Forgot your password?
typodupeerror
Encryption Security

Faster Encryption Algorithm Found By 16 Year Old Girl 197

Posted by CmdrTaco
from the geek-gals dept.
Jan Stette writes "This story has made the front page of the UK newspapers today. A 16 year old Irish girl has devised an encryption algorithm that is allegedly as secure as RSA but is much faster at performing the encryption. " Update: 01/15 02:24 by S : A picture of her talking to Gordon Moore.
This discussion has been archived. No new comments can be posted.

Faster Encryption Algorithm Found By 16 Year Old Girl

Comments Filter:
  • by Anonymous Coward
    The prize judges could not completely understand the "brilliant" code

    Did anybody else notice that caption under the article? The algorithm might be completely unsecure, and it probably is. How can anybody say it is secure if the code isn't understood, much less the algorithm?

    Also, the word brilliant shouldn't be in quotes, unless they actually meant to imply sarcasm. This smells of the infamous 'UBE98' code.
  • by Anonymous Coward
    If this is indeed true and the hype is actually
    representative of reality, my hat is off to her.

    But I cannot help being skeptical, given the current penchant of the media to do whatever it
    takes to "improve girls' self esteem".

    A few months back, there was an article in the cover page of the NY Times, complete with picture, about a `brilliant' 12 year old girl who had done `something wonderful'.
    On reading the article, however, it turned out that her contribution to the sum total of human
    knowledge was exposing a few psychics as frauds using some simple tricks.

    Duhhh.... great. Now we know that psychics cannot really foresee things to come. I would never have guessed.

    If it had been a 12-year old boy instead, he would not even have been mentioned.
    For a man to get on the cover of the NY times, he would have to win the Nobel prize, run riot and slay six or something like that.

    Don't get me wrong, I am all for attracting women to computing and all that, but playing up insignificant contributions just because they were made by women is not the way to do it.

    Anyway... my two cents.
  • ...ignorance, cynism and general bull.

    This girl is worthy of all encourage she can get, just for being curious; not only learing but also giving ideas to others. And, she's young - a long life is ahead. Regardless of the potential use of her work today, such a person (male or female) is a gift to humanity. Not that she's the only one; but the fact that she got some attention (or, rather, plenty) is still very positive. It tells us that creativity is a good thing. Remember the Apple campaign "Think different"?

    It bothers me reading so many comments here about the potential un-usefulness of the actual algorithm that she allegedly developed; and not a single word about the exciting fact that she actually tried to develop one in the first place. I'm not saying a bit of skepticism and cynism isn't healthy, it's just that the algorithm itself is not as important as the potential of her future works, whatever that may be; not to mention the other kids that she'll inspire to try something of the like!


    My sincere salutations, Ludvig A. Norin
  • by Gleef (86)
    Zachary Kessin wrote:

    No one has ever proved that RSA is secure.

    Depends on how you define "secure". I define secure encryption as being more costly for an unauthorized person to decrypt the information than:
    A) the information is worth; and
    B) gathering the information through other means

    RSA can be applied in such a way that it meets both of these requirements. Most, although not all, of this is mathematically provable.


    It has not been proven (as of last I looked) that you need to factor the number to break RSA.

    Of course it hasn't been proven that you need to factor the number to break RSA. It's been proven that you need to either factor n or compute the eth roots mod m. For more details, you can go here [rsa.com]. I understand the formal proof is given in Applied Cryptography, by Bruce Schneier, but I have not personally examined this.


    nor that there is not a fast way to factor a large number. Its just that no one has found a good method for doing it.

    There is, of course, no proof that we have the fastest method possible to factor a large number. To quote RSA, "Factoring is widely believed to be a hard problem, but this has not yet been proven." We do have some pretty good factoring methods (see What are the best factoring methods in use today? [rsa.com], from RSA's FAQ), but who knows if someone will come up with a better way next year or even next week. In fact it has been proven that a hypothetical quantum computer could be able to do the factoring problem in polynomial time, one just hasn't been built yet.
  • by drwiii (434)
    Is this like the Aussie guy who was going to re-invent the internet with his compression algorithm or is this really something useful?

    P.S. - Slashdot was in PC Magazine [linuxonline.org]

  • by drwiii (434)
    I have a great new encryption algorithm too! I call it, "ROT26"! I better hurry and get a patent...
  • I like USA Today's take on the subject.

    "A 16-year-old Irish schoolgirl may have made e-mail even faster." [usatoday.com]

  • by voidptr (609)
    How much faster/slower is the decryption though? If it takes 1/2 the time to decrypt the same key length than with another algorithm, you could brute-force decrypt it FASTER than the algorithm and would need as longer key length to be as secure. (Though only one bit for each twofold increase in speed.)
  • by gavinhall (33)
    Posted by Ed Carter:

    It's the other way around. If I can break RSA, I certainly can break a simple xor scheme. Does that mean the xor scheme is as secure as RSA? Of course not. What she needed to do to back up that claim is prove that any algorithm that can break her encryption scheme can also be used to break RSA in a polynomially related amount of time.
  • you'd send a message that says "I got the goods. Meet me at 34th and Green."


