On September 19, in a conference room at the Pelican Hill Resort in Newport Beach, California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of programmers staged a demonstration of Grant’s claimed cryptography-cracking algorithm. Before an audience that a Crown Sterling spokesperson described as “approximately 100 academics and business professionals,” Grant and Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and then derive the prime numbers used to generate them from the public key in about 50 seconds.
In a phone interview with Ars Technica today, Grant said the video was filmed during a “business session” at the event. The “academic” presentation, which went into math behind his claims and a new paper yet to be published, was attended by “mostly people from local colleges,” Hopkins said. Grant said that he didn’t know who attended both sessions, and the CEO added that he didn’t have access to the invitation list.
During the presentation, Grant called out to Chris Novak, the global director of Verizon Enterprise Solutions’ Threat Research Advisory Center, naming him as a member of Crown Sterling’s advisory board. The shout-out was during introductory remarks that Grant made about a survey the company performed of chief information security officers. The survey found only 3% had an understanding of the fundamental math behind encryption.
The video of the demonstration is here.
The code was on an Apple MacBook Pro. Grant claimed that the work could be used to “decrypt” a 512-bit RSA key in “as little as five hours” using what Grant described as “standard computing.”
The demonstration only raises more skepticism about Grant’s work and about Crown Sterling’s main thrust—an encryption product called Time AI that Grant claims will use the time signature of AI-generated music to generate “quantum-entangled” keys. Grant’s efforts to show how weak long-cracked versions of RSA are was met with what can only be described as derision by a number of cryptography and security experts.
Mark Carney, a PhD candidate at the University of Leeds, used Msieve, a well-established factoring method, on his laptop. Carney cracked compound numbers larger than RSA keys into primes in about 20 seconds. “These [were] not 256-bit keys, just larger-than 256-bit numbers,” he explained, but “these are using standard quadratic sieve methods. So long as I haven’t messed this preliminary test up too much, this is un-optimized Msieve out-performing Crown Sterling’s algorithm by roughly 50 percent.”
Henryk Plötz, a computer scientist in Berlin, ran a test of his own, with similar results:
Well, this is Sagemath on my Ultrabook (X1 Carbon 2017).
I’m assuming the default implementation is single-threaded. So, “50 seconds” is exactly the expected performance on a 4-core laptop. pic.twitter.com/2WlvZaR0vk
— Henryk Plötz (@henrykploetz) September 20, 2019
Pressed on the issue of performance by Ars, Grant said that the presentation was only to demonstrate the vulnerability of the RSA algorithm. Grant insisted that weak RSA keys were still widely in use. “Some banks still use DES encryption,” he said, referring to the Digital Encryption Standard—the 56 bit symmetric encryption technology developed by IBM in the 1970s that was still a federally approved standard for legacy systems until 2003. So, Grant insisted, the demonstration was still relevant.
Ars shared the video with Jake Williams, the founder of Rendition Infosec and a former member of the National Security Agency’s Tailored Access Operations group. “I’m dumber for having watched that,” Williams said. “Bragging that you can factor a 256 bit RSA key in 2019 is like bragging about hacking an unpatched Windows 2000 box. Sure you did it, but nobody should care.” The 256-bit key, Williams said, was “absurdly small.” (Digital certificates from recognized certificate authorities have used RSA 2048-bit keys for more than seven years.)
Williams had publicly challenged Crown Sterling last month to a third-party assessment of their crypto cracking capabilities:
The demonstration must be administered by a third party of my choosing, who will generate RSA keys at 2019’s industry standard lengths for sensitive data protection (2048). Data will be encrypted and Crown Sterling will have the public key (as would be the norm in the wild). 2/
— Jake Williams (@MalwareJake) August 29, 20191
Nicholas Weaver, lecturer at the University of California Berkeley’s Department of Electrical Engineering and Computer Sciences, reacted to Grant’s latest demonstration with this statement to Ars:
It was previously an open question whether Mr Grant was a fraud or just delusional. His new press release now makes me certain he is a deliberate fraud.
He received a lot of feedback from cryptographers, both polite and rude, so showing this level of continued ignorance is willful at this point. His video starts with the ridiculously false notion that factoring is all there is for public key. He then insists that breaking a 256 bit RSA key or even a 512b key is somehow revolutionary. It’s not. Professor [Nadia] Heninger at UCSD, as part of her work on the FREAK attack, showed that factoring a 512 bit key is easily accomplished with less than $100 of computing time in 2015.
His further suggesting that breaking 512-bit breaks RSA is also ridiculous on its face. Modern RSA is usually 2048 bits or higher, and there is a near-exponential increase in the difficulty of factoring with the number of bits.
At this point I have to conclude he is an outright fraud, and the most likely explanation is he’s looking to raise investment from ignorant accredited investors. And now I wonder how many other companies he’s started are effectively fraudulent.
In a blog post earlier this month, security expert and Harvard Kennedy School lecturer Bruce Schneier declared, “Crown Sterling is complete and utter snake oil.” Grant laughed at the term, telling Ars he had ordered bottles of Pride of Strathspey Scotch Whisky with custom “snake oil” labels.