List of more than 330 Entries
Introduction
Linda A. Bertram and Gunther van Dooble:
Nomenclatura: What does a modern “Encyclopedia of Cryptography and Internet Security” offer for the education, discussion and sovereignty of learning professionals? – An interdisciplinary view on the Transformation of Cryptography: Fundamental concepts of Encryption, Milestones, Mega-Trends and sustainable Change in regard to Secret Communications and its Ideas, Key-Terms, Definitions and Good Practice
Access Control
AE
– Adaptive Echo
AES
– Advanced Encryption Standard
AE-Token
Algorithm
Alice and Bob
Android
Anonymity
Answer Method
Asymmetric Calling
Asymmetric Encryption
Attack
Audit
Authentication
Authorization
AutoCrypt
Availability
Backdoor
Big Seven Study (2016)
Biometric Passport
Birthday Problem
Blinding
Block Cipher
Bluetooth
Botan
Bouncy Castle
Broadcast (in Cryptography)
Brute-force Attack
Bullrun (Decryption Program)
Button
Buzz / e*IRC
C/O
– (Care-of)-Function
CBC
– Cipher Block Chaining
Caesar Cipher
Certificate Authority
Chaos Theory
Cipher
Ciphertext
Ciphertext Stealing
Clientside Encryption
C-Mail
Collision Attack
Complexity
Confidentiality
Configuration
Congestion Control
Continuous Improvement
Corrective Action
Crawler
Credential
Cryptanalysis
Crypto-Agility
Cryptogram
Cryptographic Calling
Cryptographic Discovery
Cryptographic DNA
Cryptographic Protocol
Cryptographic Routing
Cryptographic Torrents
Cryptography & Cryptology
CryptoPad
Crypto-Parties
CrypTool
CSEK
– Customer Supplied Encryption Keys
Data Exposure
Data Obfuscation
Data Validation
Database Encryption
Decentralized Computing
Delta Chat
Democratization of Encryption
Deniable Encryption
DFA
– Differential Fault Analysis
DHT
– Distributed Hash Table
Digest Access Authentication
Digital Signature
DNS
– Domain Name System
Documented Information
Dooble Web Browser
DTLS
– Datagram Transport Layer Security
Eavesdropping
ECHELON
Echo (Protocol)
Echo Accounts
Echo Match
Echo-Grid
Echo-Network
Edgar Allan Poe
E-Government
ElGamal
Elliptic-Curve Cryptography
E-Mail Institution
Encapsulation
Encryption
Enigma Machine
Entropy
Ephemeral & Session Keys
EPKS
– Echo Public Key Share Protocol
ETM
– Encrypt-then-MAC
Exponential Encryption
Exponential Key Exchange
E2EE
– End-to-End Encryption
Facial Recognition System
Fiasco Keys & Fiasco Forwarding
File-Encryptor
File-Sharing
Fingerprint
FinSpy
FireChat
Firewall
Flooding
Forward Secrecy
Forward-Secrecy-Calling
Freedom of Speech
Freenet
Full Echo
F2F
– Friend-to-Friend
GCM
– Galois/Counter Mode-Algorithm
Gemini
GnuPG
– GNU Privacy Guard
Gnutella
Going the Extra Mile
Goldbug (E-Mail Password)
GoldBug (Software)
Goppa Code
Graph-Theory
Group Chat
GUI
– Graphical User Interface
Half Echo
Hash Function
HMAC
– Keyed-Hash Message Authentication Code
Homomorphic Encryption
Homomorphic Secret Sharing
HTTPS
Human Rights
Hybrid Encryption
Identification
IMAP
– Internet Message Access Protocol
Impersonator
Information Security
Information-theoretic Security
Information Theory
Innovation
Instant Messaging
Institution
Integer Factorization
Integrity
Internet
Internet Security
IPFS
– Instant Perfect Forward Secrecy
IRC
– Internet Relay Chat
Isomorphism
Iterated Function
Java
Juggerknots / Juggerknot Keys
Juggernaut PAKE Protocol
KDF
– Key Derivation Function
Kerberos
Kerckhoffs’ Principle
Kernel
Key
Keyboard
Key Exchange / Establishment
Key Size
Key Stretching
Keystroke Logging
KeySync
Lattice-based Cryptography
Libcurl
Libgcrypt
LibSpotOn
Listener
Login
MAC
– Message Authentication Code
Magnet-URI
Malleability
Mass Surveillance
Matrix
Matryoshka Doll
McEliece Algorithm
McNoodle Library
Measurement
Media Bias
MELODICA
– Multi Encrypted Long Distance Calling
Mesh Networking
Meta-Data
MITM
– [Hu]Man-in-the-middle Attack
MITM
– Meet-in-the-middle Attack
Mix Network
Monitoring
Moore’s Law
Mosaic
Multi-Encryption
Mutual Authentication
Neighbor
Netcat
Neuland
NIST
– National Institute of Standards and Technology
NOVA
NTL
– Number Theory Library
NTRU
Null Cipher
Number Theory
OFFSystem
OMEMO
Open Source
OpenPGP
– Open Pretty Good Privacy
OpenSSH
– Open Secure Shell
OpenSSL
– Open Secure Sockets Layer
Opportunistic Encryption
OTM
– One-Time-Magnet
OTP
– One-Time-Pad
OTR
– Off-the-Record
Ozone Address Postbox
Padding
Pandamonium
Passphrase
Pass-through
Password
Patch-Points
Pegasus Spyware
Pepper
Performance
PGP
Pigeonhole Principle
PKI
– Public Key Infrastructure
Plaintext
Plausible Deniability
Point-to-Point
Policy
POP3
– Post Office Protocol
POPTASTIC
PostgreSQL
Post-Quantum Cryptography
PRISM (Surveillance Program)
Privacy
Privacy Amplification
Private Key
Private Servers
Pseudorandom Number Generator
Public Key Certificate
Public Key Crypotography
PURE-FS
– Pure Forward Secrecy
P2P
– Peer-to-Peer
Qt
Quantum Computing
Quantum Cryptography
Quantum Information Science
Quantum Logic Gate
Rainbow Table
Random
Random Number Generation
Raspberry Pi
Remote Control Systems Spyware
REPLEO
Replay Attack
Requirement
RetroShare
Review
Rewind
Rosetta-CryptoPad
ROT13
Routing
RSA
Salt, cryptographic
SCTP
– Stream Control Transmission Protocol
SECRED
– Sprinkling Effect
Secret Streams
Secure by Design
Secure Channel
Secure Communication
Security
Security through Obscurity
Selectors
Server
Session Management
SHA-3
Shared Secret
Shor’s Algorithm
Side-Channel Attack
Signal Protocol
Simulacra
SIP-Hash
Small World Phenomenon
Smoke Aliases for Key Exchange
Smoke Crypto Chat App
SmokeStack
SMTPS
– Simple Mail Transfer Protocol Secured
SMP
– Socialist Millionaire Protocol
SMP-Calling
Splitted Secret
Spot-On Encryption Suite
SQLite
StarBeam (Ultra-StarBeam)
StarBeam-Analyser
Steganography
Stream Cipher
Super-Echo
Surveillance
Surveillance, global
Symmetric Calling
Symmetric Encryption
Symmetric Key
TCP
– Transmission Control Protocol
The Ali Baba Cave
The Bombe
ThreeFish
Timing
TLS
– Transport Layer Security