    # find /dev/brain
    find: cannot open /dev/brain: No such file or directory
  • Of course, if you want to argue logically against Mormons (or any other particular religion), you might make sure you have all your facts in hand before you start hurling accusations and diatribes. Any "Mormon" can tell you that there is no such thing as a "seerer stone". A "seer stone" yes, a "seerer stone" never. And that's just one of your "arguements". I have a feeling that you're disillusioned with religion and so have decided to knock all religions. More to the point, such ferocity usually results from a 180 degree reverse in belief.

    That said, if you wish to believe that all religious people are nuts, or fanatics, or whatever, you are certainly welcome to that (erroneous) belief. I might point out that your reasoning and beliefs in this regard are about as well founded as those of Microserfs regarding linux in particular and alternative OSes in general.

    As for the God vs. evil issue, consider the following train of thought. It may not appeal to you, but it does have some merit, and explains things a little better than the previously quoted Greek philosopher:

    1. God is good.
    2. God cannot tolerate evil.
    3. God creates people.

    Now comes the jump. We all know that struggle makes us stronger (ask any athlete).

    4. We are God's children (however you want to interpret that statement).
    5. God wants us to become strong.
    6. God allows us to confront evil, thereby making those of us who resist stronger (much the way you can be stronger if you exercise hard or become weaker if you don't).
    7. Those of us who resist evil (and are thereby made stronger) are worthy to enter God's presence. Those who don't are out of luck because they didn't make the most of their opportunities.

    Now, one other comment. Why would God let us go through all this? God is omnipotent and omniscient. We are not. Assume that shortly after forming us, God went ahead and appointed us to heaven or hell by saying "I know you're going to be good" or "I know you're going to be evil." Human nature being what it is, we would complain long and loudly that we hadn't been given the opportunity to prove this for ourselves. So, God, in his infinite wisdom, allowed us just enough rope to either roam freely or to hang ourselves, at our inclination.

    Slashdot isn't really a place for religious discussions, anyhow. If you really feel the urge to spread your beliefs, quit school, or work, or whatever, and go proselyte for a couple years. It might instill in you a new respect for what people like the "Mormons" do. In fact, you might even discover that it takes a good deal more conviction to do that than it does for you to log into Slashdot and post a flame.

    Oh, and given your reference to Neitzsche, consider the following quotes seen on a wall in Germany during and after his lifetime (respectively):

    • "God is Dead"
      --Neitzsche


      "Neitzsche is Dead"
      --God

    shaldannon


    # find /dev/brain
    find: cannot open /dev/brain: No such file or directory
  • Is it a public key algorithm ? if not then comparing the speed to RSA is ridiculous.
    I've got some code that can add two large matrices
    faster than the best commerical implementations can invert one....

    "She's proved..." wow, I'm impressed. I thought proof of encryption security was impossible except for one-time keypad, the best you can do is expose it to the experts, and if after several years nobody has broken it then its pretty secure.

    Anyway, good luck to her. Especially if she goes public with it.
  • The case you're thinking of, the girl in question actually reproduced one of James Randi's experiements, and somehow got the write-up in a pretigous medical journal (Lancet?). God knows why a repeat of a previous experiment gets into a medical journal, even if it was done by a 12 year old girl.
  • by jnik (1733)
    Right on. My gf basically did the "sneak up behind him and whop him over the head--I WANT THIS ONE!" thing. She's intelligent and although she doesn't want to hack kernels with me, she understands that I do it and enjoy it.

    They're out there, I swear!
  • You surely aren't going to get laid thinking like that. It can't be the case that all the cute, smart, American women are here in Europe.

  • This is not twofish or loki or any of the other AES candidates because it isn't a symmetric block cipher. It's asymmetric. Incidentally, Sarah is well aware of the issues in the general area. Everyone knows that an algorithm needs peer review etc, even if it doesn't have any other disadvantages etc.

    I refer everyone (as usual) to Bruce Schneier's excellent Crypto-gram [counterpane.com] in October edition/episode of which he talks about the number of new algorithms proposed each day (this generations Fermat's Last Theorem?)

    Enjoy,

    Keith
    --
    Keith Brady,
    Baltimore Technologies [baltimoreinc.com],
    IFSC House, Custom House Quay,
    Dublin 1, Ireland
  • This stories also on the last sats irish times [irish-times.com]. I wouldnt get too carried away with it all just yet :-), im probably doing her wrong, but i never heard anything that won the young scientist of the year thingy actually being of any worth

    C.

  • Sigh. I made a mistake. What I meant to say above was: "[the article] implied very strongly that popular e-mail encryption programs use RSA to encrypt the whole e-mail."

    The article didn't actually name PGP. Instead, it claimed RSA was widely used to encrypt letters. It's not such a stretch to extend that to e-mails.

