BT Young Scientist - qCrypt

ironclaw

Hi All,

Saw this on the news last night and curious was there any further details about it? Its not a system that I've ever come across.

https://www.breakingnews.ie/ireland/winner-of-the-bt-young-scientist-technology-exhibition-announced-772331.html

https://getqcrypt.com/

Cheers!

Yeah somebody showed this to me today. Very little information about how it works, I also can't figure out if it's a concept or functioning code?

I sigh listening to that article, Dick Ahlstrom stated that splitting the data has never been done before.... Cryptographic splitting is not a new concept.

Not trying to take away from the guy, just working in IT security it's the same with any security vender stating they have the next big thing. Yeah just show me the evidence.....

ironclaw

Same here ni@ll, not wishing to slate, but I'm curious to see a functioning piece of code or the general concept. I know BT do undertake a fair bit of due diligence, so I doubt its without merit, I'm just surprised his site doesn't even give a high level overview of the concept. There is an additional claim that its safe from quantum computers etc, which is what struck me as a little far out there from a schools science expo.

timmywex

Some decent discussion here: https://www.reddit.com/r/ireland/comments/5o02u3/discussion_2017_bt_young_scientist_of_the_year/

Ultimately its completely untested and unproven, bar a few judges who probably know quite little about cryptography. Fair play to him in any case its still an amazing project for someone of that age and has potential surely.

moneymad

Would some sort of blockchain be a part of it?

mach1982

Has he been hired by the NSA yet?

All joking aside, a number of years ago a girl won with a crypto project https://en.wikipedia.org/wiki/Sarah_Flannery . entitled " Cryptography – A new algorithm versus the RSA "

Just saw at end of Wikipedia entry http://cryptome.info/flannery-cp.htm

It was proven that her algorithm wasn't able to be broken. I would say also that his qCrypt will be proven insecure also. Rember he is only a kid, and at that age, we all thought knew ever thing.

As Mythbusters taught even a failure is a valid result

howamidifferent

I've been an avid interested crypto user and follower for over 10 years...
I've never seen so much bull**** in one title...
This man is destined to become a used car salesman. :cool:

ironclaw

mach1982 wrote: »

.

As Mythbusters taught even a failure is a valid result

I tend to disagree here. The guy is getting a lot of media attention and the general public are perhaps being misled. From the reddit discussion above, there isn't even a whitepaper available for this system and he put it together in less than 6 months.

Its similar to someone saying they won a race in a world record time and claiming some headlines for it, with no independent proof.

mach1982

ironclaw wrote: »

The guy is getting a lot of media attention and the general public is perhaps being misled.

I do agree, I did have a look at his Github, and was surprised that, most of his qCrupty was node.js

You average person hasn't got a clue about encryption. I did do a module about encryption, and it was fun but very maths oriented, and maths isn't my best subject. I think it will turn out that he has used a lot per existing libraries, and maybe did something like combine two systems a bit like like me us JCE in java to write a simply cease cypher as the key for DES or RSA .

jmcc

I always get wary when happy-clappies in the Irish media and elsewhere describe algorithms/crypto/systems as being unbreakable. The Irish Times hasn't a good reputation on tech reporting.

When someone thinks that they have an unbreakable system, it generally means that they can't figure out how to break it.

Regards...jmcc

Hotblack Desiato

Total spoof and it's not like it's the first time.

Bacchus

It will be very interesting to see how it gets on at the European stage. Credit to the kid for his technical ability to even be thinking/programming in this space but as said already there's no credibility to the security claims and I'd say he has as good, if not better, prospects in PR as he does in CS.

You'd have to question the standard of judging though to fall for the claims. I'd love to know on what grounds they deemed it to be the winner because "Resistant to quantum computing attacks" and "developed in 6 months by a teenager" just doesn't add up whatever way you spin it. Looking at the code (and lack of documentation) on Git doesn't inspire any more confidence in the claims. Did he even reveal what crypto library he was using at the core of the application?

