key that modifies the end ciphertext result. As the name suggests, it initializes the state of the encryption algorithm before the data enters. The IV needs to be different for each message sent so that repeated data encrypts into different ciphertext, and some ciphers (like AES-CBC) require it to be unpredictable a practical way to accomplish this is just to randomize it each time. IVs do not have to be kept secret, but its typical to obfuscate them in some way.

While this protects against pattern analysis, it doesnt help with replay attacks. For example, retransmitting a given set of encrypted data will still duplicate the result. To prevent that, we need to authenticate the sender. We will use a public, pseudorandomly generated session ID for each message. This session ID can be generated by the receiving device by posting to an MQTT topic.

Preventing these types of attacks is important in a couple of common use cases. Internet controlled stoves exist, and questionable utility aside, it would be nice if they didnt use insecure commands. Secondly, if Im datalogging from a hundred sensors, I dont want anyone filling my database with garbage.

Implementing the above on the NodeMCU requires some effort. You will need firmware compiled to include the crypto module in addition to any others you require for your application. SSL support is not required.

First, lets assume youre connected to an MQTT broker with something like the following. You can implement this as a separate function from the cryptography to keep things clean. The client subscribes to a sessionID channel, which publishes suitably long, pseudorandom session IDs. You could encrypt them, but its not necessary.

Moving on, the node ID is a convenient way to help identify data sources. You can use any string you wish though: nodeid = node.chipid().

Then, we set up a static initialization vector and a key. This is only used to obfuscate the randomized initialization vector sent with each message, NOT used for any data. We also choose a separate key for the data. These keys are 16-bit hex, just replace them with yours.

Finally well need a passphrase for a hash function well be using later. A string of reasonable length is fine.

Well also assume you have some source of data. For this example it will be a value read from the ADC. data = adc.read(0)

Now, we generate a pseudorandom initialization vector. A 16-digit hex number is too large for the pseudorandom number function, so we generate it in two halves (16^8 minus 1) and concatenate them.

We can now run the actual encryption. Here we are encrypting the current initialization vector, the node ID, and one piece of sensor data.

Now we apply the hash function for authentication. First we combine the nodeid, iv, data, and session ID into a single message, then compute a HMAC SHA1 hash using the passphrase we defined earlier. We convert it to hex to make it a bit more human-readable for any debugging.

Now that both encryption and authentication checks are in place, we can place all this information in some structure and send it. Here, well use comma separated values as its convenient:

When we run the above code on an actual NodeMCU, we would get output something like this:

All together, the encryption program is as follows (MQTT sections excluded for clarity):

Now, your MQTT broker doesnt know or care that the data is encrypted, it just passes it on. So, your other MQTT clients subscribed to the topic will need to know how to decrypt the data. On NodeMCU this is rather easy. Just split the received data into strings via the commas, and do something like the below. Note this end will have generated the session ID so already knows it.

Then compare the received and computed HMAC, and regardless of the result, invalidate that session ID by generating a new one.

For a little variety, consider how we would handle decryption in Python, if we had an MQTT client on the same virtual machine as the broker that was analysing the data or storing it in a database. Lets assume youve received the data as a string payload, from something like the excellent Paho MQTT Client for Python.

In this case its convenient to hex encode the encrypted data on the NodeMCU before transmitting. So on the NodeMCU we convert all encrypted data to hex, for example: encrypted_iv = crypto.toHex(crypto.encrypt("AES-CBC", ivkey, iv, staticiv))

Publishing a randomized sessionID is not discussed below, but is easy enough using os.urandom() and the Paho MQTT Client. The decryption is handled as follows:

Now we have a system that sends encrypted, authenticated messages through an MQTT server to either another ESP8266 client or a larger system running Python. There are still important loose ends for you to tie up if you implement this yourself. The keys are all stored in the ESP8266s flash memory, so you will want to control access to these devices to prevent reverse engineering. The keys are also stored in the code on the computer receiving the data, here running Python. Further, you probably want each client to have a different key and passphrase. Thats a lot of secret material to keep safe and potentially update when necessary. Solving the key distribution problem is left as an exercise for the motivated reader.