  • This article just screams "snake oil" all over. The claims made in the article are completely unjustified. In the field of cryptography, no algorithm or idea is considered worthy unless it has been publicly scrutinized and tested with time.

    Consider the following points:

    • "her code can encrypt a letter in just one minute - a widely used encryption standard called RSA would take 30 minutes." No justification is given, and indeed we all know that PGP does not take 30 minutes to encrypt e-mail.
    • "She has also proven that her code is as secure as RSA." Again, no justification is given. Proofs of correctness are rare in computer science. Moreover, there are many different levels and definitions of security in the field (known plaintext, chosen ciphertext, complete break, etc.) and this quote does not cite any of them.
    • Consider the source: Most of the material is quoted from her father.
    I urge everyone to first read the Snake Oil FAQ [interhack.net] before taking this and other similar articles at face value.
  • This was a joke!

    ...making fun on the guy who uses his complier as a grammar checker....

    Incidentally, I have a 20 gal batch of Mild Ale that turned out really well.

    Part of a 20 Gal batch is still leftover from a great batch of Pale Ale.

    I eagerly anticipate February when I can tap into a 20 gal batch of Pils.

    I'm glad malt is cheaper than silicon :)
  • So what does "bright" mean in the UK?

    I know "fag" has a significantly different meaning depending on which side of the pond you are on.


    BTW.... I remember a UK journalist covering the Kobe earthquake. He kept calling the town "ko bee" which in Japanese is the verb for animals in the act of conceiving young. My Japanese friend almost wet his pants laughing so hard.
  • Keep an open mind......as long as the source is released, time will tell whether or not the code is secure. Whether it is or not though, this is a large accomplishment, and she should be allowed that accomplishment. Loosen up a little bit...it's almost like some people don't want her (and people like her) to succeed. If she tries selling anything, then it's time to pull out the criticism, esp. if the algorithm hasn't been published. But right now, she just wrote it an entered it into the contest. Go easy on her for a little while.

    To address your points:

    1. RSA is a very slow cipher. It would probably take 30 minutes to encrypt an e-mail with RSA. Most encryption packages that use RSA end up encrypting the actual message data with a conventional cipher and a randomly generated key, and then use RSA to encrypt just the key. So, the statement in the news article is accurate, though the reporter probably didn't have the background to put that statement in its proper context.

    2. Don't forget the math underpinnings of cryptography. It is very posssible to make proofs about the mathematics of an encryption algorithm... especially proofs about how secure an algorithm is IN COMPARISON to other algorithms. Chances are, she proved that a mathematical attack on her algorithm is as difficult as a mathematical attack on RSA (which is factoring the modulus). Of course, the question remains (as with every algorithm including RSA) as to whether or not there is an easier mathematical attack that the author has not yet considered...and only time will tell that for this (and all other) algorithms

    3. The article mentioned her as being ill. Maybe she couldn't interview.
  • Never forget that, in the end, a computer is just a dumb piece of plastic, and while snuggling with it may keep you warm at night, somehow, it's just not the same :-)
  • But do not forget that logic is a human creation, designed by people trying to understand the world around us. Appropriately, it is subject to all appropriate pitfalls (problems with infinity, timelessness, etc).

  • Anyway, since (in Merka, anyway) you can now patent algos, my concern for my fellow hacker tells me that she should patent this, but I do think that it'd be way cool if she opened the
    idea.
  • Actually, if she didn't patent it, it work would be pre-existing technology and no one else could patent it.

    The primary danger in patents is in those patents which are made intentionally broad in order to gain control of other future technologies which the original inventor did not in fact invent (or discover, whatever). Other than that, patents can be a nuisance (such as MP3-encoding), but little more.
    --
    Aaron Gaudio
    "The fool finds ignorance all around him.
  • No, sorry. Just an older brother, but that doesn't help much. If you wanna meet a geek-girl, try Borders, and computer science courses offered at any local universities. There's one that I just saw the other day--Beginning/Advanced Red Hat--I was impressed that the school was even offering it. But hey--it just goes to show what a bunch of nerds can do! woo-hoo! In the mean time, I'll try and convert as many women as I can. okay?
  • Is it just me, or do the father's comments
    seem a little wacked?

    1 minute to encrypt an email? That's got to be
    one of the slowest email encryption systems I've
    every heard of.

    And 30 minutes for RSA??? Common.
  • I wonder if men qualify for all the scholarships which she is being offered?

  • In my humble opinion, while sexist grants and benefits may go a long way to help top performers, they also go a long way to promote sexism.

    If you're so unaffected by all this, why did such a simple, albeit speculative question receive such a vicious response?

  • Beacause my sister is an engineer and my brother is a nurse. You do noy have any compehension of the scope that sexism is destructive. It is worthwhile to do away with it, permanently, even if I have to give up some piddling amount to do it, even if you do as well.

    If I interpret you correctly, we are in agreement. Sexist grants should not exist. Even if one should "Give up some piddling amount to do it (eliminate sexism)."

