back to article Microsoft throws crypto foes an untouchable elliptic curveball

While Washington mulls ways to make crypto less effective, the industry, thank heavens, continues to push in the other direction. Microsoft Research has just published an elliptic curve library it reckons is considerably faster than what's currently available. Outlined in this International Association for Cryptologic Research …

  1. Chris Gray 1
    Thumb Up

    Good stuff!

    This is part of the new Microsoft, I guess. Explicit support for Linux using gcc. Licensing is the MIT license - pretty much "do what you want".

    Haven't tried compiling yet (my gcc is one version back from what they have tested, and my CPU only has AVX, not AVX2).

    Still, looks like a good thing. Kudos to Microsoft!

    I hope external crypto folks examine it with a fine tooth comb!

    1. phuzz Silver badge
      Meh

      Re: Good stuff!

      Microsoft are so big, that different divisions have no idea what they are both working towards.

      So the same company that is retroactively adding telemetry to it's OSs is also working on better public crypto at the same time.

    2. Lars Silver badge
      Happy

      Re: Good stuff!

      Yes but a closed crypto would not be trusted by anybody. As for MS/Linux they compete as before, why would they not, but they also have to take into account the reality of today.

    3. Anonymous Coward
      Anonymous Coward

      Re: Good stuff!

      Even the choice of name is something that's startling and would never have been seen from the Microsoft of old. Google yes, Open Source movement definitely, but old grand-daddy Microsoft?

      Either this is a rogue division who didn't ask upper management for approval of the name before launch, or Microsoft really are willing to give the US government the finger which I never would have imagined.

      Perhaps because it's so out of character, I have my doubts about how secure this new algorithm really is. Like a middle aged man, wearing teen fashion and inviting kids back to his house to play on his PlayStation, the situation leaves me deeply uneasy.

    4. Crazy Operations Guy Silver badge

      Re: Good stuff!

      Microsoft is really a couple different companies that happen to have the same name. The R & D groups tend to be given boatloads of cash to spend on whatever they want while some of the other groups are beaten down and forced to crap out code at the direction of the marketing and management overlords.

  2. John Lewis 4

    Does it come with an officially pre-approved TLA Back Orifice ?

    1. Anonymous Coward
      Anonymous Coward

      TLA = two letter acronym?

      4Q = F.U.

      1. Rusty 1

        Can't help thinking they only narrowly missed out on building on a Two Ronnies gag. So close.

  3. Anonymous Coward
    Anonymous Coward

    Yeah but...

    Quote

    for others to audit.

    And for the spooks to work out how to break it in less than 'n' seconds. Where 'n' is the time before they get the waterboard [other measures are available] out.

    Cat meet Mouse (allied with big Dog)

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah but...

      So security through obscurity is better?

    2. Naselus

      Re: Yeah but...

      "And for the spooks to work out how to break it in less than 'n' seconds."

      Yes, as in standard practice for encryption algorithms since about 1950. Keeping your code secret and assuming it's unbreakable didn't work too well for the bad guys in World War 2, and so sensible people release their code set and see how long it takes other people to break it.

      1. Alan Brown Silver badge

        Re: Yeah but...

        "Keeping your code secret and assuming it's unbreakable didn't work too well for the bad guys in World War 2"

        Nor for the "good guys" 'allies' afterwards (the UK flogged off engima boxes without telling anyone they'd already been compromised.)

      2. Daniel Bower

        Re: Yeah but...

        Interestingly the guys that developed Enigma knew it breakable they just assumed that no one who's be bothered to actually look together the resources in time try.

        Two vital elements they overlooked. The fact that the operators of Enigma were lazy and didn't follow protocol giving the guys and girls at Bletchley Park something to go at and the fact that Britain is (or certainly was) full eccentrics who weighs jump at the chance of cracking something like Enigma in the first place.

    3. fruitoftheloon
      Thumb Down

      @AC: Re: Yeah but...

      Dear AC,

      so presumably with your intellectual capacity added to the community efforts, the whole thing will be spook-proof shortly then eh?

      Regards,

      jay

    4. John H Woods

      Re: Yeah but...

      You should acquaint yourself with Kerckhoffs' Principle

    5. Son 1

      Re: Yeah but...

      Yes, pulling finger nails trumps untouchable elliptic curveballs every time. Torture countries like the US do not care about laws and other social niceties.

    6. Tom_

      Re: Yeah but...

      The spooks will get hold of it whether or not you make it public. At least this way everyone else gets it too.

  4. Anonymous Coward
    Happy

    Positive

    A nice positive move from Microsoft.

    What I'm looking for, though, is a paper from them on how to ensure that their current OSs are totally free from monitoring/telemetry. That would be really useful - addressing privacy as well as security.

