Monday 25 June 2018

Why is CORA quantum safe?

CORAcsi - quantum safe cryptography

Why is CORA unbreakable?

To unCORAfy (decrypt) data that has been secured with CORA, an attacker/thief must know:

1.       The Multiple Use Pad (MUP) in its entirety:
a.       must know its length. This primary MUP length begins at 150 kB and has no ceiling.
b.       must have "every byte" without exception
2.       The user preferences binary array:
a.       a secondary, specialized MUP (smaller in size, though still far beyond current standards for key lengths).
b.       multiple parameters needed to successfully use the primary MUP cited above.
c.       user preferences and identifiers.
3.       The CORA catalog for a particular solution.
4.       The CORA blocs for a particular solution:
a.       must know how many CORA blocs are involved.
b.       must have each CORA bloc's length.
c.       must have 'each byte' of all CORA blocs.


CORA is probabilistic in nature; it is not factorization based!


Due to the implementation of our MUPs, heuristically based analysis, including those cited in the literature for One Time Pads (see Venona Project), will not reveal the MUP.
Side channel attacks will not work. Factorization based analysis (including Shor and Grover's algorithms) will not work.
The only way to obtain the MUP is by a brute force attack; which cannot be realized due to the size of our MUPs. Quantum computers are expected to reach 1018 calculations/second within 10 years. Should they magically reach 10100 calculations/second, there still wouldn't be enough time - in the life of our universe - to break a 150 kB MUP.

To further protect the MUP, CORAcsi has implemented its own memory manager – to cover the possibility that protected memory might be susceptible to a back door or otherwise unknown attack.

Sunday 10 June 2018

Quantum Safe Cyrptography

CORA - Quantum Safe Encryption
CORA is Quantum Safe Cryptography

CORA is quantum safe cryptography today! CORA empowers unbreakable security for data and communication to protect information, companies, organizations and people.

Abstract



CORA Cyber Security Inc. has pioneered Quantum Safe Cryptography through the use of:
  1. Multiple Use Pads (MUPs). MUPs are similar to a "One Time Pad" (Vernam-cipher or the perfect cipher) except that they are reusable, practical and efficient. 
  2. CORA blocs – a distributed solution akin to Block-chains, without being a "decentralized, peer-to-peer" technology. This means that control over the solution remains securely "in hand".
  3. Block free encryption. Unlike other standards of encryption, the nature of our MUPs is such that there is no limit to the size of one of our keys (MUPs). This further results in the freedom from iterating over a finite, constant and predetermine no of bytes (blocks).
Current standards of encryption can and have been broken, even when properly implemented. When quantum computers arrive in their full glory, current standards of encryption will be rendered useless!

Benchmark

The following benchmarks are based upon the following:
  • an Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408 Mhz, 4 Core(s), 8 Logical Processor(s).
  • x64-based architecture.
  • CORA's memory manager allocates and uses up to 10 GB of RAM.

Table #1: Results for a 2 GB binary array (times are in seconds)

# of CORA blocs (requested)

4
8
12
CORAfy
6.0
4.7
5.1
unCORAfy
7.4
5.8
6.0
Table #2: Results for a 2.1 GB file including "hard drive" operations (save and read)

# of CORA blocs (requested)

4
8
12
CORA Save (CORAfy and save CORA blocs)
11
10
12
CORA Read (unCORAfy from CORA blocs)
13
12
16

a matter of time

Monday 20 February 2017

Unbreakable - 1104

Unbreakable Security

Can you relate to this immense number? Does such an exponent represent an order of magnitude that makes sense?

101104 is how many times stronger CORA is than military grade encryption when considering a brute force attack. Why 1104, instead of 1105, or 1203? Truth be told, because I like 1104; my point being that there is 'no limit' on how large CORA Cyber Security can make this number!

101104 sufficiently demonstrates that, not even 'quantum computers' will be capable of breaking this encryption with a brute force attack... at least not in this century!

Sure, anyone can make such a claim! The question is, can anyone back up such a claim? CORAcsi can backup this claim - TODAY!

While we are making fast inroads into the marketplace, with a beach head that is growing quickly in select industries, such as industrial controls, robotics and manufacturing, my question is this:

Why doesn't a 'bigger player' investigate our claim further so as to take a leadership role in properly securing the global marketplace? CORAcsi is getting there, but every month delayed is costing the global community upwards of $100 B in cyber crime.

Bottom line: if our claim of 101104 times stronger than everything else that is available, is correct, then the entire Industry is already antiquated - so take a chance, a few moments, and lets have a conversation. Perhaps if you need a little more convincing, take a look at Claude Shannon and his definition of 'perfect encryption'.

