Transformation of Cryptography - Linda A. Bertram - ebook

Transformation of Cryptography ebook

Linda A. Bertram

0,0

Opis

The authors analyze over two dozen fundamental concepts of encryption, milestones, mega-trends and sustainable change in regard to Secret Communications. Beginnings and terminations within process and product life cycles lead in sum to a "Transformation of Cryptography", which requires an interdisciplinary approach: Innovative breakthroughs in Cryptography are discussed within this essay as a third Epoch of Cryptography like the solving of the key transport problem with the Cesura in Cryptography by Secret Strems and also with Juggerknot Keys. Multi-Encryption and the Exponential Encryption requires New Thinking for Cryptoanalysis - in alliance with the described concepts of e.g. Cryptographic Calling, Cryptographic Discovery and Fiasco Forwarding with Fiasco Keys. Mathematicians have with the calculation of the truth the human right of privacy in their hands - on the other side elaborated competencies and skills in the internet age are required e.g. to program applications and also to update first the terms and nomenclatura of today interfering interdisciplinary scientific views. As an educational outlook the further Democratization of Encryption is based on discussing the Transformations of Cryptography in teaching lessons and on the development of open source programming's, which provide not only insight in their codes, processes and algorithms, but also provide e.g. with Virtual Keyboards within the same computational process a Trusted Execution Environment (TEE) and a technical- and network-oriented solution for "Going the Extra-Mile": What that is? is described in detail at the end of this edition.

Ebooka przeczytasz w aplikacjach Legimi na:

Androidzie
iOS
czytnikach certyfikowanych
przez Legimi
czytnikach Kindle™
(dla wybranych pakietów)
Windows
10
Windows
Phone

Liczba stron: 56

Odsłuch ebooka (TTS) dostepny w abonamencie „ebooki+audiobooki bez limitu” w aplikacjach Legimi na:

Androidzie
iOS



Mathematicians and computer scientists have the human right to privacy in their hand through a calculation of the truth.

Until now, the creation, application, and research of cryptography and its algorithms and processes as well as the programming of corresponding software were reserved for state institutions, subject matter experts, and the military.

In the recent past, in addition to the centuries-old encryption with a secret key, the encryption with a key pair - consisting of a public and a private key - has been established.

In this case, by means of mathematical calculation (a prime factor decomposition) with the public key of the communication partner and the own keys, a message can be correspondingly encrypted and decrypted again.

It is an encryption not with a shared secret, but with a so-called "Public Key Infrastructure (PKI)"([02][16][25][44] [39]): Just the pair of keys, one of which can be public - and the other, which is private.

Since then, these two methods of encryption exist: The method of using a secret key is known as symmetric encryption ([54][21][15][04][01]) (both communication partners must know the password) and PKI encryption with a public and a private key is known as asymmetric encryption.

The description of the transmission of a symmetric credential in asymmetric encryption - without any major security concerns - was a milestone in cryptography.

Since then, modern cryptography has evolved steadily. Today, mathematical knowledge has greatly expanded with respect to the field of cryptography. Process-oriented, breathtaking concepts and inventions that have brought the protection of texts – our written communication – further forward and made it safer have also been discovered.

In the following, we want to highlight and summarize more than two dozen fundamental concepts, milestones, mega-trends, and sustainable changes to secure online communication and encryption that also provide a foundation for the need to teach with a modern Encyclopedia of Cryptography ([56]).

The heyday of "end-to-end encryption" (1)

The conversion to respective supplementation of point-to-point encryption with end-to-end encryption ([24]) has not only been carried out technically, but also in common language use: both encryption routes (point-to-point as well as end-to-end) have been present structurally, however, the awareness of end-to-end encryption has become increasingly important as Internet and mobile communications began to become more and more intercepted at the beginning of the 21st century.

Everyone today speaks of end-to-end encryption. Yes, "end-to-end encryption" is even used by many citizens as a term for "encryption" itself. We ask ourselves today if the connection between you and I is also completely encrypted, that is, completely encrypted from my end to your end, and thus without any gaps.

Because, a point-to-point encryption in e-mail and chat – such as with the well-known XMPP-chat ([61][32]) – means that the user to the server has transport encryption. The server can read the data, and then encrypt it before sending it again point-to-point (transport) encrypted.

This also shows that legacy chat protocols or transport encryption were designed at the time and that the corresponding applications today have architectural problems due to the lack of programming of (continuous) end-to-end encryption - or at least make efforts to fill these gaps.

End-to-end encryption often needs to be requested or prescribed and installed later.

For example, XMPP has released a manifest for encryption ([61]), but only a few clients and servers have improved their content and code so far.

There remain questions about a fragmented IT architecture as well as questions about the content quality standard: whether all modern possibilities can be elaborated in the lowest common denominator.

That means that the newer developments - firstly to equip the clients based on the algorithm RSA ([12][52]) with alternative algorithms such as NTRU ([36][67][11][23]) and McEliece ([50][06][20][51]), and secondly the option of a quick and frequent exchange of end-to-end keys - were postponed into one by the manifest undefined future.

In an IT landscape of numerous clients and servers, this requires considerable programming effort or, consequently, the exclusion of plain text on each forwarding server: If you wanted to disable all XMPP messengers with RSA encryption, and you would want to ban all servers to forward plaintexts - so they follow the end-to-end paradigm consistently - XMPP would be in a desolate state, as the infrastructure often could not achieve this quality and security status.

The manifesto remained gentle and predicted little: "This commitment to encrypted connections is only the first step ... and does not obviate the need for technologies supporting end-to-end encryption (such as Off-the-Record Messaging or OTR ([31]), strong authentication, channel binding, secure DNS, server identity checking, and secure service delegation" ([61]).

To „not obviate supporting end-to-end encryption in XMPP“ (ibid), does not mean to make it good practice or even mandatory.

XMPP thus remains - despite the pleasant standardization in the area - in terms of encryption, a dinosaur, which is best corrected for security reasons, because the common or even modern standard in terms of cryptographic processes is not achieved here.

Anyone who has grown up with plaintext-XMPP will possibly defend the well-known with high emotions and the cryptographical development - for example, that today is referred to further developed end-to-end encryption - becomes a crypto-war, if not a religious community-war, that ignites on developers, who have not yet been able to code-out the plaintext capabilities of servers.

For example, in his FOSS-ASIA presentation in 2018, Daniel Gultsch lists 8 out of 30 popular XMPP servers without XEP-0384 OMEMO ([28][69]) encryption with the comment: “The problem of the fragmented Ecosystem XMPP is that it has outdated servers, which don’t support those latest encrypting extensions. Part of the Solution is to make the problem visible” ([32]).

The conversion of this architecture and infrastructure to native and end-to-end encryption is not yet, at least years after the encryption manifest, in the best garb of good practice, as it was the case with the more promising XMPP-servers Prosody and Ejabberd.

However, the evolution of end-to-end encryption in other messengers and in IT in general now clearly shows that the paradigm of end-to-end encryption has become a predicate value, which sets secure encryption - without a third party reading in the middle - as a standard.

If a (at that time) de facto communication standard such as XMPP calls all - servers, as well as clients, e.g. to implement higher standards or even end-to-end encryption, and the implementation is still not sustainable, at least as long there is room for further activities and instances without encryption are not turned off, this shows not only the fragmented state with respect to antiquated standards, but at the same time a heyday of end-to-end encryption, which is on everyone's agenda today.