After a decade of heavily government-sponsored propaganda about quantum computers, we are finally discovering the truth. RSA is NOT secure, not even against normal computers. Here is the paper.
Best period in crypto history ever.
ADDED 6 Feb 2021: traders who trade altcoins will be interested in this.
Yes, the market cap of all crypto currencies combined has reached 1 Trillion US dollars, see also top line ticker here. I have predicted this 3 years ago, after the market collapsed, and now it is a fact: we are past 1T$, however much market cap valuations of this kind are highly questionable.
Unrealistic inflation of figures reported is common in competitive technology sector: look at all advertisements about speed of computer hard drives… totally unrealistic figures and fake news. However we accept the bitcoin market cap benchmark, simply because everybody uses and understands it. It is a de facto standard.
If we compare it to gold and some bankers actually agree with that, the total market cap of all gold on our planet is about 3 trillion (estimates vary). Gold is also subject to HODLing by US and Russian government etc. A tiny quantity of gold is actually ever exchanging hands: similar to bitcoin. An artificial valuable commodity manipulated by powerful actors.
Conspiracy theories suggest that All Time High (ATH) should happen on 9 January, anniversary of the bitcoin Genesis block, and here we are: bitcoin crosses 40 K exactly 3 years after reaching 20K. This confirms the idea that these markets are manipulated (by banks, governments and rich investors). Market manipulation is basically allowed!
Now both bitcoin and gold are actually valuable BECAUSE these powerful actors care about them and because of their tremendous brand value and popularity. Hundreds of millions have been spent on software development and on mining hardware etc. This alone explains the intrinsic value of bitcoin.
So far as of 2021 bitcoin lags behind gold. 12 years after creation bitcoin is still young. In fact, way fewer investors and bankers believe in bitcoin than in Gold, and it is going to stay that way in 2021. Bitcoin is a hard sell in the world of investment managers but eventually people see that no, Gold is not a great investment either but both can be used for portfolio diversification. We probably need another big cycle, wait until 2025 or 2030 for digital currency to become more important than gold. And the winner will probably not be bitcoin, but something technically vastly superior. The Google of cryptocurrency, doing the job right and achieving worldwide dominance… which has probably not yet been invented…
This will however inevitably happen in my opinion. One day crypto currency will reach 3 trillion and gold will continue being eroded. I can hardly imagine otherwise just for practical reason: digital currencies and gold are simply siting at two opposite sides of the spectrum on practicality and relevance in the modern economy.
In the long run, the winner is the digital currency. It will inevitably take over the world and pass the 3 trillion mark and I expect that this will happen in the next decade: before say 9 January of 2030.
In this attack a differential propagates with difficulty for some 20, 40 and up to 64 rounds. We can say that the propagation encounters some “friction”, because the non-linear functions do not always behave as the attacker would like them to behave. Everything looks normal and this is what happens for all block ciphers all the time.
But then for 65, 80, 128 and more rounds, the propagation becomes easier and easier, the friction disappears, the differentials are reproduced MORE easily. This is for EXACTLY the same cipher spec, with different keys though. At the end of the day we discover that this block cipher configuration is not secure no matter how large is the number of rounds, and for any key.
Interestingly when we study what happens locally, say for up to 32 rounds, nothing unusual is observed and the ciphers exhibits no unusual behavior when the number of rounds is small.
This result was presented at ICISC 2020 in Seoul, Korea on 3 December 2020. We call this type of behavior “Non-Markovian propagation” and it is quite rare.
In addition we are able to transform a bug, or an outlier, something which researchers normally discard as inconvenient and problematic, into a feature. We show that this property helps the attacker, and it helps absolutely a lot, to the point that the cipher is never actually secure.
