Monday, August 19, 2013

Karacell Encryption vs. Press Releases

You might have found this page because you discovered that I coinvented the Karacell encryption algo with Stuart Christmas. So to whom it may concern, I have been misquoted in the press:


“Karacell has gone through independent rigorous testing to prove it is faster and more efficient that [sic] existing standards and we have resolved the concern on mobile power drain.” adds Russell Leidich, Chief Information Scientist.

I never said this, although I do work for Tigerspike and very happily so. We have a brilliant and gutsy CEO (Luke Janssen), and a group of talented engineers behind him. But we do have a bit of a press release problem. (It's a testament to the company's commitment to openness that they won't fire me for posting this here.) I'm not even sure why our press person wrote the above "quote". I suppose that they somehow thought I had approved of being quoted in this manner. I never issued such approval.

This whole press release, moreover, has a snake oil flavor to it, as though we're cryptographic used car salesmen or something. But I take it all in stride, not the lease of which because I have no management authority to intervene here. What matters most is whether the algo is, in fact, stronger and more power-efficient than the predominant stanardard (chiefly, AES), given the same key length, particularly in a quantum computing world. I do believe that to be the case.

And if you want to attack our algo pulicly, then I encourage you to do so on, which is the de facto discussion forum for such things. Nothing beats freedom of speech when it comes to the question of encryption strength. Thoughtful criticism is good for the industry. On the other hand "it's weak because it adds numbers together, just like this other weak algo I read about" isn't helpful.

Let me be clear: Karacell doesn't rely on any mathematical proof of strength. Nor does any other encryption algo. But it does rely on the well studied Subset Sum problem, which is NP-complete. No proof is available for any algo because doing so would probably be tantamount to deciding the famous P vs. NP question.

If you want the source code and documentation -- without the press release jive -- then please visit the Karacell website linked above and have a look at the video and whitepaper. But yes, Tigerspike still has a monetary prize available for cracking it (and yes, they do have the money!), as described on the site. I personally invited a number of published experts in the knapsack problem field (of which Subset Sum is one example) to participate. But the prize is still outstanding. Perhaps it's because everyone thinks that Karacell is snake oil. With our press release posture of late, it's little wonder. But better a strong algo which has a facade of weakness, than the other way round.

No comments:

Post a Comment