    In institutes of higher learning, financial grants based on academic success should be awarded based on academic success. No consideration should be given for minority representation.

    The same applies for the workplace. Equal pay for equal work. Equal grants for equal achievement.

    Unless you mean that people should take paycuts or loose grants -- whether or not they personally recognise sex or race as a factor in their workplace or institution. This, in my opinion is the worst and most sickening kind of discrimination.

    Are you actually suggesting cutting up the population and dolling out benefits or penalties in order to 'justifiably' adjust the workforce or institution so that it perfectly reflects the demographics of the local population?

    It's been done and I know people who have been laid off because of it. If this is what you are saying, and I find it hard to believe that it is, explain to me how firing people and cutting their pay does not create sexism and resentment in the workforce.

  • I don't exactly live in a upper-middle-class white suburb either. Certianly not so extreme as the descriptions of the Bronx. But people have been knifed to death in my neighbourhood, gangs of crack dealers hang out every night unharassed on my street corner, and prostitutes walk up and down my street. And I ignore the ones who sneak into our lobby to warm up from the cold... I know they have little choice.

    I've lost more than a few dollars to people who have held a knife to me.

    It's not a very racist area, but it sits adjacent to a poor area, and I will say that the poorest of the poor are all visible minorities, and I accept that they are doing what they have to do to get by. Or doing what they can to earn some power or freedom.

    But it certainly does not mean that lowering entry requirements for them at the expense of their peers will earn them any respect. It will only make things look good "on paper."

    Besides, that's using discrimination as a justification to discriminate. Which if you believe in that... ok, I won't be voting for you if you run for mayor.

  • Even though we do not know how secure RSA is we might be able to prove something else to be as secure.

    Not that I know anything of this particular subject but in general it's possible.

    --
    Pirkka

  • As a humble British person (where we don't have TV Bible-bashers), who doesn't even own a TV set (becasue they're obsolete and one must pay a license fee to fund public TV+radio if you own a TV, but not a radio (-go figure, I can't))

    can someone point me to a website where I can experience this "Pat Robertson" I keep hearing about at first hand?

    I enjoy a good bit of comedy.

    Thanks.
  • 'Algorhythms', huh?
    Looks like someone else needs to use 'Preview' ;-)

  • There are some DAMN good cryptanalysts out there. Coming up with a code that looks like total gibberish to everyone, and coming up with a code that withstands the most complex cryptanalytic attacks is something different altogether. It reminds me of Dr. Weil's proof of Fermat's last theorem: We'll see if the math crunching that inevitably follows such a "discovery" holds it up to be what she says it is.

  • by drig (5119)
    You can prove that cracking RSA is as difficult as factoring the product of two large primes. It is entirely possible that this algorithm is also based on that problem. Thus, you could prove this is as tough as RSA.
  • I hope she doesn't patent it. Really.
  • I wonder if there's any way to contact her and persuade her to opensource it, before the corporate vultures snap this algorithm up and make it proprietary?

  • You mean a one-time Paddy?
  • 30 minutes - she's using NT, right?
  • The algorithm in question won first prize at the Irish Young Scientist's Exhibition, which is an annual contest in which secondary school students (12-18 years old) exhibit science projects. Last year, the same student came second with another crypto project, and represented Ireland at the Intel Science Competition in the US. The part about the judges not being able to understand the project is true. The judges had to get in a crypto expert to validate the project.

    I don't know any details about the algorithm itself, cos I never got a chance to attend. Bugger....

    Quark
    --
  • It's not when he meant one time pads. And OTPs are secure.
  • Well, there are many ways at looking at this. Here are a few.

    Perhaps it is evil to abolish evil, since doing so would effectively remove free will.

    Perhaps, as has been said in previous postings, good cannot exist without evil. Perhaps the more Taoist way of looking at these things holds true, and there isn't really good and evil but rather positive and negative, and these things are (or should be) always in equality.

    Perhaps the Zen Buddhists are right, and this whole human perception of reality is fundamentally flawed.

    Then again, it's pretty clear that the Greek dualistic/logical view and the Hebrew God don't mix well. The pathetic God view of the Hebrews accepted such things as emotion and morality as being as true as logic and reason. They really didn't much separate them from a theological point of view. The dualistic body/soul emotion/reason view of Plato and his fellow philosophers viewed pure reason as Truth and God, free from emotion. Obviously, when the two mix, as they often do in Christianity, there is going to be some sort of confusion. There's got to be a compromise somewhere. It's pretty obvious that the Hebrew God is not logical if much of the Bible is anywhere near accurate, as it is full of his fatherly love and jealous wrath. Logic, after all, is a human invention. It's not necissarily true when applied to God, or even to reality.

    However it works out, you can't really prove something like whether God exists or not using logic, even if the attempted proof is logically sound.

    For what it matters, I'm an atheist existentialist. But I hold that my belief is just that, a belief. It's arguably not truth, if there even is one absolute thing we call truth. So I guess I border somewhat on agnosticism.