Some most interesting results in cryptanalysis are when something quite unexpected happens… contrary to the intuition ans contrary to the philosophy of 99.999% of ciphers ever made or studied: where authors systematically and maybe naively assume that probabilities do multiply and that they will decrease exponentially when you iterate the cipher. If so, it is sufficient to test a reduced-round version for high probability differentials. Here the probabilities decrease initially at an exponential rate, but later they behave abnormally and stay bounded by a small constant forever.
A cipher can be insecure, even though it has no large probability differentials locally: it is a global long-term property only visible for a larger number of rounds like 64 or more, and only for very few special differences.
With great sadness we are are remembering our colleague professor Val Curtis from London School of Hygiene and Tropical Medicine. She left us on 19 October 2020.
For a long time she was involved in the questions of hygiene and education in developing countries.
In July 2020 she became famous when she has described in an article published in the Guardian how
“the NHS has given up” on her and others, and anticipating that she will be the one of “35,000 extra cancer deaths” of this year in the UK.
She also said that she would like to see a plan for a better NHS, one that does not “needlessly lose lives”.
Val Curtis is no longer here but her ideas and her ideals will live forever.
A teacher who perished on the very same front of global public health to which she dedicated her life. Like French high school teacher Samuel Paty, she was a quiet hero, and then an unfortunate collateral victim on the public education front. They will join a pantheon of great teachers who seemingly are not here anymore, but in fact they taught THE most valuable and important lessons about life. We should never forget them.
The attack allows the attacker to execute arbitrary code on another PC running Linux. The exploit is possible due to an extremely serious vulnerability in Bluetooth stack inside Linux. The attacker literally can run an application of his choice on the other PC. The exploit was found by Andy Nguyen, a security researcher at Google. More info here.
What do We Learn From This
I have never EVER in the last 20 years believed that Linux could possibly ever be a secure trusted OS. The ecosystem is basically flawed.
First, it is clear that no security engineer have ever been involved in the design and maintenance of Linux, or it was already too late… Linux lacks any sort of defense in depth, and too many privileges are aggregated in too few places. This is a fatal mix from which it will maybe never recover.
Secondly, it is built around dangerous subversive ideology. It is based on the idea of free voluntary labor, which is in fact entirely illegal in many countries, e.g. in France, but is in fact tolerated (and frequently even promoted). Moreover the developers themselves sometimes behave like total losers. Some developers commit suicide on day one, through terms of various so called free software licenses they accept and promote. Then, all these super naive shame workers are ever asking for, is to be popular and famous, and for their names to be mentioned, which acknowledgment they don’t even get typically, work is just reused and authors are not always cited.
At the same time other people make a lot of money by reusing their work, to build and run powerful computer systems which are at the center of our economy, and which are huge profit makers.
It is NOT true that if I shared knowledge or some code with you I do not lost anything. There is an opportunity cost, human life is valuable, expertise is valuable. Almost every advanced business/tech activity is like this nowadays: it creates intangible goods which COULD be shared for free, or they COULD can benefit from sort of protection against theft and abuse.
In Linux we have an organised theft of intellectual property and it is a conspiracy against the same coders which are making Linux. Developers are tricked into working for some shrewd manipulators without being paid.
Is Open Source Secure?
In fact, possibly the contrary can be claimed. Open source means that malicious code can be injected by anyone. The long history of Linux shows that preventive security engineering failed at all times, and nobody noticed for 10 years or so. See for example here.
The supply chain infiltration is an interesting attack against Linux, against which it is, by design and by ideology, not defended (or not well). We should not and cannot trust open source developers. If they are not paid “officially”, why do they work so hard? One answer is of course, passion and hidden subsidies. But then another answer is that they are VERY likely to be recipients of some dark money from criminal or rogue state sources. Even when they are paid by Google out of altruism, this never was altruism. This was manipulation and exploitation worse than child labour, because in fact this is slave labor in disguise. There is a huge imbalance of power and information and profits made by Google from the tech developed and funded by others are here to prove, that the whole Linux community have probably been abused and infiltrated by influencer developers: Google will contribute a bit but of course they benefit a lot more. Profits or rather social and technical benefits from Linux development are basically privatized, and important work is supported by a larger unpaid community.
