Good Math, Bad Math

An alert reader sent me a link to a really dreadful piece of drek. In some ways, it’s a
rehash of the “Nullity” nonsense from a couple of years ago, but with a new spin.

If you don’t remember nullity, it was the attempt of one idiot to define division by zero.
He claimed to have “solved” the great problem of dividing by zero, and by doing so, to be able
to do all manner of amazing things, such as to build better computers that would be less prone
to bugs.

Today’s garbage is in the
same vein: another guy, this one named Jeff Cook, who claims to have “solved” the problem of
division by zero. But this one claims that this gives him a way to prove the Reimann
hypothesis, to rapidly crack RSA public key encryption, and to devise a new “theoretically
unbreakable” encryption algorithm.

The grandiosity of this Mr. Cook is astonishing. He’s started a company (which is looking
for investors!); here’s a quote from his company’s homepage:

Great scientific discoveries mark the milestones of human history.

Such are the accomplishments achieved by the men and women of Singularics. Standing on the
shoulders of giants such as Albert Einstein and Bernhard Riemann, we have reached up through
nature’s veil and seen what lies hidden there more clearly than anyone else before us. Our
discoveries have yielded a new mathematical framework, one that provides a profound
understanding of nature’s basic mechanics. We have discovered The Science of
Singularics™
, the study of the singularity.

We have already found a variety of important applications of Singularic Technology™,
but perhaps the most immediately useful are Neutronic Encryption™, a new theoretically
unbreakable public key encryption algorithm and Singularic Power™, a new form of clean
power generation.

Neutronic Encryption, our next generation public key encryption algorithm, will play a
vital role in the digital age by ensuring that the electronic information of governments,
industry and individuals is kept secure and private in a world where cyber-terrorism is on the
rise.

We have also developed a new primary power generation system capable of delivering
abundant, clean and inexpensive energy that can satisfy power requirements on any scale.
Singularic Power production technology generates zero pollution and can therefore play an
instrumental role in promoting a harmonious coexistence between human civilization and the
Earth’s fragile ecosystem.

To date, our analysis of the mathematics and physics at the singularity has lead us to
eight important new inventions, most notably in the fields of information security and clean
energy. All eight inventions (patents pending), have significant and immediate application in
the global market.

It is our vision to use these advances to bring about great improvements for everyone
through new technology, intelligently applied.

Mr. Cook doesn’t have too high an opinion of himself, does he?

Of course, that’s really content free hype. He’s hoping to recruit investors, and so the
grandiose claims are inevitable: no one invests in a business that says something like “We’re
an incremental improvement over our competitors!” So some amount of hyperbole is acceptable, if annoying.

The real question is, is there anything behind those grandiose claims? Does he really
have anything but hype? Is there the slightest shred of reality underlying
that hype?

Alas, no. Moving to his “cryptography” page:

Singularics has advanced the state of the art in cryptography by developing a
new theoretically unbreakable public-key algorithm called Neutronic Encryption™.

Our advances in Prime Number Theory have led to a new branch of mathematics called
Neutronics. Neutronic functions make possible for the first time the ability to analyze
regions of mathematics commonly thought to be undefined, such as the point where one is
divided by zero. In short, we have developed a new way to analyze the undefined point at the
singularity which appears throughout higher mathematics.

This new analytic technique has given us profound insight into the way that prime numbers
are distributed throughout the integers. According to RSA’s website, the RSA public key
encryption algorithm has an installed based of nearly one billion. Each of these instances of
the prime number based RSA algorithm can now be deciphered using Neutronic analysis . Unlike
RSA, Neutronic Encryption is not based on two large prime numbers but rather on the Neutronic
forces that govern the distribution of the primes themselves. The encryption that results from
Singularics’ Neutronic public-key algorithm is theoretically impossible to break.

There’s so much wrong with this that it’s hard to know where to start.

I suppose the best starting point is the most basic one: division by zero isn’t a problem. It’s just meaningless. When we say that it’s undefined, that’s not because we’re afraid of dividing by zero. It’s not because we’re unsure of what the answer should be. We say that it’s undefined because, simply, it’s undefined. It’s not that we haven’t given it a definition: “undefined” has a specific meaning in math.