Token
Tor
Tracking Cookie
Triad of CIA
Triple DES
Trojan Horse
TEE
– Trusted Execution Environment
Turing Machine
Turtle-Hopping
Twofish
Two-Way-Calling
UDP
– User Datagram Protocol
URL
– Uniform Resource Locator
URL-Distiller
URN
– Uniform Resource Name
Vapor Protocol
Virtual Keyboard
VEMI
– Virtual E-Mail Institution
Vigenère Cipher
Volatile Encryption
Web-of-Trust
Wide Lanes
XKeyscore (Surveillance Program)
XMPP
– Extensible Messaging and Presence Protocol
XOR
YaCy
Zero-Knowledge-Proof
RnD-Questions
Index of Figures
Bibliography
Index of Keywords
Applied Instructions of Thessalonicher
Now we ask you, sisters and brothers, to acknowledge those who are working among you, who care for you and who admonish you. Hold them in the highest regard in love because of their work.
Don’t spit into the soup of others, if not able to provide excellent alternatives. Live in peace with each other.
And our desire is that you, sisters and brothers, warn those whose lives are not well ordered, encourage the disheartened, help the weak, be patient with everyone.
Make sure that nobody pays back wrong for wrong, but always strive to do what is good for each other and for everyone else.
Have joy at all times, stay curious, invent and create continually, give thanks in all circumstances;
Do not put out the light of the Spirit;
Do not treat prophecies with contempt.
Instead: Test them all and hold on to what is good (for yourself, me and all of us).
Introduction
Nomenclatura: What does a modern “Encyclopedia of Cryptography and Internet Security” offer for the education, discussion and sovereignty of learning professionals?
An interdisciplinary view on the Transformation of Cryptography: Fundamental concepts of Encryption, Milestones, Mega-Trends and sustainable Change in regard to Secret Communications and its Ideas, Key-Terms, Definitions and Good Practice.
by Linda A. Bertram and Gunther van Dooble
Until now, the creation, application, and research of cryptography and its algorithms and processes as well as the programming of corresponding software were reserved for state institutions, subject matter experts, and the military.
In the recent past, in addition to the centuries-old encryption with a secret key, the encryption with a key pair – consisting of a public and a private key – has been established.
In this case, by means of mathematical calculation (a prime factor decomposition) with the public key of the communication partner and the own keys, a message can be correspondingly encrypted and decrypted again.
It is an encryption not with a shared secret, but with a so-called “Public Key Infrastructure (PKI)”: Just the pair of keys, one of which can be public – and the other, which is private.
Since then, these two methods of encryption exist: The method of using a secret key is known as symmetric encryption (both communication partners must know the password) and PKI encryption with a public and a private key is known as asymmetric encryption .
The description of the transmission of a symmetric credential in asymmetric encryption – without any major security concerns – was a milestone in cryptography.
Since then, modern cryptography has evolved steadily. Today, mathematical knowledge has greatly expanded with respect to the field of cryptography. Process-oriented, breathtaking concepts and inventions that have brought the protection of texts – our written communication – further forward and made it safer have also been discovered.
In the following, we want to highlight and summarize more than two dozen fundamental concepts, milestones, mega-trends, and sustainable changes to secure online communication and encryption that also provide a foundation for the need to publish a modern encyclopedia.
The heyday of “end-to-end encryption” (1)
The conversion to respective supplementation of point-to-point encryption with end-to-end encryption has not only been carried out technically, but also in common language use: both encryption routes (point-to-point as well as end-to-end) have been present structurally, however, the awareness of end-to-end encryption has become increasingly important as Internet and mobile communications began to become more and more intercepted at the beginning of the 21st century.
Everyone today speaks of end-to-end encryption. Yes, “end-to-end encryption” is even used by many citizens as a term for “encryption” itself. We ask ourselves today if the connection between you and I is also completely encrypted, that is, completely encrypted from my end to your end, and thus without any gaps.
Because, a point-to-point encryption in e-mail and chat – such as with the well-known XMPP-chat – means that the user to the server has transport encryption. The server can read the data, and then encrypt it before sending it again point-to-point (transport) encrypted.
This also shows that legacy chat protocols or transport encryption were designed at the time and that the corresponding applications today have architectural problems due to the lack of programming of (continuous) end-to-end encryption – or at least make efforts to fill these gaps.
End-to-end encryption often needs to be requested or prescribed and installed later.
For example, XMPP has released a manifest for encryption (Saint-Andre 2016), but only a few clients and servers have improved their content and code so far.
There remain questions about a fragmented IT architecture as well as questions about the content quality standard: whether all modern possibilities can be elaborated in the lowest common denominator.
That means that the newer developments – firstly to equip the clients based on the algorithm RSA with alternative algorithms such as NTRU and McEliece , and secondly the option of a quick and frequent exchange of end-to-end keys – were postponed into one by the manifest undefined future.
