MIRACL delivering distributed trust and 'Zero-Factor Authentication'

Cryptographer Dr Mike Scott, the director of MIRACL Laboratories, likes to show how distributed trust authorities work by chopping up cucumbers.

"Chopping up" the secrets you need to store on the internet strengthens their security by an order of magnitude, when compared to traditional, centrally-issued two-factor solutions like chip and PIN.

As Scott's open source library of embedded cryptographic solutions grew, large players such as Intel, Microsoft and Google beat a path to his door seeking more permissive licensing agreements.

This acted as a springboard and today, MIRACL is making plenty of moves; it recently joined the Hyperledger project and has a paper due out next month (November 2016) which focuses on improving privacy of transactions on the Bitcoin blockchain, and also speeding up the transaction integrity.

Most recently, MIRACL's Zero-Factor Authentication platform is being adopted by Japan's NTT Software, to eliminate security threats around the password database. The platform does not store passwords or PINs, thus removing credential theft attacks.

MIRACL CEO, Brian Spector, said: "In today's distributed internet we are using authentication and cryptographic techniques that were invented for a different era, for a client/server era.

"That's why we get this explosion of database leaks and username password smash and grab attacks and seed values being stolen. The actual architecture of the systems is not meant for a distributed internet where we are going to see 25 billion more endpoints by 2020. PKI was never meant for that."

Today, a web certificate is typically put on a web server, with the link between the browser and the web servers encrypted so passwords can be sent in whole form and stored in the cloud.

MIRACL's distributed cryptography uses services called Distributed Trust Authorities (D-TA's), which issue fractions of private keys out to entities that have a unique identity, for example, an email address or a Mac ID that they can prove ownership of.

Spector said: "Right now we are running all the distributed trust authorities, but more and more folks have now pledged to run them.

"It's kind of like running a certificate authority except a Distributed Trust Authority issues out a fraction of a key in your unique identity and only you collect those fractions to make a complete whole."

Spector imagined a distributed trust authority, composed of the Swiss tax office, another by Google, and another by Deutsche Post. He said the way hardware or software securely stores keys "we de-materialise them into thin air and then we create them out of thin air from identity factors; something you have, something you know, something the machine is, something it's carrying around, a token, etc."

"Once you recreate those identity factors, then you essentially are able to do everything that you could do in today's PKI, password, two-factor authentication world. But you are on one harmonised platform without any of the huge, bloated, insecure infrastructure that's sitting behind it."

All MIRACL source code is made available through the Apache Milagro (incubating) project at milagro.incubator.apache.org.