    Yes, I know my spelling and editting sucks, and my opinion may not agree with yours. Surprise.
  • Back to Plato's idea of the Good. There is one Good, one Truth, one Sun, one God, whatever you want to call it. Anything less is tainted by that which is not good, effectively evil. So if evil is eliminated, there is only one path that is pure good, so there is only one path that can be taken. In other words, no free choice and no free will.

    Or at least I think that'll work. I'm not much into arguments for or against God, and I don't think much of Plato so I may have gotten his ideas confused in my reluctance to get them straight.
  • Well, the worst part of Plato's system wasn't entirely his fault. Parmenides, I believe, was the first Greek philosopher to come up with the idea of the single, passive God who is not emotional but pure logic. No doubt his ideas influenced the Stoics or vice versa.

    I personally entertain the idea that if there is a single God, he is probably (hopefully) the pathetic God of the Hebrews instead of the cold, emotionless God of the Eleatic school. The ones that believed in a God that matched their world view, anyway.

    BTW, anyone who's interested in reading more on this should check out the two-volume series by Abraham J. Heschel called "The Prophets," particularly the second book. It's fun, well-written, and easy to understand.

    At any rate, no matter how misguided Plato was, those thoughts are still pretty much dominant in conventional Western thought. Pure order (reason) is thought of as being the ultimate good, and people as being unable to fit that. Therefore, according to that view, people are inheritantly evil. Needless to say, I disagree with that. I also technically disagree with the Hebrew pathetic God, but I would be much more willing to believe in it than the Platonic God.
  • Why would god (the creator of everything) design all the logic and reasoning on this planet and then lead our reasoning to conclude that he's nuts?

    God doesn't have to be the creator of everything. God made the world and humans, among other things, according to the Judaeo-Christian tradition, but nowhere, to my knowledge, is it said in any particularly authoritative scipture that the makings of humans are the makings of God. Quite the contrary, in fact. In the Bible, humankind was punished for building the Tower of Babel, for instance, and I think it gave the reason that humankind was trying to rival God's creation.

  • (sorry for the flame, but...)
    Women are more evolved? What planet are you from? I'm female, I'm 19, and I'm an ECE major (and I have a boyfriend) but it is very rare to find females (even at CMU) who a ren't complete idiots when it comes to computers and engineering... Most of the female CS majors are not CS majors by their sophomore year. I don't think that's a mark of being more or less evolved, just fewer interested females.
    Any woman who'd be impressed by your "more evolved" comment is probably less evolved and more of a ditz... sorry...
  • Ok, what am I missing? This new encryption/decryption system devised by this 16 year old is unique how? That it uses matrices to encrypt and decrypt? Twofish, Shark, Square, and Manta are encryption/decryption algorithms that use matrices. Twofish [counterpane.com] was first brought to my attention through slashdot, Dec 22, 1998, [slashdot.org] to recap that article, the "TwoFish encryption algorithm, a possible DES-replacement." The algorithm is already being subjected to hacker assults, and is holding up very well. And the algorithm is fast. I was impressed with what I read about Twofish, and I'm not holding my breath about what this 16 year old has created. Not being able to examine her source, it is difficult to see how her algorithum is would be any better.
    Time flies like an arrow;
  • That is my point exactly.
    Time flies like an arrow;
  • Hmm.... I'm very skeptical of this. I certainly wouldn't trust any new encryption algorithm until it has been hammered at for a good few years by some cryptanalysis experts. Some pretty intelligent people have proposed new algorithms over the years only to have them exposed as totally vulnerable shortly afterwards.

    In short - don't trust it (yet).
  • by whydna (9312)
    I think this is genuine. I met this girl last year at Intel's International Science and Engineering Fair...As I recall, she had a 700 bit encryption method (or something) that was based on matrices. She won some of the bigger awards (the awards get large (i.e. $10,000+)).

    If you search for the 1998 ISEF on intel's press release web page, you can see a couple pictures of her. I think she said her dad works for intel (I wonder if that played a role in her winning so much at intel's science fair).
  • You can prove relative strength of algorithms by using a reduction argument, i.e. "If I can crack RSA quickly, then by a very simple extension I can factor big numbers quickly. And since nobody seems to be able to factor big numbers quickly, it seems that nobody will be able to break RSA quickly." Note that this doesn't prove that RSA is secure - it just means that there's effectively been thousands of years of the brightest minds attempting to crack it, without success.

    The same can be said for the girl's algorithm - if her proof is correct, then it shows that cracking her algorithm quickly means you can also crack RSA quickly. Again, no proof of absolute security, but not bad either. This is far from UBE or some kid devising a "modification" of RC4 and claiming it's the greatest thing under the sun.
  • Well, this reminds me A LOT of a problem I was given this past term in MIT 6.857 (Computer and Network Security, professor Ron Rivest). If I remember it right, the description of the girl's algorithm, and the solution to the problem are very similar - the matrix solution involved matrix multiplication rather than exponentiation. I can't comment any more on the similarities because I don't know her algorithm in detail and I don't remember the problem in detail. But I also remember that the problem asked us to decide if the algorithm was as secure as RSA. There were some subtle problems with the proof and I'm not sure if in fact it was as secure.

