Saturday, July 22, 2017

DEFCON 30 CFP: New Directions in Cryptanalysis, an Exploration of Disruptive Disclosure

I had some free time today, and started thinking about what would it be like to disclose a globally disruptive vulnerability. Where and how would you do that? I started thinking about what might this actually look like. So I chose the theme as a rogue cipher punk team that solves some critical equations. How would they get the word out. Safely? While I'm working out the details, this is my fictional write up of what that CFP looks like in 2022. I know its a bit different than my other blog posts. But hopefully highlights the dependency and brittleness we have if this were to ever occur. I don't think we can really imagine the scale of disruption.

So, here it is my 2022 DEFCON 30 CFP, a work of fiction. The setting is 5 years after a globally disruptive disclosure affecting cryptographic algorithms. This is the CFP submitted to DEFCON 30, in 2022 to outline the events that took place. The idea is less focused on the how it the equations were solved, and more on the "now what"... that they have been...How would you distill down what you needed to say in 90 minutes. What does the audience know, what have they lived through...

Here you go:

Title of Presentation: New Directions in Cryptanalysis, an Exploration of Disruptive Disclosure
Presentation Length: 80 minutes 10 Minutes Q&A
Presenters:  Mallory

Abstract:  Cryptography in the modern era was based on the assumption that certain mathematical problems are difficult to solve. These algorithms were said to be intractable. This talk explores how our team found a solution in polynomial-time to the Discrete Log Problem (DLP) and the Integer Factorization Problem (IFP). These two problems are closely related as you are now aware. What did we do when we found solutions to these problems? This talk will discuss the challenges our team faced in communicating our research. We will explore the mathematical primitives and assumptions that led to our solution. This talk will focus on the implications these solutions had on the global infrastructure.  We will also explain the background behind the Cipher Suite Resilience (CSR) standard, and how organizations can be better prepared for rapid cipher suite shifts. From signed Kernel Drivers to secure Authentication and Communication. The impact of this disclosure was far reaching. Hardly an area of modern technology was not affected by this disclosure. This talk will be a behind the scenes look at the events of 2017.  Including detailed information on how we disclosed the solution and remained anonymous. We think this talk will help organizations be better prepared for the next globally disruptive disclosure.

Bio: Mallory is a member of the Kult of Pythagoras (KoP), an international organization founded in 2005 with the idea that mathematical knowledge and solutions should no longer be held exclusively by any organization. These solutions and knowledge should be freely available for the benefit of humanity. The founding members are known only as Alice, Bob and Mallory.  In late 2017, Mallory revealed a solution to the Discrete Log Problem(DLP) and Integer Factorization Problem (IFP). Originally focused on internet security, their research has since had a direct impact on many fields including Genetics, Astronomy and many other Data-driven sciences. To this day the members of KoP remain anonymous.


1. Who is the Kult of Pythagoras? What do we believe, and what is our mission? (3-5 minutes)

A brief introduction about each of the founding members.  Our objectives and philosophy.

2. Talk Introduction.  Outline of what we will cover.  (10 minutes)

Modern mathematical research is shrouded in a language and mystique of its own. We will discuss the challenges we faced bringing forwarded a solution to the DLP & IFP. What are the realities faced by researchers wanting to disclose a globally disruptive solution?  Who did we tell first? How did we maintain equality for global disclosure? What means were used to alert authorities and organizations that a solution had been found.  What was adequate lead time to allow organizations to prepare for the disclosure?

3. Vintage Cipher Suite Background and primitives. (5 minutes)
It has now been proven these are solvable and cryptographic systems that use these should be decommissioned. This will lay the foundation for how these problems are related.

Discrete Log Problem (DLP)
Integer Factorization Problem (IFP)
Root Finding Problem (RFP)

4.  Roots of Unity - The Square Root of One. ( 15 minutes )
The solution to DLP and IFP resides in an elegant number, the square root of 1.  It was known that the square root with a prime modulus can be found efficiently using the Tonelli-Shanks Algorithm. By applying this to a composite modulus we were able to efficiently find factors of a modulus of any size. This also led to an alternative way to compute the multiplicative inverse of an exponent, the basis for many cryptographic schemes.
5.  The Disclosure - How we did it. Safely. (20 Minutes )
Solving these problems was only the beginning. Disclosing the solution to these problems is not often considered when working on a solution. The impact of solving these equations is of immense interest to certain individuals and organizations. In order to ensure that these solutions were not suppressed, we devised a scheme to announce to the world that we indeed had access to such solutions and were prepared to disclose them, for free. In order to better prepare the global community for our disclosure, Mallory devised a scheme for both proving to the world that we had a solution, and at the same time, protecting that solution until organizations were prepared. This is now known anecdotally as the "Your Crypto Has No Clothes" memo of December 2017. This led to a global effort to remove vulnerable cipher suites. While many organizations were caught unprepared, we feel that the gap between the memo and disclosure, allowed competent organizations to be understand what was on the horizon and to prepare.

6.  The Chase - How we were hunted. How we stayed safe. (10 Minutes )
Once we announced our intent to disclose, an organized effort took place to suppress the disclosure. By taking the proper countermeasures we were able to watch this unfold, and were alerted to encroachments on our privacy perimeter. Needless to say, there are people who did not want this solution to be disclosed. We quickly learned who was interested in suppressing this disclosure, and took steps to ensure the world got the solutions to these equations. We seek to inform future researchers of our lessons learned, and provide tips for future disruptive disclosure.

7. Cipher Suite Resilience (CSR) - Be ready for the next one. ( 10 Minutes )
In 2017 we learned how dependent our systems and protocols were in antiquated algorithms quickly. The disclosure revealed how critical, brittle and fragile our systems are and incapable of change. From this emerged the CSR, a suite of standards to prepare organizations, systems, and protocols for disruptive disclosures. We hope organizations are now adopting and implementing the recommendations in this standard.

8.  The Conclusion.  (5 Minutes )
We will close with our thoughts on the current events we see unfolding today.  The consequences of the lack of cipher resiliency, and ideas on how to move forward.

List of Conferences:  We have not presented this material to any other conferences.

Why is this a good fit for DEFCON:

We have been in attendance and participated in DEFCON for several years. We feel that our conversations and philosophies were heavily influenced by this community. We feel this is the best venue to bring forward the behind the scenes look at what happened in 2017. The responsible disclosure of these disruptive solutions proved to be much more difficult than we imagined. We hope to share our lessons learned so that other researchers can benefit.  We hope to inspire others to bring forward solutions that have been locked away.

Previous experience:
We have presented under different names at DEFCON, BlackHat, DerbyCon, multiple BSides events. We will present our original document of solutions for archive in the DEFCON proceedings.  

List of facilities requested: Mallory will provided a link to the video file securely to the organizers of DEFCON. This talk has been pre-recorded. In an effort to maintain our privacy, we hope you will accept this unusual talk delivery.