In an IT landscape of numerous clients and servers, this requires considerable programming effort or, consequently, the exclusion of plain text on each forwarding server: If you wanted to disable all XMPP messengers with RSA encryption, and you would want to ban all servers to forward plaintexts – so they follow the end-to-end paradigm consistently – XMPP would be in a desolate state, as the infrastructure often could not achieve this quality and security status.
The manifesto remained gentle and predicted little: “This commitment to encrypted connections is only the first step … and does not obviate the need for technologies supporting end-to-end encryption (such as Off-the-Record Messaging or OTR), strong authentication, channel binding, secure DNS, server identity checking, and secure service delegation” (ibid).
To „not obviate supporting end-to-end encryption in XMPP“, does not mean to make it good practice or even mandatory.
XMPP thus remains – despite the pleasant standardization in the area – in terms of encryption, a dinosaur, which is best corrected for security reasons, because the common or even modern standard in terms of cryptographic processes is not achieved here.
Anyone who has grown up with plaintext-XMPP will possibly defend the well-known with high emotions and the cryptographical development – for example, that today is referred to further developed end-to-end encryption – becomes a crypto-war, if not a religious community-war, that ignites on developers, who have not yet been able to code-out the plaintext capabilities of servers.
For example, in his FOSS-ASIA presentation in 2018, Daniel Gultsch lists 8 out of 30 popular XMPP servers without XEP-0384 OMEMO encryption with the comment: “The problem of the fragmented Ecosystem XMPP is that it has outdated servers, which don’t support those latest encrypting extensions. Part of the Solution is to make the problem visible” (2018-08:55).
The conversion of this architecture and infrastructure to native and end-to-end encryption is not yet, at least years after the encryption manifest, in the best garb of good practice, as it was the case with the more promising XMPP-servers Prosody and Ejabberd.
However, the evolution of end-to-end encryption in other messengers and in IT in general now clearly shows that the paradigm of end-to-end encryption has become a predicate value, which sets secure encryption – without a third party reading in the middle – as a standard.
If a (at that time) de facto communication standard such as XMPP calls all – servers, as well as clients, e.g. to implement higher standards or even end-to-end encryption, and the implementation is still not sustainable, at least as long there is room for further activities and instances without encryption are not turned off, this shows not only the fragmented state with respect to antiquated standards, but at the same time a heyday of end-to-end encryption, which is on everyone’s agenda today.
And thus, old standards with this new standard outdates or stimulates the comprehensive revision with further steps because the end-to-end encryption has evolved itself, as follows:
Manifesting End-to-End Encryption in „Cryptographic Calling“ (2)
In many cases, encryption software has one encryption key per online session. As an example, the OTR encryption (a forerunner of OMEMO encryption) can be considered: Again, one key per session was sent.
However, more advanced programming can now send any number of temporary keys per online session through a secure channel. This is called Cryptographic Calling .
Secure communication with a friend has thus become convenient, as we know from a telephone call: pick up and call the handset, and end the session after or in the middle of a conversation by putting the handset back on its hook. Respectively for the smartphone generation: the conversation is ended with the push of a button. Regardless of the duration of each online session, especially on always-on devices.
Another criteria was that the previous session orientation changed into a generation of end-to-end encryption at any time. Forward Secrecy , meaning the use of temporary end-to-end encrypting keys, went into serial production with key generation. It broke out of congruence with the session.
Instant Perfect Forward Secrecy (IPFS) (3)
Cryptographic Calling meant that a time frame was no longer bound to sessions, but a user could execute a “Cryptographic Call” “at any time” and “immediately” and renew the temporary, end-to-end encrypting keys.
Perfect Forward Secrecy – that is, protection by temporary keys – has become “instant”: security has been implemented for immediate application and renewal, hence the term: Instant Perfect Forward Secrecy (IPFS) .
The Melodica Button (4)
In this context, another term emerged in the application world: The term “Multi-Encrypted-Long-Distance-Calling”. Alone in its abbreviation “MELODICA” it is already indicated that with end-to-end encryption should be played nimble and fast, it must be renewable at any time, much like a musician plays the keys on a musical instrument.
MELODICA was a button that allowed users to automatically renew the end-to-end encryption by pressing a button: The MELODICA button was built into the UI of Crypto Messenger GoldBug as a graphical element for the Instant Perfect Forward Secrecy (IPFS) process described above and logically the icon represented a piano keyboard with white and black keys.
When pressed, new symmetric keys are transferred for temporary purposes through a permanent secure channel to open a new temporary communication channel. However, the button disappeared with the elaboration of the various other methodological types of Cryptographic Calling.
Cryptographic Calling was first programmed into the Encryption Suite “Spot-On” in 2013 and then continuously elaborated and further developed. Today, different methodological types of Cryptographic Calling can be distinguished.
Elaboration of the methodical types of Cryptographic Calling (5)
More important than being able to renew the end-to-end encryption multiple times during a session (making it very difficult for attackers to succeed in attempting to catch or find end-to-end encrypting keys), was the fact that methodically could now be played with the existing hybrid encryption and Multi-Encryption.
The secure channel for transmitting temporary keys could be both symmetrical and asymmetrical.
And now, in the asymmetric channel, either a symmetric key could be used for the temporary forward-secrecy key, or a temporary asymmetric public key could be used.
The same was due of course vice versa for a symmetrically-encrypted channel. And thirdly, the temporary key no longer needs to be sent through the permanent key channel, but can also be sent through a secure channel of an existing (previous) temporary key.
For example: An (asymmetric) temporary key follows a (symmetric) temporary key. With the Spot-On-Encryption Suite, which established the Cryptographic Calling, therefore, at the same time a quasi birth – at least one hour of enrollment – of the programmed Multi-Encryption was given:
No other encryption program encrypted messages multiple times at this time and was able to send the new temporary keys so varied and instant.
The various types of Cryptographic Calling joined the now historic MELODICA button, as there were now more than a handful of possible ways and variants of calling, as the article entry to this in the encyclopedia further elaborates.