    1. Mark 85 Silver badge
      Black Helicopters

      Re: Positive

      If you want to see how scary that telemetry and reporting is... go here: http://someonewhocares.org/hosts/

      Down near the bottom of the list is:

      #<Windows10>

      # Windows 10 reporting domains127.0.0.1 a-0001.a-msedge.net

      and followed by approximately 55 items to be blocked.

      There's also several websites on blocking everything (except for any federally mandated backdoors that are hush-hush) out there with a bit of Googling.

      1. Anonymous Coward
        Anonymous Coward

        Re: Positive

        A useful, but ugly list. Seems funny to see Microsoft hosts keeping such dubious company.

        I guess the Windows10 list will do for Windows 7 and 8.1 - I'm sure they're heading that way.

        1. Anonymous Coward
          Anonymous Coward

          Re: Positive

          I guess the Windows10 list will do for Windows 7 and 8.1 - I'm sure they're heading that way.

          I guess you hadn't got the word. Unless you pay really close attention they've done it twice already and on the second patch Tuesday, they reinstated the one's you set hidden. Only saving grace, if you can call it that, they're still optional. Rule of thumb now is to carefully check the kb articles. Might help,....

          1. Paul Shirley

            Re: Positive

            Not sure carefully checking helps any longer since they stated they'll stop giving detailed explanations of updates. You'll actually need to search non Microsoft sites to find out which updates are Trojan horses from now on and i won't be trusting a Microsoft owned search engine for that.

            One bunch a week or so ago gave no useful info on the Microsoft kb pages, took 30min identifying the rotten ones :(

            1. Anonymous Coward
              Anonymous Coward

              Re: Positive

              Sorry. I should have put it that way. And for God's sake, use pretty much any search engine except Bing. When it comes to Microsoft related searches, it's still (intentionally?) brain-dead after all these years. Much like me in that regard.

              1. Anonymous Coward
                Anonymous Coward

                @Jack of Shadows - Re: Positive

                No problem - it was worth you saying that stuff.

                I used to use Bing when I wasn't getting what I wanted out of DuckDuckGo, but now I'm inclined to think twice about it. I'll stick with the duck, I think.

          2. Anonymous Coward
            Anonymous Coward

            @Jack of Shadows - Re: Positive

            Oh I've got the word alright. I guess my words were a little bit conservative compared to what I really think. Trying to stick to a level that doesn't invite 'tin-foil hat' comments.

            Bollocks to that. What I believe is that Microsoft fully intend to bring the level of monitoring and control that home/pro users of Windows 10 'enjoy' to Windows 7 and 8.1 (and maybe even Vista) home/pro users.

            To that end, Windows Update has now become a Trojan Horse which needs to be watched and severely constrained.

            Businesses and governments, of course, will be allowed to be free of this.

            @Paul Shirley - yes to all you said. I search widely to find out what the updates do. If I can't find out, then the update stays ignored. After a time it gets hidden if I can't be satisfied with it.

  5. Anonymous Coward
    Anonymous Coward

    Lovely marketing

    Interesting idea to fit a high grade door lock for that house of wet cardboard called Windows.

    If all that energy I have seen MS talking about security in, oh, the last two decades or so at presentations, trade shows and sales meetings would have been used to actually make the platform itself more secure it would have been credible. Sadly, what Windows 10 does suggests that where as "the industry" is pulling the other way, Microsoft is not.

    We need improvement, not gestures. Fix the basics first, and prove it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lovely marketing

      They could fix it easy. The only way to do it is scrap every bit of backward compatibility. Absolutely no other options at all. Legacy (technical debt to the theoreticians) is killing them and they know it.

      1. dogged

        Re: Lovely marketing

        They have fixed it. The problem is that the fixed bit - WinRT compiled applications - got howls of "ARGH FISHER PRICE WHERE IS MY START BUTTON I AM GOING TO CRY THE SKY HAS FALLEN DOOM DOOM DOOM M$ ARE EVIL" from pretty much all of you sad sacks.

        1. jb99

          Re: Lovely marketing

          That's because they fixed it *badly*.

          We wanted secure, better WIN32 style APIs.

          What we got were weird COM base functions doing part of what WIN32 used to do but badly.

          And in additional a weird nasty user interface that nobody likes.

          1. dogged
            Facepalm

            Re: Lovely marketing

            > We wanted secure, better WIN32 style APIs

            Did you want those with your flying car and your Holodeck? Have you ever written code against Win32? Do you have any idea what you're asking for?

        2. Anonymous Coward
          Thumb Up

          Re: Lovely marketing

          No complaints from me and mine. Then again I've been of the opinion that regularly jumping up and down on the pyramid of abstractions and API's is a healthy thing. Then you weed out the redundancies and contradictions. If it's not fit for purpose then why the fuck are you still (mis)using it that.