    Also, stating "all the matrix entries are modulo n, therefore it's as strong as RSA" is not even close to an acceptable proof. But I'd give the benefit of the doubt that her proof contains a little more detail.
  • "otherwise the Government would have &c"

    Remember, we're talking about the Irish government here. Despite their origins, they're not noted for shady dealings on quite the same scale as the US (or even the UK) governments.

    (Besides, they've just discontinued their currency. They may have other things to worry about right now. ;> )
  • The whole point of a slow algorythm is that someone can't churn through all the possible key combinations in a short space of time.

    I guess some people never stop optimising :)
  • I would still prefer my 448 bit Blowfish cypher.
  • she has i think??
  • You get pissed on five pints of Guinness? Lightweight.

    An bhfuil aon duine in ann e seo a dtigmheail?

    Wonder what the Gaeilge for "decrypt" is.

    The Dodger

    PS: Doesn't anyone else find this concept of patenting algorithms just slightly abhorrent? Or are my extreme hacker tendecies ("INFORMATION WANTS TO BE FREE!!!") coming to the fore again?

  • > x=f(y,z) would be considered pre-existing and therefor not patentable.

    I would posit that _all_ mathematical functions pre-exist. Christ, imagine if Einstein had worked for some money-grabbing corp and they patented E-mc^2? Or if patent laws had existed in ancient Greece or Rome. "Sorry, everyone, you can't do long division, because Maths, Inc. has the patent on the algorithm."

    Fuck that, my friends. I have no problem with copyright - i.e. if you publish some software, people shouldn't copy it and use it without paying for it - but if someone manages to come up with the same idea by themselves, I don't think they should be prevented from exploiting their idea just because someone else came up with it as well.

    Dodge
  • Dammit! I never meet cool girls like this. I'm lucky if I can find a girl who can use AOL and knows basic HTML. Oh well... maybe in college I'll find lots of highly attractive girls who would find me more attractive than the rest of the 90% male population. Wait. Maybe I should goto a liberal arts school.


    Ex Machina "From the Machine"
    xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
  • The competition she won was a general science one, and one with a strong emphasis on observational sciences, so I wouldn't be surprised if the judges weren't able to understand her code.[1] It's still a very impressive achievement, especially considering the pretty weak amount of CS taught in our secondary schools.

    But of course, it doesn't amount to much in the real world until hardcore crypto people have hammered at it for a while.

    K.
    -
    [1]The cynical view is that since the sponsorship for the competition was recently taken over by a telecom company, there may be an element of "Anything But Biology" in their choice of winner.
  • They were talking about "strong" encryption. Not the standard pgp type stuff. But where you HAVE to have it encrypted, new seeds for every character and all type stuff...
  • Where is the false premise?

    The above poster was right that there is a false premise. Or at least an unproven premise, which is enough to disqualify this as a logical proof. And he said what it was, although he didn't explain it as well as he might have. It is that...

    If he can, but does not want to, he is wicked.

    Here is a simple counterexample (somewhat hypothetical). I don't like people who yell really loud in Sproul plaza. I can kill people who yell really loud in Sproul plaza (in principle). And yet there are people who yell really loud in Sproul plaza. Those three facts are completely compatible. It may be true that God is omnipotent and hates evil, and yet has some other reason for allowing it to exist. I could speculate as to God's reason for allowing evil to exist, but my point is that this is not a logical argument for the nonexistence of an omnipotent evil-hating God.

    The other problem with your proof is that you never bother to define evil. I'm sure Epicurus did, but I'm not sure his definition is the same as that of most people today, or the same as that of Christians. In fact, sadly a lot of Christians I know have not thought very deeply about what evil is, and as a result are very shocked when they read the Old Testament and find out that God did a lot of things they would consider evil. But that is an entirely different discussion...

  • Unless you find an actual reason for evil to exist (instead of saying there MIGHT be one), the reasoning still stands.

    I don't need to prove the opposite of what you have shown in order to show that you have not proven what you claim. Showing your proof to be wrong is a different (and much easier) task from showing your claim to be wrong. I did not show that a good God exists, I merely pointed out that you did not show that a good God does not exist. A proof that might be wrong is wrong. This is inherent in the definition of a proof.

    You are saying that god is the ultimate wildcard.

    Precisely! Here is my attempt at a guess at God's reason for allowing evil.

    You claim that a good god (I won't keep repeating omnipotent, just understand that I mean an omnipotent god) could not have made this world because it is bad. I believe free will is good. I cannot concieve of free will without evil. If we don't have a choice between good and evil, then we aren't given any significant choices, so that doesn't count as free will. So free will is good, but we can't have free will without evil (I don't think I can prove this, by the way), so perhaps God allows evil in order to provide a greater good.

