Alleged ‘Snake Oil’ Crypto Firm Sues Over Boos at Black Hat
Credit to Author: Sean Gallagher, Ars Technica| Date: Sat, 24 Aug 2019 14:00:00 +0000
One of the strangest moments at the Black Hat USA security conference in Las Vegas this month has now become the subject of a federal lawsuit against the conference.
This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.
In a filing to the United States District Court for the Southern District of New York (PDF), attorneys for the "emerging digital cryptography" firm Crown Sterling alleged that Black Hat USA had breached "its sponsorship agreement with Crown Sterling and the implied covenant of good faith and fair dealing arising therefrom." Crown Sterling goes on to accuse the conference organizers of "other wrongful conduct" connected to events surrounding the presentation of a paper by Crown Sterling CEO and founder Robert E. Grant. In addition to legally targeting the conference, Crown Sterling has also filed suit against 10 "Doe" defendants, who it claims orchestrated a disruption of the company's sponsored talk at Black Hat.
Grant's presentation, entitled "Discovery of Quasi-Prime Numbers: What Does this Mean for Encryption," was based on a paper called "Accurate and Infinite Prime Prediction from a Novel Quasi-PrimeAnalytical Methodology." That work was published in March of 2019 through Cornell University's arXiv.org by Grant's co-author Talal Ghannam—a physicist who has self-published a book called The Mystery of Numbers: Revealed through their Digital Root as well as a comic book called The Chronicles of Maroof the Knight: The Byzantine. The paper, a slim five pages, focuses on the use of digital root analysis (a type of calculation that has been used in occult numerology) to rapidly identify prime numbers and a sort of multiplication table for factoring primes.
Prime numbers are important in public-key encryption because most encryption algorithms depend on the use of primes to create pseudorandom "semiprimes"—numbers with exactly two prime factors. Large semiprimes used in the RSA 2048-bit algorithm are so difficult to factor that no computer, quantum or digital, has yet been able to crack the primes they are made from to extract the keys. Grant and Ghannam's paper suggests that their method could quickly find the primes in question and essentially break RSA-2048 and any other semiprime-based encryption. Crown Sterling's answer to this potential crisis in encryption, called TIME AI, is something the company calls "five-dimensional" encryption, "the world's first 'non-factor' based quantum AI encryption" based on polygons, AI-composed music, Fibonacci's sequence, and various other things.
The Black Hat talk did not go smoothly. People had to be ejected from the room by security because they were heckling and booing Grant.
https://twitter.com/veorq/status/1159575080109662208
Cryptographers were extremely skeptical, with some referring to the talk as "snake oil crypto." Even before the event, Mark Carney, a PhD candidate at the University of Leeds, wrote a paper refuting the claims Grant and Ghannam had made in theirs.
https://twitter.com/ra6bit/status/1160977769976741890
In a release after the event, Crown Sterling issued the following statement:
Some allegations were made at Black Hat 2019 claiming that Grant’s presentation included misrepresentations and erroneous claims. “Crown Sterling has announced a legitimate multi-dimensional encryption technology that challenges the paradigm of today’s encryption framework. We understand that the discovery completely transforms the way we secure data and that some members of the security industry are resistant to change or accepting of new technologies that do not conform to traditional approaches,” said Grant. “We completely stand behind all content presented at Black Hat 2019 and we look forward to presenting further developments about the company and our quantum AI encryption technology.”
But the buzz from the presentation was so bad that Crown Sterling is now suing Black Hat for not upholding its standards of conduct for attendees and for violating the terms of Crown Sterling's "sponsorship package"—the thing that allowed Grant to present at Black Hat in the first place—by allowing "a premeditated, orchestrated attack on [Crown Sterling], staged by certain industry detractors and competitors." As the company's lawyers assert in their filing, Crown Sterling believes this was in violation of the "gold" level sponsorship the company and its backers purchased to get a slot at the conference:
In purchasing the highest (“gold”) sponsorship package, Crown Sterling went all in to support the Black Hat conference, trusting that Black Hat USA reasonably would stand by its high standards. But it did not. Rather than treat Crown Sterling with the respect due any participant or member of the public attending the Black Hat conference, Black Hat USA looked the other way when a small group of detractors staged a coordinated harassment of Crown Sterling’s scheduled talk, which was part of its sponsorship package.
Update, 8/23/19 2:45pm ET: A spokesperson for UBM, the company that produces Black Hat, told Ars, "We are aware of the press release stating that a complaint has been filed and have no further comment at this time."
This story originally appeared on Ars Technica.