WordPress Now Uses Cryptographic Public-Key Signature Much Like Monero

One of the most popular use-cases of the EdDSA public key has been the CryptoNote cryptocurrency protocol. Originally designed to solve the …

WordPress’s content management system has just been updated with a whole host of new security features. WordPress 5.2 will feature an Ed25519 public-key signature system, much like Monero (XMR).

With WordPress being installed on around 34 percent of all internet sites, security is a must. The platform has just unveiled new security updates which should put web owners at ease.

One of them is the implementation of an Ed25519 public-key system which will allow users to digitally sign all update packages. All local installations can now be verified to ensure authenticity before installation.

More than just protecting against malicious installations, the new cryptographic measures also boost protections for the entire update system overall. Security firms have warned that a supply-chain attack was possible if WordPress’s update server was ever hacked.

With the release of WordPress 5.2, hackers would need to both somehow sign the key and also infiltrate WordPress’s own centralized servers. Such a feat seems, for the time being, near impossible.

EdDSA public-key cryptography was developed to be secure without the slow speeds of other protocols. One of the most popular use-cases of the EdDSA public key has been the CryptoNote cryptocurrency protocol. Originally designed to solve the reported problems with Bitcoin Core, the protocol has been hugely influential among privacy-oriented cryptocurrencies.

Today, CryptoNote is most famously used for Monero (XMR). Written in C++, the latest iteration of CryptoNote was released in 2013 in a paper by Nicolas van Saberhagen.

With WordPress now adopting the same EdDSA cryptography, it seems that the massive platform has learned quite a bit from the cryptocurrency space. As the years go on without a major breach or hiccup, Monero’s CryptoNote protocol is proving itself as a ‘gold standard’ of security. In due time, it just may serve as a model for cryptographic security and privacy beyond just the blockchain industry.

Do you think WordPress was inspired by Monero’s CryptoNote protocol in any way? Let us know your thoughts in the comments below.

Images courtesy of Shutterstock.

Related Posts:

  • No Related Posts

The Deal with Quantum Computing and Cryptography

Cryptography provides the foundation for encryption, privacy and secure communication, and as such it has evolved heavily in the past and it will …

Cryptography provides the foundation for encryption, privacy and secure communication, and as such it has evolved heavily in the past and it will continue to deal with new threats in the future. You are never “done”. It is a continuous process.

Looking back at some of the early days of modern cryptography: in the early 1970s, IBM developed an encryption algorithm called DES, which could encrypt any data with a 64bit key. The NSA successfully intervened and reduced the key-size to 56 bits, and in 1976 NIST officially approved it as a standard.

20 years later, the DESCHALL project publicly broke a message encrypted with DES-56 for the first time in 1997. The next year a tool was released to break any DES-56 encryption in 56 hours, and in 1999 NIST permitted DES-56 only in legacy systems anymore.

This was a problem as all applications that used DES-56 needed to be changed. Web browsers, backend applications, backups, data storage, your financial record, but also less obvious things such as TV satellite systems – HBO used DES-56 in their TV satellite scrambling system called Videocipher-II.

The reason that it was possible to break the accepted protocol is because DES-56, and every encryption algorithm that is widely used today, is only “computational secure”. They are all based on mathematical calculations that are very easy to do in one direction, but very hard to do in the opposite direction (You can easily calculate 165181*417953, but to get from 69037894493 to the original numbers turns out to be really hard).

For the RSA algorithm with 2048 bits, the numbers used are incomprehensibly big (a number with 617 digits). In order to break just one key, a computer with one trillion operations per second would need around 317 trillion years. So even though RSA and ECC (Elliptic-Curve-Cryptography) are used for 99% of public key encryption and these are only computationally secure, we can still feel confident that public key encryption is secure, right? Well, not if someone really smart thinks of new ways to break them. This happened to DES, this happened to Wifi Security Standards WEP and WPA2 and to other encryption schemes.

It happened to RSA (and ECC) when Peter Shor came up with an awesome algorithm which can break every RSA and ECC encryption, 25 years ago (in 1994). When I say “break”, what I really mean is that I can calculate the private key just with the knowledge of the public key. This should be impossible, as it will immediately allow me to decrypt everything that was protected with the (unknown) private key. RSA and ECC are the most widely used public key encryption schemes and they are used everywhere ranging from most blockchains, file encryption to all of our web traffic.

The only trouble with Shor’s algorithm is that it needs a quantum computer to do it, and in 1994, quantum computing was very much a theoretical research area. However quantum computing continues to heat up as one of the major battlefields for security. Fortunately for us, today’s public quantum computers are still quite small, with fewer than 100 qubits, and very noisy.