In math, we can desribe division as a function with two parameters: D(a,b). Like every function, D has a domain (a set of inputs) and a range (a set of outputs). A function is defined for a value if and only if that value is in the domain of the function. When we say that D is undefined when b=0, what we mean is that for all values of a, (a,0) is not in the domain of D. When we say that division by zero is undefined, what we mean is that no input to division with zero as the second parameter is in the range of the division function. It’s undefined.

The fact that division by zero is undefined is not a matter of accident, or of
ignarance. It is not just a trivial little thing. It’s actually important. If
division by zero were defined, then a lot of what we consider standard math would completely
stop working. The fact that division by zero is undefined is a fundamental part
of the structure of our system of numbers; it’s one of the basic field axioms that define
the basis of how we understand the real numbers. Take that axiom away, and suddenly things
stop working.

It’s not impossible to create a system in which division by zero is defined. But if you do
that, you’re starting from scratch. Almost every theorem about real numbers relies on
the field axioms, and will therefore be invalid in your new system. So you’ll need to
re-derive almost everything. And it’s not just a matter of finding a different derivation;
many of the things that we take for granted will not work in your new system.

There are serious mathematicians who’ve played with the idea of defining division by zero.
(For example, someone – I think Conway himself – played with the idea of defining division by
zero in a variant form of the surreal numbers.) One good way of recognizing a crank is by
looking at what they do with their new division-by-zero defining system. A serious mathematician starts working out what affect their definition has on the basic axioms,
and what still works. A crank defines division by zero, and then proceeds to continue working as if they haven’t broken anything.

Mr. Cook has a paper on his page about his wonderful system and how it allows him
to prove the Riemann hypothesis. In the paper, he just blithely proceeds on
as if he hasn’t broken anything. He doesn’t show the slightest awareness that he’s
relying on axioms that he’s invalidated.

Moving on, let’s look at the next silly claim. Not only does this guy claim to have “solved” division by zero, but he claims to have developed a “theoretically unbreakable” public key encryption system.

Sounds great, doesn’t it? Using his brilliant division-by-zero techniques,
he can crack RSA; and he’s even got a replacement, which is an unbreakable public key crypto system.

Except, of course, “theoretically unbreakable public-key encryption” is basically a
very complicated non-sequitur.

It’s possible to create an unbreakable cryptosystem. In fact, it’s easy to
create an unbreakable cryptosystem. One of the easiest crytographic
systems is based on something called a one time pad. In a one-time pad, the
two parties to the communication share a very long secret – typically a book of
random numbers. To encrypt a message, you convert each character in the message
to a number, and add it to the number from the pad. To decrypt, you just subtract. Each
number in the pad is used exactly once, and there’s absolutely no pattern to the numbers. Once
a page from the pad has been used to encrypt or decrypt a message, it’s torn out and destroyed. If you don’t have a copy of the pad, you can’t decrypt the message. It doesn’t matter how much computer power you have available; it doesn’t matter how clever you are; it doesn’t matter what brilliant algorithms you can think up. Without the numbers on the pad, there is absolutely no way to decrypt the message.

Public key – aka asymmetric encryption – is an entirely different story. There
is no way to build an unbreakable public key system. You can make a system in
which it’s incredibly difficult to crack it – which is exactly the RSA model. But any public key system can be cracked by a brute force attack. It’s the nature of the system: you can’t possibly avoid that. For any possible public key cryptosystem, there’s
a straightforward brute-force attack:

   ct = Encrypt(pt, public_key)
   for i in PossibleKeys do
      attempt = Decrypt(ct, i)
      if attempt = pt then
          print "Private key = " + i

If you’ve got a public key cryptosystem, that attack will work. Period. There’s
no way around it. It might take a very long time. But it will work
eventually. Further, every public key cryptosystem is based on some fundamental
relationship between the public and private keys. A cryptanalyst can study that
relationship, and use it to refine the attack above. There is simply no such thing
as an unbreakable public key cryptosystem.

So without even knowing anything about how his “Neutronic” encryption purportedly
works, I can say that his claim is absolutely nonsense – worse than nonsense, it’s
an idiotic claim that demonstrates that Mr. Cook really doesn’t understand how
public key encryption works.