Friday 3 February 2017

Physics Rocks – a journey of excellence and bounded perception

Bottom lines are the foundation from which the mind can sing a song of pure joy, creativity and innovation.

Imagination is the invisible ether that connects basic truths with imagined realities. This is the joy that is, or should be, Physics.
Don't misinterpret my meaning; the discipline and beauty of math is certainly the language of Physics, however, language can only glimpse the depth that is contained in the visualizations the reach beyond the confines of expressible truths.
The mind is the ultimate toy chest. Math and Physics are two side to the same coin - the game of patterns.

This has been my journey from Physics to technology. How can someone without an official degree in computer science possibly develop an 'unbreakable data security' technology? Without a doctorate in math – why would anyone believe that CORA (Context Ordered Replacement Algorithm) is actually "a step beyond encryption that is unbreakable"?

Those who have tasted from the fountain of Physics, or who have realized the love of learning that springs forth from the fountain of youth understand this question, and its answer.

Bottom line – try it – you won't break it. Better yet, because of the nature of 'chaos maps', if you do break 'one', it won't be repeatable – so what good is it?

What do you have to lose? Anyone who knows the industry, or follows the media knows that the current state of encryption 'can and is being broken'. Alas I deviate from Physics. The real question you should be asking is: "how can any student of Physics believe in an absolute", such as 'unbreakable'.

Forgive my egress into the convenience of a coined phrase. The public can relate to 'unbreakable' more readily that a number like 101104 times stronger than anything else that is available.
Who wants to think about "chaos maps" and the problems that exists when an expensive (time, human-hours and money) endeavor might accidentally work once, but cannot be repeated?

For those of you who might contemplate the journey from Physics to innovation & technology, take a look at CORA and see if you can break it; think of it as the ultimate puzzle, Sudoku or game of chess.

When you are ready to embrace a step beyond encryption that is at least 101104 times stronger than every other form of encryption, give us a shout and together we can provide proper security for, well anything and everything 'connected'.


Sunday 18 December 2016

CORA Industrial


The origin of CORA

I am amazed at how many pathways are emerging for CORA. I suppose it isn't too surprising when one contemplates the need for 'unbreakable security', and yet, my original thought was to protect "static data", particularly that which is found on 'my computer'.
I knew that I wanted to store my technology bases in multiple, online locations. I further knew that encryption as is currently found in the industry, can be broken.

Surprise realizations

goCORA

goCORA, the online, fun, app that will be released in 2017 allows users to maintain control of their online, digital footprint. This exciting pathway for CORA was never considered in its development.
For years we have spoken to young people (in particular) about the need for caution when posting pictures, opinions, videos, and the like online - once it is online, it will exists somewhere, for ever...
goCORA will allow users to post anything they want online, without the fear of "losing control" over their data - they can shut it down permanently regardless of how many people have seen, copies, or shared the information.
To this end, if you are a Xamarin developer, we may have some work for you.

CORA Industrial

I must say, trade shows are relatively boring, and yet, they are surprisingly productive. While 'putting in time' at the last trade show on emerging technologies, a local industrial company spoke with CORA Cyber Security and we became aware of another import pathway for CORA, as illustrated in the follow:

What good is a pathway without some math


While I personally love the math, what does 101848 look like? 
Answer: Unbreakable.

Saturday 3 December 2016

HISTORY becomes THE FUTURE

Venona project (1943–80)



I have read that this was one of the most successful counter-intelligence efforts of the Cold War; purportedly successful because individual(s) on the soviet side began to reuse keys, rather than generating a new key for each message.

Perfect Encryption

 

Claude Shannon is accredited with defining the idea of "perfect encryption" in which the encryption key would be, at least as long, as the message.
These two paths from our collective HISTORY converge with CORA, and become THE FUTURE of data security.

CORA stands for Context Ordered Replacement Algorithm.

While the 'magic of CORA' temporarily remains a trade secret, the following expose makes for an acceptable 'letter of introduction' to CORA.
 Context Ordered infers that the same CORA bloc (key in the Venona project cited above) will always be created anew when 'CORAfying' data.
Replacement Algorithm infers that each CORA bloc's relevant data (perfect encryption cited above) should span a proportionate size that exceeds the relative data.

Bottom Line

A CORAfied solution at its worst, is far more than a 'googol' times stronger than military grade encryption, at its best.

CORAfied - at its worst:

  • 3 CORA blocs in the solution.
  • 2 out of the 3 blocs are stolen.
  • The blocs are at the minimum size required for CORAfication.
  • The hacker has:
    • the catalog file.
    • the chaos maps.
  • The thief knows:
    • there are only 3 blocs in the solution.
    • the size of the 3rd bloc.
    • the relevant order of blocs including boundary conditions.
Giving this scenario in which the CORAfied data is horribly compromised, a brute force attack would take no more than 102400 attempts to obtain the CORAfied data.

