An open letter
Welcome to Whitenoise,
Three times on this web site you will see references to scientific, historical or landmark achievements in cryptography for which Whitenoise Laboratories Canada Inc. are very proud of and for which the inventors of Whitenoise feel blessed. These are seemingly subtle realities for whose significance can truly be understood only by trained cryptographers and mathematicians. The impact on the security posture of communications and the Internet however will positively effect every man, woman, and child; every scientist and business; and every government on earth fundamentally. They are scientific realities that are fundamental to helping us answer the most pressing question of our day that we must answer collectively: How do we balance Privacy and Security? They are scientific realities never disproved even in the face of academic, business and political self interests groups that will fundamentally affect the quality of the democracies we live in or the democracies we want to live in.
Without real security for everyone fear will rule the day and impact the laws under which we live.
Self interest, hypocrisies and hidden agendas will eventually fade from memory regardless but good science is immutable and these fundamentally impact the continuum of the science of cryptography.
"Mathematics is the language of God." Albert Einstein
Mathematics is not the language of God but it is the language of science and scientific method.
In order, I will point to scientific achievements in the order they were discovered and verified as simply as possible. They are facts that you should have reviewed by your best scientists, technicians and cryptographers. They are facts that good scientific method say should be continually challenged, tested and verified. I will gently point to cross motives you can easily unravel with proper research and questioning.
The over-riding fact and reality is this: A WHITENOISE KEY HAS NEVER BEEN BROKEN.
This is more important than ever now in 2013 as it is generally accepted that government agencies in many countries can break any existing cryptographic algorithm. They are not only doing this with traditional cryptanalytic techniques and mathematical short cuts and the ability to steal keys clandestinely but they are able to break any encrypted data (cipher text) without keys but with just the sheer computational power and speeds available in today's computers and brute force on the data you wrongly believe to be secure.
We are faced with the stark reality that unless computer networks are self contained (intranets) and do not access the internet that without the use of Whitenoise there is not a single, secure publicly accessible network on earth.
Performance analysis: This performance analysis was paid for by the National Research Council of Canada and conducted at the renowned laboratories at the University of Victoria .
• This was the first time that a cryptographic algorithm passed the NIST randomness tests on the first round without running data through the encryption process at least a second time (this is much like putting meat through a meat grinder a second time.)
• This was the first time that a cryptographic algorithm did not even have anticipated statistical errors in randomness testing during months of testing against a super computer array. The NIST test suite is the benchmark used for this kind of study and analysis. It allows for one statistical failure for every hundred rounds of testing on a cryptographic algorithm. For the purposes of this study, this this thresh hold was increased by an order of magnitude and was set up to allow only one statistical failure for every thousand rounds of testing. There was not a single statistical failure. Creating a scientific conundrum in a field that only allows theorizing about pseudo randomness this research showed that Whitenoise is orders of magnitude more random that samples of radioactive decay which has historically been accepted as the benchmark for the most random event in nature.
The performance analysis can be found on the previous tab of this Technology menu.
This security analysis was done by David Wagner, a renowned cryptographer at the University of California , Berkeley . Dr. Wagner is internationally recognized and has been used for expert testimony on cryptography and security by United States Congressional committees. He is also internationally recognized for working on the Blowfish algorithm and morphing it into the Two Fish algorithm after the failure of Blow Fish to be approved as the second AES (Advanced Encryption Standard) competition. Dr. Wagner was recommended by Brian O'Higgins, a true Canadian and cryptographic icon, and attention was focused on the results of this study by the National Research Council of Canada and Communications Security Establishment.
A security analysis examines whether there are any known mathematical or brute force techniques that can be used to break an encryption algorithm.
The scope documents for proper Whitenoise deployment state that Whitenoise subkeys should never be smaller than hundreds of bytes long and that in commercial, military and government market deployments, that it is not recommended to use Whitenoise keys that are weaker than 250,000 bits in strength or shorter than 10 to the 14 power bytes in length.