Further – he claims that he’s developed a way of cracking RSA. But nowhere on the site
does he do anything to support that claim. Mr. Cook and his fledgling company haven’t
demonstrated that. They’ve got no explanation of how their alleged break of
RSA works, beyond the division by zero rubbish – and that’s all built up on
incredibly, stupidly bad math.

Mr. Cook and his coworkers is a con-artist, trying to convince people to give him
their money. His claims range from unsupportable rubbish to nonsensical word salad.

Comments

  1. #1 KeithB
    February 26, 2009

    I think you are underestimating this guy, Mark. I think this is a scam, pure and simple. Much like that company that could losslessly compress things to just a few bits by re-compressing the compressed input.

  2. #2 LegalGeek
    February 26, 2009

    Does this guy believe what he is saying? It’s a hell of a lot of effort for a simple scam…

    And really, why are people so obsessed about ‘solving’ dividing by zero?

  3. #3 KeithB
    February 26, 2009

    You need a lot of effort to get folks to believe and to get it passed around the internet.

    All he lacks is a $10,000 challenge “If you can crack my encrypted message I will give you $10K!”

  4. #4 KeithB
    February 26, 2009

    Sorry to post again, but the other reason to have a lot of effort is that you have to convince *authorities* that you are a true believer.

  5. #5 sbh
    February 26, 2009

    When I was a kid, and we were learning division in school, the notion that division by zero was undefined irritated me. It seemed to me that there should be some sort of answer to it. Even the problem of finding the square root of a negative number had an answer–my father introduced me to imaginary numbers when I asked him about that subject. (My teacher just said there was no solution to that problem because any number multiplied by itself would be positive–or something like that.)

    My fifth grade teacher (who was an anti-evolutionist nut, not that that’s relevant here) claimed that division by zero was meaningless. You could take twelve apples and put them into four piles, or three piles, or two piles, but what would it mean to put them into no piles? Nothing. It couldn’t be done. So we shouldn’t worry about it and concentrate on things that could be done, like putting twelve apples into two and a half piles.

    My intuitive sense was that the answer should be infinity. As you divide a number–say one–by a fraction, the smaller the fraction, the larger the result. The closer that fraction is to zero, the closer the result is to infinity.

    My best friend’s mother taught math at a local college, and she attempted to explain to me why division by zero was undefined. I don’t really remember her explanation now, but I do remember her showing me a really interesting equation that seemed to prove that 1 = 2. Her challenge: could I figure out what was wrong with it. It took me awhile. The trick was that at a key point we were dividing by zero, although the expression was put in a form that hid its essence. Of course 0*1 is equal to 0*2, but that doesn’t mean we can divide both sides by zero to get 1 = 2. I think the main thing I got out of that was that division by zero was bad mojo. Divde by zero, and things break down. Badly.

  6. #6 SteveM
    February 26, 2009

    I went to his site and downloaded his “proof” of the Reimann Hypothesis. Now, I am but a simple EE so I’m not that familiar with the RH or Merten’s function etc. but it seemed to me that all he did in 63 pages can be summed as showing that sin(x)/x = 1 for x=0 and declared this to be some profound new type of mathematics (Neutronics).

    I can’t wait for their announcement of the ZPM (er “singularitron power source” or whatever they call it). Yet another “over unity” device, I’m sure.

  7. #7 Robert Thille
    February 26, 2009

    For the public-key-encryption issue, would it be possible to construct a system which for various different keys, would produce various different plausible messages, but only the actual key would produce the correct one?

    Something like:
    WK == Wrong Key, CR == Correct Key
    Decrypt(WK1,CipherText) => garbage
    Decrypt(WK2,CipherText) => garbage
    Decrypt(WKx,CipherText) => “Blow up the Federal Building in Washington @ 3:00″
    Decrypt(CK, CipherText) => “Release the poison gas onto the NYC subway”

    Such that a brute-force attack would yield too many possibly correct answers? That is, I assume that most decryption systems “know” when the have succeeded decrypting the CipherText with the correct key. In this hypothetical system, it wouldn’t, just like a OTP; all possible outputs from all possible keys are “valid decryptions”, and some of them yield messages which would be misleading.

  8. #8 SteveM
    February 26, 2009

    You could take twelve apples and put them into four piles, or three piles, or two piles, but what would it mean to put them into no piles? Nothing. It couldn’t be done.