Ziycon

I'm only new around here but would be very sceptical about what he's claiming given (no offence to him) but his age and experience.

Release the code and let it be publicly scrutinised!

On a side not I think the discussion on Reddit have the wrong GitHub account, clicking through to the website listing on the Github account suggests that the owner is not this Shane Curran.

Bacchus

Ziycon wrote: »

I'm only new around here but would be very sceptical about what he's claiming given (no offence to him) but his age and experience.

Release the code and let it be publicly scrutinised!

On a side not I think the discussion on Reddit have the wrong GitHub account, clicking through to the website listing on the Github account suggests that the owner is not this Shane Curran.

The code is there on his github in fairness (though the crypto library is minified which makes it impossible to read easily). What's not there is any documentation to support it or to show how the crypto used is actually secure as he says it is.

judeboy101

You get marks in bt for display, communication and knowledge of the subject. He could of had an electrical engineer, a blogger and tv repairman as his judges, they don't match projects up with judges in the particular field of the project.

dalta5billion

judeboy101 wrote: »

You get marks in bt for display, communication and knowledge of the subject. He could of had an electrical engineer, a blogger and tv repairman as his judges, they don't match projects up with judges in the particular field of the project.

This is just plain incorrect. Everyone who exhibits gets 3 judges who are working in related fields (for example John Dunnion from UCD is always sent round to the Computer Science projects). If they like your project you'll get more and more judges sent round to your stand later in the week from all disciplines to challenge your project.

judeboy101

dalta5billion wrote: »

This is just plain incorrect. Everyone who exhibits gets 3 judges who are working in related fields (for example John Dunnion from UCD is always sent round to the Computer Science projects). If they like your project you'll get more and more judges sent round to your stand later in the week from all disciplines to challenge your project.

Wrong you only get 3 judgings for the main award you get extra judges for the special awards e.g Intel award/rsa/analogue. But you only get 3 judges between wed/thurs and they determine 1st-3rd, highly commended, best group, best individual and runners up. They also determine overall winner, just 3 judgings. This Is well known and if you ask any winner who only won overall and no special awards they'll tell you they were only judged three times. As regards experts, they cant have every one judged by three experts in the area of each if the 550 projects, so some projects at best get one expert and two generalists

dalta5billion

judeboy101 wrote: »

Wrong you only get 3 judgings for the main award you get extra judges for the special awards e.g Intel award/rsa/analogue. But you only get 3 judges between wed/thurs and they determine 1st-3rd, highly commended, best group, best individual and runners up. They also determine overall winner, just 3 judgings. This Is well known and if you ask any winner who only won overall and no special awards they'll tell you they were only judged three times. As regards experts, they cant have every one judged by three experts in the area of each if the 550 projects, so some projects at best get one expert and two generalists

Nope (I've been in it, multiple times). Judges on final day generally take off badges. The exhibition is so busy with industry and academic folk coming up to you that you can't tell the difference. You mostly find out afterwards when your neighbouring exhibitors tell you they recognised a judge they had earlier talking to you.

judeboy101

dalta5billion wrote: »

Nope (I've been in it, multiple times). Judges on final day generally take off badges. The exhibition is so busy with industry and academic folk coming up to you that you can't tell the difference. You mostly find out afterwards when your neighbouring exhibitors tell you they recognised a judge they had earlier talking to you.

Teachers tell students about the "secret judges" Friday so that they will stay at their stands, lol. If I told my students "you'll be judged once on wed, twice on Thurs" they wouldn't turn up on Friday until the ceremony, or if they did turn up they'd be off chasing boys lol. Sorry to break it to you but any judges on Friday are for the special awards. The winner is known Thursday night by the people in charge.

Hotblack Desiato

dalta5billion wrote: »

This is just plain incorrect. Everyone who exhibits gets 3 judges who are working in related fields (for example John Dunnion from UCD is always sent round to the Computer Science projects).

So why is it that this competition repeatedly rewards spoofers with IT projects?