          But I've never had a problem with the whole rip & replace of entire megabyte blocks of the kernel, thousands of operating system programs, the entire desktop,... Little things like that. There's a reason no one uses my computers and Mom says that I'll have an electronic friend in my grave. [She's not kidding either.]

    2. Afernie
      FAIL

      Re: Lovely marketing

      "Interesting idea to fit a high grade door lock for that house of wet cardboard called Windows."

      This is where actually reading the article comes in handy. This is an encryption library from Microsoft Research, not a new feature explicitly for Windows (that operating system which is mentioned precisely *never* in the article, and in the same breath as Linux in the README.)

      1. Anonymous Coward
        Anonymous Coward

        Re: Lovely marketing

        This is where actually reading the article comes in handy. This is an encryption library from Microsoft Research, not a new feature explicitly for Windows

        Hmm, let me see. Microsoft Research. Funded by Microsoft. Windows. Made by Microsoft, shoved down the throat of many through misinformation, monopoly abuse and pretty much every trick in the same book that Google is now using, which generates the money to do that research.

        The problem is that what MS Research develops and which gets trumpeted to the market as yet another Microsoft achievement never actually makes it into the products itself - all they use is the glory and shine. I have seen this so often that MS uses all its experts to convince a gullible audience that Microsoft products are secure because they developed some good idea or concept elsewhere, but without actual implementation it remains BS. I have seen plenty of good ideas being bandied around, after all, they buy in a lot of experts. Unfortunately, the only department that seems to actively use those ideas is Microsoft marketing.

        Maybe you ought to do more than just read articles. Thinking, for instance. Let's take the last time Microsoft actually touched a technology for use in production. If what happened to Kerberos isn't enough of a hint you really ought to go brush up on your history.

        1. Afernie

          Re: Lovely marketing

          Eadon, is that you?

        2. Anonymous Coward
          Anonymous Coward

          Re: Lovely marketing

          Wow. From your description of a house of wet cardboard, you'd think you were talking about Apple.

          1. Anonymous Coward
            Anonymous Coward

            Re: Lovely marketing

            From your description of a house of wet cardboard, you'd think you were talking about Apple.

            In that case I would have said pretty wet cardboard :)

        3. jtaylor

          Re: Lovely marketing

          Hmm, let me see. Microsoft Research. Funded by Microsoft. Windows. Made by Microsoft, shoved down the throat of many through misinformation, monopoly abuse and pretty much every trick in the same book that Google is now using, which generates the money to do that research.

          Someone famously said that conspiracy theorists are skeptics who lack critical thinking skills.

          Microsoft did all the right things here, and we can all benefit. The source code is published (under a very permissive Open Source licence) for review and improvement by independent security experts -- and even by Internet trolls.

        4. fruitoftheloon
          WTF?

          @AC Re: Lovely marketing

          AC,

          you are an idiot!

          Regards,

          jay

  6. mike acker

    publish source code

    i see they offer the source code

    i didn't think they would

  7. GrumpenKraut Silver badge
    Unhappy

    page 21: cycle counts, compare AMD vs. intel,

    silently weep.

    1. Bronek Kozicki Silver badge

      Re: page 21: cycle counts, compare AMD vs. intel,

      agreed, hope AMD will catchup with Zen

      1. GrumpenKraut Silver badge

        Re: page 21: cycle counts, compare AMD vs. intel,

        and hope, and hope... (upvote anyway).

        If they'd announce they re-spawn the Phenom line, I'd be much more happy.

  8. Anonymous Coward
    Anonymous Coward

    Snakes

    If someone who wrote and distributed trojans and virri wrote and encryption algorithm, would you trust it? It might the the best thing since sliced bread but M$ is just another scum producer looking for brownie points.

    1. dogged

      Re: Snakes

      How many times are you going to post on this thread as AC, eadon?

      1. Anonymous Coward
        Black Helicopters

        Re: Snakes

        I'm kind of with the AC here. Not because of Microsoft... but those above Microsoft.

        Putting my tinfoil hat on...

        If I were the NSA and wanted to get around the current problem of current encryption stopping me from gaining access to other peoples communications it would be tempting to build a new system better than the current systems. As such here would be my requirements:

        1.New Encryption system which to the user is better and faster than any other as far as the user is concerned.

        2.I must have a master key to said encryption system which the user does not know exists..

        3.User must have access to source code of encryption system to really believe their encrypted volumes are completely secure.

        4.Encryption system is clever enough that even with the source code discovering the master key is exceptionally difficult - something like a complex mathematical problem which requires a super computer to decipher.

        5.The new encryption system was to be distributed by another other than myself who was in some ways trusted but of course under our control.

        To finish of my dastardly plan I would need to prove that the previous encryption systems were in some way fallible...

        1. Anonymous Coward
          Anonymous Coward

          Re: Snakes

          I'm kind of with the AC here. Not because of Microsoft... but those above Microsoft.