And on a closing note, one of the dreadful things about writing an article involving cryptography is the possibility of being wrong on the Internet. This is a fairly straightforward application of the tested-and-true AES-CBC mode with HMAC, so it should be pretty solid. Nonetheless, if you find any interesting shortcomings in the above, please let us know in the comments.

More here:
Practical IoT Cryptography on the Espressif ESP8266 - Hackaday

After two years of research, SK Telecom said it has successfully developed a quantum repeater for the first time in South Korea, making it the third nation to achieve the next-generation security technology, following the U.S. and China, The Korea Times reported.

Quantum cryptography communication is considered the most secure form of communication encryption that cant be broken with existing hacking technology. Quantum cryptography is expected to replace the existing security solutions in all areas at risk of data hacking, including national defense, finance, autonomous vehicle and the internet of things (IoT), SK Telecom noted in its release.

Called the Trusted Repeater, the quantum repeater that SK developed can dramatically extend the distance of quantum communication, achieving a distance record of 112 kilometers for Quantum Key Distribution (QKD). Prior to the development of this quantum repeater, the maximum QKD transmission distance was around 80 kilometers due to the fact that it involves the use of weak single-photon quantum signals. The distance limitation of QKD had been viewed as the biggest obstacle to its commercialization.

Now SK Telecom wants to pursue commercial installation, with plans to transmit quantum keys from Seoul to Busan, which is about 460 kilometers, by installing five units of its repeaters. The company will work with its global partners to apply quantum cryptography solutions, including the quantum repeater, to not only to its commercial LTE networks in Korea, but also to commercial networks overseas.

SK Telecom has opened a new chapter in the field of quantum technologies by developing the Trusted Repeater, an enabler for long-distance quantum communication, said Park Jin-hyo, senior vice president and head of Network Technology R&D Center of SK Telecom, in a statement. SK Telecom will continue to focus on developing key quantum cryptography technologies and building a related ecosystem.

SK Telecom said it applied its quantum cryptography technologies to a commercial LTE network (fiber optic cable) in Sejong City in 2016 and some parts of the advanced science and technology research network (SuperSiReN) in Daedeok Research Development Complex through cooperation with the Korea Institute of Science and Technology Information (KISTI) in May 2017.

SK Telecom has been actively developing core quantum cryptography technologies since it established Quantum TechLab in 2011. In February 2017, it entered into an agreement with Nokia to cooperate in the quantum cryptography business and established Quantum Alliance with Deutsche Telekom with the aim to enable secure communication in the age of quantum computing.

Last month, the AT&T Foundry innovation center in Palo Alto, Californiaand the California Institute of Technology (CalTech) announced they were combining forces to form the Alliance for Quantum Technologies (AQT), which aims to speed quantum technology development and emerging practical applications.

Here is the original post:
SK Telecom develops advanced quantum repeater - FierceWireless

What is Cryptography and how does it work? These are the questions we will be examining in our cryptography introductory series below. Though this course is a compilation of videos from our other courses, we put together this study for those who want to cut out some of the other content and focus directly on cryptography. Get started learning Cryptography online, for free, now!

In this online course we will be examining how cryptography is the cornerstone of security technologies, and how through its use of different encryption methods, such as ciphers, and public or private keys, you can protect private or sensitive information from unauthorized access. Often associated with privacy, Cryptography offers four basic services: Confidentiality, Integrity, Authenticity / Availability, and Non-Repudiation. This course offers practical examples for everyday use, to provide better understanding of these concepts.

In our brief online Cryptography course, youll learn about the difference between clear text and cypher text, compare different encryption types, how encryption works, and how to secure and compare data through the use of hashing.

We hope you enjoy this class taught by a couple of our many knowledgeable Subject Matter Experts, Leo Dregier and Kelly Handerhan.

Feel free to view our CompTIA CASP or Penetration Testing and Ethical Hacking courses for more information surrounding Cryptography.

What is a Course Badge? Whenever you feel that you have mastered the content of a course, get yourself a nifty course badge to show off your profile.