    To add to that: look at it the other way around, dividing by two is not only “how many apples in each of two piles”, but also, “how many piles of two apples each”. This way you can think of dividing by fractional numbers; like “how many piles of half an apple each”, etc. Yes, as that fraction gets smaller the number of piles keeps getting bigger, but at zero, you still have a meaningless question: “how many piles with zero apple in them”. How do you distribute a finite quantity so there is absolutely zero of it in each bucket?

  9. #9 SteveM
    February 26, 2009

    re 7:

    seems like just a variation of the one-time pad. and not a “true” public encryption scheme. The recipient has to know which of the several keys is the correct one.

  10. #10 Mark C. Chu-Carroll
    February 26, 2009

    Robert:

    The thing about a public key cryptosystem is that you always have access to the algorithm and the public key.

    So – as in the algorithm I showed above – you get to *choose* the plaintext, and use it to generate a ciphertext. So you’re not just searching for a plausible result from the attempt to decrypt with a guessed password; you’re searching for the same plaintext you started with. So you do know when you’ve broken it.

    You can do things like overlap multiple plaintexts in an encrypted message, in order to mislead people. But one of the basic assumptions of cryptanalysis is that you have access to the algorithm; an attacker will know that there are multiple plaintexts overlaid, and that will likely give them an additional handle to use for finding a clever way of cracking the system.

  11. #11 Robert Thille
    February 26, 2009

    Oh right, duh. I wasn’t thinking of it correctly, as a public-key system, where you’d be trying to recover the private key. I was thinking of a symmetric system where the two endpoints shared the secret key. Thanks for pointing out my idiocy :-)

  12. #12 Joshua Zelinsky
    February 26, 2009

    This is also idiotic because he could easily demonstrate his claims if they were true. The RSA challenge may no longer be awarding cash prizes but the numbers are still out there. If he could say factor RSA-2048 people would pay a lot more attention to this guy.

  13. #13 John H.
    February 26, 2009

    Mark alludes to this indirectly, but would it be fair to say that if the encryption algorithm were unknown, then decrypting the message would likewise be impossible? Of course, no algorithm would remain unknown for long (and certainly not a PKE scheme). The real trick (of commercial encryption schemes) seems to be to come up with longer and longer keys, thus rendering the decryption time so long as to be effectively unbreakable (via brute-force attack).

    This whack-job scheme of Jeff Cook’s reminds me of the really bad science in Dan Brown’s novel “Digital Fortress.” Wrong on so many fronts as to be totally laughable. Then I see Die Hard 4 and realize where they got the idea for the movie. Sheesh!

  14. #14 DouglasG
    February 26, 2009

    This is the way I think about division by zero (and it being undefined.)

    We know that N*0 = 0 for all N. What would 1/N * N equal if N=0? For all N not equal to zero it would be 1. Thus, you either break N*0 = 0 for all N, or you break 1/N*N=1. So, you either break the zero multiplier or the inverse. Take your pick!

  15. #15 Mark C. Chu-Carroll
    February 26, 2009

    Re #13:

    Keeping the encryption algorithm secret doesn’t really help much.

    The moment you make it available for people to use, someone is going to figure out how it works. You can’t give out encryption
    devices/programs to users, and still keep the algorithm that it uses a secret.

    The general idea from cryptanalysis experience is that
    there’s a tiny theoretical advantage in keeping the
    algorithm secret – you make it incrementally harder for
    someone trying to break it. Unfortunately, the human factors destroy that advantage, because human users always put too much weight on the magnitude of the advantage of secrecy, and their resulting laxity ruins things.

    In fact, the number one problem in real cryptosystems is humans. I used to know a group of people at IBM who worked
    in security. They’d be hired by various companies to try to
    break in to their computer systems. They almost never had
    to do any cryptanalysis. Just call people up on the phone and
    trick them into giving you their password; or dress up as a tech support person and wire a capture device into a network or keyboard, etc.

  16. #16 SteveM
    February 26, 2009

    The moment you make it available for people to use, someone is going to figure out how it works. You can’t give out encryption
    devices/programs to users, and still keep the algorithm that it uses a secret.