    You could claim that this god is not omnipotent, because he can't give free will without evil. I concede that it may be possible to have free will without evil, even though I cannot conceive of it. However, if this is not possible, that doesn't make God unomnipotent any more than the fact that he can't make two odd does.

  • Plato was insane, just read about his Republic. Nobody knows if he was being serious or making a parody, but I'm inclined to think he was serious and one serious nutcase.

    Maybe if you had bothered reading some of his writings you would have a different opinion. Plato's writings are full of joking bits, especially the Republic. And Plato never gives any hints that he is joking. Most of his jokes (at least, those that aren't puns) involve pretending to be dead serious about something that is ridiculous.

    (Some of the more memorable examples of Plato's humor include the bit about the Lacedaemonians in Protagoras, the bit about dogs in the Republic, and just about all of Parmenides and Euthydemus.)

  • I'm not about to conceede that suddenly you (and a couple other idiots) have found a flaw in a logical riddle that is 2 millenia old. It still exists because it's NOT wrong. You'll have to accept that.

    I'm afraid I won't have to accept that. Two thousand years does not make anything correct. You seem to have no respect for Plato, and his writings have been around for longer than those of Epicurus.

    Notice the Epicurus lived BEFORE the Christian god existed. He never HEARD of Jesus, or Christ. He lived during a time when Greek and Roman mythology were still bonafide religions. And if you've read any of that mythology, none of the gods were omnipotent or good, and many of them practiced EVIL.

    However, it you have also read Plato's work (which came before Epicurus), you will know that there was a lot of revisionism going on. Plato did believe that god was good, and on that basis rejected much of the old mythology. He also believed that god was omnipotent. I don't think that he said that explicitely, but he did say that he didn't believe that anything bad (remember, he had a different understanding of bad than most people) could happen to good people, since the gods wouldn't allow it. Presumably it was works like those of Plato which Epicurus was responding to.

    I guess I should mention as a caveat that I obviously don't know what Plato believed, since he only wrote dialogues. However, if I remember right, most of what I have refered to here can be found in Euthyphro [mit.edu], in case you're interested.

  • Personally, I can't understand why there is such
    a strong sense of distrust and antagonism against
    this person who obviously has worked hard to both
    learn the material and work on the code. At least
    for that, she deserves credit.

    Call me cynical if you will, but if the NSA or RSA
    announced that they had a new algorithm, the
    opinions would not have been this biased, bigoted,
    and enflamed. There have been posts in this thread
    that denounces her achievements on the basis of
    gender, ethnicity, the reputation of the reporters,
    the reputation of the events, or in some limited
    cases, the plain ignorance of the poster. Why do
    I feel that if there had been a corporate logo and
    an army of suits that people would have been more
    respectful of the news?

    But don't get me wrong, I believe that with all
    forms of coding, thorough testing of the algorithms
    and continued work is not only a good thing, but
    required. Just don't discount the work of people
    like Ms. Flannery's before the vote is even in.

    Linus's work was denounced by a figurehead at the
    birth of his idea. But time has told who was right
    and who was in need of an open mind.

    Her work might not meet with the approval of many
    people, but instead of turning one's back on it
    so quickly, perhaps one should take a closer look
    at it.

    Personally, I hope she patents it and decides to
    release it under one form of open source license
    or another. It would be a boon to the net community
    for new ideas to be tossed about and snowball.

    *smiles* Maybe even give some of the critics a
    little something to chew on.

    Anyways, that's my two cents. The Intel site has
    some pretty cool pics of Ms. Flannery. Whether her
    code turns out to be a big thing or just another
    blip on the scope, I hope she has a long and
    bright career in the field of Cryptography. She
    seems to already have a pretty good start and
    a knowledgable father to lend her a hand if she
    would ever need the help.

    - Wing
    - Reap the fires of the soul.
    - Harvest the passion of life.
  • I would have to say that a story originating from out of Blarney, Ireland does tend to give one pause for thought. Isn't this where the Blarney stone originated? From some of the replies that I've read here it does sound like the story is on the level, but the Blarney reference was making me wonder about the story.
  • ...I love getting oral sex too..
  • That bothers me. She's gotta be pretty
    brainy to understand this stuff at her
    age, let alone turn the science on its
    head. Why do they emphasize that she's
    not a genius?

    Seems like there's a new encryption claim
    every few months - some of them just don't
    pan out. Hope this one does, but I'm
    skeptical...
  • The best scenario for Free/OSS is that this is true, and that she isn't interested in the profits of this patent. Then she could patent this algorithm, using The League for Programming Freedom [mit.edu] This would add a patent to the pool we will need, not that software can be patented.

    Would be nice if someone let her know her options.

  • You allege that the complaints stem from jealousy and the age of the person that invented this. I would bet that the same comments would be made if there was this much hype surrounding some math professor whose code could not be understood by the "brilliant" judges and has not been verified beyond the claims of some article that is clearly written by someone either pandering to the masses or one who doesn't understand the subject material that well.