With Cryptographic Calling, (possibly already multiple) encryption received another encryption layer.
Multi-Encryption (6)
Applied programming of hybrid encryption (means in the end that different variants are used at the same time or one after the other) finally led this theoretical and so far little-studied concept of Multi-Encryption with its variety of options into practical application processes.
It is with the Multi-Encryption not only about encrypting a ciphertext again. It’s also about possibly changing the algorithm of encryption in the second round.
While an algorithm knows several rounds, operations, repetitions of e.g. substitutions, multi-encryption now puts a whole new dimension on top of it: If Plaintext has been converted to a ciphertext with the RSA algorithm, and this is then converted to another ciphertext by the McEliece algorithm: What comes out at the end? And can this be better or worse analyzed using the usual methods of cryptanalysis ?
It is no longer just a question of substituting individual characters, but a completely new algorithm is applied to the ciphertext end product of a previously used algorithm.
Multi-Encryption thus consists of three main areas: The multiple encryption (conversion from ciphertext to ciphertext), and secondly, a mixture of algorithms, to thirdly the mixture of methods; which could certainly also fall under algorithms, therefore we say: Process chains: The mixture also of the transfer ways of the keys, for example, complements methodically and procedurally the mixture of algorithms, because it is a difference whether RSA-AES-McEliece triple changed ciphertext is sent through a channel of a permanent key or is sent through the channel of a temporary key.
Multi-Encryption has become the mega-topic of current cryptography and its analysis through this applied programming and conceptual elaboration; and was named as a research area in many online portals and forums like Reddit and others – more than ever before on the agenda.
Further research will be dedicated to these three aspects of multi-coding, as this new quality may also reveal security gaps or vulnerabilities of certain algorithms.
As an example: Is ciphertext, which has been converted three times with RSA-AES-McEliece, more meaningful in reference to a plain text than a just one-time RSA-only converted plaintext to ciphertext? Or in the comparison of three times with RSA converted plaintext? Respectively is three times RSA-converted text less secure than a three times McEliece-converted text?
Of course, Multi-Encryption is also associated with interests at the owners of existing solutions, definitions and processes, if the structure could be strengthened or weakened by an algorithm, if ciphertext is again converted to ciphertext by a (further) algorithm.
The applications which up to now use Multi-Encryption assume that the encryption becomes particularly secure if ciphertext is repeated for another conversion to ciphertext, e.g. if it is encrypted symmetrically and then sent through a TLS channel. For the reverse conversion from ciphertext to ciphertext in several rounds, additional security must therefore be assumed – until dedicated research studies could indicate otherwise. Anything else would be illogical assumptions, because: Double-encrypted is better.
Multi-Encryption requires programming knowledge from mathematicians (7)
Combinatorics can no longer refer to the application of only one procedure from a discipline, but integrates hybrid and multiple up to exponential processes from different disciplines. The practice and theory of encryption is complete, if, in addition to mathematics and combinatorics also applied programming is added, as well as: If network theory, graph theory, and other departments are supplemented.
Cascading and Multiple Encryption is not only a young field of research, but gets and finds significant boost and complementary additions in all these neighboring disciplines. If you want to deal with encryption in the future, at least together with your team one should also be able to program appropriate software for Multi-Encryption and the mathematical algorithms in one of the popular developer languages: Mathematical calculations have to be supplemented by the knowledge of applied software programming in order to be able to obtain the resulting ciphertext by the computer-aided calculations.
REPLEO (8)
In the centuries-old symmetric encryption with a password or an known algorithm, which reverses the letters or characters, the key may under no circumstances be revealed – also according to the well-known Kerkhoffs’s principle – that states, that not the algorithm should be protected, but in particular the key.
Indeed, Kerkhoffs lived at a time when there was still no asymmetric encryption existing with PKI respectively a private and public key. But what if this principle would be also applied to asymmetric encryption? Anyone here would say that the “public key” does not mean “public key” for nothing? – It can be made public. However, it is though technically possible, as soon as I have received the public key of a friend, to convert my own public key – before sending it – with this, their public key to ciphertext. This is called REPLEO and protects the public key.
The Kerkhoffs’s principle referred to asymmetric encryption – aka titled “Kerkhoffs’s principle of asymmetry” – is thus a REPLEO, which also encodes and protects the public key of PKI at a transfer of the key.
But this is not yet a solution to the key transport problem – which is essentially in the symmetric encryption with a passphrase – instead it is only a protection of the public key of asymmetric encryption, for those who do not want to make this public key public to everyone.
But how can a symmetric key, a secret passphrase, be securely transmitted over the Internet? By sending it over a secure channel. One possible method dedicated to this question was given with a so-called EPKS channel.
The EPKS-Method (9)
Symmetric keys – e.g. a passphrase – can be securely transmitted between two nodes on the Internet using an EPKS-channel . The EPKS-channel allows to send the key over this channel. And channel message recipients have then automatically integrated the key into their instance, and could use this key to further decode messages.
The EPKS-channel was first integrated also in the above-mentioned Encryption Suite, as it was one of the early comprehensive software that sent keys through encrypted channels, which in turn could be then used as an own encrypted channel.
It is implemented there in such a way for any content or purpose, however, it was integrated for the transmission of URLs or own bookmarks from a URL database to a friend or circle of friends as a default template (URL Community).
The automated transmission and integration of keys over the EPKS-channel was presented as a model of secure key transmission with this concept capture and programming within the so-called Echo Protocol : Echo Public Key Sharing (EPKS).
AutoCrypt (10)
In derivative applications, concepts of automated key transfer and key integration of EPKS have been deduced, e.g. also integrated under the name AutoCrypt in various e-mail and chat applications. At the beginning, two e-mail users exchange an e-mail that ensures that both users can swap their public PKI key. If this is the case, the keys are exchanged and all other e-mails are continuously encrypted with the public key.
Reading State-of-the-Art Signals: Fiasco Forwarding with Fiasco Keys (11)
Thus, when a subscriber resends with old traditional messengers after a received message again for the first time, he / she renews the session key material again by a so-called Diffie-Hellman key exchange (asymmetric key), in which e.g. its own new key is combined with the already-known key of the remote station (D/H-Ratchet).