What has changed since Shor’s proof in 1994 is that everybody now agrees that we will have a universal quantum computer at some stage. Quantum computers and Qubits are really strange and abstract objects, and research is focused on finding good algorithms that work much faster on Quantum Computers vs Classical Computers – just like Peter Shor did in 1994.

In order to break RSA, one needs to “factor” a really large number and the best algorithm on a classical computer is of exponential complexity (meaning if N is the number of bits of the key, it needs to execute e.g. 5N times). Peter Shor’s algorithm is only of polynomial complexity (meaning the N is not in the exponent, but in the base, e.g. N5).

For large numbers, the difference is so big, it’s hard to comprehend. As an illustration, let’s imagine we have a quantum computer with 4099 qubits that are completely stable and error-free, and this quantum computer can execute a modest one million operations per second. With this quantum computer, instead of it taking 317 trillion years to break RSA 2048 as on a classical computer, this could be executed in 10 seconds.

This is why the world is racing toward developing quantum computing, while other researchers are looking for replacements for RSA and ECC as well as for ways to harness that quantum power to deliver other security tools. I want to be clear though that such a computer doesn’t exist yet, and will not exist for quite some time.

The ability to change and adapt our cryptographic solutions is called crypto-agility. As enterprises we need to have the ability and the agility to upgrade security protocols, methods and algorithms much quicker and easier that we have done in the past. I don’t even want to check how many IoT devices still have DES-56 encryption enabled – over 20 years after it was compromised.

Related Posts:

  • No Related Posts

Is Quantum Computing a Threat to Blockchain?

A paper published recently in the Nature magazine suggests that blockchain could become obsolete by quantum computing. The scientists argue that …

A paper published recently in the Nature magazine suggests that blockchain could become obsolete by quantum computing. The scientists argue that quantum computers can break the cryptographic codes of a blockchain within a decade. By 2025, up to 10 percent of the global gross domestic product will probably be stored in blockchains.

Quantum computing is a threat to technology blockchain because it increases the fundamental security assumption of elliptical curve cryptography, namely that computers cannot effectively factor large numbers. Quantum computing in practice poses only a minor threat. In practice, Cryptography with a public key is a standard encryption and authentication technique. This technique is used for Internet connections (HTTPS), blockchains, etc. Its security relies, most of the time, on difficult mathematical problems, such as integer factorization, that a traditional computer cannot easily break.

With the peer-to-peer (P2P) network of distributed nodes, the blockchain encryption is secured from most traditional hacking attempts. An attacker can insert a central database and have access to your account numbers and balances in a traditional banking system. If a hacker tries the cryptocurrency block to be modified and the private key redirected, the other nodes on the network will stop the move. Theoretically, such a change could be made by the hacker only if more than 50 percent of blockchain nodes could be modified simultaneously. Computers today do not have the power to perform such a time-limited attack, but quantum computers can pose a new threat. Quantum computing is based on what is referred to as qubits, allowing systems to process values between 0 and 1 and to offer an exponential level of performance.

It’s hard to predict the future. Building a quantum computer is extremely difficult, but the potential to solve major problems that classic computers cannot solve encourages big companies to spend a lot of time and resources first, and progress is quickly made. The greatest danger is that weak defenses against quantum computers are the two asymmetrical cryptographic algorithms (RSA and ECC), which form the basis for all modern encryption in the world. As effective quantum computers become a reality, cryptographic systems are transformed into new encryption algorithms designed against quantum computers. The magnitude of this transition is hard to overemphasize. In the next decade or two, virtually all of the cryptographic software and hardware will have to be reconstructed and replaced. This is a long and complex process, and industry experts will have to work hard to prepare for the major transition.

Related Posts:

  • No Related Posts

Serious Security: Post-Quantum Cryptography (and why we’re getting it)

Traditional computers work with binary digits, or bits as they are called for short, that are either zero or one. Typically, zero and one are represented by …

Traditional computers work with binary digits, or bits as they are called for short, that are either zero or one.

Typically, zero and one are represented by some traditional physical property – a hole punched in a tape, or no hole; a metal disc magnetised one way or the other by an electric current; an electronic capacitor that holds a charge or not; and so on.

Quantum computers aren’t like that – they work with qubits, which can essentially represent zero or one at the same time.

In theory, that makes it possible to perform calculations in parallel that would normally require a loop to do them one at a time.

The qubits represent what quantum physicists would call a superposition of all possible answers, tangled together through the mystery of quantum mechanics.

The idea, loosely speaking, is that for some types of algorithm, a quantum computer can calculate in N units of time what would otherwise take 2N units of time to work out.

