[Cryptography] Terakey, An Encryption Method Whose Security Can Be Analyzed from First Principles

Fri Aug 28 18:30:16 EDT 2020

On Tue, 25 Aug 2020 04:21 +0100 Peter Fairbrother wrote:

> But you don't have to defend against "a passive attack" - at a minimum 
> you have to defend against all _plausible_ attacks, whether passive or 
> active; or better, defend against all *possible* attacks.
> 
> Now suppose you deploy a system which defends against passive attacks 
> only. Is it certain - certain - that it will never be used in a 
> situation where an active attack is possible?
> 
> If you answer yes, at a minimum you abuse the dictum that a US Marine 
> can break anything.
> 
> Analysing your cryptosystem from first principles? - I guess it is 
> analysable: it is broken.

The security model for Terakey distinguishes between people who have access to the current Terakey and those who do not. This should not be surprising since Terakey is basically a shared secret system, and thus intended for relatively small networks. In my paper[1], I suggest methods of providing privacy between Terakey users sharing a key, but these methods depend, in part, on physical measures such as safes for storing the Terakey and special processors for metering access to the Terakey. I don’t claim a proof.

The first-principle security proof I do claim is for confidentiality from people who do not have access to the current Terakey. In particular they would not be able to mount the active attacks we have been discussing.  The security proof does not guarantee that there will never be data compromise, only that any potential compromise under the proof can be made rare by keeping the Terakey large compared to the volume of traffic. I then propose a variety of ways to secure the data that is not covered by the proof by using conventional cryptography. Crudely speaking, under reasonable usage parameters 99.9% of data bytes are provably secured by first principles, the remaining 0.1% are protected conventionally. 

Some would argue that even 0.1% of data not being covered by the proof is “broken," but I would respond compared to what?  Conventional symmetric and asymmetric ciphers have no first-principle security proof at all. 
The right question, I believe, is whether Terakey could be useful. Right now a large part of the world’s economy is secured by mathematical conjecture, a single point of failure. I would think an independent alternative could be desirable, at least as a backup.  

One alternative that is being actively pursued is quantum key distribution.  In my paper, I compare QKD with Terakey used exclusively for symmetric key distribution and attempt to show that Terakey offers comparable security with less complexity, easier audit, and without the restrictions on communication channels QKD demands. 

I appreciate your thoughts on Terakey, but at this point we don’t seem to disagree so much about what Terakey does, but rather whether what it does has any value. I’ll leave that for others to decide.

Arnold Reinhold

[1] https://www.researchgate.net/publication/342697247 <https://www.researchgate.net/publication/342697247>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200828/3af4e576/attachment.htm>