    When it's verified that this algorithm is shown to be truely useful, I shall have nothing but praise, but until then, I will continue to think that this is just the media attempting to leverage a "cute" story about a young girl to get hits and sell newspapers.
  • Well, I think that her discovery was simply a different approach. This happens ALL THE TIME in scientific research. Sometimes you can't see the forest from the trees when you are buried. It sometimes takes someone without any experience to try something no one else has even considered. So I will give her the benefit of the doubt, for the time being.

    After all, the CRC tables [Chemical Rubber Corp book of tables] had to be recalculated in the seventies when a 14 year old discovered they were all wrong.

  • It seems to me that if it encrypts in 1/30th the
    time (although THAT part of the story reeks of
    male cow excrement), it would take 1/30th of the
    time to crack it using a brute-force technique? Anyway, until I see the algorithm, I aint gonna
    use it :)

  • by Papa (13862)
    Do you have an example of companies stealing an algorithm by patented already-copyrighted formulae? The only examples of patented algorithms I know of are ones that are kept from public use.



    Papa
  • So wouldn't this indicate a possable vunerability to a chosen plain text attack ?
  • I hope this is really something that's true, and not just crap. If it's true, it might actually be something useful, but the government will probably rape it anyways if it is.


    Force Recon Half-Life TC: Check it out [cass.net]
  • Poor article. It gives us a lot of fluff without any hard questions. It appeals to the authority of her father, the Math prof, as guarentee to the algo's security. It implies that speed, not government paranoia, is what's keeping cypto out of the mainstream.

    How do you prove an algo is as secure as RSA with out years of cryptoanalysis by recognized experts? Actually, no cryptographic algorithm is proven secure. They just haven't found a feasible attack.

    I like the caption, "The prize judges could not completely understand the "brilliant" code." But the awarded the prize anyway.
  • Hi,

    This is a copy of a mail I sent to the UK Crypto mailing list earlier today about this story. Sorry in advance for the long sig, but I'm writing in an official capacity.

    As far as the patents go, the algorithm is based on ideas of ours and so she and we would have to talk about legal issues before we made any move in that direction. Baltimore is very aware, though, of how hard it would actually be to make any money off a public-key algorithm, given that RSA and DSA/DH are more-or-less hard-wired into the standards, and given that (for understandable reasons) the Internet community is wary of crypto algorithms that have licensing issues associated with them.

    William

    ================================================ =

    The algorithm that Sarah won the Young Scientist Competition with is based on work that Sarah did in Baltimore when
    she was here on a student work placement last March. We've been
    looking at algorithms based on 2x2 matrices for a while and
    gave her the idea to see what she could do with it.

    The idea we were working on was to use 2x2 matrices with entries
    modulo n, n the product of 2 primes (ie an RSA number). The
    security is therefore exactly the same as the security of an RSA key with
    the same modulus. However, the encryption and decryption processes
    require only a small number of matrix multiplications rather than
    modular exponentiation, so both public-key operations (16 multiplications
    over the finite field) and private-key operations are as fast as a
    normal RSA private-key operation (17 multiplications). The downside
    is that both the key and the ciphertext are about eight times the
    length of the modulus, rather than more-or-less the length of the
    modulus as with RSA.

    That was our idea, anyway. I haven't had time to look at Sarah's
    project in great detail so I don't know how far (or even whether)
    she's taken it beyond where we had it.

    Sarah, by the way, is level-headed enough to know that new public-key
    algorithms only made you millions if you invented them in the Seventies.
    Her real problem is trying to stop the journalists talking up the
    stupid parts of the story while still emphasising that there's a real
    story in there.

    Cheers,

    William

    ================================================ =============================

    William Whyte, Senior Cryptographer, Baltimore-Zergo

    Zergo & Baltimore Technologies merge in $55m deal !
    The new company name will be "Baltimore"

    See Baltimore at Stands 235 & 425
    RSA Data Security Conference, 17-21 Jan '99


    Baltimore Ltd, IFSC House, International Financial Services Centre,
    Custom House Quay, Dublin 1, Ireland.
    Tel. +353 1 605 4399 Fax. +353 1 605 4388
    Email: info@baltimore.ie
    Website http://www.baltimoreinc.com/
    Baltimore - Global e-Security
  • The word "brilliant" was a direct quote from the judges. That's why it was in inverted commas.

    William
  • Why did Sarah use a 2x2 matrix? To be sure to be sure to be sure to be sure!
    [runs away]
  • Apparently she developed this as a science project (which she won) and is entering it into the european young scientist comp. It is said that she has considered patenting it but is more inclined to publish. Read it in the times today.
  • Andrew Wiels DID solve Fermats last theorem, and from what I've read in the press, this new algorithum seems genuine (unlike the Y2K 'Silver Bullet').
  • ..or better yet, a realhamster
  • Wooops - there is more on this story [independent.ie] on the Irish Independent newspaper [independent.ie]

Algol-60 surely must be regarded as the most important programming language yet developed. -- T. Cheatham

Working...