In other words, some problems that are conventionally considered to be exponential time algorithms would turn into polynomial time algorithms.

Multiplication versus exponentiation

To explain.

Exponents involve “raising something to the power of X”, and exponential functions grow enormously quickly.

Polynomials involve “multiplying X by something”, and even though polynomial functions can grow very fast, they’re much more manageable than exponentials.

Here’s a thought experiment: lay 40 sheets of office paper on top of each other to create a pile 40 times thicker than one sheet – about 4mm in total.

Now imagine taking the top sheet and folding it in half 40 times.

That many folds are impossible in practice, of course, but if you could do it, you’d end up with a piece of paper more than 100,000 kilometres thick.

Two more folds and you’d be further out than the moon.

42 folds gives you 242 layers of paper. 242 is 4.39×1012. If a layer of paper is 0.1mm thick, that’s the same as 10-7km, so the total height is 4.39×105km, or just under 440,000km. The moon is always closer than that to earth.

As a result, many people are worried that quantum computers, if they really work as claimed and can be scaled up to have a lot more processing power and qubit memory than they do today, could successfully take on problems that we currently regard as “computationally unfeasible” to solve.

The most obvious example is cracking encryption.

If your security depends on the fact that a crook would need months or years to figure out your decryption keys, by which time he’d be too late, then you’re in trouble if someone finds a way to do it in seconds or minutes.

Code cracking made polynomial

Here’s the difference between exponential time and polynomial time in measuring the cost of cracking codes.

Imagine that you have a cryptographic problem that takes 1,000,000 loops to solve today if you have a 20-bit key, but by doubling the key to 40 bits you square the effort needed, so that it now takes 1,000,000,000,000 loops. (Actually, 240, which is approximately a million million, or one trillion.)

Imagine that you can do 1000 loops a second: multiplying the key size by 2 just boosted the cracking time of your cryptosystem one million-fold, from 1000 seconds (under 20 minutes) to a billion seconds (more than 30 years).

Now imagine that a quantum computer’s cracking time doubled along with the keylength, instead of squaring – your added safety margin of 30 years just dropped back to an extra 20 minutes, so a key that you thought would keep your secrets for decades wouldn’t even last an hour.

In other words, if reliable quantum computers with a reasonable amount of memory ever become a reality – we don’t know whether that’s actually likely, or even possible, but some experts think it is – then anything encrypted with today’s strongest algorithms might suddenly become easy to crack.


Is this the end of the world as we know it, at least for cryptography?

Fortunately, the answer is, “No,” because there’s a catch.

If you loop through 256 possible solutions to a problem using a conventional algorithm and 16 of them are correct, you end up with a list of all 16 possibilities, thus reliably ruling out 240 of them.

From there, you can go on to dig further into the problem, knowing that you will eventually solve it because you’ll end up trying every valid path to the answer.

But with quantum computers, even though you can do a whole load of calculations in parallel because the qubits are in multiple quantum states at the same time, you can only read out one of the valid answers, at which point all the other answers vanish in a puff of quantum collapse.

You can calculate and “store” multiple answers concurrently, but you can’t enumerate all the valid answers afterwards.

If you’ve heard of Erwin Schrödinger’s Cat, you’ll recognise this problem.

Schrödinger’s Cat is a thought experiment in which a “quantum cat” hidden out of sight inside a box may simultaneously be both alive and dead, because quantum cats can be in both states at the same time, provided you aren’t looking at them. But as soon as you open the box to see this amazing creature in real life, it immediately adopts one of the possibilities – so opening the box may kill the cat instantly. You can’t figure out in advance if it’s safe – safe for the cat, that is – to open the box.

So if your quantum computer can do, say, 256 computations in parallel, you have to make sure that that there’s only one correct answer that can emerge before you go on to the next stage of the algorithm, or you might have discarded the path that leads to the right answer later on.

In other words, you might be able to “solve” each stage of a problem much faster than before, yet hardly ever get the correct answer, meaning that you’re stuck with repeating your “fast” calculations over and over again until you get lucky all the way through and end up at the genuine solution.

As a result of this stumbling block, not all encryption algorithms will be vulnerable to quantum cracking, even if a viable quantum computer is ever built.

Which algorithms are at risk?

Unfortunately, quantum computer calculations based on a process known as Shor’s algorithm just happen to provide super-quick solutions to various mathematical problems that we currently rely on heavily in modern cryptography.

Algorithms such as SHA-256 (used in hashing, for example to store passwords securely) and AES (used to encrypt files and hard disks securely) can’t be cracked with Shor’s algorithm.

