Snake oil or genius? Crown Sterling tells its side of Black Hat controversy

The last thing I would’ve wanted to do is start another company,” Grant, the CEO and founder of Crown Sterling, told Ars. “It’s like my wife asking me if we can have another child… I have two. And I am not looking forward to another child.”

But he and a collaborator believed that they had made a profound discovery, one that would fundamentally shake the core of modern encryption. “We thought, well, just out of a sense of responsibility, we should start a non-factor-based encryption technology,” Grant said. “And that’s what we did with Time AI.”

Crown Sterling claims that its Time AI cryptographic system will fix the breakable-ness of RSA cryptography by using an entirely different method of generating keys, one that doesn’t rely on factoring large prime numbers. Time AI is intended to resist cracking even by advanced quantum computing technology—which has concerned cryptographers because of its potential to more rapidly perform algorithms capable of solving the difficult math problems that cryptography relies on.

Time AI, announced by Grant in a controversial sponsored presentation at Black Hat USA earlier this month, is not yet a product. In fact, Crown Sterling has not published any technical details of how Time AI works. (Grant said that the company is working on a “white paper,” and it should be out by the end of the year.) An academic-style paper published by Grant and presented at Black Hat claims that most Internet cryptography can be cracked, but it has been challenged by mathematicians and cryptographers. And the company’s recent Las Vegas presentation was interrupted by one very persistent heckler and then disavowed by Black Hat, leading to a lawsuit against the conference.

So when Crown Sterling’s spokesperson reached out to offer Ars the company’s side of the story, around both Time AI and the now-legendary Black Hat event, we were eager to hear it.

Who are these guys?

Grant, a self-proclaimed polymath, has a background in the healthcare industry. “I helped lead the Botox brand,” he said. “I was formerly president of Allergan Medical—it’s a multi-billion dollar business. And I launched products that became household names to consumers [such as Natrelle breast implants, Juvederm injectable cosmetic gel, and Lap-Band adjustable gastric bands for weight loss surgery] even though they were sold through intermediaries.”

After leaving Allergan, Grant was president of an eye surgery equipment unit of Bausch and Lomb. When Bausch and Lomb sold that unit out from under him—an experience Grant discussed in his TEDx Orange County talk—he moved back into the “lifestyle health” industry. Almost all of the businesses that operate under the banner of his Strathspey Crown holding company are in some way connected to cosmetic or “wellness” focused health.

Grant claims to speak Japanese, French, Korean, and German fluently. His Crown Sterling biography states that he “holds several patents and various intellectual property in the fields of DNA and phenotypic expression, human cybernetic implantology, biophotonics, and electromagnetism.” And it also states that he “has multiple publications in unified mathematics and physics.”

Grant is also the director of the board of the Resonance Science Foundation, “the intersection of science, community and consciousness.” Grant has produced two video lecture series for Resonance Academy “delegates”. The first is called “The Etymology of Number,” a four-part series that “examines the discovery and evolution of the human understanding of numbers and their role in physics, chemistry, photonics, gravity, music, art, architecture, mathematics, measurement, time and human awareness.” The fourth lecture in the series “culminates in the presentation and discussion of a new unified ‘theory of everything.’”

The second series is called “The Language of Light,” an advanced six-part series that:

dives deeply into the ground-breaking discovery of new mathematical constants, derived from prime number patterns and their interactive role with known constants in forming the universe of geometry and embodied as a beautiful symphony of matter and life. This course attempts to unlock the mysteries of science and esoterica from a holistic perspective, combining history and ancient sites, ageless symbology, polymathic philosophy, biology, musical theory and alchemy… We also explore the practical application of these mathematical discoveries and how they can be utilized along with hertz EMGR (Electro-Magneto-Graviton-Radioactivity) to better understand time, the Inverse Square Law, biology, DNA genotypic and phenotypic expression, vacuum energy and matter transmutation.

Grant is also a scheduled speaker this October at the Conference of Precision and Ancient Knowledge (CPAK), where he will discuss “the real DaVinci Code,” as detailed in this trailer posted by CPAK:

Joseph Hopkins, Crown Sterling’s chief operating officer, is a senior partner and COO for Grant’s Strathspey Crown, and he also worked at Allergan in sourcing and procurement. Prior to joining Strathspey Crown, Hopkins was a procurement and operations advisory leader at KPMG. He claims to be a “thought-leader in the AI space,” according to his LinkedIn and Crown Sterling biographies, and to have “authored key patent applications about network security, identity verification, content security, as well as network tracking/use verification.”

