faq: Is it possible to create a proprietary variation of a cipher?

20 May 2013

Text Size

Expert Opinions

“The rapidly evolving field of quantum computers is one of the most active research areas of modern science, attracting substantial funding that supports research groups at internationally leading academic institutions, national laboratories, and major industrial-research centers.”

ARDA, Report of the Quantum Information Science and Technology Experts Panel, 2004
“Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.”

Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995
“In the next five years we will counter many 'hacker' attacks but we will not be safe from Nation States and other large entities”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008
“Business now relies on information infrastructures that are interlinked and interdependent… The way in which these hidden interdependencies pervade our everyday lives is staggering and, in some cases, may go unchecked for many years until an incident occurs that revels the true nature of the interdependences' impact.”

The British Government’s Technology Strategy Board, 2008
“When will we be secure? Nobody knows for sure – but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers’ stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today’s commercial security products and services.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", 2005
“The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption. In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer.”

Professor Gilles Brassard, "Quantum Information Processing: The Good, the Bad and the Ugly", 1997
"Dropping support for a broken crypto primitive is hard in practice
- but crypto can be broken overnight
- what do we do if SHA-1 or RSA falls tomorrow?"

Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
"Many applications stay in use for much longer than anticipated, but during the extended lifetime they will be functioning in an environment for which they have not been designed, resulting in completely new vulnerabilities and risks."
SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007
"Many crypto-systems considered robust have been broken after a certain amount of time (between 10-20 years). ... We need to build crypto-systems that offer long term security, for example for protecting financial and medical information (medical information such as our DNA may be sensitive information with impact on our children, our grandchildren and beyond)."
SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007
“Given today’s common hardware and software architectural paradigms, operating systems security is a major primitive for secure systems – you will not succeed without it. This area is so important that it needs all the emphasis it can get. It is the current ‘black hole’ of security.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008
“The software security industry today is at about the same stage as the auto industry was in 1930" ... "it looks fast, goes nice but in an accident you die.” ... "The major shortfall is absence of assurance (or safety) mechanisms in software. If my car crashed as often as my computer does, I would be dead by now."

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008
"Unfortunately, the security issues of a technology near the end of its lifetime are typically overlooked. The best known example is that of cryptographic keys and algorithms which may need to offer in some cases security for 50 to 100 years."
SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007
“New concepts for quantum computer implementations, algorithms, and advances in the theoretical understanding of the physics requirements for quantum computers appear almost weekly in the scientific literature.”

ARDA, Report of the Quantum Information Science and Technology Experts Panel
“Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I’d be dead by now.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008
"One often hears recommendations for key-sizes of public-key cryptosystems needed to obtain security for 30 years and even 50 years. Anyone wanting a real security of this magnitude should probably take the construction of the quantum computer into consideration."

ECRYPT, “D.PROVI.3 – First Summary Report on Unconditionally Secure Protocols”, January 2005
“a significant breakthrough in quantum computation would spell doom for all these systems (ECC-192 or RSA-2048).”

European Network of Excellence for Cryptography, "D.AZTEC.2 Alternatives to RSA", July 2005
"Today’s systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade it in the field."

Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997
"The security of the digital world has become a fundamental stake for the citizen with respect to his individual freedom ..., for the company with respect to the protection of its computerized industrial assets, ..., and for the state with respect to the reliability of operations and the reduction in the vulnerability of large and critical infrastructures ...”
SecurIST, “D3.3 – ICT Security & Dependability Research beyond 2010: Final Strategy”, January 2007
"Given their power to intercept and disrupt secret communications, it is not surprising that quantum computers have the attention of various U.S. government agencies. The National Security Agency, which supports research in quantum computing, candidly declares that given its interest in keeping U.S. government communications secure, it is loath to see quantum computers built. On the other hand, if they can be built, then it wants to have the first one.”

Prof Seth Lloyd of MIT, MIT Review 2008
“Consider the use of smart cards ... for especially critical functions. Although more costly than software, when properly implemented the assurance gain is great. The form-factor is not as important as the existence of an isolated processor and address space for assured operations – an ‘Island of Security,’ if you will. Such devices can communicate with each other through secure protocols and provide a web of security connecting secure nodes located across a sea of insecurity in the global net.”

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008