In this Ratchet method, symmetric keys are derived from the session key material using a key derivation function. Since the key derivation function is based on a hash function, this step is called a hash ratchet. For each message, the protocol relays one of two hash ratchets (one to send, one to receive) initialized based on a shared secret from a D/H-Ratchet.
At the same time, it tries to provide the remote station with a new public DH value at each opportunity and to push on its own local DH ratchet each time a new public DH value arrives from the remote station. This method has been incorporated in numerous known commercial messengers (such as WhatsApp).
Security experts see weaknesses here, when in commercial or even proprietary products no own server can be used. In addition, the schematic consequence of “pushing on” the keys is considered a special vulnerability: If a key is in a defined location, it is also easy to find.
And: Keys are still being exchanged, which could be derived using a zero-knowledge-proof-method without exchanging the key.
After all, why not create and send a dozen keys per chat message that are collected in a pool and are all tried out, from the most recent to the oldest, per received message? Or also create (symmetric) keys that are formed according to a two-way calling by both sides, in which each communication partner contributes 50% in the generation and exchange of the secret, symmetric password in this type of Cryptographic Calling? Fifty-Fifty as a method in the formation of common keys.
This further method of sending numerous keys – besides two-way calling – is called Fiasco Forwarding with corresponding Fiasco Keys and was first developed in the Smoke Messenger as Java code.
Although this messenger is not commercially distributed and therefore less popular, it is on the protocol level, a fuller and more secure security-design than the previous mentioned Signal Protocol for end-to-end encryption with a Ratchet method, which also inserts no manual and individual Cryptographic Calling (end-to-end encryption with user-defined passphrases), do not allow the use of easy-to-administer own servers and even is not open source when using popular communication servers.
So anyone who turns the Signal Protocol – as this schematic Ratchet method is now called – in the sense of mobile encryption as state of the art, is no longer up to date: The extremely volatile design using Fiasco keys or a Fiasco Forwarding has significant advantages over other, more schematic protocol implementations.
With these innovations – REPLEO such as EPKS or the derivative AutoCrypts – on issues of the key transport problem, the key transmission is only better protected with a further layer of security respectively (at AutoCrypt) more convenient for the user only through automated key acceptance.
However, Fiasco Forwarding with its Fiasco Keys multiplies the number of keys in advance and further develops schematic procedures with so far only one key per message, so that one can speak of a Volatile Encryption .
Volatile does not mean that encryption is shaky and uncertain, but volatile encryption refers to unsteady and temporary keys that are fluctuating, volatile, and evaporating – thus reducing the chance of decryption by multiplying the amount of decryption attempts required per message.
A fundamental innovation in terms of key transmission and risks is the innovation of the Secret Streams and Juggerknot Keys. The key is no longer transmitted via the Internet, but mathematically and methodically formed and derived on each side.
The third Epoch of Cryptography: Solving the key transport problem as another innovative breakthrough in cryptography? (12)
As has been the case, the passing on of a symmetric key – a passphrase – to the communication partner constituted until recently a security-relevant problem and a central aspect of the analysis in order to decrypt cryptography, or to gain insights for it.
Another innovative breakthrough in cryptography was given with another step in the solution of the key transport problem, which was evidenced by the two concepts and programmed procedures “Secret Streams” and “Juggerknot Keys” .
With that, two communication partners can communicate encrypted with each other via an Internet infrastructure, without having to transfer the current key via the Internet. These potentials offer epochal changes in cryptography.
Because the application of a zero-knowledge proof for the derivation of keys on both sides of the communication partners from a common unspoken level of knowledge, the external is not obvious, is not only mathematically brilliant, but also represents a groundbreaking development in cryptography in this process design when the well-known key transport problem experiences these various innovative solution perspectives.
Let’s describe each innovation in this new direction in turn:
Cesura in Cryptography: Secret Streams (13)
Secret Streams denote the creation of numerous temporary keys, that are in the build process derived from a not-over-the-network transmitted passphrase. The keys come or derive out of a Socialist Millionaire Process (SMP) .
In this process, both friends enter a secret password in their client – and this is not transmitted over the Internet. Using a mathematical method, a zero-knowledge proof, it is determined whether the same password has been entered on both sides.
The so-called Socialist Millionaire Protocol produces the mathematical calculation of this Zero-Knowledge Proof.
The Socialist Millionaire Problem is one in which two millionaires want to determine if their wealth is equal without disclosing any information about their riches to each other. It is a variant of the Millionaire’s Problem whereby two millionaires wish to compare their riches to determine who has the most wealth without disclosing any information about their riches to each other.
If the mathematical SMP proof is successful, it can be assumed that both communication participants have entered the same password into the mathematical process in each of their clients – without, however, that this password has ever been transmitted over the Internet.
This method of the Secret Streams, which until now has only been used in two programmings, as well as the Juggerknot Keys might therefore be regarded as further milestones – if not even as the beginnings of a possible new epoch – in cryptography: While we have just seen above that end-to-end encryption is currently experiencing its popular heyday, this flowering has long been outdated by this cryptographic design: passwords encrypting end-to-end no longer have to be transmitted over the Internet!
It certainly needs furthermore secure channels, but there is no need to transfer a key online over these channels – as it was the case when sending a symmetric key.
While the PKI as a “new direction” has become modern with the secure transmission of the key in the Diffie-Hellmann exchange, today it is also for the symmetric encryption pointed out that – thanks to this “new direction” Secret Streams – no symmetric key must be transmitted anymore over the network from one end to the other end.
Secret Streams can be another big step in cryptography following the invention of asymmetric encryption, solving the key transport problem and eliminating Kerkhoffs’ principle.
Thus, Secret Streams could also be discussed as Kerkhoff’s Principle Number 2, as a dialectical reference function of Kerkhoffs’s Principle, or even as Kerkhoffs’s Inversion.
Of course, both communication partners first have to discuss a common level of knowledge or experience with minimal communication: e.g. in advance in real life.
