SCI engaged three prominent cryptographers to provide third-party validation of Dr. Katz’s analysis: Dr. Matthew Green, Assistant Professor of Computer Science at The Johns Hopkins University, Dr. Stefano Tessaro, Assistant Professor of Computer Science at the University of California, Santa Barbara, and Dr. Yevgeniy Dodis, Professor of Computer Science at New York University. All three endorsed Dr. Katz’s analysis and security proofs.
Vice President Cryptography Engineering, Secure Channels Inc.
- Ph.D. (with distinction), Computer Science, Columbia University, 2002
- Director, Maryland Cybersecurity Center (MC2
- University of Maryland Distinguished Scholar-Teacher Award, 2017–2018 Humboldt Research Award, 2015
- Member, State of Maryland Cybersecurity Council (2015–2016)
- Member, steering committee, IEEE Cybersecurity Initiative (2014–present)
Dr. Katz’s report, “Security Analysis of PKMS2,” shows that PKMS2 offers significant improvements in three areas:
- Even if a cipher used in the first layer of the multilayer scheme is insecure (e.g., has an arbitrary, unknown backdoor, or is cryptanalyzed), PKMS2 remains provably secure
- The effective key length of PKMS2 is provably up to 50% greater than that of component 256-bit ciphers such as AES
- The use of segmentation offers improved security against the best-known message-recovery attacks.
Dr. Matthew Green
Assistant Professor of Computer Science The Johns Hopkins University
For more information on Dr. Green, click HERE
Assistant Professor at the Johns Hopkins Information Security Institute. My research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. I am one of the creators of the Zerocash protocol, which is used by the ZCash cryptocurrency. I was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy and I currently consult independently. From 1999-2003, I served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, NJ.
Dr. Green observed that layered and segmented scheme “provides surprisingly strong security” in the summary to his report.
Excerpts of his analysis of PKMS2:
- “A number of results in the field of cryptography deal with the problem of double (or multiple) encipherment using block ciphers… The PKMS2 protocol… result produces a much stronger overall construction.”
- “These results provide confidence that the PKMS2 protocol is secure under a strong threat model, even against an attacker with significant resources.”
- University of California, Santa Barbara, Santa Barbara, CA. Assistant professor.
- Holder of the Glen and Susanne Culler Chair in Computer Science.
- Foundations and applications of cryptography; Computer security; Theory of computation.
- Alfred P. Sloan Research Fellowship, 2017.
- Best Paper Award at EUROCRYPT 2017.
- NSF CAREER Award, 2016.
- Northrop Grumman Excellence in Teaching Award, 2016.
- Paper [C.36] invited to Journal of Cryptology at CRYPTO 2016. ⋄ Hellman Fellowship, 2015.
Dr. Tessaro noted that PKMS2’s ability to extend the effective key length was remarkable and that he is “not aware of any other schemes (theoretical or practical) that achieve similar guarantees with the same degree of efficiency.”
Excerpts of his analysis of PKMS2:
- “Secure Channels’ PKMS2 is a mode of operation. It however adopts a number of measures to achieve higher security than existing modes of operation, without excessively compromising efficiency.”
- “The analysis shows that PKMS2 achieves higher security than existing methods – in particular, the effective length of keys substantially increases. In most practical cases, the increase is between 50% and 100%.”
- “We could not identify any problems with the security analysis. All security claims and their proofs are correct, and the proof techniques are non-trivial and sophisticated. The outcome of the analysis also clearly shows that within the efficient constraints imposed on the scheme, PKMS2 achieves essentially the best possible security.’
Dr. Yevgeniy Dodis
Professor - Cryptography Group, Department of Computer Science, Courant Institute of Mathematical Sciences, New York University
For more information on Dr. Dodis, click HERE
- Exposure-Resilient Cryptography
- Cryptography and Imperfect Randomness
- Cryptography with Biometrics and Other Noisy Data
- Hash Functions and Random Oracle Model
- Information-Theoretic Cryptography
In the conclusion to his report, Dr. Dodis pointed out that “PKMS2 provides an excellent way of protecting information against very powerful attacks.
Excerpts of his Analysis of PKMS2:
- “(PKMS2’s) segmentation significantly improves security against message recovery attacks”
- “Even if a cipher used in the first layer of the multilayer scheme is insecure (e.g., has an arbitrary, unknown backdoor, or is cryptanalyzed), PKMS2 remains provably secure.”