[cryptography] Tigerspike claims world first with Karacell for mobile security

Steven Bellovin smb at cs.columbia.edu
Mon Dec 24 23:15:59 EST 2012

On Dec 24, 2012, at 8:19 AM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Mon, Dec 24, 2012 at 8:03 AM, Ben Laurie <ben at links.org> wrote:
>> On Mon, Dec 24, 2012 at 12:22 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>> Has anyone had the privilege of looking at the "stronger than military
>>> grade" [encryption] scheme?
>> http://innovblogdotcom.files.wordpress.com/2012/06/the-karacell-encryption-system-tech-paper1.pdf
> Thanks Ben. Based on the opening paragraph, I think I'm going to read
> some of it.
> The Karacell symmetric encryption system was specifically designed to
> counter the anticipated threat of quantum computing,

My understanding was that there was a general quantum algorithm for
brute force in 2^sqrt(keylen).  The real threat is to public key
algorithms.  The white paper just says "well known" and goes on from

> whilst at the
> same time address other issues with existing cryptosystems such as
> slow computational performance, nonoptimal power consumption,

These are both plausible.

> nonuniform cryptographic strength over various bits of a file,

??  I've never heard that allegation against AES.  I am confident that
had it been known way back when, Rijndael never would have been selected.

> and
> ciphertext that depends upon the plaintext for pseudo-randomness.

??  Is this supposed to be a garbled reference to things like CBC and

> It
> is based upon a non-polynomial-time computation problem (also known as
> an NP problem whose optimal algorithm has not been improved since
> 1972). This final point is critical, as new cryptosystems are always
> treated with great scepticism; however, by demonstrating a linkage to
> a known mathematical problem, “new” cryptosystems are sometimes more
> accurately considered as derivatives of previously well-studied math
> problems.
Remember trapdoor knapsacks?  The issue isn't the *worst case* complexity
for solution, it's what a cryptanalyst would typically encounter.

These claims do not instill a great feeling of confidence in me.  Maybe
this is a good algorithm, but I'm not holding my breath.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

More information about the cryptography mailing list