EndCryptor, cryptographic technical details

EndCryptor 's cryptographic technical details
Home

Both parties that send and receive messages need that EndCryptor is installed in order to encrypt and decrypt. No third parties are used (e.g. to provide public keys, to provide online connection to a third party machine, etc. ) neither an online internet connection between the sender and the receiver is needed. When encrypting/decrypting the stored information on the EndCryptor's security database on the used computer is used together with the information that the message in question provides.

The elliptic curves used are defined in American National Standard for Financial Services X9.63–2001 (ANSI X9.63) and are those created verifiably at random. The elliptic curve field size used in initializing a contact is 571 bits and the field size used in a public key in encrypted messages is 193 bits. According to current understanding the cryptographic strength of the 571 bit elliptic curve equals that of a 15'360 bit RSA size and that of a 256 bit symmetric block cipher key.

EndCryptor delivers all but the first public keys in encrypted form. They are encrypted together with the plaintext. An encrypted message contains one visible (not encrypted) public key created at encryption time, its Diffie-Hellman counterpart is identified using a number. An encrypted message is signed by a previously delivered public key that the receiver is known to have. The initialization files can be signed by user’s certificate. The hash algorithm used is SHA-256. When receiving such files it is checked that the certificate’s hash algorithm is either SHA1 or SHA-256, the key length of the public key must be at least 1024 bits. These requirements are for all certificates in the certification path.

The 256-bit key size AES encryption is done in CBC mode (128-bit block size). For more information about AES, see the AES Lounge.

The cryptographic hash function is a Davies-Meyer construction with Merkle-Damgård strengthening from the block cipher Rijndael (AES). This kind of block cipher based construction is usually slower than a specific dedicated hash algorithm. On the other hand the construction's security is that of the used cipher's - which in the case of the industry standard AES is being carefully studied and monitored by the crypto community. We remind that the latest dedicated hash algorithm that has been cryptographically successfully attacked is SHA-1.

The plaintext ends with a CBC-MAC, the MAC-key is different than the encryption key. During encryption both the plaintext and the MAC are encrypted. After the decryption the MAC is calculated over the plaintext and checked. The MAC is calculated using Rijndael (AES) with 256-bit key size and 192-bit block size.

Possible temporary files during encryption and decryption are wiped using a user selectable method.

The private keys of public keys are made using a Goldreich-Levin hard-core bit generator. The initial seed consists of events like mouse movements and system’s state.

An outline of the used methods:

o Backward security: Every EndCryptor message is encrypted with different AES 256-bit key and after the message has been decrypted there is no information in the security database from which the decryption keys could be deduced again. A message can thus be decrypted only once.

o Recovery from attack: Every message EndCryptor encrypts contains new public keys of the sender that are specific to the receiver; these public keys are created at the time of sending - when the receiver decrypts the message the security is restored. These public keys are delivered in encrypted form, they are encrypted together with the plaintext.

o Identity hijacking will be revealed even under spying attack: the stored security data that is used to build a symmetric key changes after every decryption and depends on the just decrypted message

Security professionals wishing to evaluate the protocol should consult the US Patent 7,899,184 B2 titled "ENDS - Messaging protocol that recovers and has backward security”. The patent was issued on March 1, 2011. This protocol is licensed from Pisaramedia Inc., Finland.

Home