In the way: Can you still remember the name of the restaurant in which we met? Please enter this name as a phrase in the communication client.
The phrase is not transmitted over the Internet, but the mathematical calculation of the zero-knowledge proof shows us whether we both entered the identical passphrase; and we too are authentic persons. Then numerous temporary keys are derived identically on each side by the method / function of the Secret Streams.
Secret Streams are programmed in C ++ and were first developed in the popular and already named Encryption Suite Spot-On.
They offer potential to dispense with the transmission of keys in secure and unsecured channels of the Internet.
Cesura in Cryptography: Juggerknot Keys (14)
An elimination of the key transport problem is also found in the Juggerknot Keys. These are exemplary programmed in Java (in the application of the Crypto Chat Messenger Smoke for the Android operating system) and build on a similar method of a Zero-Knowledge Proof: With the difference that here not a (Socialist-Millionaire) SMP process was used, but the mathematically-similar process of the Juggernaut PAKE Protocols , in which both communication partners – each on the own side – also enter a secret phrase, which in turn is again not shared over the Internet. Then, temporary end-to-end encrypting keys are derived.
Also here it can be spoken not only of a mathematically-stunning process, but also of an innovation in cryptography: Encryption without a critical transfer of the key over the Internet.
After symmetric encryption, the establishment of asymmetric encryption and now the solution of the key transport problem with zero-knowledge proofs with derivative keys, this third epoch of cryptography is not only a new descriptor for theoretical cryptography, but also a model for programmers in their applied development, since the open source programming in both major programming languages (C++ and Java) are available as software libraries. Now you might want to consider that you have to exchange a secret before using the online Internet infrastructure, so this is only partially correct, because it is about picking up a keyword from a common pool of experience, without naming this keyword. Ultimately, in the simple case, each communication partner is indexed or mapped only once with an alias, and henceforth, encryption can take place without the transfer of keys over the Internet – each with freshly derived keys.
So, if the British agent knows that he has to mentally map his friend, the American agent, with the password “Houston,” and the Russian agents with the password “Moscow” and the Chinese agents with the password “Beijing,” then they need in the third epoch of cryptography no key exchange anymore, but only a messenger and appropriate network or Internet architecture (i.e. an online connection) to communicate undisturbed. When the British agent talks to the American agent, they both enter the phrase “Houston”.
Transferring current (fresh) keys over the Internet is no longer necessary; they are derived from the remembered agreement of both communication partners, which only need to be agreed once and then mathematically proved – that means at the same time, the communication partner is also authenticated – but can henceforth communicate under the paradigm of “Instant Perfect Forward Secrecy” (IPFS).
The solution of the key transport system by means of Secret Streams and Juggerknot Keys, in which the symmetric key on both sides are formed by a mathematical zero-knowledge process and therefore no longer have to be transmitted over one channel, defines a new perspective for programming and the further future in cryptography.
Machine learning using cryptographic tokens – using the example of the Adaptive Echo (15)
Using cryptographic tokens not only machines in the network can be controlled, but also paths can be defined according to a graph design in the network. As an example, the elaboration of the Adaptive Echo may be mentioned, in which a connected node excludes by means of a cryptographic token that another connected node receives a certain information.
The uninformed node does not even know that its connected network environment is denying it a particular message.
This would be comparable to a historical example in the analogue world, as if in August 1941 Admiral Kimmel had been deprived of “Security Reasons” (Possony 2013: 204) as well as Pearl Harbor itself highly significant news related to the port and the fleet, and the Japanese apparently did not send the messages – or at that time the decoding codes – anymore.
In today’s digital network, machines and nodes therefore learn when they receive information, or else they receive no information. Adaptive protocols are therefore to be combined with an Environmental Learning.
“Machine Learning” has become “Environmental Learning” because the context of all machines in the network has to be considered when neighbor machines learn by not including their own machine in the learning process of others.
Adaptive protocols such as the aforementioned AE Protocol give us the opportunity to modernize and refine the terms and content – as it is comparable the case with: “good practice” rather than “best practice” and “extra-occupational learning” rather than “lifelong learning”, or “Work-Life-Learn-Balance” instead of “Work-Life-Balance”. And here: “Environmental Learning” instead of “Machine Learning”.
It would still be comparable if this encyclopedia is exchanged as a book among the learners, but the teacher is not informed. With the question or suggestion of a pupil in class as to whether the practice of a “cryptographic cafeteria” can be provided in the classroom (as further explained in detail at the end of this paper), it would be possible for the student to determine with the teacher’s answer whether the teacher would be an included or exempted “network node” with knowledge of this lexicon.
While the Borg collective known from the Star Trek films assimilates and alters new entities, environmental learning deals with exactly the reverse process: extracting a node from the flow of information, so that other machines have a knowledge leap or information advantage, and learn accordingly and the assignment of rights for a neighbor machine is defined. Thus, by means of Cryptographic Tokens and adaptive protocols (such as the AE protocol), a machine – and also often human beings – can only collect the information that is also made available to them.
This leads to the process of Cryptographic Discovery . These are “discovery processes” that use cryptographic values in a network landscape. Machine Learning has expanded into Environmental Learning and will then merge into an encrypted environment in the concept of Cryptographic Discovery:
Cryptographic Discovery (16)
The concept of Cryptographic Discovery can be understood in the sense of a Distributed Hash Table (DHT), which further develops it.
A DHT is a data structure that can be used, for example, to record the location of a file in a P2P system. The data is distributed as evenly as possible over all existing storage nodes. Each storage node corresponds to an entry in the hash table. The self-organizing data structure can thus map the failure, accession and exit of nodes. However, this carries security risks: each node knows the address and memory content of all other nodes.
In the concept of Cryptographic Discovery information is now passed on the basis of cryptographic tokens, so that a server can collect information about its environment, in particular via a graph to be controlled to reach the destination, without having to directly index or know the target itself.
