As a political journalist, I am always on the lookout for new innovations involving encryption technology. So when I read Tigerspike Announces Karacell, Delivering Faster, Secure, Quantum Resistant ‘Made for Mobile’ Video Encryption, I was beyond excited about the strong implications this technology has.
The Tigerspike press release is about a new patented technology called Karacell. The technology is quantum computing resistant encryption that further advances encryption years ahead of where it is now. To get a good idea about this technology I suggest to the reader to view this well written article by the Sydney Morning Herald that breaks the technology down in simple terms.
After reading the Herald article and the press release, I scoured the internet looking for more information. To my dismay, quantum computing resistant encryption is a topic most journalists are afraid to handle. So I contacted Tigerspike directly and hoped to get answers.
Much to my delight, the company was 110% beyond helpful! They immediately placed me in contact with the legendary research and development expert Dr. Stuart Christmas. Currently he is the Director of Future Technologies at Tigerspike. His professional accolades place him literally among the most brilliant minds on the planet. I immediately started contacting everyone I know from PhD math students to computer programmers in hopes of formulating relevant questions. Not only did Dr. Christmas answer all my questions almost immediately; he further extended the invitation to ask more questions. That is an offer I look forward to take him up on in the future. So here are my questions and the response given.
First I would be interested to hear where your company envisions this industry going? More specifically, SHA-3 “Sponge Encryption” was recently picked by the US National Institute of Standards and Technology to replace SHA-2 standards. How do you plan to implement Karacell across the masses? How do you eliminate the RSA keys? How do you get small town police departments and schools to encrypt using Karacell technology without requiring huge coding operations?
Or will this technology be used in limited to “isolated trust” devices. An example would be Silent Circle, which was recently launched by PGP expert and inventor Phil Zimmerman. Meaning this technology will not be for the masses but targeted development for specific niche industries. I ask this because your press release starts off exploring the medical community implications. I would presume in the medical field most hospitals and medical settings will be looking to use one form of encryption code.
My next question involves the architecture. In your press release you write about how Karacell is built for “parallel computing.” Can you go into a little more detail about the architecture in a way that readers of my paper might be able to understand why this new form of encryption is so strong?
Also, how does this differ from SHA-3 methodology?
When does your company expect Karacell to be actually used in mobile devices available to the public?
Here is the response from Dr Stuart Christmas.
Thanks for contacting Tigerspike. I was put in touch with you via Aisha Hilary who forwarded me your questions regarding Karacell. I got together with the Karacell team and put together a response, which is pasted below. If this is too high level, low level, too detailed or not enough so, please let us know and we’ll do our best to answer further questions as time permits. You’ve certainly asked some tough high-level questions here, but let us see if we can address them.
As to where the industry is going, we can see a complexity implosion catastrophe on the distant horizon, perhaps a few decades away (which is increasingly relevant to present encryption requirements). Let us explain what we mean by that.
At present, unlike prime factorization as pertains to RSA, no one has found a way to accelerate the Subset Sum problem on a (theoretical) quantum computer. To the extent that one must solve such a problem in order to crack Karacell (which is required), this implies that RSA stands to suffer from up-to-square-root-factor acceleration relative to Karacell at the same key length, should such a quantum computer be built. This amounts to an implosion of computational complexity, and it’s most definitely a catastrophe! As time goes on, we think people will start to realize that quantum computing, if not inevitable, is a major risk card in the deck. The safe option is to use an algorithm which does not benefit from quantum acceleration. And by the way, the number of qubits (quantum bits) required to implement Karacell cracking on a quantum computer is 1 or 2 orders of magnitude higher than for AES, on account of Karacell’s deliberately obnoxious temporary memory space requirements. In everyday terms, that’s easily another decade of Moore’s Law. The same logic applies to classical attacks: one would need 10-100X as much power to attack the same key length of Karacell, vs. AES, because Karacell intentionally uses so many transistors on memory requirements, that otherwise could have been used for cracking operations.
As to RSA key elimination, we believe you’re referring to the fact that we still need to do a key exchange, in order to initialize a channel which forever after may use (symmetric) Karacell encryption. In this case, (1) a meeting in the park is always the best option and (2) if that’s not feasible, then one must use sufficiently long RSA keys so that the expected quantum computer cracking time (Shore’s algorithm most likely) is in excess of the estimated Karacell cracking time (which is not too difficult to estimate, given a specific key length). Yes, this means that RSA might be very slow, but we’re only talking about exchanging hundreds of bits one time per pair of peers, so it’s negligible (unlike using RSA for file transfers of any useful size).
As to getting Karacell to the masses, that’s an awareness problem. At some point, there may be a complexity implosion catastrophe of the sort described above (or involving some other exotic form of computer). Were that to occur, lots of people and documents would become naked overnight. We realize that this all sounds like science fiction, but then, 56-bit keys were all the rage in 1970. By migrating to a safer algorithm today, we can buy ourselves an insurance policy. With Karacell, the underlying math problem has been sitting around unoptimized since 1972. It will take time for the industry to admit to the real risks of the current state of the art. People need to make progress in strength per key bit because Moore’s Law isn’t taking a vacation, and human memory isn’t getting any better.
“Isolated trust” is absolutely #1 on our list of target applications. Especially where low latency is a must, for instance, medical implants, automotive subsystems, and private fiber.
As to being designed for parallel computing, we’re not really commenting on strength, which was covered above, the parallel nature is all about speed. What we’re talking about is that Karacell (and Karacell 3) are designed to map efficiently to very wide SIMD architectures, of the sort one might find in a modern GPU. A Karacell packet is 4K bytes wide, and the algorithm is packetwise serialized. Except for some carry propagation in Karacell 3, which can be hidden in memory latency for the most part, Karacell is fully bitwise parallel across this entire width. AES, by contrast, is only 128 bits wide. Now, on a generic 64-bit CPU with AES acceleration instructions, one will find that AES is faster. But going forward to the GPU era, Karacell has scalability where AES does not. It has been pointed out that so-called “Counter Mode” AES is very parallel, so that in principle one could perform encryption with unlimited width. However, the Internet is replete with whitepapers discussing exactly how to initialize the pseudorandom seeds for this process, which invites a minefield of cautionary notes. There are also many whitepapers stating categorically that AES counter mode is flat out weak (which is actually semi-obvious when you look at the scheme in the first place). Given the choice, personally, we would rather stick with “conventional” AES, which is serialized on 128-bit chunks. At least you know you’re safer. But then performance goes down the drain, so the option then is Karacell.
As to SHA-3, that’s a cryptographic hash, whereas Karacell is an encryption algorithm, so they’re quite different. However, Karacell does incorporate an encrypted LMD6 hash, which serves a purpose analagous to SHA-3, albeit in a stronger sense as we use the same maths that underlies Karacell with a provably long limit cycle. We plan to release Karacell 3 reference code in 1Q2013, along with a public cracking contest.
As to when Karacell 3 will be used in mobile devices, we’ll leave that for management to comment. Karacell 1 will not be used.
Meanwhile, we would be happy to respond to your inquiries as time provides.
The Karacell Team