          I'd go slightly more generic: no encryption algorithm should ever be trusted without independent experts taking it for a ride and dissecting the cr*p out of it, so the GOOD thing is that they took the first step and made it public - the only way to ever gather enough trust.

          There have been many, many new crypto algorithms - few pass peer review, which hasn't happened. It is thus too early to claim it's "untouchable" (which they did not claim, but the article writer), and too early to invest any trust in it. Meanwhile, going back to basics, even if it *was* good it causes quite a dissonance with Microsoft's new "gimme access to everything" EULA for Windows 10. Personally, I see the latter a far more important issue to solve.

          1. Michael Wojcik Silver badge

            Re: Snakes

            no encryption algorithm should ever be trusted without independent experts taking it for a ride and dissecting the cr*p out of it

            Yes, that's a widely-held opinion.

            And it'd be relevant if FourQLib contained any "new crypto algorithms". But it doesn't. It's a new implementation of well-known algorithms, using parameters and (well-known) techniques chosen to improve performance and other useful characteristics.

            I've just skimmed the paper, but I don't see anything particularly novel in it - which is good. It appears to be solid, thorough work combining decades of research in finite-field arithmetic and ECC into a very nice implementation. They use some quite recent key results (see e.g. their references [19], [27], [50]), which is one reason why we will want to see analysis by other ECC experts, but overall this is evolutionary, AFAICT.

            What it most definitely is not is a "new crypto algorithm". And, of course, as a zillion people have already pointed out, the authors work for Microsoft Research and have as much influence over the Windows EULA as I do, so your final two sentences are utterly irrelevant.

            1. Anonymous Coward
              Anonymous Coward

              Re: Snakes

              "And it'd be relevant if FourQLib contained any "new crypto algorithms". But it doesn't. It's a new implementation of well-known algorithms, using parameters and (well-known) techniques chosen to improve performance and other useful characteristics."

              Since implementation is equally important as algorithm in security, one has to treat a new version of a library with the same suspicion as a completely new one. Besides, when it comes to efficiency, one has to be wary of introducing side-channel avenues. A paranoid might even propose the increased efficiency are precisely so as to introduce side-channel attacks.

        2. Anonymous Coward
          Anonymous Coward

          Re: Snakes

          4.Encryption system is clever enough that even with the source code discovering the master key is exceptionally difficult - something like a complex mathematical problem which requires a super computer to decipher.

          That is known as Kerckhoff's principle.

          1. Charles 9 Silver badge

            Re: Snakes

            Kerckhoff's principle states that an encryption system must be able to withstand the enemy knowing the system. If the NSA have gamed the system such that they've left a back door, they've subverted the principle by hiding a backdoor in plain sight.

    2. GrumpenKraut Silver badge

      Re: Snakes

      Pretty please, get a fucking clue.

    3. Afernie

      Re: Snakes

      'If someone who wrote and distributed trojans and virri wrote and encryption algorithm, would you trust it? It might the the best thing since sliced bread but M$ is just another scum producer looking for brownie points.'

      I'm actually sort of impressed at the sheer number of applicable fallacies you managed to pack into just one inane post.

  9. Anonymous Coward
    Anonymous Coward

    Insecure?

    Isn't elliptic-curve inherently insecure?

    1. Rusty 1

      Re: Insecure?

      Of course it is!

      Each and every competent baseball batter can read one of those doozies before the ball has left the pitcher's hand. All anyone has to do is tie a harness the power of the major leagues and it's all over. Back to rot13.

    2. GrumpenKraut Silver badge

      Re: Insecure?

      No. No algorithm is known in the line of exploiting smoothness as for the sub-exponential factorization techniques. You find one, you get very very famous.

      1. Michael Wojcik Silver badge

        Re: Insecure?

        No algorithm is known in the line of exploiting smoothness as for the sub-exponential factorization techniques.

        At any rate, no such algorithm has been published, and no one has published any credible reason to believe one exists, which is as good as the situation gets.

        (There are techniques for attacking particular ECC constructions, such as Pollard's rho against ED discrete log, which are faster than naive approaches; but they just tell us what the effective key length is.)

        Perhaps equally importantly, the phrase "inherently insecure" is meaningless without context. Security is not an absolute attribute. All encryption is "inherently insecure" against some attacks, such as suborning an authorized user; that's not a part of the threat space that encryption protects against. Someone who asks a question like the OP's is just demonstrating a poor understanding of information security. And there may not be any shame in that, particularly (who can be an expert in every aspect of their profession?) - but it means the question is as much a category error as anything else.

  10. Wiltshire

    GCHQ is preparing a British version, code name Four Candles.

    1. dogged

      Got any ose?

  11. DougS Silver badge

    Well FourQ too, Microsoft!

    I mean thank you.

  12. Anonymous Coward
    Anonymous Coward

    And it's faster than Bernstein's curve!!!

    'nuff said

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019