For example, if a server receives the information that Alice can be reached through Bob, it does not have to send information to Alice over the route of Ed or Maria. This concept is based on Machine Learning – or, as we have learned, better: Environmental Learning – through cryptographic tokens, as found, for example, in said adaptive protocol. Cryptographic Discovery will therefore need further research in this regard. This concept paper of the communication server SmokeStack was also used there for pre-programmed processing, which has to be taken up further in terms of information-theoretical analysis as well as with regard to analysis of the program code as a research topic.
This process was bundled in the neatly-worded “Beyond Cryptographic Routing”. It is no longer just about replacing the IP address with a cryptographic value that has been formed, be it through a cryptographic hash function or through a public cryptographic key. But it is about that routing in a “flooding network” or better: “mesh network” is basically target-less, so we can no longer speak of routing. The “New Direction” is: Some also have “No Direction”. Complex chaos. Therefore “Beyond Routing”. This has become analyzable and describable from the Echo Protocol published since the first decade of the 21st century.
Beyond Cryptographic Routing: The Echo Protocol (17)
The Echo is a protocol that has been established for many years and is implemented in various applications as well as servers for encryption and network design. It creates a flooding or mesh network with its basic rule that the encrypted packets are forwarded to all connected nodes. As with an acoustic echo, all can hear the echo after sending the signal.
It can also be compared to dolphin communication: each dolphin sends out a signal to be picked up and processed by any dolphins surrounding it. Each node that is connected, or any dolphin that can receive the signal or message packet, will process it.
Each node is also a simple reflector in the echo protocol, because every packet that comes in is also sent out again.
Finally, every sent packet in the Echo protocol is always encrypted. And: It can also be Multi-Encryption. Not only is the flooding character freer from data retention analysis (with their meta-data to: Who sends when to whom?), But because it carries the character of “Beyond Cryptographic Routing”, there is in the analysis no destination address assignable.
Encryption occurs at three possible levels: First, the encrypted packet is secured with asymmetric encryption, that means the public key of the communication partner is used. Furthermore, the message itself can be e.g. encrypted by means of the Cryptographic Calling symmmetric (with a passphrase) and thirdly, this packet is sent through an SSL/TLS-secured (self-signed) channel to the communication partner.
These potentials, which develop when Multi-Encryption and Graph Theory combine, offer a whole new paradigm and high-quality, further research content with this now in numerous clients such as Spot-On, GoldBug, FireFloo, Smoke Messenger, and Smokestack Server Software built-in and well-documented encryption protocol.
In addition to the three layers of encryption and the two basic features of the protocol (fundamental encryption and fundamental shipping to all connected neighbors), a third and further feature of the Echo protocol is an independent innovation and a milestone in cryptography: The characteristics of the Echo-Matches. Because this increases the security of encrypted communication in networks centrally. So why is the echo destination-free and sender-free and therefore particularly secure?
The Echo-Match (18)
The Echo-Match is the core idea of the Echo: The plaintext of the message is hashed and the hash is appended to the ciphertext as encrypted capsule.
If a recipient with the stored keys of their friends can reconvert the ciphertext to plaintext, and the hash of the ciphertext matches the supplied hash, the message has been successfully decoded with this right key and will be delivered.
Since the hash of the ciphertext message is not invertible and there is no information about the plaintext, it can be safely enclosed. The hash comparisons before decryption attempts of the encrypted echo capsule are then called an Echo-Match.
A successful Echo-Match decides whether the message is displayed in its own client.
The echo match is designed by the supplemental Vapor Protocol to follow the logic of the TCP protocol , that means, if an encrypted capsule in a node has been successfully read, a message is returned to the sender again as an acknowledgment.
This can be used to replace the TCP protocol with the Vapor protocol based on the Echo and the Echo-Match, when it comes to creating a completely encrypted network communication, which nevertheless takes place destination-and-sender-free and due to the match-check remains sovereign on your own machine in localhost.
Exponential Encryption: The amalgamation of graph theory with encryption (19)
Combining the just-presented way of multiple encryption with the graph theory, derives from the principle of the Echo Protocol (that each encrypted message is to be sent to all connected nodes) – a multiplying, even Exponential Encryption (Gasakis/Schmidt 2018).
It is reminiscent of the historical example of rice grains on a chess board field that doubles with every other field on the chessboard. So-called Congestion Control filters out once processed messages in a node again and relieves the CPU, if a message has already been forwarded and should be forwarded on the chaotic use of the graphs to a node a second time.
The POPTASTIC-Protocol: Chat over E-Mail (20)
Encrypted messages have harmonized e-mails and chats in the common term Messages. Why should you look at emails and chats differently? So on the technical level logically with the POPTASTIC protocol chat also over E-Mail servers like POP3 and IMAP was made possible.
This has been published in 2014 in the Spot-On Kernel as a concept and as programmed code in the messengers Spot-On as well as the GoldBug Messenger.
It was not only described in detail in the project documentation, but also analyzed in detail in the Big Seven study by auditors (2016, ). Since then, numerous mobile clients such as Delta Chat , Ox Talk, Lettera, and Spike have used and developed the POPTASTIC protocol for encrypted chat over email servers in addition to GoldBug and Spot-On.
Since email servers are available everywhere as an infrastructure, the POPTASTIC chat over email has also solved the server issue in communications applications and put them on a broad footing. This not only offers maximum potential in terms of availability, but also in terms of technical-content for further designs as follows:
FileSharing & Turtle Hopping over POPTASTIC (21)
FileSharing must also be encrypted nowadays. Due to the concern about the sharing of copyrighted content, no peer-to-peer networks can be made (if the peer would be an attacker), but must be encrypted done as friend-to-friend in the sense of a web-of-trust . This is always available via the infrastructure of a POPASTIC protocol! Now, when sharing and searching files over the network is made by friends of friends, this is based on the idea of the Turtle Hopping Protocol .
In other words, if file sharing with turtle hopping is now implemented on the basis of the POPTASTIC protocol in one of the above-mentioned clients, the concept would have been transferred to mobile devices, just like the desktop application RetroShare as one of the few encrypting file-sharing applications.
This is an interesting perspective not only in terms of ideological and technical, but also in terms of law, when a turtle hopping is based on the POPTASTIC protocol and realized in a programmed mobile client, as the authors Gasakis / Schmidt first described as a concept “The POPTASTIC Echo Turtle” (2018: 67).
