Wednesday, November 12, 2014

Introduction

Cryptography is a Science that makes hidding of information viable by using Maths and a little foresight. It's concepts can be really easy at one end and very complex on the other.
We are at a crossroad between practical cryptography that is both sound and usable and cryptography that is plausible but overly esoteric. We have known that High Strength Attacker (HSA) have the ability to compromise cryptography by tampering with industry standards and products that we expect to be secure (SSL/TLS, RNG...). 

Making practical cryptography and secure systems easy to access by the normal users as well as academics and not letting the esoteric looks of cryptography scare away interested parties and people is the main goal of this blog as well as educating people on the proper use of cryptography and removing the "silver bullet" aura around cryptography and putting it into a practical context.

Cryptography and secure systems are not built miraculously or are some sort of Gandalf Wand that wave away all the nasties of digital security, but a Science that explains how secure systems are built in the correct mindset without the superstitions or esoteric nature of what they are .

While writing this first post, I submitted a paper to IACR regarding a construct of making stream-based cryptography stronger (posting in the next post) with the intention of making the paper as simple and easily accessible without the mathematical mambo jumbo that have plague many good papers describing interesting security systems and the quick response from the assigned editors were the following:

The paper does not appear to be of a sufficient scientific quality to merit publication in the archive. Please examine other publications in our archive to understand the level of detail and mathematical rigour required.

Security of individuals and organizations hinges on accessible and practical secure systems that explains their steps concisely and with precision.

IACR may entertain the complex and esoteric mathematics but this archive will entertain even a simple idea that have been explained in a concise manner and also the esoteric and highly advanced mathematics of cryptography, kleptograhpy and secure systems are welcomed as well.

All submissions of cryptography, kleptograhpy and secure setups are welcomed as long as the following criterias are met:
  • This blog (Simple Cryptographic Archive) is granted the rights of publications and the rights of readers to distribute freely the publications with proper attributions of the published materials.
  • Clear and concise explanation of methods and techniques in the material (not just mathematical formulas).
  • Scientific discussion in papers without the misconduct of slandering.
  • Files maybe in PDF, RTF, OpenOffice/LibreOffice, DJVU format.
  • Proving of claims should exist.
May knowledge empower you.





1 comment:

  1. The blog is a decent idea but should be a web site instead. The wiki models, Verified Software Repository, SourceForge, etc are better suited to this sort of thing. I've been putting academic and professional material in blog comments long enough to know how little effect it has. :(

    I will give a suggestion to readers who want to make a difference in cryptography. The best things to happen to cryptography recently are the NaCl toolkit and CRYPTOL language. NaCl gives us high performance, strong-by-default, and timing channel resistant encryption library. CRYPTOL lets a cryptographer specify an algorithm in a domain-specific language, do analysis of its security properties, and auto-generate an implementation in a robust way. The best use of a cryptographer's time, imho, is to work on CRYPTOL's generator to make sure it has good properties like NaCl and increase what algorithms CRYPTOL can support. Cryptographers can then just focus on algorithms and even amateurs can port a ton of algorithms to it. Likewise, porting NaCl to new platforms will increase number with strong security & allow diversification of hardware.

    Doing these two things will have highest payoff. I'll also throw in porting NaCl or CRYPTOL to a ground-up secure architecture like SAFE (crash-safe.org) or Cambrige's CHERI. If you're mainly crypto though, focus on improving the crypto systems. If mainly coding & deep system issues, work on improving endpoint security as we have plenty of security/crypto schemes and *zero* secure endpoints in mainstream. The former depends on the latter, so we should be focusing 80% effort in R&D on the latter.

    ReplyDelete