Two trends may soon collide to make Public Key encryption tools of greatly reduced value in securing data. This is particularly concerning for all cloud users, as one of the `golden rules’ of securing data in the cloud is if it moves, encrypt it.
The two trends are the suggestion that the US security authorities have been working to weaken public key encryption in order to make surveillance easier, and the expectation that encryption cracking tools will soon be available that will severely damage the efficacy of current public key services.
RSA and ECC are the two most common public-key crypto systems in use today. At the 2013 Black Hat conference, researchers declared that the math for cracking encryption algorithms could soon become so efficient that it will render the RSA crypto algorithm obsolete. Coupled with the recent NSA tampering allegations on ECC, this mistrust could set up a `cryptopocalypse’ with organisations scrambling to retrofit systems with new, yet trusted, public-key crypto systems.
Such threats do make it important that any alternative solution to providing secure encryption capabilities is investigated, and one such to appear recently is NTRU from Security Innovation, which is intended for free use in open-source software.
NTRU offers a small footprint, high speed, future-proof security, coupled with IEEE and X9 standards adoption. The company feels it is well-placed to pitch for the role of de facto crypto in the post-RSA world.
Its key advantage, according to the company, is that NTRU is based on lattice maths. This makes it resistant to Shor’s algorithm, which is onee of the primary weapons likely to be used in quantum computing attacks, and has already been shown to break both RSA and ECC.
“The open source licensing of the NTRU crypto system will make it easier for wide-spread adoption of our X9.98 standard, allowing Financial Services companies to protect their important financial transactions”
With the GNU Public Licence (GPL), NTRU can be deployed in open source products such as web browsers and TLS/SSL servers. For vendors looking to incorporate NTRU into a proprietary product, a commercial licence is also available.
"The Internet generates a trillion dollars in ecommerce sales a year; however, these transactions are being protected by a limited set of encryption algorithms", said Charles Kolodgy, Research Vice President for Security Products at IDC. "This lack of diversity can be a single point of failure. By offering NTRU under a General Public License, Security Innovation is expanding the diversity of encryption available on the Internet."
Offering it under open source licencing is also expected to open up the potential for the NTRU crypto system in important markets such as financial services. It should, for example, make it easier for wide-spread adoption of the X9 Financial Industry Standards Committee’s X9.98 standard, allowing Financial Services companies to protect financial transactions.
Being open source is also expected to help ensure that NTRU’s implementation is solid and without backdoors. As Dr. William Whyte, chief scientist at Security Innovation, Inc. and chair of the IEEE 1363 Working Group observed, “We are fussy in the crypto world, and want to ensure that any adopted crypto is transparent and battle-tested. NTRU has been successfully scrutinized by numerous government agencies and universities for over a decade."