The MCC Algorithm is the creation of Richard Ervasti, Cofounder and CTO of MCC Security LLC, and was first published on February 27, 2008.
In the early days, the company’s name was Quty, LLC, and its core business was an internet auction service for nonprofit organizations. When the time came in 2005 to tighten the security of users’ personal information on Quty’s servers, Ervasti began to scrutinize the various available encryption modules, and found them lacking. As he put it, “There are a handful of wonderfully robust solutions out there, but none of them have been able to properly address the inevitable explosive growth in computer resources and its profound impact on data security over the next 30 to 40 years.”
The solution, Ervasti felt, was to create an algorithm that might offer some realistic hope of thwarting present and future attacks by exponentially raising the level of complexity for adversaries.
MCC’s inspiration comes from the field of audio recording. With 25 years of audio engineering experience, Ervasti chose to use signal processing techniques as the starting point for his new algorithm. As a result, he concluded that multiple inputs, or channels, of data would be required in order to sufficiently raise the level of the program’s complexity without sacrificing performance.
Initial code for the algorithm was terribly bloated at over 80 times its present size. Processing was sluggish and the number of functions was quite unwieldy. “So, I completed my transformation to the dark side”, Ervasti explained, “by adding some classic confusion and diffusion methods which alone are trivial to crack, but when blended in with the rest of the Cursor functions, they help to cut the code size dramatically and improve on the mysterious S box schemes I envisioned.”
Naturally, the jury is still out on MCC until the cryptographic community can get its hands on it and try to break Ervasti’s little monster. But he remains confident it will withstand a majority of the analytical scrutiny. “The instant I had a stable version,” he states with a smile, “I deployed it on several machines, and fortunately it is still in active production to this day.” He hopes it can stay that way for decades to come.
In the early days, the company’s name was Quty, LLC, and its core business was an internet auction service for nonprofit organizations. When the time came in 2005 to tighten the security of users’ personal information on Quty’s servers, Ervasti began to scrutinize the various available encryption modules, and found them lacking. As he put it, “There are a handful of wonderfully robust solutions out there, but none of them have been able to properly address the inevitable explosive growth in computer resources and its profound impact on data security over the next 30 to 40 years.”
The solution, Ervasti felt, was to create an algorithm that might offer some realistic hope of thwarting present and future attacks by exponentially raising the level of complexity for adversaries.
MCC’s inspiration comes from the field of audio recording. With 25 years of audio engineering experience, Ervasti chose to use signal processing techniques as the starting point for his new algorithm. As a result, he concluded that multiple inputs, or channels, of data would be required in order to sufficiently raise the level of the program’s complexity without sacrificing performance.
Initial code for the algorithm was terribly bloated at over 80 times its present size. Processing was sluggish and the number of functions was quite unwieldy. “So, I completed my transformation to the dark side”, Ervasti explained, “by adding some classic confusion and diffusion methods which alone are trivial to crack, but when blended in with the rest of the Cursor functions, they help to cut the code size dramatically and improve on the mysterious S box schemes I envisioned.”
Naturally, the jury is still out on MCC until the cryptographic community can get its hands on it and try to break Ervasti’s little monster. But he remains confident it will withstand a majority of the analytical scrutiny. “The instant I had a stable version,” he states with a smile, “I deployed it on several machines, and fortunately it is still in active production to this day.” He hopes it can stay that way for decades to come.
Posts
No comments:
Post a Comment