You need more Cybytes to earn this Course Badge

Read more:
Free Online Cryptography Training Class - Cybrary

Entropy is not usually considered desirable, except in cryptography

Usually when the subject of quantum computing comes up, it's all rather future-gazing stuff. However, during the Infosecurity Europe 2017 show, one company launched a quantum technology derived product that's very much here and now: Entropy-as-a-Service.

Whitewood, which is developing crypto-security solutions based on advanced quantum technology, says that the cloud-based service "delivers pure quantum entropy, the foundation of randomness, to generate truly random numbers for creating cryptographic keys that are impossible to guess".

So how does this work, and do we actually need a quantum random number generator anyway?

The press release talks of the Whitewood Entropy Engine being at the heart of the service, something born out a decade long research program at Los Alamos National Laboratory. "Random number generation is critical for security but is often poorly understood," says Richard Moulds, general manager of Whitewood, "and it's a point of attack and vulnerability."

SC Media UK asked Moulds if he was saying existing random number generators (RNG) are actually that bad, to the point of being dangerous to use in real world scenarios?

"It's not so much that all random number generators are bad, it's that some are bad but you can't tell which ones they are!" Moulds insists. "As security applications use more and more crypto encryption is becoming ubiquitous and GDPR will only accelerate this they consume more and more keys, which requires more and more randomness."

The trouble being, according to Moulds, that we are increasingly hosting our applications in places where there is little or no randomness the cloud or IoT devices for example.

"We've seen recent patches by Siemens of its IoT building controllers because they had no randomness and hence were generating the same keys," Moulds warns. "Edward Snowden's leaks indicated that a newly standardised RNG had been weakened specifically to enable government eavesdropping. It's effectively impossible to spot the difference between a truly random and non-random RNG."

SC Media put the same question to Dr Zulfikar Ramzan, CTO at RSA. "While research into novel sources of entropy for cryptographic applications is interesting," he admitted, "many of the existing approaches for generating random numbers are quite sound."

In fact, Dr Ramzan went on to insist that when issues do typically occur, "they have less to do with the source of randomness, but rather with the implementation of the approach or when the results are used in downstream applications".

Which leads us to wonder what the real world argument for diverting budgets, that are already squeezed, to a quantum powered random number generator might look like?

Richard Moulds responded: "If we could test the keys that are generated and keep the good ones and throw away the non-random ones there would be no problem." But he added, "There is no official test or standard for doing so, although NIST is actually working on one." This means efforts to ensure keys are truly random have to be proactive not reactive.

"Randomness has to be architected into the system up front," Moulds insists. "Once a key is exposed the game is over."

Dr Ramzan still has concerns though. "In cryptography, novelty is a negative," he explains. "When a new idea is introduced, it needs to withstand the test of time and be adequately analysed before it is safe to use within commercial applications."

He compares cryptography to baking: you not only need to ensure that you use the right ingredients in the right ways at the right times to prepare the batter, but you must make sure that it is cooked for the appropriate amount of time.

"Otherwise, the results can vary from being unpredictable to being lethal, Dr Ramzan concludes.

Here is the original post:
Quantum-powered random numbers could provide key to better cryptography - SC Magazine UK

Stratumn, a provider of network solutions securing processes between enterprises and their stakeholders through blockchain technology and advanced cryptography, announced today the raising of 7 million in a Series A funding from Open CNP, the Corporate Venture arm of CNP Assurances, Otium Venture, Nasdaq and Digital Currency Group.

Stratumn helps companies securing and streamlining regulatory and compliance procedures

As companies become ever more connected to one another, and the security and integrity of their data are challenged, centrally managed information systems have proved their limitations. StratumnsProof of Process Technologysolves a core dilemma for organizations: streamlining regulatory and compliance procedures, improving customer privacy and data protection while reducing operational and back office costs. Stratumns suite of network solutions provides organizations with an efficient and reliable way to streamline and secure the exchange of data between partners, customers, and regulators. Enterprises who adopt this technology benefit from better accountability, traceability, and integrity of their records, while regulators may audit process data in real-time.

