
Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago - hsnewman
https://www.schneier.com/blog/archives/2019/09/crown_sterling_.html
======
nneonneo
They posted a video of their attempt on YouTube demonstrating their claim -
which was quickly taken down again. Thankfully it’s been mirrored; one source:
[https://youtu.be/ML41g0hb7hM](https://youtu.be/ML41g0hb7hM)

Some highlights:

\- they claim that the RSA equation underlies all electronic banking and
public key crypto (when of course, DH, ECC and many other systems make no use
of RSA)

\- they apparently surveyed 500 CISOs and claimed only 5% understood the math
of RSA (well, yeah, you asked CISOs and not professional cryptographers -
duh?)

\- as expected it was a really amateurish demo with pre-selected keys, not
even remotely convincing. I’m actually surprised they even bothered to factor
for real, rather than just faking the factorization of a 2048-bit RSA key or
something

\- they claim it was 50 seconds on a laptop in their press release, but
they’re clearly SSHed into a Linux box with 32 cores (and it was 50 seconds
per key, not for both)

\- one line of debug output from their script matches CADO-NFS exactly, which
is probably just what they’re using under the hood

\- they won’t accept stranger’s keys because they’re worried that info could
be used maliciously...

It’s so utterly absurd that this is even a thing. They have absolutely got to
be running a scam, I don’t see how they could be serious about this
(especially the bit about redressing CADO-NFS as their own factoring
algorithm!!). If it’s a scam, I definitely hope they get sued by their
investors or something...

P.S. I thoroughly beat their little record with my actual 8-core laptop
running YAFU - I did two keys in 28 seconds to their 2 keys in 1:40.

~~~
tialaramex
5% sounds about plausible, anybody inquisitive and capable of say, a numerate
degree subject - physics, engineering, anything over in that corner, can
follow along in textbook RSA. But the CISO doesn't actually need it for their
job.

These sort of people are often closer to delusional than straight scammers, so
that's why there's a demo of a thing that doesn't really work - they sincerely
think they're onto something, even as they fail to achieve anything
significant.

~~~
nneonneo
I was thinking delusional, but the thing is that their thing does work - it’s
just not their work. They repackaged CADO-NFS (a well-respected factoring
program) and pretended that they’d invented a new factoring algorithm. It’s
actually simple plagiarism.

Now, what I could believe is that there’s a massively deluded guy at the top,
and a bunch of underlings who are desperately trying to enact his crazy
vision. But it’s pretty hard to ignore the evidence that this is a scam.

------
onychomys
These guys are like Theranos if Elizabeth Holmes had never bothered to hide
any of the shady stuff she was trying to do. It's such a blatant con game that
I honestly kind of admire them just for their moxie. I mean, I'm not going to
give them any of my money, but still.

~~~
imglorp
Worse. They're suing ten people for booing them at Black Hat, as well as suing
the conference for not providing a heckle-free marketing platform which they
paid for.

[https://arstechnica.com/information-
technology/2019/08/compa...](https://arstechnica.com/information-
technology/2019/08/company-accused-of-crypto-snake-oil-sues-black-hat-
anonymous-detractors/)

[https://www.schneier.com/blog/archives/2019/09/the_doghouse_...](https://www.schneier.com/blog/archives/2019/09/the_doghouse_cr_1.html)

------
xmmrm
Thread on RSA factoring progress:

[https://twitter.com/sweis/status/1175099502312620032](https://twitter.com/sweis/status/1175099502312620032)

------
y7
Video:
[https://www.youtube.com/watch?v=ML41g0hb7hM](https://www.youtube.com/watch?v=ML41g0hb7hM)

nneonneo already posted some highlights. Another one (2m50s):

"[Public key crypto] depends on one simple math equation. It is prime_1 times
prime_2 = composite number. This is what's called the discrete logarithm."

~~~
katmannthree
My algebra is a little rusty, but isn't the discrete log totally unrelated
except for also sometimes serving as a pseudo-oneway function?

~~~
y7
They're different things, indeed, and can both be used for public-key crypto.
ElGamal uses intractability of the discrete log, RSA uses the intractability
of integer factorization. Both are broken by Shor's algorithm on quantum
computers.

~~~
LolWolf
To be fair, this is one point that I think they've actually gotten correct.
Discrete log is easy <=> Integer factorization is easy.

------
gus_massa
Reposting from another thread:

From the video: in a computer with 200GB of RAM, and 32 cores, they factorized
the key in 52 seconds.

The first key (in decimal) is
83473593554391843334619428139045661537976651941410655062632649869770538548577

This page
[https://www.alpertron.com.ar/ECM.HTM](https://www.alpertron.com.ar/ECM.HTM)
solved it in 3 minutes, 37 seconds. I guess they are not using a so powerful
machine. (It says "This is the WebAssembly version.")

I'm too lazy to copy the second number, but I guess it will be as easy as
factorize as the first.

Can someone just repeat this demonstration in travis-ci or something like that
using an standard package?

------
Apocryphon
According to an Ars Technica profile, their Director of Cryptography has
authored books and a musical about hidden codes in the sonnets of William
Shakespeare. This company appears to be the Foucault's Pendulum of
mathematical crankery.

------
noodlesUK
I love the absurd spooky British aesthetic they’re going for... If you tried
to register a company with a name that sounded like it was somehow official in
the UK itself, Companies House would fuck you up.

~~~
omnimus
It also seems they retraced/copied state symbol of Czech repiblic - Lion with
two tails as their logo.
[https://www.mzv.cz/hague/en/general_information_on_the_czech...](https://www.mzv.cz/hague/en/general_information_on_the_czech/the_state_symbols_of_the_czech_republic/index.html?sa=X&ved=2ahUKEwj2o6
--tOHkAhVLbFAKHegpBDkQ9QF6BAgMEAI)

Going for that grand traditional authority with corny metals aesthetic.