Edit: I don't mean Sarah Flannery but there were others.

ironclaw

Hotblack Desiato wrote: »

So why is it that this competition repeatedly rewards spoofers with IT projects?

I'm going to be a little cynical and say its to do with the major sponsorship money being from IT firms and the whole nation is pretty much running on the employment provided by their tax exemption. Ireland is prime for some new blood in other fields e.g. Agriculture and food but we're just not investing that way at all.

Screaming Monkey

mach1982 wrote: »

It was proven that her algorithm wasn't able to be broken. I would say also that his qCrypt will be proven insecure also. Rember he is only a kid, and at that age, we all thought knew ever thing.

There was a valid attack against Sarah's algorithm or her implementation, whole chapter in her book about it, along with how she with some help from the clevers in Baltimore technology tried to address it.

If he has invented his own algorithm, then good luck with that because the security world is littered with the bodies of crypto fails. To me it just looks like standard off the shelf crypto with some fancy wrappers and quantum buzzwords.

Bacchus

Given the discussion about this years BTYS competition going on here... https://www.boards.ie/vbulletin/showthread.php?t=2057829909

... it prompted me to check in on qCrypt. It didn't win at the EUYS competition (I guess we would have heard about that) but there's no real insight (that I can find) on how it was received by judges. The website for the algorithm is a boiler plate landing page with some nice PR waffle. All the claims are still there about how awesome it is but I can find no independent research on the proposed algorithm/method. The link to the code is gone too and I can't find the github page with a Google search either. All in all, it really looks like there was no substance to the project that won the award last year. As I mentioned before, fair play to the kid for attempting something like this but it really hammers home the question of what exactly the judges are evaluating these projects on. It looks like anyone could go in with some huge claim, make it look complicated enough, add some nice graphics and the judges will believe it.

jmcc

Makes one wonder about the abilities of the judges.

Regards...jmcc

Hotblack Desiato

Unfortunately when the time may come in a few years I'll be discouraging my kids from entering. They're not convincing liars and don't have a parent working as a third level academic so they'd have no chance...

Bacchus

Hotblack Desiato wrote: »

Unfortunately when the time may come in a few years I'll be discouraging my kids from entering. They're not convincing liars and don't have a parent working as a third level academic so they'd have no chance...

I completely see where you are coming from but, personally, I'd be inclined to shield that level of cynicism (even though it is justified) from my own children. The BTYS competition encourages students with an interest in science at an early age. That in itself is a positive outcome. There's a huge buzz about it, it must be very exciting for any kid taking part. I wouldn't place much emphasis on the "winning" but I see taking part as a great experience in itself for many kids. "Don't throw the baby out with the bathwater" and all that...

One can hope though that in future the projects might be vetted a bit more (as in the case of qCrypt) and the rules are tightened around how much work the student did independently (as in the case of this years winner).

ironclaw

Bacchus wrote: »

around how much work the student did independently (as in the case of this years winner).

I'm not currently in Ireland so I missed this, any more info?

Hotblack Desiato

Bacchus wrote: »

I completely see where you are coming from but, personally, I'd be inclined to shield that level of cynicism (even though it is justified) from my own children.

Well, I was joking. Kinda.

We've brought the kids to the RDS the last two years (mostly to see the primary science fair) and they've enjoyed it - and I'm a science graduate myself so would love them to develop an interest in it. (Although, truth be told, I wouldn't recommend science as a career and I don't work in the field of my degree.)

Bacchus

ironclaw wrote: »

I'm not currently in Ireland so I missed this, any more info?

There's a whole thread on it in After Hours.

TLDR; Yer man's mother is a scientist who published work in the same field about a decade ago. She has some ties to UCC (or CUH) where the actual experiments for the project were run. So there's a couple of question marks over how much help the student got, and did he have an unfair advantage over other students. I haven't been following it in detail but that's my understanding of the situation.

Reati

mach1982 wrote: »

Has he been hired by the NSA yet?