    Mark, I think the answer you gave in #10 still applies even if you can’t figure out the algorithm itself; as long as you have access to it. That is, as long as you can feed a known cleartext into it to get a ciphertext and vice-versa, then brute force at guessing keys will eventually break it.

  17. #17 Mark C. Chu-Carroll
    February 26, 2009

    Re #16:

    That’s what I meant – no matter what protections you wrap around an encryption device, if it’s *usable*, then it’s possible for someone to get their hands on it and use it.

    When I started working at Google, we used a little crypto device for our VPN. You’d get a challenge, type it in to this little calculator pad, and then type the response back. The device was clever, and had a variety of tricks for trying to stop people from playing with it to figure out how it worked. But despite all of that, people could crack it. Once you have the device in your hands, there’s precious little you can do to stop someone from using it; and if they can use it, there’s not much you can do to stop them from probing it.

  18. #18 Alex Besogonov
    February 26, 2009

    Nitpick: using a linear operation to combine one-time pad data and your cleartext is not a good idea. Because it allows some attacks.

    Non-linear operations (like XORing or modulo addition) are much better.

  19. #19 William Wallace
    February 27, 2009

    I don’t disagree with your post regarding the company’s technobabble.

    But what do you think about quantum cryptography to generate one time pads. Not quite public key encryption, not quit exchanging long one time pads in advance. (The encoding used during the key exchange does need to be agreed upon in advance).

    Mark, I think the answer you gave in #10 still applies even if you can’t figure out the algorithm itself; as long as you have access to it. That is, as long as you can feed a known cleartext into it to get a ciphertext and vice-versa, then brute force at guessing keys will eventually break it.

    Among the most impressive feats I know about: the U.S. cracked the the purple code without having access to a device, if my memory is correct.

  20. #20 Mark C. Chu-Carroll
    February 27, 2009

    What do I think about quantum cryptography to generate one time pads? I think that that’s pretty much gibberish.

    One-time pads aren’t encrypted; they’re a stream of random data that’s used for encryption. What’s important with
    a OTP is that it’s unpredictable. There are many ways of producing good OTPs; using quantum-level events is one good
    way, but there are plenty of other techniques for generating good, unpredictable random-number streams. And in any event, using quantum phenomena for generating random data streams isn’t quantum encryption.

    Are you talking about using a quantum encryption channel to *transmit* the OTP? If so, that would work, but I don’t see the point: you might as well just use the quantum channel for transmitting the message. (For a OTP to really be useful, you need to have *at least* as much data in the pad as you do in the message to be transmitted; otherwise, you have to reuse parts of the pad, which defeats the entire purpose of using a OTP.

  21. #21 Uncle Al
    February 27, 2009

    Theorists boast promiscuity while empiricists pay child support. Have him factor an RSA product. That proves his thesis – with a big monetary reward. No output, no credibility.

    Residual polemic is fatuous. General Relativity accurately models Mercury’s excess 43 arc-second/century perihelion precession. Abundantly eliminated are theories that do not accurately model it.

    Does the Equivalence Principle have a parity violation? No EP test since Galileo and Stevin in the late 1500s has output other than a perfect net null. Test spacetme geometry with atomic mass distribution geometry not composition. Perform an Eötvös experiment opposing single crystal solid sphere test masses of enantiomorphic space groups P3(1)21 and P3(2)21 quartz.

    In all caases, theory predicts what observation tells it to predict.

  22. #22 mike
    February 28, 2009

    This is a great post. I would divide it by zero if I could. =p

  23. #23 William Wallace
    February 28, 2009

    [#20]Are you talking about using a quantum encryption channel to *transmit* the OTP?

    It could have been better stated as what do you think about “quantum cryptography” to negotiate one time pads.

    By quantum cryptography, is is probably a misnomer, but I intended it in the way Schneier describes it in AC2. I don’t think the quantum channel he describes should be used to transmit a message. Seems safe for negotiating/transmitting an OTP, but if there is an eavesdropper, you have no recourse if you transmitted plaintext. If you’ve transmitted a bits for an OTP, and detect an eavesdropper, you simply discard the bits.

    On the other hand, upon reflection, negotiating an OTP in this method let’s you rule out eavesdropping with a probability <1. So it doesn’t seem as secure mathematically as an old fashioned pre-arranged OTP.