Alan Green, (who, according to the Resonance Foundation website is a research team member and adjunct faculty for the Resonance Academy) is a consultant to the Crown Sterling team, according to a company spokesperson. Until earlier this month, Green—a musician who was “musical director for Davy Jones of The Monkees”—was listed on the Crown Sterling website as Director of Cryptography. Green has written books and a musical about hidden codes in the sonnets of William Shakespeare.

Many of the people involved in Crown Sterling are connected either to Strathspey Crown or the Resonance Foundation. But Grant insists that Crown Sterling has nothing to do with either of them.

“We are financed by ourselves as individuals, family offices and other accredited investors and there’s no investment whatsoever from Strathspey,” Grant said. The only relationship [to Strathspey Crown] is that my partner, Vic Malik, and myself are the founders of both organizations.”

How did all of this start?

Enlarge / The 24-sided "wheel" from Grant and Ghannam
Enlarge / The 24-sided “wheel” from Grant and Ghannam’s paper purporting to show the geometric relationship of prime and quasi-prime numbers.

“I have been working with a company in Southern California that relates to energy,” Grant said. “And in that context I was looking to understand the connection between electromagnetism and gravity, potentially. And so using a number theory approach, I found this pattern related to the number 24 that I published with a co-author by the name of Talal Ghannam.”

Ghannam is a former assistant professor at King Saud University. He holds a PhD in physics, currently works as a “physicist and data science consultant” for Crown Sterling, and was previously a science consultant for Grant’s Strathspey Crown. Ghannam has also self-published a book called The Mystery of Numbers: Revealed through their Digital Root, as well as a comic book about the Crusades called The Chronicles of Maroof the Knight: The Byzantine.

They wrote a paper about the topic. Parts of it were initially pushed out on Grant’s personal website in August 2018. A more templated, academic-style version was posted without review to Cornell University’s arXiv site in March 2019.

“The reason why I felt that 24 was so important—other than the fact that all prime numbers greater than three end up on the same modulus points or the same spokes of a wheel if you will—was because every prime squared number is always a multiple of 24 plus one,” Grant explained. “And that phenomenon, again, every prime squared number greater than three because two and three act differently than the rest of prime numbers do.”

That relationship, and some other patterns Grant and Ghannam postulated, was the basis for part of Grant’s presentation at Black Hat—and for Crown Sterling’s whole cryptography play.

On the Crown Sterling website, Grant’s biography refers to his paper as “related to his discoveries of quasi-prime numbers (a new classification for prime numbers), the world’s first predictive algorithm determining infinite prime numbers, and a unification wave-based theory connecting and correlating fundamental mathematical constants such as Pi, Euler, Alpha, Gamma and Phi.”

“What we found was that it relates to a sine/cosine relationship in wave dynamics,” Grant said. “And so we also went a step further to understand the numbers that were not prime, but were in the same modulus as the prime numbers—modulus one, five, seven, 11, 13, 17, 19 and 23—and found that all those numbers [quasi-primes] were similar to prime numbers, although they’re non-prime. But they were similar in that they were only divisible by prime numbers and products of primes, again, that are greater than the number three. So that allowed us to look at it very differently and to really only consider just by putting numbers in this icositetragon arrangement, or 24-sided polygonal arrangement, which is a geometrical correlation with prime numbers.”

Very large prime numbers are of course crucial to modern cryptography. In their paper, Grant and Ghannan said that by restricting searches for primes to those numbers within those moduli that passed other tests, the search area for primes within a specific range could be reduced to 30% of the total.

There are multiple criticisms of the paper. There are some basic errors in mathematics, according to Mark Carney, a graduate student at the University of Leeds. Also, several of the things that Grant and Ghannan called out as novel have been previously noted, such as the pattern related to the number 24. Multiple mathematical proofs have shown that when 1 is subtracted from the square of any prime number over 3, the result is divisible by 24. The same thing is true of any odd number that isn’t a multiple of 3. (Go ahead, get out your calculator and check.)

Carney notes that quasi-primes are not a “new classification for prime numbers”—they have been previously defined, and their use in algorithms for rapidly discovering prime numbers was outlined by Harold Diamond, H. Halberstam, and William Galway in a 2008 Cambridge University mathematical tract called “A Higher-Dimensional Sieve Method-With Procedures for Computing Sieve Functions.”

But Grant shrugged off these criticisms of his paper.