Stratumn has already developed more than 10 projects with large companies such as CNP Assurances, Allianz France, Nasdaq, Thales, Bureau Veritas or Bouygues Immobilier, and is currently Frances leading company using the blockchain technology in terms of staff and projects development.

We are very pleased to have successfully closed this series A round, which represents a major milestone for Stratumn. Our new investors will enable Stratumn to continue and accelerate its development and more effectively address growing needs in our markets. We are especially happy with the continued and increased support from Otium Venture, who have accompanied us for a year, and excited to welcome CNP Assurances, Nasdaq, and Digital Currency Group, who will help us reinforce Stratumns presence in the insurance and capital markets sectors. We are very confident about Stratumns development prospects in the upcoming months and years. The successful closing of this round, as well as our investors commitment as strategic partners, is rocket fuel which will power the development and launch of Proof of Process Technology.

The funding will accelerate Stratumns development and expansion into the U.S.

This funding round constitutes a major step for Stratumn, as it will allow the company to accelerate its development, notably by focusing on research, product design, and business development, as well as by continuing to attract talented individuals to join its 15-person strong international team the company aims to double its size by the end of 2018. Stratumn also intends to develop its international activities through a planned expansion into the United States by the end of the year. This would allow the company to become closer to key stakeholders and decision centers in their core market segments.

This round, led by Open CNP, the Corporate Venture arm of CNP Assurances, with the participation of Nasdaq, Digital Currency Group, and existing investor Otium Venture, combines major corporate and financial investors from France and the United States. In addition to enabling Stratumns development through additional funding, these investors will support Stratumns growth in their respective fields and geographies through partnerships and knowledge sharing, which will help the company reinforce its existing links with the insurance, capital markets, and digital currency ecosystems.

Stratumn and Nasdaq have also entered into a co-research and development partnership, which aims at leveragingProof of Process Technologyto enhance the software solutions and products for the capital markets, particularly in Nasdaqs Market Technology business and its own enterprise technology unit.

Magali No, CDO of CNP Assurancessaid:

Blockchain technology makes processes more reliable and streamlines information flows for consortiums. We would like to promote this technology to our partners and to insurance industry players using the Proof of Process Technology developed by Stratumn. This investment is part of the 100 million that CNP Assurances allocates to start-ups over a five-year period through its Open CNP program and is the fourth Open CNP investment to date.

Nasdaq Head of Corporate Strategy Jean-Jacques Louissaid:

An investment in Stratumn was a natural development for us given the experimentation projects we have successfully executed with Richard and his team over the past year. We look forward to furthering our relationship between Stratumn and our technology team by collaborating on developing and applying unique financial technology that will bolster and strengthen the current and next generation products for our customers and ourselves. This approach fits with the mission of Nasdaq and, in particularly, our newly formedNasdaq Ventures.

Digital Currency Group CEO Barry Silbertsaid:

We are eager to have Stratumn join the DCG family, which now includes 100 companies across 28 countries. Stratumns Proof of Process Technology solves critical challenges around verifying and auditing the integrity of data used to make critical business decisions, and we look forward to helping the team build partnerships across our network of blockchain service providers and enterprises.

Here is the original post:
Blockchain technology and cryptography provider Stratumn raises 7m - CryptoNinjas

Craig Bauer Princeton University Press: 2017. ISBN: 9780691167671

Buy this book: US UK Japan

Leemage/Corbis via Getty

The Phaistos disc, discovered in Crete in 1908, remains untranslated.

The concluding words of Unsolved! are a call to action. Craig Bauer, a US mathematician and editor-in-chief of the journal Cryptologia, ends his hefty history of cryptography by noting that even as he was compiling the book, unsolved ciphers from decades, sometimes centuries, in the past were coming to light on a regular basis, along with a plethora of new puzzles. For cryptography fiends, it's a thrown gauntlet.

Unsolved! spans a huge arc of time and space, from Julius Caesar's simple substitution cipher to composer Edward Elgar's 1897 Dorabella Cipher a still-unsolved letter to Dora Penny, a dedicatee of his Enigma Variations. Uncracked ciphers from the twentieth century are associated with the Irish Republican Army, a series of grisly murders in California and messages 'detected' from Mars.

