It is refreshing to see the Royal Canadian Mint (RCM) innovatively create and launch the MintChip Challenge to solicit ideas, software apps submissions and discussions from the public. At the same time, I find it very troubling to see the core security basis of the MintChip system has not been released for public review and discussion. In fact, here is the official RCM line in this forum discussion thread,
“While we appreciate your interest in the physical chip’s trusted hardware, public-key infrastructure and encryption methods, we are not in a position to release that information at this time.“
Well “… not in a position to release that information …”, really? I can appreciate the “coolness” in seeing interesting apps and use cases, but security has to be the foundation of MintChip and other similar products, without a properly reviewed, fully inspected, time-tested cryptographic system as a solid foundation, the rest of the “cool apps” & interesting use cases will not be of use to anyone.
I’ve been a long time reader of security industry expert Bruce Schneier’s ideas and ground breaking book Applied Cryptography (1995) out of curiosity and interest. Bruce wrote this insightful warning signs “Snake Oil” post in 1999
“The problem with bad security is that it looks just like good security. You can’t tell the difference by looking at the finished product. Both make the same security claims; both have the same functionality. Both might even use the same algorithms: triple-DES, 1024-bit RSA, etc. Both might use the same protocols, implement the same standards, and have been endorsed by the same industry groups. Yet one is secure and the other is insecure.
Many cryptographers have likened this situation to the pharmaceutical industry before regulation. The parallels are many: vendors can make any claims they want, consumers don’t have the expertise to judge the accuracy of those claims, and there’s no real liability on the part of the vendors (read the license you agree to when you buy a software security product).”
“Using innovative technology, for which the Mint has prototypes and five patents pending, MintChip uses a secure chip to hold electronic value and a protocol to transfer it from one chip to another.“
What are in these “prototypes”? How are they tested and verified? How much of the crypto system are kept in these pending patents and how much will remain part of the “trade secrets”? Security through obscurity is a very bad idea.
Of course, in the minds of RCM, they may think the $52,000+ MintChip Challenge prize money is totally worthwhile in exchange of the hundreds of developers’ time and effort. At the same time, if project MintChip fail due to flawed security in the crypto system, the credibility of Royal Canadian Mint will unfortunately be tarnished. So the price is the $52K and the Mint’s reputation!
I urge the Royal Canadian Mint to publish the technical details of the MintChip cryptographic system and invite the security community to properly review and inspect the whole system to ensure it has a solid foundation to avoid wasting people’s time and, more importantly, maintain the Mint‘s hard earned credibility.