Russia: CRPT Posts Test Methodology For Crypto Code

CRPT, the company authorized to conduct the development, piloting and operation of the Russian government pharmaceutical serialization and tracing system, posted an important document last week.  The document is intended “…to unify the process of testing printing on the packaging of medicinal products of identification features using the verification code and electronic signature with the content in it of a different number of characters and the aggregation process of drug manufacturers to obtain comparable test results and their applicability in the framework of industrial implementation.”  Will it help you? 

Maybe.  At least you won’t have to translate it. It’s already in English.

The original governmental decree, #1556/2018, “Regulations On Monitoring System For Movement Of Medicinal Products For Human Use”, included the mandate that the Datamatrix barcode on drug packages must include the Global Trade Item Number (GTIN), 13-character alphanumeric serial number, a 4-character ‘Key’ and 88-character ‘Signature’ data elements, where the last two must be provided by a government web service or a government-supplied hardware device (see “Mixed Signals From Russia” and “More Details On The Russian Crypto-Code“).  But just a few days after the decree was published, CRPT announced their willingness to shorten the Signature data element to help improve printability and readability.  The questions have been, how short and what are the exact specifications?

This new document, available here, provides a little more information, but only enough for the pilot.  First of all, the document indicates it is for the “experiment” (the current government pilot).  The shorter lengths, listed as “Option 2” and “Option 3”, for the ‘Signature’ data element are 44 characters and 32 characters respectively (see Section 3).  The document also contains several extracts from the GS1 General Specifications, version 18.0 that are pertinent to the expected Datamatrix printing size (see Sections 5 and 6).

Section 11 of the document is a test results form for pilot participants to fill out, indicating detailed product, Datamatrix, printing parameters, reading parameters, grading…even the dust, static electricity and light levels of the “work area”.  The form also collects information about the use of the resulting barcodes for aggregation purposes, as an apparent practical test of readability—a good idea.

My assumption is that shorter ‘signatures’ are now allowed in the pilot and CRPT will collect data to compare the performance of the shorter versions against the full size codes.  My guess is that the government will still need to recognize and fully accept the shorter versions in some official decree before companies should expect to be able to use these shorter versions in production after their deadline (currently January 1, 2020 for most drug products).  As of now, the 88-character ‘Signature’ field is still mandated.  This new document indicates a scientific approach to determining the impacts on usability of the barcodes that result from various lengths of the ‘Signature’ data element.  The government can then decide what level of risk they can tolerate between the security of their Crypto Codes and the efficiency of supply chain operations.

My view of this is similar to my view of EFPIA flirting with serial number randomization that attempted to improve on the 1 in 10,000 probability of guessing a valid code that was mandated by the EU (see “Pharma Serial Number Randomization Under The Falsified Medicines Directive”).  Why force the industry to spend many millions of dollars (collectively) to go from 1:10,000 to 1:11,000?  Both are far more than sufficient to accomplish the goal of making it too hard to guess a valid serial number.  Will 44 or 88 characters in a Crypto-Code ‘Signature’ field be that much better than one with 32 characters?  Certainly not. 

But, in this case, they’re not worried that someone is going to guess the valid ‘Signature’ from a given GTIN+serial number pair.  What they’re worried about is that someone will be able to calculate the private key the government uses to construct all Crypto-Codes (for a given 4 character ‘Key’ value anyway).  Once someone calculates that private key, they can probably generate as many valid Crypto-Codes as they want, without detection.  The government would them be forced to switch to a different private key (once they realize someone has done it) and perhaps remove the compromised products—valid and counterfeit—from the market.  That would be a mess, so they need to settle on the length of the ‘Signature’ data element that is longer than criminal mathematicians can figure out, now and over the next 20 years or so

So, they have to ask, how smart will criminal mathematicians be in 20 years?  32-character smart?  44-character smart?  Or 88-character smart?  I guess we’ll know when they tell us how many characters need to be in the production barcodes for next year.  Until then, good luck in the testing.

Dirk.