“You don’t need to be a mathematician with a PhD to be able to understand the paper that I sent,” he said. “Although there was kind of a weak attempt at a rebuttal that basically said that 24 is not fundamental; it asserted that. That is easily answered—Fibonacci numbers in digital root analysis repeat every 24, which is a fundamental part of nature. And as I said, the multiples of 24 are what appear when you start to square all prime numbers infinitely. So there is something fundamental to it. And I would really like to see one who would be able to show differently. And this is not the Sieve of Eratosthenes. It’s completely novel and that’s why we published it.”

Grant insists that the methodology he claims to have discovered “allowed us to be able to dramatically reduce the field of numbers that we consider for primality testing as well as for understanding what quasi-prime numbers are. And how this relates to encryption is that all encryption keys that use factoring-based algorithms, just like RSA encryption, are bi-primes, which would be a subset of quasi-primes. And so it’s always two prime numbers that multiply by each other that creates the bi-prime that becomes the public key in public key cryptography.”

Just how much faster this new approach might be at cracking RSA, Grant couldn’t yet say. “I want to be really clear,” he explained, “when we published the paper, we were publishing the phenomenon of the pattern and the geometrical connection to 24 and the polygon. We’re not from cryptography. So honestly I didn’t even know that encryption basically relied on prime factorization until I found this pattern. And then people told me. And then I of course quickly started looking into it to understand it better. But we did not publish in this paper a proof of how quickly we can factorize numbers.”

The lack of a published proof, Hopkins said, is because Crown Sterling’s team felt it would be irresponsible to disclose discoveries that would break encryption. Grant emphasized that point.

“We did that on purpose because we just said, look, more research is required around this topic,” he said. “But I will say to you that we will soon be publishing our efforts related to this and how we can pretty quickly decrypt RSA encryptions… we did not purposefully present on that at the conference, and we’re taking a very step-wise approach to how and when we publish this information because we know that we have to be responsible related to this. It’s got real issues with it.”

And Grant said that it was because of this discovery that he started work on an encryption technology that did not use prime numbers, “out of a sense of responsibility.”

How does crypto work?

Factoring massive prime numbers much more quickly would pose a problem for the commonly used RSA cryptography method. RSA uses randomly selected prime numbers for public and private keys. When they’re multiplied together, they create a composite number that is used as part of the cryptographic equation—allowing two sides of an encrypted conversation to communicate without revealing their private keys to each other. If someone were able to intercept the shared secret between the two—the composite number—they could try to discover the prime numbers used to create it and thus obtain the keys.

There has been a great deal of work in mathematics and cryptanalysis around the RSA algorithm’s use of primes. This work has already demonstrated that smaller RSA keys are vulnerable to cracking. In January of 2002, a group of researchers managed to successfully factor a 155-digit (or 512-bit) composite integer—the product of two primes, the type of number used in the RSA encryption scheme—in just over three and a half months, using an algorithm known as the General Number Field Sieve. That research showed that the 512-bit version of RSA was vulnerable and that larger 768-bit keys would likely be easily cracked in the next decade.

But the current standard for RSA is to use at least 2048-bit keys—numbers which when expressed in the decimal system would have 617 digits. Using current factoring methods, these keys would take over 6.4 quadrillion years to factor and crack using a standard desktop computer. Doing it quicker would require better algorithms, much more computing power, and probably an entirely different approach to computing technology—hence quantum computing, which takes advantage of the weird quantum effects of superposition and entanglement.

Such issues would not affect all online encryption. RSA usage in Internet communications, specifically as part of Transport Layer Security negotiated sessions, has plummeted since the Snowden revelations. It is now used in less than 10% of the “handshakes” used to establish secure TLS-based sessions.

The vast majority of sessions currently use a key exchange protocol called Elliptic-curve Diffie-Hellman. The latest version of the TLS protocol, TLS 1.3, doesn’t allow the use of RSA at all. Elliptic-curve Diffie-Hellman does use prime numbers as part of its algorithm—but it also uses coordinates of a point on a curve, so it requires an entirely different class of mathematical problem to discover both parts of a key-pair; “factoring primes” is not enough.

Still, Grant appeared to suggest that his method could crack both sorts of crypto. “This is pretty shocking to us, the math equation that underlies RSA encryption or elliptic curve,” he said. “We were shocked because I’ll tell you that we have the ability to crack both of those encryptions very quickly on standard computers, standard laptops, and we will be publishing this soon enough.”