  24. #24 William Wallace
    February 28, 2009

    well, it didn’t like the math. Let me try again. On the other hand, upon reflection, negotiating an OTP in this method let’s you rule out eavesdropping within whatever probability you want, but doesn’t allow you to be certain. So, in that regard, quantum cryptography is probably not as secure as the plain old OTP of yesterday.

  25. #25 Paul Murray
    March 3, 2009

    My intuitive sense was that the answer should be infinity. As you divide a number–say one–by a fraction, the smaller the fraction, the larger the result. The closer that fraction is to zero, the closer the result is to infinity.

    Mine too. The problem is that infinity isn’t a real number. That is: the set of real numbers includes 1, -3, fifty google and the square root of 2, but it does not include that quantity “infinity”. Likewise, the group of real numbers under multiplication/division does not include zero or infinity (although you can construct a group containing only zero and infinity that does).

    I’d like to see the JREF challenge this loon to decrypt a message of reasonable length, given a public key. (the message should, of course, include at least 128 bits of random giberish, chosen by physical dice roll. That’s 30 rolls of a d20.) His claim isn’t paranormal, but hey – if the JREF can do audiophiles, they can do math cranks.

  26. #26 AJS
    March 5, 2009

    Division by zero can’t be meaningful because multiplication by zero is not a one-to-one mapping. Whatever it may have been that you multiplied by nothing in the first place, you haven’t got any way of recovering it afterwards. Once you have performed some operation with a many-to-one mapping, and forgotten what it was that you started with, then you can’t know which of the “many” you want to go back to.

    The unbreakability of the one-time pad is another example of a many-to-one mapping, because you literally don’t know which of “ATTACK THE BRIDGE AT NOON”, “DEFEND THE FORT AT SUNSET” or “MY DAUGHTER HAS THE PILES” is the correct one. And it doesn’t matter what scheme you use to combine the key digits and plaintext digits. Even EOR is as secure as anything else in this context.

    As far as I understand it, there is an implied many-to-one mapping in public key encryption due to the use of modulo arithmetic. The encryption and decryption functions are inverses of each other within the limited number system you create. The thing is, you never keep track at any stage of how many times the clock actually rolled around — it isn’t important anyway as long as you have the decryption function, precisely because the two functions are chosen that way. But if you only have the encryption function and the ciphertext, then you’re left with an unsolveable equation.

  27. #27 MJD
    March 16, 2009

    “but I don’t see the point: you might as well just use the quantum channel for transmitting the message.”
    You can’t transmit a message though a quantum channel
    The whole point of quantum encryption is negotiating a OTP. the idea hinges on measuring entangled quantum particles. Alice creates two entangled photons and transmits one to Bob. Alice then measures the spin of the photon, and gets either a 1 or a 0 with an 50/50 probability. Bob then measures the photon and gets the same value. (The protection from eavesdropping relies on only two photons being produced, current systems generate more, and have been broken) However, neither Alice nor Bob can change what result appears. Therefore, no information can be transmitted, but they both know that they have the same random series of bits, which can then be used to encrypt the plaintext (In principle, this can be a OTP, but in practice some other cipher is used because bits cannot be generated quickly enough)

  28. #28 Mark C. Chu-Carroll
    March 16, 2009

    Re #27:

    Thanks MJD, for the very clear description. I didn’t understand what William meant; now I see. The kind of quantum crytography that I was familiar with was more in the cryptanalysis area, where they’re talking about using quantum computation for decryption, and what kinds of encryption algorithms might be able to avoid being cracked by quantum computers.

  29. #29 WestfW
    March 16, 2009

    Re: #5
    The “1=2″ “equation” and a good explanation can be found here:
    http://www.mathmojo.com/interestinglessons/1equals2/1equals2.html

  30. #30 MTGAP
    July 8, 2009

    ” ct = Encrypt(pt, public_key)
    for i in PossibleKeys do
    attempt = Decrypt(ct, i)
    if attempt = pt then
    print “Private key = ” + i”

    This only works if you know the value of pt. And in fact, if you know the value of pt, a similar algorithm also works for a one time pad. (Actually, if you know pt and ct for a one time pad, finding the key is trivial: just calculate pt XOR ct.)

The site is currently under maintenance and will be back shortly. New comments have been disabled during this time, please check back soon.