But the algorithms that are widely used today for public key cryptography – the way we set up secure, authenticated web connections, for example – can be attacked quickly with a quantum computer.

When we encrypt data over a secure web connection, we usually use a non-quantum-crackable algorithm such as AES to keep the data secret, after agreeing on a random AES key first.

So far, so good, except that we use public key algorithms, such as RSA and elliptic curve cryptography (ECC), to do our initial AES key agreement, and those public-key algorithms can be attacked using Shor’s algorithm.

In other words, quantum computing can’t crack the AES encryption, but it doesn’t have to because it can crack the AES key instead, and then decrypt the AES data directly.

What to do?

Some experts doubt that quantum computers can ever be made powerful enough to run Shor’s algorithm on real-world cryptographic keys.

They suggest that there’s an operational limit on quantum computers, baked into physics, that will eternally cap the maximum number of answers they can reliably calculate at the same time – and this upper bound on their parallel-processing capacity means they’ll only ever be any use for solving toy problems.

Others say, “It’s only a matter of time and money.”

Rather than simply bet that the first group are right, US standards body NIST is currently running a competition to design, analyse and choose a set of new algorithms for public key cryptography that are considered uncrackable even if a quantum supercomputer does get built.

The project is very much like previous crypto competitions that NIST has run, with a similar motivation.

In the 1990s, NIST ran a contest to select AES, needed to replace the no-longer-quite-safe-enough DES algorithm.

In the 2000s, the competitive target was SHA-3, a cryptographic hashing algorithm that was standardised just in case someone finds a way to crack SHA-256, and we need a trustworthy replacement in a hurry.

This latest contest is known as the PQC Standardization Challenge, where PQC stands for Post-Quantum-Cryptography.

The process has been running since April 2016, when NIST started accepting proposals, and entered its first evaluation stage in November 2017, when NIST stopped accepting new algorithms for consideration.

On 30 January 2019, the project went into Round 2, with NIST announcing that 26 out of the original 69 submissions were through to what it calls the ‘semifinals’.

NIST expects the next stage of evaluation to take 12 to 18 months, after which there may be a third round, and then official standard algorithms will be picked.

Why so long?

The process is taking a long time because cryptanalysis is hard.

Peer review, unbiased assessment and a transparent process to choose open standards can’t be rushed, not least because deciding that a cryptographic algorithm doesn’t have holes is effectively proving a negative.

If you find a hole, then your search is over and your work is done; if you don’t, assuming you haven’t come up with a formal mathematical proof of security, then there’s always the chance that with a bit more effort you might find something you missed before.

Additionally, rushing the process would inevitably ends up creating concerns that NIST, which is a US government organisation, was keen to approve something it knew it could crack but figured other countries couldn’t.

Lastly, NIST is trying to cover a lot of bases with its new standards, as NIST mathematician Dustin Moody explained:

“We want to look at how these algorithms work not only in big computers and smartphones, but also in devices that have limited processor power. Smart cards, tiny devices for use in the Internet of Things, and individual microchips all need protection too. We want quantum-resistant algorithms that can perform this sort of lightweight cryptography.”

In addition to considering the multitude of potential device types that could use the algorithms, the NIST team is focusing on a variety of approaches to protection. Because no one knows for sure what a working quantum computer’s capabilities will be, Moody said, the 26 candidates are a diverse bunch.

Who will win?

The new algorithms have a wide range of names, including some really funky ones…

…but we’re sure that the names will not have any influence on the outcome.

The 17 semifinalist algorithms for public-key encryption and key agreement are:


The nine semifinalist algorithms for for digital signatures are:


As to who will win – only time will tell.

Some of the algorithms proposed have been around for years, but never caught on because they just weren’t as convenient as RSA or ECC.

The McEliece algorithm, for example, was invented by US mathematician Robert McEliece back in 1978, but took a back seat to RSA, and more recently to ECC, because it requires cryptographic keys that are several megabits long.

RSA keys are typically a few thousand bits, and ECC keys just a few hundred, making the use of McEliece over a network connection much more cumbersome than the conventional alternatives.

But by the time an RSA-cracking quantum supercomputer is built, we’ll probably regard a few megabits of bandwith as insignificant…

…and so we might as well get ready now.

Just in case.

Images of punched tape and core memory from Wikipedia.

Related Posts:

  • No Related Posts

NIST shortlists submissions for post-quantum crypto competition

The National Institute of Standards and Technology (NIST) announced that 26 potential algorithms have advanced to the post-quantum cryptography …

Quest to find new quantum-resistant standards

A competition to develop encryption tools which could one day protect against quantum computers has revealed its shortlist of candidates.