Nicholas Weaver of the International Computer Science Institute at the University of California-Berkeley has some doubts. “Not only is [Grant’s approach] not optimal for factoring (the number sieve algorithm is substantially better),” he told me, “but the discrete log problem, on which the other major public key algorithms [including elliptic curve] are based, is not solved by factoring at all.”

How does Time AI work?

So how is Time AI said to work? Crown Sterling’s website describes Time AI as “a dynamic non-factor based quantum encryption utilizing multidimensional encryption technology including time, music’s infinite variability, artificial intelligence, and most notably mathematical constants to generate entangled key pairs.”

“It’s a very unique algorithm,” Grant said. “It’s based on mathematical constant numbers—like pi for example—that have infinite tails that can be derived through equations, that are then connected to an AI. Basically, the AI is writing its own music. And each of the musical notes has a time signature associated with it. And then we oscillate them at a scale of time that’s at 10 to the negative ninth power, which is in the nano scale of time. So it’s a very rapid moving target of a dynamic encryption key.”

“So what Robert just described to you,” said Hopkins, “is sort of like our quantum key generator and it also has to do with its own particular crypto system. And in terms of post-quantum, we also believe that Time AI would also be quantum resistant.”

To lend credibility to his claims, Grant said that “we have some very, very strong advisors to the company that’ve been working with us since literally the very beginning, and we’ll be announcing who those advisors are. They’re experts in the field of cryptography, truly experts. And we’ll be releasing that very shortly. But they’ve been with us since the very beginning and they’re quite willing as well to speak out on behalf of the company and what they know we have done and what we are.”

“One of them is Larry Ponemon of the Ponemon Institute,” Hopkins said.

“He’s very well regarded,” Grant added. “He’s worked with all government agencies. He runs a conference. And by the way, the presentation I gave there at Black Hat was identical to the presentation I gave at the Ponemon Institute in April in Arizona to about a hundred people. And it was extraordinarily well received. The only difference there is we did a demonstration right after the presentation decrypting RSA encryption.”

Ars attempted to reach Ponemon for comment but has not received a response.

Enlarge / Things got weird during a sponsored talk at this year
Enlarge / Things got weird during a sponsored talk at this year’s Black Hat USA conference. Now it’s spawning a lawsuit.

Fake boos

Time AI’s big moment at Black Hat did not go entirely according to plan. But Grant asserts that it went mostly well until the end—and that it was because competitors had conspired to stir things up.

“We live in a world of fake news and I’ll tell you one of the fake news things that we experience was that it was characterized in the media widely that I received boos and heckles from the crowd,” Grant said. “That simply did not happen at all.”

Videos of the talk show that the audience sat through the talk politely, but during the question-and-answer period Grant was challenged on some of the specifics of his paper. For the majority of the questions, he promised to publish details, if possible, at a later date.

“It was very cordial and they were asking questions, ‘Are you going to publish this,’ and I said, ‘Yes, we’re planning to publish it. We have not yet,'” Grant recounted. “But the topic of the discussion was just on the discovery of quasi-prime numbers. That’s it. And then one person in particular, a Mr.[Dan] Guido [CEO of Trail of Bits, a company with a cryptanalysis practice] stood up and started screaming.”

“One of our concerns is that from a code of conduct perspective,” Hopkins said. “We do believe there were absolute code of conduct violations here. And the fact that he was able to stand up and make these outrageous comments was evidence of that.” Guido was removed, but not by Black Hat’s security staff, Hopkins said.

I asked Guido about the incident. “I spoke up because I felt [the presentation] was insincere and conducted in bad faith,” he said.

“We went there in good faith,” Grant insisted. “We went to make a presentation there. There was not supposed to be a review process on what was presented. We also weren’t thrilled with the fact that Black Hat made a statement publicly saying that they removed the materials from their website, because there were no materials to remove. That’s a false and misleading statement. The only thing that they removed was that we even sponsored Black Hat, and that I had a talk session during the sponsored session, which was clearly marked as such.”

Grant said that he learned later that “it was probably the most popular or most widely attended of sponsored sessions… We certainly had a packed room.” And he claimed that the talk generated “a ton of interest at the conference and subsequent to the conference, both from the three sectors that we are basically targeting, which includes those that are in the consumer market related to data sovereignty, enterprise, and government. We literally met with everybody and we were very well received.”

So, in Grant’s eyes, his Black Hat session was incredibly successful.

If getting attention was his goal, Grant was correct. But the success of Time AI will depend on whether it actually works and is practical for general use. And that measure of success remains to be attained.

All Rights Reserved for  Sean Gallagher

One Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.