Crypto Trust & Crypto Currencies
We all are using communications on the web (emails, ecommerce, messages). This is a very important dimension of our protection on the Internet. What is the current situation? This Trustech conference brings some answers.
End-to-End Encryption on the Web; How Far Have We Come?
Encryption has a long history, because it was traditionally used by the army. Starting the seventies, it applied to payment and international commerce, so the industry started to get involved. One of the biggest projects in that domain was industry and academic searchers working together on securing the internet.
It took some time to academia and industry to work together, since both sides of these researchers have different motives. Industry wants a product that works, which is secured and can’t be broken, whereas academics have an intellectual and non-profit approach.
TLS is the transport layered security that works on the Internet. On the Internet, there’s a lot of traffic flowing around between the browser and services. All of this traffic, before the nineties, was pretty free, but after 1990, security issues appeared.
Now, there’re cryptographic objects called primitives. When you put them together to get more functionalities, a lot of problems appear. More features you add, more problems you get. The Internet is the most used technology in the world. It is a big challenge to find a kind of protocol in order to secure Internet.
In the seventies, a lot of industries started to build cryptography for payments and commerce. In the nineties, they started building software to try to secure the Internet with the SSL. It was an attempt to build security for the Internet, but then a series of attacks happened.
Around the turn of the century, TLS appeared. It was a new kind of wave of security, which also encountered a lot of problems (2002 and 2006 happened to be the field of the two biggest attacks). A new version was released after 2006, then another one after 2008. This was due to the industrial approach, about proposing an idea and fix it if it broke.
After TLS 1.2, academic cryptographers joined the industrial ones to bring probable security around 2008 and change it to make a new version which was more secured in an academic point of view, and more usable from an industrial perspective.
A long series of really bad attacks occurred, forcing everybody working together towards with a long standardisation process to design a huge framework. This framework was designed to establish how security should work on the Internet. In 2018, they finally did TLS 1.3. After 10 years of work, this framework is already massively used because it was adopted by Facebook and Google.
How to Explain Post-Quantum Cryptography to a Layman
Quantic computing is coming. We need to put in place quantic cryptography in order to match this challenge.
A quantic computer is a new kind of computer, which might be able in a near future to break the current security systems. That’s why it’s important to look into crypto systems considered as quantum proved. There are currently six families of them, but none is massively used at the moment. There’s for example hash-based signatures, which are very secured, or the lattice-based cryptography.
GGH is a lattice-based crypto algorithm which can be explained to a layman with the point of view of a snail in a “lettuce”-based field. There’s a set of vectors in a lettuce field, where this set is called a “base” and those vectors “base-vectors”. For the same field, there’re good bases which are nearly orthogonal, and bad bases which are nearly parallel.
For a snail, it’s more interesting to get to the closest lettuce point. In a two-dimensional case, it’s easy to find the closest lettuce point, but it’s more complicated in a 250 dimensions case. The problem is hard to solve with a bad base known, but easy if a good base is known.
But GGH has been broken so it shouldn’t be used. But there’s other encryption schemes, like learning with arrows method, also based on lattices.
Crypto Implementations, Side Channels Attacks and Cybersecurity
Designing systems on the basis of how mathematically correct the idea is can turn very bad in the real world. Cryptographers need to think about that.
As technologists, they try to see themselves as pioneers, doing things that have never been done before. In the last 40 years, a lot of efforts have been done to bring security against threats. If we look at the early 19th century, it was only possible to have faith in an individual and the product he designed. We’ve come a long way since then and we want to have provable security, not only have faith.
There’s a paradox here: if security is provable, how is it possible to explain why every single week, a major security incident is happening? Sometimes, the proofs are wrong, but that’s rare. Mostly, proofs use hypothesis, that’s the difference between theory and reality.
Computers take time to perform operations. They also produce heat, consume energy or make noise, doing operations that are fairly complicated. A cryptographer has to know that, because for example, every device has transistors and each time the transistors are upgraded that uses more energy. If you measure the battery conception, you’ll be able to see zeros and ones, which could be secret information. Cryptography is necessary to build security, but it’s not enough.
Cryptocurrency as a Medium of Exchange
Last year, there was a massive increase of bitcoin transactions feeds. When you make transactions, they’re sent to the bitcoin network. It needs six confirmations to be a validated payment. But between 0 to 1 confirmation, payment can be double spent by the payer. Wait for 6 confirmations is no convenient these days, especially in shops where there’re lines and already enough queuing.
In 2017, you could have made 0 confirmations but back then the level of transactions was manageable on the bitcoin network. During 2017, the block size hit 1 megabyte, massively delaying the time to confirm those payments. Because of that delay, you can today double spend your payments. To be fully functional, cryptocurrency has to benefit 0 confirmations as the amount of transactions increase.
First Bitcoin Account in a Bank
The main problem of crypto currency is its acceptation in the bank model. In 2014, WBTCB was excited about the fact people would soon massively use bitcoin or cryptocurrency. Today, they consider that they’ve been naive, but still positive. Some steps need to be done though.
Some people think bitcoin is a tool for the dark web, and cryptocurrency doesn’t belong to the financial world. But both worlds can work together, and it can benefit for both ways. The main issue is the fact that crypto and banks are very suspicious. Banks don’t want to accept cryptocurrency; they’re not interested because they’re still not mainstream. But it will be one day.
Besides that, people also have a lack of knowledge about it, which comes with fears. But there’s nothing bad about cryptocurrency.
The first bitcoin account in a bank was opened in Czech Republic. The situation isn’t easy at all, because banks aren’t willing to open as normal bank accounts. As an international company, WBTCB approached many banks across Europe (above 120) and only succeeded in having 4 bank accounts across the continent.
That’s why they came up with the idea of implementing their platform into a normal standard bank and to connect it. They contacted a partner, Expobank, a Russian bank willing to be an open banking platform. In that partnership, the bank is a guarantee, and it’s very important because one of the main issue of cryptocurrency is the lack of trust. If people don’t trust it, it won’t exist.
WBTCB showed that it didn’t have to be either bank or cryptocurrency. This is a world premiere and the beginning of a revolution.