Bauer's compelling chapter on the medieval Voynich manuscript occupies one-sixth of the book. In his 1967 The Codebreakers, cryptography historian David Kahn called the manuscript the longest, the best known, the most tantalizing, the most heavily attacked, the most resistant, and the most expensive of historical cryptograms. Its weird colour illustrations and indecipherable calligraphy attract 16% of online traffic to the library at Yale University in New Haven, Connecticut, where it is held (A. Robinson Nature 539, 2829; 2016). Bauer speculates as to whether the manuscript is written in a monoalphabetic substitution cipher (MASC) each plaintext letter substituted with a letter from a single scrambled alphabet. A crackable MASCed text in English reveals the principles. But, as he shows, the Voynich manuscript has too much redundancy (order) to be MASCed English, French, German, Italian, Spanish or Japanese. (Wisely, Bauer offers no theories of his own.)

Unsolved! digs into the riches of ancient Viking, Roman, Greek and Egyptian cryptography. Egyptologists tend to avoid tackling the latter because of its sheer complexity. Bauer reveals how Caesar's cipher worked, substituting each plain-text letter with a letter a fixed number of places away in the alphabet. Inexplicably, however, he relegates to an endnote the undeciphered Phaistos disc found on Crete in 1908 the only example of its much-discussed script (A.Robinson Nature 453, 990991; 2008). Nor is there even a passing reference to Michael Ventris, celebrated for his 1952 decipherment of the script Linear B as a form of archaic Greek, or to the exciting solution of Central America's Mayan script, launched by Soviet linguist Yuri Knorozov.

Perhaps the most successful chapter centres on ciphers by the notorious, never-captured 'Zodiac Killer', who murdered at least five people in California in 196870 (dramatized in David Fincher's 2007 film Zodiac.) The murderer sent taunting letters to local newspapers, featuring four ciphers offering clues to his identity. The first was broken by husband-and-wife amateurs Donald and Bettye Harden. She guessed that a self-centred person might begin his message with 'I'; that 'KILL' might feature in it more than once; and even that the phrase 'I LIKE KILLING' might appear. This proved the key to translating the simple MASC to meaningful, if misspelt, English, although no sense could be made of the killer's signature, EBEORIETEMETHHPITI.

The Zodiac's other ciphers have proved resistant. Bauer hazards that a nine-letter 'word' with some resemblance to the ten-letter 'CALIFORNIA' may mean just that, although a letter is missing possibly due to lousy spelling. But would a killer with poor spelling, as opposed to someone like the wordplay-loving Elgar, be attracted to ciphering? Later, Bauer guesses that such misspellings were likely intentional.

The level of decoding skill needed for Unsolved! varies significantly. A willingness to grapple with plain text and cipher text is necessary, but some parts require undergraduate-level mathematics. One is the section on RSA, unveiled in the 1970s as one of the first practical public-key cryptosystems. The book's combination of convincing logic and sometimes-convincing speculation is a familiar mix to those of us interested in undeciphered writing, such as the script of the Indus civilization (A. Robinson Nature 526, 499501; 2015) and the rongorongo script used on Easter Island.

As science-fiction writer Arthur C. Clarke commented when I published Lost Languages (McGraw-Hill, 2002): Many, it seems likely, will never be deciphered which raises an interesting question. If we cannot always understand messages from our fellow humans how successful will we be when we receive the first communication from Outer Space? And Clarke was talking about ordinary writing systems. For all the clues analysed in Unsolved!, there is plenty of Earthly decoding to do before we tackle any extraterrestrial communiqus.

