LAS VEGAS—The Black Hat security conference is no stranger to controversy, but that’s usually limited to daring hacks or heated debates about privacy. This year, a sponsored session drew ridicule from attendees who claim it was little more than pseudoscience, and the uproar prompted Black Hat organizers to remove the content from the website.
Black Hat bills itself as a premier gathering of security researchers and industry, offering training sessions and extensive talks on security topics; we’ve written about several over the past week. Black Hat also offers sponsored sessions. These are talks put on by companies in the security industry—usually big names like RSA, AWS, Bitdefender, and others—and are listed separately from the sessions presented by researchers.
Regular sessions at Black Hat have to pass muster with the organization’s review board, but that appears to not be the case for sponsored sessions.
The name of the sponsored session in question is quite a mouthful: “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?” It was presented by Robert E. Grant, and the company was listed as Crown Sterling. According to the Crown Sterling website, Grant is the “Founder, Chairman, and Managing Partner of Strathspey Crown LLC, a growth equity holding company based in Newport Beach, CA with a broad portfolio of company and asset holdings spanning healthcare, clean energy, social media, and financial technology.” The site also notes that he is “an accomplished sculptor.”
This reporter wasn’t able to attend the session, but if it’s anything like this video from Crown Sterling’s YouTube account, it’s certainly mind-bending.
This reporter also does not have a background in advanced mathematics, but the claims made in the video are perplexing.
A new understanding of how mathematical constants interact with primes, and quasi-primes, to propogate and mirror reflect in infinite wave conjugations. Academic researchers believe this discovery may be the key to unlocking a new, unified physics cosmology: a theory of everything. […] Time AI is an entirely new classification in data privacy called quantum encryption: an impenetrable system utilizing five dimensions of encryption technology. […] Using the infinite variation within music composed real time with artificial intelligence, Time AI generates quantum encryption keys as unique as your own iris. Each quantum public key is paired with two quantum private key, that are entangled through mirror-symmetry mathematics in value, time-exposure, and oscillation speed. These quantum keys change at the nano-scale of time, directed by state-of-the-art AI technology harnessing time’s entanglement: one key from the past and one key from the future. Changing the number series one billion times a second with no pattern. […] To unlock time AI, the future and the past must converge perfectly in a split-second unpredictable by any known intelligence in the universe.
One of the people in the audience for Grant’s talk was Jean-Philippe Aumasson, who holds a Ph.D. in cryptography and is the founder of Teserakt.
Aumasson first encountered Crown Sterling when he saw the above video some weeks ago. Upon investigating the company’s website, he described it as having, “all the signs of ‘snake oil’ crypto: extravagant claims, total lack of experience in the domain, no technical documentation, no testable software, no references.”
“The content of the paper and the so-called discoveries are either 1) obvious, well-known mathematical properties that any high school student would easily find, or 2) plain wrong,” said Aumasson. For example, Aumasson told PCMag that during the Black Hat talk, Grant took credit for a discovery first attributed to the Greek mathematician Eratosthenes.
The abstract for Grant’s sponsored session mentions that his “mathematical discovery was recently published through Cornell University.” A Crown Sterling press release clarifies that the paper was published on arXiv.org, a repository for academic papers managed by Cornell University. Papers on arXiv are not peer-reviewed.
Senior Security Researcher Mark Carney also came across Grant’s paper in April, and was perplexed. A Ph.D. student, Carney wrote up a critical response. While not peer-reviewed, Carney is confident in his analysis. “I knew that if I was wrong, it was highly, highly unlikely it would be because Grant was right.”
Carney was deeply skeptical of Grant’s claim to have revolutionized the process of factoring. “To say that you have an algorithm that dramatically speeds up this process is a massive claim!” Carney told PCMag. “It’s the kind of thing professors, postdocs, and PhD students dream of.”
Speaking to PCMag, Carney said Grant’s work is, “lacking in any rigor that would elevate it out of numerology.”
Well, I did allude to a draft preprint of some arguments that point out the major issues with Grant’s paper he is presenting at @BlackHatEvents. Here is that draft:
Reviewing Recent Prime Generation Methods for Breaking Cryptographic Keyshttps://t.co/LBohVHuEOK https://t.co/FjTHBioi0Y
— Mark C. (@LargeCardinal) August 7, 2019
Aumasson gave several examples of inaccurate statements made by Grant during the sponsored session. For example, Grant reportedly said that all encryption is based on factorization, while Aumasson explained that factorization is “only the core problem of RSA [encryption].”
Aumasson also said Grant claimed to have an efficient method to recognize prime numbers, but did not appear aware of the AKS primality test, an accepted algorithm for testing prime numbers, when asked how his method compared. Grant was also reportedly asked why he has not submitted his methodology to an academic conference “He replied that he thinks he does not have to,” said Aumasson.
Grant also reportedly said that electrons are from the past, positrons are from the future. “So, to summarize, it’s the flat Earthers of crypto,” said Aumasson, referencing people who, despite all available evidence, believe our planet to be flat.
Dan Guido, CEO of Trail of Bits, was also in attendance at Grant’s sponsored session. In the video below, he can be heard confronting Grant. Guido told PCMag that the presentation amounted to “word soup.”
“They’re scamming people. They’re here to use Black Hat to trick people into giving them money,” Guido told PCMag. “Other people in the audience tried to reason with them, that the math isn’t right, etc., but they don’t care about that. It’s offensive, and they shouldn’t get the benefit of using our names and our event to commit fraud.
“They’re not here to engage with anyone in honest conversation. They need to get chased out of the event and exposed for what they are.”
I yelled at the Time AI guy. It’s ok to get angry at someone trying to harm people. I was shocked that more people haven’t done the same. https://t.co/Mwe7yrihgk
— Dan Guido (@dguido) August 8, 2019
“I want it easily discoverable on Google that this company is a fraud,” Guido told PCMag. “I also hope that Black Hat screens its sponsors for clear indications of fraud.”
— Dan Guido (@dguido) August 8, 2019
Crown Sterling and Robert Grant did not immediately respond to PCMag’s request for comment.
While Aumasson felt the sponsored session was without rigorous, scientific merit, he doesn’t think Black Hat organizers are to blame. “It’s unfortunate to have such clowns given a mic,” said Aumasson. He stressed that it’s not unusual for conferences to offer time to companies that sponsor them, and Black Hat clearly marked Grant’s talked as a sponsored session.
“I do not blame [Black Hat] at all for it, and it’s a marginal case, so again not sure they need to take action,” he said. “And well, it was a good laugh.”
Black Hat organizers told PCMag: “We are aware of the situation with the Crown Sterling talk and will be removing it from our website as soon as possible. Content discussed in Black Hat sponsored sessions are determined by the individual sponsor, however, we are working to implement a stronger vetting process moving forward to avoid this happening in the future.”
As of writing, the Crown Sterling materials have been removed from the Black Hat website.