It projects the existing Web-of-Trust application RetroShare for the desktop only mobile and via given e-mail servers. Because of encryption and available e-mail servers, such programming offers potential to become the new distributed computing model of F2F Crypto-Torrents in a distributed system or network.
Establishment of sovereign concepts (22)
Another trend has been the possibility of having own public asymmetric keys with external providers e.g. a cloud (Customer Supplied Encryption Keys, CSEK ) or end-to-end encryption with own passwords (Geminis ) on both sides. Users can define their own compositions in terms of values for a Crypto-DNA or for a key-generation in modern software.
The Age of Quantum Computers: A New Life Cycle with the McEliece Algorithm and the McNoodle Library (23)
On the one hand we have to change the pure mathematical calculation from the insecure algorithms to the safe algorithms for the age of quantum computing.
A prominent example is the product lifecycle of the RSA algorithm, which is gradually reaching retirement age, and with new algorithms such as McEliece and NTRU is considering adding not only a supplement, but also a necessary replacement of itself: Since the algorithm RSA is now considered to be insecure after official announcement by the American Institute NIST in 2016 (NIST 2016), because the underlying mathematical method of prime factor decomposition can be broken by fast quantum computers, other algorithms such as NTRU or McEliece need to be used.
The NIST writes: „RSA Public key Signatures, key establishment: No longer secure. ECDSA, ECDH (Elliptic Curve Cryptography) Public key Signatures, key exchange: No longer secure. DSA (Finite Field Cryptography) Public key Signatures, key exchange: No longer secure“ (2016: table 1, page 2).
Mathematical safeguards against the attacks of quantum computers, as well as programming of software that can do this, as well as the special need for secure online communication on the Internet today, require a fundamentally different view on encryption algorithms than they did in the nineteenth century or even at the beginning of the twentieth century.
The approaching end of the life cycle of the RSA algorithm therefore requires programming alternatives into existing software products to save the patient “PKI” from death by transplantation. Or, concretely, to save the XMPP clients with RSA from decay.
Programs that exclusively offer the RSA algorithm have now reached the end of the product life cycle and should no longer be used!
At the same time, there are already very elaborate code and programming bases both within the applications and as a library, both in Java programming (e.g., Smoke Android Mobile Messenger) and in the C ++ programming language (e.g., Spot-On Encryption Suite) – and open source.
Another example is the library McNoodle , which provides the algorithm McEliece open source for C ++ and in Smoke Messenger the code in the Java language.
Source-open implementations of the McEliece algorithm in Java and C++ messenger applications therefore served as model projects, which were to be taken up in research and teaching and are also described here as early indicators of a Transformation of Cryptography.
Cryptography on mobile devices (24)
Finally, the cryptography in the Internet age has changed dramatically with mobile devices: the smartphone seems to be stuck in the purse or in the pocket of each jeans – at least on the way out of the house. Computers in everyone’s pocket now encrypt our online communications over the network.
Only a few technologies (such as the car, a heater, or the television) have reached the population just as comprehensively as the Internet and the smartphone. In both areas, privacy and, hence, the foundations of Human Rights are protected by technical encryption (and not by a written policy in addition): Encrypting technology should now be created especially on the mobile smartphones.
Effects of cryptographic developments on education policy and its nomenclatura
As in every subject area, there is also a vocabulary of technical terms in cryptography.
These more than two dozen groundbreaking developments and innovations are each worth a detailed study on their own – hence this in combination: What a necessary impulse to adapt the conceptual world to modern times and to further deepen, compare, and network it with extensive research.
Further examples of an urgent need to update the nomenclatura are, for example, technical research results or new standards agreed in committees: For example, TwoFish has become ThreeFish, instead of SSL we now speak of TLS in new versions or SHA-1 has become SHA-3 converted.
Information sent over the Internet is largely protected by encryption; because they are increasingly also consciously collected by third parties for evaluations, or even tapped, in order to crack them or to tap them by appropriate techniques or in processes with gaps. Here it is important to exclude security gaps by outdated standards.
In addition to the numerous proprietary applications and applications before 2010, elaborate messaging projects such as RetroShare, Spot-On and GoldBug as well as various mobile device messengers such as Conversations, Delta Chat or Smoke Chat and others (see also the Messenger Scorecards in: Big Seven Study 2016: 32 as well as Edwards 2018: 100) democratizes the encryption of the mobile and online communication of citizens with its open source code. But already two decades after the introduction of the Internet, or a decade after the introduction of the smartphone and the establishment of the currently dominant mobile operating system Android and the corresponding developments of technological protection of content and the communication of computers and mobile devices via the Internet may be due to the rapid development in the IT sector also the half-life of knowledge in the field of cryptography might already be more than 50 percent: It is therefore not wrong to learn, renew, and continuously update this knowledge.
The described developments, innovations, and new applications in cryptography not only influence programming, the professional world with its business processes or an open source community, but in particular the shifting educational processes have to keep pace with this development and Transformation of Cryptography.
Common sense, even with overviews and introductory works from juxtaposed individual perspectives of different authors, can thus change over the years and leads to the necessity of new compilations and article contributions.
Extensive education and training processes in the field of modern cryptography and Internet security with the inclusion of neighboring disciplines are more important than ever today. Thus, this discipline is interdisciplinary and requires an interdisciplinary discourse.
All of this has motivated us to present a modern encyclopedia that seeks not only to provide a modern overview, but also to provide an opportunity to further deepen individual themes and to put the relevant terms together within a framework that will educate learners of how many years enabling professional readers to get an overview of the full picture of cryptography and online security today, and to turn the learner into a speaker describing the described Transformation of Cryptography.
Learning vocabulary seems to be particularly necessary in this particular field of cryptography, because research and academic teaching, with many vocabulary and terms, often involves foreign words – possibly due to the context of the subject area – and emphasizes a rich subject approach.
Nomenclatura – at the same time the title of the present encyclopedia – is the Latin term, which means a collection of (technical) terms.