Contrast this to military grade encryption that uses a 256 bit key which would take no more than 2256 1078 attempts to obtain the encrypted data.

Hence CORA at its worst is 102322 times stronger  - a step beyond encryption! 
I prefer to refer to this as "astronomically stronger" or "unbreakable"!

Addendum (4 Dec 2016)


It should be noted that patterns in random number generators, and optimization routines based upon frequency distributions in the byte structures will result in the potential for optimizations. Taking a smarter approach based on these patterns might pragmatically decrease this complexity of the attack pathway by 20%, which could result in as little as 101926  attempts, or 101848 times stronger than military based encryption.
The enormity of this number is still astronomical unbreakable

Sunday 28 August 2016

Block Chains: a contrasting position on decentralization

Fact and Fiction - love the contrast

My brother once quoted Winston Churchill:
If you're not a liberal when you're 25, you have no heart. If you're not a conservative by the time you're 35, you have no brain.
An interesting muse for the mind, however, upon  research, one discovers that Churchill is not attributed with this saying.
  1. What was my brother trying to do? Convince me of his position.
  2. My response - why does the heart and brain have to be at odds with one another?

"Time is the hand, that writes the truth, on the wall of experience"

One often holds a belief in youth, that matures with age. Ideally the heart and mind work in unison. Think of the heart and emotions as the fuel in your vehicle. The head is the steering wheel. Both are needed for the journey.

Who doesn't wish there were no rules, speed limits, or fences when bouncing around with enthusiasm and reckless abandon, in one's youth? An yet, as the currents of time demonstrate the lessons that are too hard to embrace in childhood, one's appreciation for 'responsible freedoms' and 'conscientious authorities' evolves into a maturity of mind and heart.
I often joke that "the world would be perfect if everyone were like me". This sentiment is behind those that seek chaos, or the absence of authority; where there are no bullies, thieves, or "big kids on the block" that would certainly "take without asking" or "do without caring".

Block Chains and decentralization

Block Chains are beautiful - mathematically and technologically. They are robust and redundant. One might be capable of burning a $20 bill, but don't expect to 'burn' a bitcoin!

Wait, that just happened, didn't it?

  1. A hacker stole $64 M of ether (bitcoin alternative) from an investment firm.
  2. There was a time delay during which the hacker could not claim the funds - they sat there without the true owners being empowered to retrieve them.
  3. Ethereum reset their system (burned the ether currency for the past day) to a backup that existed previously.
  4. While this eradicated the transactions that occurred during the past day, and thus, the theft of the "investors' money", it also resulted in a 'fork' in which some users choose to stay with the original, pre-fork currency, and others choose the new, post-fork currency.
What does this mean? Consider the following analogy to simplify the concept:

Imagine that someone compromised a corporate 'MasterCard' and used it to steal a large amount of money. MasterCard cannot deal with a 'single transaction' (Block Chains), so it decides to reset the system to 1 day ago, resulting in the deletion of 'all transactions' that have occurred, and the issuing of a second set of 'cards' and 'processing machines' for all card holders and merchants. 
  1. All transactions since this reset are gone.
  2. An entirely new set of cards (for all clients) and machines (for all merchants) are issued.
  3. Those who don't want the new cards may keep using the old cards. Those merchants that don't want the new machines may continue to use the old machines. There are now effectively '2 forks', 2 sets of MasterCards; remember there isn't a central authority that can insist that everyone uses the new cards and machines.
In all fairness, this isn't limited to Ethereum. In August of this year $94M of Bitcoins was stolen in a hack of the Bitfinex exchange. While Bitcoin did not 'reset the system' as cited above, these is an interesting story about a proposed fork that dates back to early this year: Bitcoin feud over expansion threatens to destabilize currency .

Bottom line:
  1. Forks can be produced resulting in multiple "online currencies". Without  a central authority, there is no limit to how many different forks, and online currencies might result as time marches forward.
  2. Mike Hearn (one time advocate and developer for Bitcoin) states in the article cited above, and on his blog, 'What was meant to be a new, decentralised form of money that lacked “systemically important institutions” and “too big to fail” has become something even worse:  "a system completely controlled by just a handful of people".'

A Centralized system

Block Chains may be great for online currency, however, for data security we do need a centralized methodology that allows the owners of the data to control it, and if necessary, shut it down. 

In the ideal world, in which everyone, equally, respects one another, and lives by the same rules and guidelines, there would be no need for security and built in controls. 
This is a great direction and beautiful dream. I am confident that quality education will eventually empower this evolved society.
While the journey remains ahead of us, and is marvelous in many ways, we have yet to arrive at this destination.