|
|
||
|
|
EndCryptor
's cryptographic technical details |
|
|
|
Both parties that send and receive messages need that EndCryptor is installed in order to encrypt and decrypt. No third parties are used (e.g. to provide public keys, to provide online connection to a third party machine, etc. ) neither an online internet connection between the sender and the receiver is needed. When encrypting/decrypting the stored information on the EndCryptor's security database on the used computer is used together with the information that the message in question provides. The elliptic curves used are defined in American National Standard for Financial Services X9.63–2001 (ANSI X9.63) and are those created verifiably at random. The elliptic curve field size used in initializing a contact is 571 bits and the field size used in a public key in encrypted messages is 193 bits. According to current understanding the cryptographic strength of the 571 bit elliptic curve equals that of a 15'360 bit RSA size and that of a 256 bit symmetric block cipher key. EndCryptor delivers all but the first public keys in encrypted form. They are encrypted together with the plaintext. An encrypted message contains one visible (not encrypted) public key created at encryption time, its Diffie-Hellman counterpart is identified using a number. An encrypted message is signed by a previously delivered public key that the receiver is known to have. The 256-bit keysize AES encryption is done in CBC mode. For more information about AES, see the AES Lounge. The cryptographic hash function is a Davies-Meyer construction with Merkle-Damgård strengthening from the block cipher Rijndael (AES). This kind of block cipher based construction is usually slower than a specific dedicated hash algorithm. On the other hand the construction's security is that of the used cipher's - which in the case of the industry standard AES is being carefully studied and monitored by the crypto community. We remind that the latest dedicated hash algorithm that has been cryptographically successfully attacked is SHA-1. The plaintext ends with a CBC-MAC, the MAC-key is independent of the encryption/decryption key. The MAC is calculated over the compressed plaintext – correct MAC ensures that the cryptotext was decrypted correctly. Possible temporary files during encryption and decryption are wiped using a user selectable method. The private keys of public keys are made using a Goldreich-Levin hard-core bit generator. The initial seed consists of events like mouse movements and system’s state. An outline of the used methods: o Backward security: Every EndCryptor message is encrypted with different AES 256-bit key and after the message has been decrypted there is no information in the security database from which the decryption keys could be deduced again. A message can thus be decrypted only once. o Recovery from attack: Every message EndCryptor encrypts contains new public keys of the sender that are specific to the receiver; these public keys are created at the time of sending - when the receiver decrypts the message the security is restored. These public keys are delivered in encrypted form, they are encrypted together with the plaintext. o Identity
hijacking will be revealed even under spying attack: the stored security
data that is used to build a symmetric key changes after every decryption and
depends on the just decrypted message Security professionals
wishing to evaluate the protocol should consult the web site of the World Intellectual Property
Organization (WIPO) for published Patent Cooperation Treaty applications,
application number PCT/IB2004/051670 titled "ENDS - Messaging protocol
that recovers and has backward security”. This protocol is licensed from
Pisaramedia Inc., |
|