See more here:
Cryptography: The codes that got away - Nature.com

Flash Physics is our daily pick of the latest need-to-know developments from the global physics community selected by Physics World's team of editors and reporters

The potential of using satellites for secure quantum communication has been demonstrated in a proof-of-concept study by researchers in Canada. Thomas Jennewein from the University of Waterloo and colleagues successfully sent quantum key distribution (QKD) transmissions from the ground to a moving aircraft for the first time. QKD uses the laws of quantum mechanics to guarantee complete security when two people exchange a cryptographic key using photons. If the key is read by a third party, this act of measurement will fundamentally change the nature of the key thereby alerting the two correspondents to the presence of the eavesdropper. On the ground, QKD transmissions can be sent via optical fibres but their range is limited to a few hundred kilometres because of absorption losses. While free space links have been shown to work over ground in both stationary and moving tests, they are also limited to a few hundred kilometres instead being held back by atmospheric absorption and turbulence, and the need for a clear line of sight. However, these drawbacks could be avoided by using satellites outside the Earths atmosphere. Jennewein and team therefore developed a system suitable for a satellite. Restricted to testing the system on Earth, the researchers set up a transmitter on the ground and used a Twin Otter aircraft to fly the receiver over it at angular rates similar to those of low-orbit satellites. They successfully achieved a quantum link for seven of their 14passes and were able to extract the secret key for six of them. This is an extremely important step, which took almost eight years of preparation, explains Jennewein. We have proved the concept, and our results provide a blueprint for future satellite missions to build upon. The study can be found in Quantum Science and Technology.

Machine learning has been used to improve how X-ray pulses are used to study molecular dynamics. The new technique was developed by an international team of researchers and tested using data from the Linac Coherent Light Source (LCLS-1) free electron laser (FEL) at SLAC in the US. Trains of X-ray pulses lasting just 1015fs are produced at LCLS-1 and can be used to study chemical reactions and changes in molecular structure on very short timescales. However, the processes involved in producing the pulses are inherently unstable, and the intensity and timing of the pulses can vary by as much as 100%. This means that large amounts of measurement data from molecular studies are difficult to interpret and have to be discarded. One way around this problem is to determine the properties of the pulses as they are produced. But this can interfere with the experiment and will become increasingly difficult to do with the shorter pulses that will be produced by next-generation X-ray sources. Now, Alvaro Sanchez-Gonzalez and Jon Marangos of Imperial College London and colleagues have developed a new artificial intelligence-based technique that can accurately predict the properties of the X-ray pulses based on real-time measurements of certain properties of the FEL. Crucially, these measurements can be made fast enough to match the rate at which the X-ray pulses are delivered. For current instruments, which generate about a hundred pulses per second, sometimes up to a half of the data is unusable, explains Sanchez-Gonzalez. "This problem will only be compounded in next-generation instruments, such as the European XFEL or LCLS-II, designed to generate hundreds of thousands of pulses per second. He adds, Our method effectively resolves the problem, and should work on the new instruments as well as the older ones we tested it on. This will allow useful data to be gathered up to a thousand times faster. The technique is described in Nature Communications.

Astronomers working on the Atacama Large Millimeter/submillimeter Array (ALMA) in Chile have come up with an explanation of how the Boomerang Nebula described as the coldest object in the universe formed. Recent observations with ALMA allowed the team to make precise calculations of the nebulas extent, age, mass, and kinetic energy. The results suggest that the spectacular outflow of gas and dust was created when a small companion star plunged into the heart of a red giant, ejecting most the matter of the larger star. These new data show us that most of the stellar envelope from the massive red giant star has been blasted out into space at speeds far beyond the capabilities of a single, red giant star, said Raghvendra Sahai of NASAs Jet Propulsion Laboratory. The only way to eject so much mass and at such extreme speeds is from the gravitational energy of two interacting stars, which would explain the puzzling properties of the ultracold outflow. Wouter Vlemmings of Chalmers University of Technology in Sweden adds The extreme properties of the Boomerang challenge the conventional ideas about such interactions and provide us with one of the best opportunities to test the physics of binary systems that contain a giant star. Discovered in 1995, the nebula is an outflowing of gas and dust that is about 10times faster than could be produced by a single star. The temperature of the outflow is less than half a degree kelvin. This is much colder than deep space, which is about 2.7K. The study is reported in the Astrophysical Journal.

Here is the original post:
Flash Physics: Quantum cryptography for aircraft, AI boosts X-ray probe, cold nebula born in stellar collision - physicsworld.com