Could you please explain the role of SciEngines?
Tim Pietruck: SciEngines develops and manufactures special-purpose high-performance computers; for example, for cryptanalysis applications. The use of reconfigurable computer chips allows acceleration of specific algorithms and this optimisation in turn leads to cost-savings or increased processing power that can provide a significant operational advantages or even completely new analysis options.
Would you say that SciEngines is a creator or producer of supercomputers?
Over time, SciEngines has evolved from solely manufacturing hardware to supplying complete systems of hardware and software, and services like trainings or custom development, all aimed at the professional high-end segment. There are a variety of use areas for our hardware technology, but most of the inquiries that we receive are related to cryptanalysis.
What is your impression of cryptanalysis’ relevance in a security context in today’s world?
Cryptanalysis is a must-have for achieving proper levels of IT security. This applies to all areas where digital systems are used, including business. But probably more exciting is its use in the government sector. Though technology today is different to 50 years ago, the importance of information and gaining access to that information stays the same. Certainly, there is no doubt that there is an exponential growth of encrypted communications all over the world, which includes criminals, terrorists and adversarial state actors. This creates challenges for security forces to find and access relevant information.
Can cryptanalysis solve that problem?
While there are many ways to obtain information, most have negative security or privacy implications. Nobody seriously disputes the necessity for legitimate authorities to obtain data on ‘bad guys’, but nobody wants the widespread installation of malware for mass-surveillance, which might get abused. Cryptanalysis is a more targeted option, which can circumvent this dilemma or work with other options to obtain good results.
What are the difficulties of conducting the cryptanalysis that you refer to?
Most modern encryption is very strong and the actual cracking of a modern cipher is usually not realistic. Moreover, criminals have become more sophisticated. Since Edward Snowden, password-complexity has increased, making traditional password-retrieval methods more difficult. Additionally, the amount of encrypted data can be overwhelming, leading to significant burdens on systems. Not every encrypted packet is relevant; one often doesn’t know if the cryptanalytical processing will even lead anywhere.
Is the issue important enough that governments should consider allocating additional resources to it?
One would think so, but experience suggests that financial, organisational and political issues all stymie state cryptanalysis. Overlapping responsibilities mean there is often a vague sense of ownership around the problem, which can result in a lack of resources. Another problem is government procurement. From the viewpoint of a technology provider like SciEngines, it can be alarming how long procurement takes, especially in defence. With the process sometimes taking several years, IT equipment may be outdated before it arrives. This leads to inefficient use of tax dollars and even capability disadvantages.
What kind of technical developments has SciEngines been working on to address those difficulties?
We focus on special-purpose computing systems, generally on basis of field-programmable gate arrays in large cluster set-ups, boosting efficiency. This is a direct answer to the challenge of having too much to do with too few resources, which almost everybody faces. And while it is not a ‘silver bullet’ to easily break all types of encryption, it can considerably speed up the process.
Additionally, we are always striving to incorporate best practices and user requirements into our development, which leads to practically relevant functionality. For example, users can include information from various sources – be it from social engineering or side-channel attacks. In specific circumstances, this may allow them to tackle even challenging modern encryption methods and long passwords. We have ready-made software for more than 80 supported targets, letting us deliver turnkey systems without risk or delays of development projects.