The laboratories at the University of California , Berkeley chose to try to break the smallest and weakest Whitenoise key that can be constructed. Using subkeys of the smallest prime number lengths (i.e. 2, 3, 5, 7, 11 etc. bytes long) and the weakest bit strength possible, 1600 bits, Dr. Wagner was compelled to concede and report:
“Exhaustive keysearch is not a threat. With the recommended parameters, Whitenoise uses keys with at least 1600 bits of randomness. Exhaustive search of 1600-bit keys is completely and absolutely infeasible. Even if we hypothesized the existence of some magic computer that could test a trillion-trillion key trials per second (very unlikely!), and even if we could place a trillion-trillion such computers somewhere throughout the universe (even more unlikely!), and even if we were willing to wait a trillion-trillion years (not a chance!), then the probability that we would discover the correct key would be negligible (about 1/2 to the 1340 power), which is unimaginably small). Hence, if keys are chosen appropriately and Whitenoise is implemented correctly, exhaustive keysearch is not a threat.”
David Wagner UC Berkeley
The security analysis can be found on the previous tab of this Technology menu.
Side Channel attack resistance
This two year study was funded by an NSERC grant from the National Research Council of Canada and completed in 2013.
Before Whitenoise there has never been a cryptographic algorithm known that has been acknowledged as being resistant to any known Side Channel attack classes. This is a scientific landmark result.
A side channel attack uses the physical properties attendant with utilities that are controlled by computers like electricity, or physical characteristics of computers and computer chips themselves like electro magnetism etc. This data is presumed to be freely available for scientific testing and is used to create a crib, a known piece of data, that is then mapped against encrypted output in order to mathematically discover the key that created the encrypted output or create a break.
In a very uneven, unproven, and unsubstantiated claim, the key researcher goes on to surmise a "complete" break. The following paper should be read and analyzed by trained cryptographers, mathematician and scientists that are able to properly assess this claim which they state to be "academically" sufficient. They provide no mathematical support. They provide no documentation or demonstration. The paper does not tell the reader the obvious that they use of side channel resistant chips are generally deployed in national security level deployments of SCADA grids protecting our critical infrastructures like electricity generation, nuclear facilities and the like that are generally hundreds of yards to miles behind guarded gates and that this "break" was theorized from a deployment literally inches apart.
It is however undisputable: this two year study acknowledges that there are NO KNOWN SIDE CHANNEL ATTACK CLASSES which can break Whitenoise.
This paper can be found at http://dspace.library.uvic.ca:8080/handle/1828/4360 . It is recommended that you solicit recognized cryptographic or technical persons for its accurate analysis.
We never publicly speculate about anyone's political, business or academic motives. We approach any claims scientifically and with scientific method. Any claim must be demonstrated, valid, reliable and repeatable to be considered true.
To this end we simply ask claimants to publicly proven any possible claims. Ulterior motives rarely like the light of day or public scrutiny.
In 2008 Whitenoise Laboratories Canada conducted a very public challenge called the $100,000 Whitenoise Challenge. Just a little bit of reading will show that this was conducted with the knowledge and scrutiny of every internationally acclaimed cryptographers and algorithm creators, representatives from all levels of academia, and military and government personnel tasked with our security including members of the US Joint Chiefs of Staff. No one broke a Whitenoise key
In 2013, currently and running for 1 year, we are running The Challenge That Black Hat Would Not Take but DEFCON did! While we appreciate the results of the University of Victoria landmark study acknowledging that there are no known side channel attack classes that can break a Whitenoise key, we have invited them to use the theoretical break that they flatly state should not be used, and to demonstrate this break this break technique to collect the rather large prize for additional research. To date this challenge has not been taken and no "expert" from either Black Hat or DEFCON has been able to file a successful solution to the challenge.
A Whitenoise key has never been broken. That is a historical fact and scientific reality and one that we proudly stand behind.
Our goal is to make the security of our countries and government, and the quality of our on-line lives safer, for the benefit of everyone. We believe that everyone should have the best security and privacy system at a reasonable cost.
Andre Brisson co-Inventor of Whitenoise and founder of Whitenoise Laboratories Canada Inc.