This edition of Max’s Corner takes a look at some recent developments in cryptography, Mastercard’s quest to find unicorns, and the emerging quantum cryptography arms race.
As we have covered extensively in this space, there are a number of issues that are impeding the growth of the crypto industry, none more so than those of security and fraud. Our concerns at Bytecoin, as a platform that since its inception has been proffering solutions to questions of privacy and anonymity, often overlap with those of the developers who work to improve security across the industry.
It is therefore with great interest that I read about cryptography developments last week in coding and quantum computing.
The biggest news from last week came regarding a purported breakthrough in coding cryptography by Project Everest. A preview of their work, EverCrypt, intended to establish a new and secure foundation for online computing, is now up on Github.
Project Everest is a collaborative and international effort supported by Microsoft development teams in the US, UK, and India along with Carnegie Mellon University and French research institute Inria.
Everest has claimed that the current state of internet security is precarious. There have been a number of massive attacks that have exposed weaknesses in the structure upon which the internet was built. The Heartbleed Vulnerability is an example of the type of weaknesses that can be exposed by bad actors.
The Heartbleed Vulnerability, discovered back in 2014, was not actually the product of a error in the TLS (Transport Layer Security) or SSL (Secure Sockets Layer) cryptographic protocols.
The fault stemmed from an unremarkable mistake in programming for OpenSSL, a popular TLS/SSL library used by various operating systems, web browsers, applications, and hardware devices. Hackers were able to use the code vulnerability in OpenSSL to force servers that used the library to release sensitive user data from their memory bank.
This data ranged from private passwords to TLS session keys and private server keys, the possession of which can facilitate the decryption of past and future data transactions on the server.
While fixing the problem, once it was identified, was not strenuous—all people had to do was update to the newer patch of the OpenSSL library—the vulnerability had lasting consequences and the leakage of data it caused was so pervasive that attempts to stem the flow were by necessity Herculean.
Once one server is exposed, all of the traffic processed by that server is likewise denuded and all past and future users are at risk.
The Heartbleed Vulnerability is just one of several regrettable pages in the in the history of online data transactions, but it shares with many other data breaches its cause of simple human error.
It was not the fault of the code itself that the door was opened to sensitive data, but that of human negligence. The equations of capabilities of highly complex systems that extend beyond the reach of what is possible for man are still set in motion by man and therefore subjected to his limitations, however paltry they may be in comparison.
As it stand now, the composition of web security is made up of a combination of entities that includes TLS, HTTPS, cryptographic algorithms, and other structures. EverCrypt has been developed as a means of improving TLS and reducing the amount of human error possible in cryptography.
On the Microsoft blog Jonathan Protzenko wrote:
“Delivering an implementation of TLS that guarantees with mathematical certainty your communications will be confidential and protected is a vast and ambitious effort. Like the building of a pyramid, it requires a strong foundation. Such an implementation needs successive verified software layers, beginning with the raw cryptographic algorithms, followed by a cryptographic provider.
A crucially important component, the cryptographic provider orchestrates these standalone algorithms into a unified collection to meet the security needs of the protocol. Today, we’re happy to introduce the first fully verified cryptographic provider.”
While the improvements that EverCrypt will bring to general cryptography will invariably affect blockchain technology, as the progress made by its developers ripples through the wide seas of online activity, where the project may have its most indelible impact is as a model for DLTs (distributed ledger systems).
Protzenko went on in the blog to write about the desire to build a single comprehensive library where developers can find, “asymmetric and symmetric encryption and signing, hashing, and key derivation” among other things. These will be more than familiar terms for those of us in the blockchain community.
This is an encouraging development at a time when both cybersecurity in general and crypto, in particular, could use an infusion of security.
Mastercard Funding Search for Unicorns
As time passes and the crypto industry matures, more and more institutions are coming to see it as a fecund breeding ground for future profits. The likes of JP Morgan, IBM, and Paypal, just to name a few, are among the corporations that have invested in cryptocurrency projects and blockchain technology.
But this is very much still an emerging industry, and the amount of specialists in it is far outweighed by the need for more specialists. While there are many programs that have been instituted in order to cultivate new cryptographers to join the burgeoning industry, Mastercard has gone one further and funded a program that works to encourage girls to develop skills in emerging technologies.
The company’s STEM program, Girls4Tech, recently appeared for the first time at the USA Science and Engineering Festival hoping to inspire the next generation of young women to achieve in the field of cryptography. When asked about the company’s goals with Girls4Tech, Dana Lorberg, executive vice president of Operations and Technology at MasterCard, explained:
“Cryptography and cybersecurity are crucial fields…but finding women in them is like finding unicorns.”
Quantum Cryptography Race Is On
While we looked earlier at the efforts being made to improve the security of user-data and online activity as it is defined today, the sides are currently being drawn up in a bigger conflict supposedly set to take place in the near future. The field of action will be quantum computing and all existing data will be in play. The use of quantum and super computers could potentially allow bad actors to penetrate and compromise even the most sensitive and highly protected networks.
With national and financial security at stake, countries around the world are racing to develop quantum cryptographic means of protecting sensitive data. As a means of dealing with the emerging threat posed by this kind of next-level computing, the National Institute of Standards and Technology has started a Post-Quantum Cryptography program that asks participants to create a set of algorithms that are quantum resistant.
The timeframe laid out in most projections looks to the dawn of the next age of computing to come in about ten years. The processors that will be released will operate on qubits—photons, neutrons, protons, and electrons—rather than the ones and zeros of today’s machines. With America and China leading the race to quantum, the axis of online power and all facets of online life are likely to shift in accordance with the outcome.
Max was born at the end of 80s in Frankfurt, Germany. He studied engineering and telecom at university, and had internships in the US and UK. At the same time, he was coding on the side in С++ and scripting languages. After entering the Bytecoin team in 2016 as a technical support engineer, he rose through the ranks and now works as an integration engineer. Max is collecting vintage gaming consoles and loves English literature.