The National Institute of Standards and Technology (NIST) announced that 26 potential algorithms have advanced to the post-quantum cryptography ‘semi-finals’, narrowing the field of schemes that could protect sensitive data stored on mainstream PCs, servers, and smartphones.

Although still in the arena of prototypes, quantum computers have the potential to render most current modes of encryption obsolete.

The security of schemes such as RSA and Diffie-Hellman is undermined by the difficulty of factoring the products of two large prime numbers using conventional computers.

The mathematics of elliptic curves, which forms the basis of one-way functions used in other modern crypto schemes, would likewise be vulnerable to attack from future quantum computers.

This threat remains at least 10 years away, but work in developing quantum-resistant cryptography is already well advanced.

NIST opened its competition in December 2016, receiving 82 submissions, out of which 69 met minimum acceptance criteria – this has been narrowed down to a shortlist of 26, following a year-long review process.

“These 26 algorithms are the ones we are considering for potential standardization, and for the next 12 months we are requesting that the cryptography community focus on analyzing their performance,” said NIST mathematician Dustin Moody. “We want to get better data on how they will perform in the real world.”

Of this number, 17 candidates cover public-key encryption and key-establishment algorithms, while a further nine offer a way forward for digital signatures.

Moody told The Daily Swig that NIST was looking to take forward two to three approaches in each category, so there may be as many as five or six ‘winners’ when the competition eventually ends. At minimum, two schemes will be implemented.

The selected algorithms will “supplement or replace three standards considered to be most vulnerable to a quantum attack”.

The three at-risk approaches are: FIPS 186-4 (which specifies how to use digital signatures), NIST SP 800-56A, and NIST SP 800-56B (both of which specify how to establish the keys used in public-key cryptography).

Quantum leap

The second round will involve evaluating the submissions’ performance on a wide variety of systems and devices, from mainframes and smartphones to devices with limited computing power, such as smart cards and IoT kit.

“A wide range of mathematical ideas are represented by these algorithms,” Moody explained.

“Most fall into three large families – lattice, code-based, multivariate – together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another.”

Lattice, code-based, and multivariate systems are thought to be resistant to the type of brute force number-crunching attack that could be run using a quantum computer.

By contrast current encryption approaches relying on either integer factorization or the elliptic-curve discrete logarithm problem, the basis of most of the public key crypto tech used today, are not resistant.

A sufficiently strong (and as yet hypothetical) quantum computer would be able to run one of a class of algorithms designed with quantum computers in mind to factor the products of prime numbers in short time.

That would break the whole foundations of schemes such as RSA and simply increasing the key length, as is the current approach, to make keys resistant to brute force attacks from the most powerful conventional computers, would no longer do the trick.

Small steps

In practice, even leading vendors in the nascent field such as IBM and D-Wave Systems have only advanced as far as developing prototype quantum computing devices, way below what would be needed to do integer factorization, a technique that would slice right through public key cryptographic systems.

IBM currently offers 5-qubit and 16-qubit quantum computing systems available through the cloud on the IBM Q Experience.

The system, first established in May 2016 and periodically upgraded since, is built on IBM’s prototype quantum processors.

“Companies, academic institutions, and startups use IBM Q technology and collaborate with IBM Research to advance quantum computing,” according to IBM.

Google, Intel, Microsoft, and others are all also active in the field of quantum computing. Working prototype systems have advanced to be capable of handling between 50-70 qubit at the top end – still a yawning chasm from the thousands of qubits thought necessary to break modern encryption schemes.

It might be possible that there could be quantum computers capable of breaking modern encryption schemes “within 10-15 years”, but “no-one knows for sure” when the industry might be advanced enough to deliver of such lofty targets, Moody told The Daily Swig.

Vendors working on quantum computer systems have steadily advanced the number of qubits they support over time, but there has been “no big breakthrough,” he added.

Seconds out. Round two

Quantum computers may still be years away but that doesn’t mean that developing algorithms to protect secrets in a post-quantum world can be sidelined or put off indefinitely.

NIST will allow the submitting teams to tweak their specifications and implementations before a March 15 deadline. The second phase of evaluation and review is expected to last between 12-18 months.

If anything, the field of post-quantum cryptography is more advanced than quantum computing.

Vendors, including Cloudflare, are already experimenting with post-quantum cryptography. The European Telecommunications Standards Institute (ETSI) is also promoting research in the area by helping to run workshops on quantum safe cryptography.

“It’s a growing field of research,” Moody concluded, adding that NIST was coordinating its work on post-quantum cryptography with ETSI, among other organizations.

Trail of Bits has a more detailed primer on post quantum cryptography that explores the topic in some depth.

Related Posts:

  • No Related Posts