Facebook, is a business which is quite recent. It started making money only since around 2005, and not long ago, nobody was quite sure how it is possible that Facebook will ever be profitable. They have succeeded because they have literally hacked our society for their benefit: humans are hackable. They also have hacked our political system (by lobbying politicians behind the scenes) and our legal system (the whole planet was tricked into accepting the T&C based in California or similar). People were tricked to abandon their sovereignty and massively relinquished to be protected by their own governments laws and regulators. Facebook and similar Internet giant corporations have in particular hacked our social instincts and enrolled billions of naive individuals into a powerful money making machine.
In this process they were of course inspired by and imitated Linux! They have simply extended this perverse and subversive model, to a larger ecosystem of voluntary submission, digital censorship, manipulation and enslavement, for the sake of Facebook making a lot of money. Almost every aspect of our life is now prostituted for some Internet data hungry business to prosper at our expense. Transparency, or rather a one way transparency of the underdog population, implies that security such as strong cryptography is problematic, as it could potentially threaten the transparency which is an immense money maker.
Strong cryptography needs to be canalized for the benefit of the rich and powerful, but a larger population should rather be building and running systems which are somewhat rigged. Many open source projects have been built with powerful influencer participation which have worked hard in order to deceive a larger group of contributors and developers about who and how needs these systems and particular features, and who will profit from exploiting them, which is mainly large corporations. Being naive candid and generous contributors, and proud to be so, is at the very center of all this world of community developer tech. The situation is similar with how the press have evolved in the last 20 years. Nearly 100% of the press worldwide is in the pockets of corporate sponsors and journalists have very little freedom. The same applies to the so called benevolent computer tech. We are deceived about what we do, have hidden sponsor participants with deep pockets, and yet we somewhat naively believe that this tech is going to be neutral (and not malicious).
An interesting question is what is the impact of all this on information security. Maybe open source is secure because bugs are likely to be discovered? In fact opening your source code is sometimes just a placebo remedy in the area security. Security bugs are subtle type, and they are fundamentally extremely hard to find, and the amount of code to inspect and its complexity grows every day. We live in the world where a lot is hidden in plain sight and we are given a fake sense of security.
The problem of supply chain infiltration is particularly acute in bitcoin, when we do not even know who the developers are, you go there at your own risks and perils, and no one is blamed when something bad happens. Even though the mysterious Satoshi wrote just 2% of bitcoin code, all major and critical security decisions were made by this anonymous entity.
In reality , open source (e.g IBM PC, DES cryptography, SHA-256 etc) is almost never here for security reasons. It is rather a business decision, which is about managing the supply chain precisely. Open source allows businesses and governments to collaborate. However not all businesses and not all governments are equal, some benefit from this process, other are forced into submission and lose money. The winner takes it all again and again.
More critical discussion of open source, see slides 32-41 here. Open source is THE FAKE security mantra, and the real security principle is open design, [Saltzer and Schroeder 1975] and the two are NOT at all the same, see slide 51 here.
In 2005 Ross Anderson already claimed that open source and closed source are equivalent, see slide 57 here. Today and learning a bit more from history, and all the elaborate security deceptions we have known, and this dumb propaganda saying that Linux was very secure etc, for which have fallen so easily for decades, we should probably be a bit wiser.
Open source software can be truly dangerous, cf. slide 38 here. It makes it very easy to modify the software, which works both ways. It lowers entry barriers for improvement, but also for malicious versions to be produced (for example there have been many malicious versions of TrueCrypt). We help simultaneously those who want to improve security (yet poorly funded) and those who want to degrade it (typically more motivated and better funded). Given the imbalance in funding and motivation, and also because hacking is more fun than just building things, quite possibly, this is a working hypothesis, those who want to degrade the security of various systems will always prevail.
