Quantum-Safe Key Exchange with RKE (RAIDA Key Exchange)
Sean Worthington
CEO, Lead Scientist, System Analyst, Software Engineer, Digital Currency Expert
Protecting ourselves now from tomorrow's quantum computers with RAIDA Key Exchange
Quantum computers can theoretically crack public key encryption including the SSL/TLS used to encrypt most Internet traffic. A new Quantum-safe standard is needed so that sensitive information such as credit cards and passwords can be used on the Internet securely.?
Not enough is being done to protect our privacy
IBM just announce it has created a quantum computer that has 443 Qbits and will release a 1,000 Qbit computer in 2023 and a 4,000 QBit computer in 2025 [1]. Theoretically, around 1,200 Qbits are needed to crack the Diffie-Hellman and RSA key exchange systems popular today. Difficult encryption like RSA-2048 would take a classical computer 300 trillion years to crack but only ten seconds for a 4099 Qbit computer[2]. The growth of the power and abilities of quantum computers has surprised many. Governments around the world are taking steps to implement quantum-safe standards by 2030 (a year that governments think that quantum computers will become a threat). However, Internet traffic captured today could be stored until quantum computers become available to crack their encryption.?
This means that sensitive information that we send today, such as social security numbers, health records and business secrets could all become compromised if stored now and decrypted later. Also, it is very possible that quantum computers strong enough to crack SSL/TLS will be invented as soon as 2024.?
In this case, every time we log into our banks, our usernames and passwords will be vulnerable. All our personal accounts on all systems can be cracked. Credit card information will no longer?be private. The Internet as we know it will become inoperable due to the threat of theft and fraud.?
Get off the tracks, here comes the quantum train
The White House has released a memo ordering agencies to submit lists of all quantum-vulnerable systems by May 4, 2023. According to an article published in the FEDSCOOP entitled,??Post-quantum cryptography experts brace for long transition despite White House Deadlines: "they’ll find the number of systems reliant on public-key encryption — which experts predict forthcoming quantum computers will crack with ease — is in the hundreds or thousands. Agencies, software, servers and switches often have their own cryptography, and agencies don’t necessarily have the technical expertise on staff to understand the underlying math."[4]
Solving the problem with government quantum-safe standards
To solve the problem, government agencies like the National Institute of Standards and Technology have created contests to find new algorithms that can counter the threat. Twelve contestants were chosen.?
However, the number of these that contestants that are suitable has been dwindling. One of the contenders called "SIKE" was recently disqualified when researchers cracked it in just an hour using a decades-old math theorem.[5]
RAIDA Tech's RAIDA Key Exchange
RAIDA Tech has submitted a patent for a key exchange system that uses the properties of the RAIDA to securely transfer keys between people and servers. The biggest difference between the RAIDA Key exchange and those using Diffie-Hellman are that RKE does not use so called "public-key" encryption.
We can best describe how RKE works if we illustrate how it could have been used in WWII.?
Suppose an Axis submarine commander ('A') wants to send an encrypted message to a British submarine ('B') but doesn't want CCCP ('C') to listen in. A and B have no shared secrets since they are enemies. Shared secrets are commonly called encryption codes, encryption keys or simply keys and are needed to encrypt messages. Perhaps the Axis sub wants to surrender to the Brits but not let the soviets know about it.
Each submarine has been given code books containing encryption keys so that they can encrypt communications and send them to their own units. But, the Axis and British have no code books in common.?
This is how things worked in WWII. Now lets create a RAIDA to solve their problem.
The Axis ask the Spanish government to create a code book so that Axis submarines can talk to Spanish vessels. They then do the same with other neutral countries such as Iceland, Portugal, Sweden, Switzerland, Turkey, Andorra, Bhutan, Iran, Tibet, Yemen, Argentina and 30 others. This means that each German Sub carries over 40 different code books.?
The British subs have the same kind of agreement with many of the same countries. In fact, out of the 50 code books that British subs have, there are 30 countries that they share in common with the German subs.?
When the Axis want to talk to the British, they will go to trusted directories to see which countries' codebooks the British carry. This information maybe public or secret.
The Axis may get a list of 50 countries that will encrypt for British.?They will make a list of the codebooks that they have in common with the British. It could be that they share only 25 in common.?
领英推荐
Then Axis creates 25 keys. Each key is numbered 1 through 25. These keys are each sent to a different county using that country's encryption key.?
Then the Axis sends out a message in clear text telling the British vessel that they should check the 25 countries to get keys that have been left for them.?
The British use their encryption keys to download the keys that were left for them at the 25 different countries. The British then put all the keys in order and then tells the Axis to start sending encrypted messages.?
Now let's look a what the CCCP would need to do to crack this.?
They would have to get all of the 25 keys and put them in the correct order.
Getting all 25 keys maybe impossible. This is because the keys go out on different networks including into space (at least today). They must capture these packets and that means they must tap enough networks to capture them all.
Then they must decrypt all the captured keys. This is impossible. This is impossible for a very simple reason: You cannot know if the key has been decrypted because the keys are random numbers. The only way to know if they keys are correct is to use all the keys in the correct order to decrypt an actual message.?
There is only one way known to crack an AES key: try every combination until one is found that works. If we used all the super computers in the world it would probably take 60,000,000,000,000,000,000,000,000 years to crack an AES-128 key that the RAIDA is currently using. That's like a trillion times longer than the age of the universe. In addition, the CCCP woul need to guess all 25 of them so you must boost the time to the power of 25 and then by another power it again by 25 in order to guess the right order. Quantum computers are much faster but still not fast enough to do this.?
Attacking the requests to post and get keys is out of the question with RKE.?
So they could just attack the message itself. However, every 128 bits of the message could be encrypted with a different 128 bit key and use any encryption standard needed to be quantum safe. RKE has the ability to be extended and customized.?
The weakness with RKE is that the key servers could be compromised. If a county had backdoors into all 25 key servers they could read all traffic. But, in the real RKE, we will not have 50 key servers. We will have hundreds of thousands of key servers. The client could chose them at random and the crackers must have backdoors to all the servers chosen otherwise they fail.
RKE makes the Internet quantum-safe
RKE does not just allow us privacy. It also may use less electricity than SSL/TLC and have a smaller carbon footprint. It is 100% antonymous. You can create your own private RAIDA if you know the computers you will be talking to. The system is 100% scalable so that the entire worlds population can use it. And, it maybe faster than SSL/TLC.?Most importantly, we can start implementing it now so that we are ready when the time comes.
RKE solves the threat of quantum computers and has been implemented today in CloudCoin, the world's first RAIDA-based digital currency. RAIDA Tech hopes to publish a standard by summer of 2023 and have a working prototype by then. We are creating RAIDA Chat which uses the kind of keys needed for this.?
About the Author:
Sean Worthington is Lead Scientist at RAIDA Tech and author of the book "Perfect Money". Prior to this he was a computer science instructor at Butte College in norther California. RAIDA Tech creates software with "Data Supremacy" so that databases cannot be hacked. They are the creators of CloudCoin, the world's most perfect currency.?
Notes:
[1] https://spectrum.ieee.org/ibm-condor
[2] https://www.forbes.com/sites/arthurherman/2021/06/07/q-day-is-coming-sooner-than-we-think/?sh=5f8c48963f5d
[4] https://www.fedscoop.com/quantum-crytography-experts-long-transition/
[5] https://interestingengineering.com/innovation/math-theorem-cracks-us-encryption-algorithm