All joking aside, a number of years ago a girl won with a crypto project https://en.wikipedia.org/wiki/Sarah_Flannery . entitled " Cryptography – A new algorithm versus the RSA "

She even wrote a book about the experience.

https://www.amazon.com/Code-Mathematical-Journey-Sarah-Flannery/dp/1565123778/ref=pd_bbs_1?ie=UTF8&s=books&qid=1213378232&sr=8-1

1137HB

You are all talking pure ****e mainly because you're jealous. He's already on Forbes 30 under 30 list and he's only 18. Future millionaire in the making.

Bacchus

1137HB wrote: »

You are all talking pure ****e mainly because you're jealous. He's already on Forbes 30 under 30 list and he's only 18. Future millionaire in the making.

You ok hun?

1) That's fantastic that he's made that list. Well done to him. I don't think anyone here has begrudged him success despite your claim that "we're all jealous".
2) Doesn't change the fact that his qCrypt library/algorithm is not well understood, has attracted no independent analysis (so his claims around security are completely unverified), and (most telling) there is no sign of it in the NIST Post-Quantum Cryptography Standardization process. So... I think all the questions about his algorithm, how it came about, what security it actually provides, etc. are all still valid and reasonable to raise.

I've said before that for a 16 year old to operating at this level in crypto is to be applauded, and well done in his success so far. I just don't believe the security claims of this (now closed source... can't find the code anymore) crypto library. I wonder is it the qCrypt library that he's now pursuing, or maybe he's using the branding to creating something new in the same space, or is he moving on to something else completely?

From the BTYS POV though, there's still questions around the judging process, and how 'independent' is the independent work by students. That's nothing against this guy in particular, it's more of a general comment on BTYS.

ironclaw

1137HB wrote: »

You are all talking pure ****e mainly because you're jealous. He's already on Forbes 30 under 30 list and he's only 18. Future millionaire in the making.

Curran, who's still at high school as he manages his small company, says he's expecting $5 million in revenue in 2018

In case anyone is wondering the company is Muon and ' is a platform for quantum-secure, decentralized, hyper-fast storage allowing you to store, share and access all of your digital data.'

Link: https://muon.network/

Previous to this he worked here: https://rubicoin.com/

I'll happily eat my words but seems like a classic pump and dump that would lure investors looking to jump on the blockchain/quantum wagon. Given the proximity of Muon to Berkley and some of the major US universities, the fact that none of them, at least that I can find, have given any sort of backing to this tech (I'd imagine MIT would be right on that) then I'm calling BS unless something comes up. Their PHD member has more experience in Capital Markets and his background is CS, not math.

Bacchus

Agree with everything ironclaw said above. Cheers for sharing the link to this new company btw.

TBH, it looks like they're working on hype as you suggest by getting on the quantum crypto band wagon. Their one page website is eerily similar to the page used for qCrypt, and is just a series of generic security promises, security related words with "Mu" prepended and other catchy phrases. There does not seem to be any substance to it.

That's not to diminish the fact that this lad has gone off and set this company up which you know... well done, that's great... but it looks to me like it's good marketing/PR as opposed to having a substantial or novel security product behind it. But look, their timeline says they're a few months away from the first product release (decentralized storage) so... "watch this space".

ironclaw

I should make clear, I do hope I eat my words and munch down some humble pie, it would be awesome for the Irish to lead the charge on this. But every time I see a company like this, I remember some words from Gary Vaynerchuk along the lines of 'If you have an idea, any idea, in New York, just get the train out to the Hamptons and go door to door, eventually, someone will back you'

A lot of people don't understand how angel investing works. There can be very little fact checking in the race to get in on a unicorn, compounded with machoism and the fear of missing out. The people running most of the high-end startups have no skin in the game and a lump of cash to work with. Getting investment can be surprisingly easy in some sectors. It's the dot-com of the 90s every day in SF. The blockchain buzz is a prime example, take a look at the angel lists and you'll see what I mean.

Bottom line, it doesn't matter if it doesn't work out as long as it sells to investors who can talk about it and write off the loss if it tanks.