A small ceremony took place on 16 August 2020.
Two stocks related to crypto mining exploded on Nasdaq in the recent days. RIOT is worth 5x the price of March and has doubled since July 2020, and MARA had quadrupled since July 2020 (which was followed by a correction).
At the same time there are countless indicators which indicate that we are in an exceptional moment in crypto currency history:
- We are in the middle of big wave of appreciation of crypto assets, which has a lot to do with mining reward halving of May 2020. Since May 2020 the hash rate has remained flat and has always remained below the levels of May 2020. However if we predict that the bitcoin price will eventually soar, then a lot more bitcoin miners could be made, and put in active service, which was NOT happening so far.
- In March, falling bitcoin price halved the daily combined income of miners. Then it recovered and it halved again simply on the day of halving. It is has not recovered yet because the price of bitcoin needs to double for it to recover. As a result many miners do not sell their bitcoins hoping for higher prices tomorrow. This is demonstrated here and here. However, it is easy to manipulate such figures but moving bitcoins to temporary accounts belonging to the same person. Overall it seems that 2 millions of bitcoins are put aside waiting for higher prices to come.
- Volumes of Bitcoins held on exchanges are the lowest since June 2019. This means that prices are likely to be sensitive to the demand and sometimes will go up due to the shortage of bitcoins (locked at other places).
- The Fed balance sheet has stopped expanding since approx. May 20 and remains stable, see here. For now we have K-shaped rally with a bifurcation. The bifurcation is that some stocks go north, other stay moderate. The US tech stocks are now bigger than the entire stock market in EU+UK+Switzerland.
- Moreover it gets even more crazy. As bets against the US stock market are at the lowest level since 2004, markets are able to continue crazy bull run with very high valuations. Many fear that the stock market will collapse.
- Interestingly that the percentage of amateur traders and investors in the stock market has more than doubled since 2019. The Buffet indicator of stock market cap divided by GDP has reached a higher level than before the collapse of the dotcom bubble in 2000.
- Gold price passed 2000$, and bitcoin claims to compete with gold and has some correlation to Gold as refuge for investors who cannot find anything interesting to buy.
- Warren Buffet has surprised the planet: apparently he still holds more than 100 G$ in cash as of May 2020 and still today. He did not buy shares in March 2020 like most people did! It is seems like the biggest mistake he ever made (unless the future events prove him right and precisely shares collapse to yet lower levels than in March 2020).
Arguably an open free and neutral Internet network has never existed and it was all a cynical game of telcos, pretending to obey a bunch of public standards and apply international treaties, in order to expand their monopolistic empires abroad and steal business from other telcos. This world of deception, which also has enabled intelligence gathering at an immense scale, is likely to disappear now.
It is harder to imagine but seems inevitable that everything that we know about industry networking and security standards will become obsolete.
China plans to completely stop using TCP/IP, and replace it by a set of Chinese protocols. These protocols are more centralized and somewhat authoritarian, and are also claimed to more secure (which is very easy). More details here.
We should expect that that tomorrow there will be maybe UK/US networking, and European networking and Russian networking etc. The world is likely to split into loosely connected pieces. This is of course good news for network tech specialists and cryptographers.
Tomorrow there will be more national proprietary cryptography, which researchers will take immense pleasure at studying and breaking. There will be more high profile jobs for crypto engineers, where there will be doing more things which surprisingly, will be actually used to protect real-life communications. However this is bad news for the world, and it seems that globalization of technology standards has come to an end and is going into the reverse. We hear about technology bifurcation etc, end of open standards etc.
No UK is not going to be a puppet of China or Russia. Instead, a deal is being negotiated with Japan. It was already agreed that
- The two governments would not force their companies to hand over encryption keys which are used to protect proprietary corporate technology and information.
- It was also agreed that data can flow freely between the two countries and that businesses not be required to host data on servers within one country.