Orion quantum encryption messenger

Check this box to affirm you have no conflict of interest.

on

Website

Short description

Quantum computer resistant encryption messenger with plans and tools in place to be resistant to 3 letter control and coercion.

Not recommending any of the products, wanted a discussion - what do you guys think? have you heard of it? I couldn’t find anything with search.

The topic of messengers has been on my mind as of late with the news of pressure being placed upon all of these rich CEO’s who run communicational code.

  • Significant backing and funding whereby -supposedly- the founders do not have control over the messenger app.
  • Interesting and esoteric founder/CEO.

Also, a browser is in the works too, I believe.

Why I think this tool should be added

I don’t necessarily but maybe you do?

Section on Privacy Guides

Communication, messenger

Not even out yet so best to wait for it to be released before really discussing it.

2 Likes

App is not open source. No Git___ link in its web site.

Not audited. There isn’t even a mention of the word audit anywhere.

Has a “Litepaper” pretending to be research. A quick glance looks like a press kit of sorts. Doesnt even have a proper DOI # associated with it (not even trying hard to pretend to be research).

Hard pass for me, at least for now.

3 Likes

Hard pass does not even begin to describe this scam.

Below is just an executive summary. You can find everything in detail in Crown Sterling - RationalWiki, along with 243 references. Full disclosure: I’m the main editor of the article.

Orion is built by company called Crown Sterling. The company rose to public attention back in August 2019 with the CEO’s presentation at BlackHat 2019, where he claimed to have invented a concept known as quasi-primes, that could be used to break RSA. Conveniently, the CEO Robert Edward Grant had also come up with new cipher called TIME AI that was “fifth dimensional”, and that leveraged keys from the past and future. It claimed to generate quantum encryption keys, and while one could be forgiven for mistaking post-quantum ciphers with quantum encryption, these grifters talked about quantum entanglement. In your classical computer/phone with its classical CPU. This is like saying you get a flying car with a firmware update to your 2011 Mercedes.

In his paid talk slot at the BlackHat, the CEO Robert Edward Grant ranted an hour about his numerologist, new age, elementary school arithmetic, and then got schooled by professional cryptographers and infosec experts pointing out his

  • Plagiarism of factoring methods like the 2,200 year old Sieve of Erastothenes,
  • Lies about Diffie-Hellman being based on semiprime factoring problem, and
  • Lies about ArXiv preprints being peer-reviewed by the university hosting the preprint server.

Crown Sterling then played the victim, and sued BlackHat for breach of contract.

The company is so bad Bruce Schneier himself took some time to debunk their BS.

RSA Snake oil cryptanalysis

After the BlackHat PR nightmare, Grant and his company Crown Sterling published a bunch of outright fraudulent RSA factoring methods:

The quasi-prime paper that started the whole show turned out to be a ginormous multiplication table that runs in O(n²) with O(n²) space complexity, which is insane given that brute force runs in O(√(n)).

Next, the company hosted a press conference where they factored a 256-bit RSA key. Which is outright fraud: given that this wouldn’t have made headlines even in 1991, because a 330 bit RSA key was broken back then, these idiots tried to make it seem like 256-bit security level ciphers were at risk. The company claimed to use their own proprietary algorithm called CSBiPrime for this demonstration, but they had botched the last debug message from CADO-NFS, an open source factoring application. So they plagiarized both the algorithm (General Number Field Sieve) and the software running it.

At this point the mainstream media and infosec circles binned the company as outright fraud and stopped giving them attention.

The company CEO followed up with his idea of reciprocal factoring, i.e. finding factors of RSA public key N by scrolling around the decimal expansion of 1/N. Grant implied the algorithm ran in O(1/n) time which is impossible. It’s like saying it’s easier to find the needle in the haystack the larger the haystack gets.

Next, Grant published something called Pythagorean factorization, which was nothing but Fermat’s 380 year old factoring method. Pure plagiarism, again.

Finally, Grant published “geometric factorization”, which did not work at all, it just appeared to work because of his extremely low resolution GeoGebra screenshots.

Snake oil cryptography

While TIME AI was nothing but vaporware, the company has come up with its own snake oil algorithms.

  1. Crown RNG random number generator This was nothing but modified Blum-Blum-Shub, which is a slow, ancient algorithm that exclusively depends on difficulty of semiprime factorization. In their crank paranoia, the company replaced the primes with composite numbers from decimal expansions of irrational numbers, because they think those numbers are literally magical. This ensured the RNG starts to repeat itself much sooner.

