Australian Gov't Offers $560k Cryptographic Protocol For Free 163
mask.of.sanity writes "Australia's national welfare agency will release its 'unbreakable' AU$560,000 smart card identification protocol for free. The government agency wants other departments and commercial businesses to adopt the Protocol for Lightweight Authentication of ID (PLAID), which withstood three years of design and testing by Australian and American security agencies. The agency has one of Australia's most advanced physical and logical converged security systems: staff can access doors and computers with a single centrally-managed identity card, and user identities can be automatically updated as employees leave, are recruited or move to new departments. PLAID, which will be available soon, is to be used in the agency's incoming fleet of contact-less smartcards that are currently under trial by staff. It will replace existing identity cards that operate on PKI encryption."
Surprisingly sedate acronym (Score:4, Insightful)
Yeah Right... (Score:5, Insightful)
Mmmh (Score:5, Insightful)
"Here, have my lock and key. Nobody will be able to get into your home. Except, maybe, me :-)"
I laugh ... (Score:5, Insightful)
The claim is usually an open invitation to reduce the "unbreakable" object to ashes.
Re:contactless smart cards are the way to go (Score:1, Insightful)
Re:Mmmh (Score:3, Insightful)
They aren't giving a way the lock and key. They are giving away a design for locks and keys.
Re:I laugh ... (Score:3, Insightful)
3.The source and destination then compute Ys and Yd, respectively, such that their own X*Y is congruent to 1 mod (A*B). They do not share this information.
Should that be 1 mod ((A-1)*(B-1))?
I'm not that convinced that relying on the discrete logarithm problem (at the cost of 4x as much network communication) rather than directly on the factoring problem (like more commonly discussed PK based systems) has any additional security : aren't the 2 problems of identical complexity?
Re:A little more info (Score:3, Insightful)
Re:contactless smart cards are the way to go (Score:5, Insightful)
Re:A little more info (Score:3, Insightful)
If it's so unremarkable, what makes it worth half million Australian dollars, then? Unremarkable patent, perhaps?
How do you define the "worth" of a protocol?
Secure protocols are hard to design because there are a lot of subtle errors that can be made. It takes a lot of work by a lot of smart people to make sure that none have been -- and it's even harder if the protocol breaks new ground.
I suspect that the half-million figure is an estimate of how much has been put into the design and verification of the protocol. That's a goodly amount of work. Had the protocol been extremely novel, verifying it to the world's satisfaction would have been *much* more expensive that 0.5M AUD.
Re:A little more info (Score:3, Insightful)
Re:You are correct (Score:3, Insightful)
From the summary:
which withstood three years of design and testing by Australian and American security agencies.
I took that to mean the crypto-community had a long hard look at it.