Whitepaper: https://www.crownsterling.io/wp-content/uploads/2021/09/Crown-Sterling-Lite-Paper-.pdf

Twitter thread: https://twitter.com/markus_ottela/status/1445268250003181568

]]>The only trick in their sleeve here seems to be the incantations of bullshit OTP, trying to distract from the fact use of ECDHE breaks their post-quantum security claim, as well as their claim of perfect secrecy with short keys (as it goes against a literal math proof, and an easy one to add.)

One thing I didn’t mention in the thread is the white paper also does not discuss public key fingerprints in any way, so it remains to be seen if they manage to make the protocol vulnerable to trivial server-side MITM attacks.

]]>@xcv: Here’s the time-complexity graph on small key sizes. When adjusted, it’s obvious the time complexity of the algorithm is exponential: https://i.imgur.com/wC1JT8A.png

Asymptotic complexity is defined by Big and Little Omicron and Omega bounds on their growth.

f(n) = ω(g(n))

:== (∀ c>0) (∃ N>0) (∀ n>N) f(n) > cg(n)

:== “the growth of f(n) is minorized by g(n)”

f(n) = Ω(g(n))

:== (∃ N>0, b>0) (∀ n>N) f(n) > bg(n)

:== “f(n) is of at least the order of growth of g(n)”

f(n) = Θ(g(n)

:== (∃ N>0, b,c>0) (∀ n>N) bg(n) < f(n) && f(n) < cg(n)

:== “f(n) is of the same order of growth as g(n)”

f(n) = Ο(g(n))

:== (∃ N>0, c>0) (∀ n>N) f(n) < cg(n)

:== “f(n) is of at most the order of growth of g(n)”

f(n) = ο(g(n))

:== (∀ c>0) (∃ N>0) (∀ n>N) f(n) < cg(n)

:== “the growth of f(n) is majorized by g(n)”

@xcv: Here’s the time-complexity graph on small key sizes. When adjusted, it’s obvious the time complexity of the algorithm is exponential: https://i.imgur.com/wC1JT8A.png

I rewrote most the Gist post as my conjecture about what Grant was iterating over, was off: It was about “x”, not about “A”.

https://gist.github.com/maqp/0f5351a71d33a2ebc6799b8b54764b41

The interesting new aspect here is the Fermat’s method, as that allows them to effectively cheat in their demo: by cherry picking semiprimes the prime factors of which are relatively close to one another, that allows them to stumble on correct factors extremely quickly when demoing the “cracking algorithm”, even though the expected number of iterations for x is usually around sqrt(rsa_moduli). Manufacturing such cherries is also absolutely trivial.

What Grant et. al. fail to mention is e.g. NIST has clear definitions about the minimum distance of the prime factors: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf (page 47), and that implementations such as OpenSSL explicitly check that the limits set in the NIST spec are fulfilled.

]]>It’s been found by @SpaceLifeForm and others, that there are a number of “bugs” in the new blog software with Preview and Markdown. As well as text that looks like a “smiley” disapearing and the use of mixed case in what should be simple HTML tags causing wierd display.

As the old saying has it “Rome was not built in a day” so I suspect they will be with us for a little while longer.

]]>```
import math
```public_key = …

B = math.sqrt(public_key)

for A in range(0, 2**1024)):

C = math.sqrt(A**2 + B**2)

p = C-A

if public_key % p == 0:

q = public_key / p

print(f"{p}, {q}")

Finally this should work? use tildes three times pre tags are broken

]]>`This is strange I can't possibly figure this out`

Now?

from confusion import words
for word in words:

print(word)

vs `print(words)`

code

works but multiline versions don’t:

This

is(should be)

a

stair

indented