  2. Snake oil Key-Exchange: The company lied about using post-quantum elliptic curve Diffie-Hellman. They claimed using irrational numbers as private keys in place of prime numbers (which EC-DH doesn’t even rely on), the entropy alone would make the Diffie-Hellman post-quantum. This is wrong on every possible level.

  3. Snake oil One-Time-Pads The company lied about using One-Time Pads, which is the only unbreakable cipher out there. Their “ingenious” technique to make OTP practical, was to share a seed from which they would generate the pad. The pad would be the square root decimal expansion of the seed. So it was not a one-time pad, but numerologist stream cipher. Needless to say, this cipher was immediately broken by Sophie Schmieg, who heads the Cryptography ICE team at Google.

Shitcoin

Crown Sterling also sold a shitcoin called (Wrapped) Crown Sovereign [(W)CSOV] on some of the worst exchanges out there. The coin claimed to be post-quantum, but it was just a Polkadot parachain (CSOV), or Ethereum smart contract (WCSOV) with nothing post-quantum about either.

Orion Messegner

Proprietary web-client. That the last time I checked, UPLOADS THE PRIVATE KEYS OF THE USER TO THE SERVER IN PLAINTEXT

Forward secrecy? No.
Future secrecy? No.
Public key fingerprints? No.

The CEO

Relevant because he’s the “brains” of the entire operation, coming up with all the ciphers and majority of the bogus cryptanalysis.

Grant is a former cosmetic surgery industry CEO with nothing but business degree. He was ostracized from the industry for allegedly stealing patents. He’s been accused of sexual harassment twice.

The Team

Talal Ghannam is a physicist who sold his values to make easy money. He’s doing most of the hard lifting in the pseudo science of the company. He’s the one who vouched for Grant to get his quasi-prime BS uploaded on ArXiv.

Alan Green, peddled as the “directory of cryptography” for Crown Sterling back in 2019. Green is a musician, who spends his days finding connections between pyramids and Shakespeare’s works.

Naomi Mathew: A nobody math undergraduate, but from the looks of it, she’s the only actual mathematician in the company.

No one in the company has ever taken a course in cryptography.

Conclusion

The company is the laughing stock of the industry. Orion the worst possible choice anyone could make. It’s an outright scam. Having it on privacyguides.org would be nothing short of a scandal.

I’m not going to replicate months of writing process here. There’s so much I couldn’t include, so read the RationalWiki article to get the full picture. It’s an insanely wild ride, written to be as snarky as these scammers deserve.

Well shit, that’s a substantial amount of evidence and you seem to know your stuff - are you involved in cryptography? :slight_smile:

I can’t find Bruce speaking on this, do you have a link?

are you involved in cryptography?

The company is extremely litigious, I’d rather not tell anything about myself to avoid SLAPP suits.

I can’t find Bruce speaking on this, do you have a link?

Here’s the first article

And here’s the followup one.

Thank you Sir, and thank you for introducing me to Schneier’s blog - lot’s of interesting reads for me!

This guy, Mr Grant is a very interesting and intriguing guy - to say the least.
His inception, his esoteric mentality, his achievements, his long list of friends and acquaintances… it all seems very weird to me. Almost as if he is an agent or a familiar (blade) for controlled releases of information into society.

Grant has no achievements. He failed his career as an executive spectacularly, and he has since become a new age guru selling his non-falsifiable, garden variety spiritual woo, and trivially falsifiable elementary school math to anyone with less competence, that is, without college-level math background. He’s a mid-shelf Terrence Howard.

His connections revolve around the new age community and other pseudoscience scammers like Nassim Haramein. In the cryptography/infosec circles, he’s a known charlatan and nobody is giving him a platform. Which is why the only places he markets his BS, is platforms that give grifters too much control over the discourse, that is, X, FB, IG and Telegram.

controlled releases of information into society.

Every scientifically notable contribution he’s put out, has been blatant plagiarism of other scientists. The rest is again, non-falsifiable new age woo, pretending that irrational numbers have more or less magical properties etc. Numerology has no place in rigorous academic fields such as mathematics and computer science.

When you look at Grant from the PoV of him being a play-pretend new age guru feeding his NPD and trying to maintain the income level of his previous life by any means necessary, it is much easier to see through his veil of lies.

This tells us enough that we do not even have to bother for it to come out, clear snake oil.

2 Likes