BLT is a new cryptographic algorithm invented by Guardtime cryptographers Ahto Buldas, Risto Laanoja and Ahto Truu in 2014. It is a replacement for the RSA signature algorithm which is fundamentally broken upon the realization of practical quantum computers.
The RSA signature algorithm has been the underpinning of Internet security for the last 40 years but with the advent of quantum computing it is rapidly approaching the end of its shelf life.
As the sophistication of nation-state cyber-attacks continues to increase on a daily basis, there is an urgent need to find alternatives to RSA to protect strategic national assets and critical infrastructure.
BLT represents game-changing innovation for cyber-security and will ensure that critical infrastructure can remain protected even in an age of quantum computers.
"While Black Lantern could be used by governments to protect its secrets, it just as easily could be used as a tool to keep government accountable."http://www.wired.com/2015/06/tech-behind-bitcoin-stop-next-snowden
"...unlike RSA, its cryptographic scheme “cannot be efficiently broken” even if an attacker uses quantum-computing algorithms."
"...in the case of Bitcoin the values represent transactions; in the case of Guardtime, it’s the hashed signatures of the assets being tracked."
"BLT, an all-new signature approach created by new-generation security provider Guardtime
and named for the initials of its inventors, Ahto Buldas, Risto Laanoja and Ahto Truu,
is a legitimate candidate to replace the RSA secret sauce."
In BLT, signing key status is checked at the signature issuance, and then the signature is sealed using KSI. There’s no need to find and check a Certificate Revocation List (CRL) when verifying the signature in the future.
There is no need for periodic re-timestamping of signatures due to expiring keys - time and integrity of the signature can be proven mathematically without reliance on security of keys or trusted parties.
It is mathematically impossible for the CA to generate the signatures on behalf of the user.
In BLT the signatures are created with server assistance – they require the CA to assist in the process of generating a signature (at the same time without being trusted). This is valuable as the CA can monitor or limit the number of signatures issued by a user.
BLT uses only industry standard cryptographic hash-functions for signature generation and verification. Unlike asymmetric cryptography used in today's PKI solutions (i.e. RSA, elliptic curves,) hash-functions cannot be efficiently broken using quantum algorithms.
BLT easily scales for next-generation IoT applications assuming billions of online devices needing to be validated, and is more efficient to calculate and store than RSA.
Buldas, Laanoja, Truu - Efficient Quantum-Immune Keyless Signatures with Identity (link to eprint.iacr.org)
Buldas, Laanoja, Truu - Efficient Implementation of Keyless Signatures with Hash Sequence Authentication (link to eprint.iacr.org)
Buldas, Laanoja, Truu - Security Proofs for the BLT Signature Scheme (link to eprint.iacr.org)
TALLINN, ESTONIA – May 21 , 2015 – Guardtime, the first and only platform for ensuring the integrity of data and systems at industrial scale, today announced BLT, the authentication and signature protocol meant to replace RSA as the standard for digital signatures. In contrast to RSA’s reliance on quantum-vulnerable asymmetric key cryptography, BLT is based on Guardtime’s quantum-secure Keyless Signature Infrastructure (KSI) technology, which uses only hash function cryptography.
“RSA has been the dominant digital signature scheme since the 1970s, but it’s outdated and cannot scale for the explosion of data or devices we’re seeing with IoT, mobile and machine-to-machine technologies. Most importantly, on the advent of quantum computers, RSA could be rendered completely useless. No practical and scalable alternative for the market exists, until now,” said Mike Gault, CEO of Guardtime. “Our scientists invented BLT in recognition of the urgency to find a scalable alternative to RSA in a world of continuously connected machines.”
KSI blockchain technology employs one-way hash functions to generate digital signatures that can prove the time, integrity and attribution of origin for electronic data. BLT extends this approach to provide human and machine identity management, with a level of non-repudiation consistent with existing digital signature schemes. Through this methodology, BLT benefits include:
“Apart from robust security, e-commerce and/or device registration applications, BLT greatly improves the strength of any signing and authentication process,” says Matt Johnson, CTO of Guardtime. “BLT collapses security issues and removes traditional trust anchors with this new signature scheme. It’s clean, efficient and beautifully simple, demonstrating the power of KSI to transform the world’s security landscape.”
Guardtime announces BLT after more than seven years in development, building off its proprietary KSI technology, which is already being utilized in government, enterprise and private applications. The country of Estonia ensures the integrity of the world’s most advanced digital society with Guardtime. Ericsson, a world leader in communications technology and services, recently announced a data-centric security offering based on Guardtime’s technology that will enhance trust, transparency and accountability for IoT and for machine-to-machine applications.
The efficacy of Guardtime’s BLT protocol was demonstrated by Ahto Buldas, Risto Laanoja and Ahto Truu, after whom BLT is named.