100-Year-Old Unbreakable Cipher Could Transform Digital Security
What if there were a cure for cancer, but the medical profession didn’t provide it? Or a plant that solves world food shortages, but farmers wouldn’t grow it? Or an unbreakable cipher for digital security, but the cryptography field didn’t use it?
Not only is that unbreakable cipher real, it’s been around for more than 100 years. It was invented by Gilbert Vernam, a Bell Labs Engineer (not a cryptographer, mind you) in 1917 and is the only unbreakable cryptographic cipher. All it takes for anyone to send an unbreakable message is to pre-share a one-time-only encryption key, which is known as a One-Time Pad or OTP.
Why doesn’t cryptography use it? Well, the OTP works for small groups of participants – but is difficult to use in large networks. Since everyone needs a new unbreakable OTP key every time a secret message is sent, and PK keys take time to create, you can see this Key Distribution Problem (KDP) needs a solution.
In the 1970s, large networks were created. Cryptography’s luminaries delivered a dual-key solution to the KDP that required only one key (a public key), and anyone could securely communicate with each other. The problem with their idea: because it was too slow, it doesn’t work as an encryption capability, so it is only an authentication mechanism. This means that the Public Key solution has to be used to send an encryption key, adding even more “stuff” to the setup of securing a message – more pre-messaging, and more content in those pre-messages.
Not only did their approach not work for encryption, it is so slow for authentication that it can’t be used more than at the very beginning of any messaging session. This means that the encryption key has to be used more than once – and in new encryption mechanisms. These “tag-along” methods, because the same key is re-used over and over, have to be different than the already perfect OTP. Unbreakable has been lost.
But as luck would have it, there is a solution to the Key Distribution Problem that uses the 100-year-old unbreakable cipher. It’s all about distributing those OTP keys, every time, for every use, to anyone who wants to message securely. And the solution doesn’t require a lot of pre-message setup.
Here’s how: Everyone gets one authentication key that verifies their identity. It mathematically – not theoretically – creates (but never sends) a one-time encryption key used in a true OTP. It does this for every message, in a single step, in real time. Now we are back to unbreakable encryption. As part of the process, the authentication key mathematically – again, not theoretically – changes every time it is used without being sent, in a single step, in real time. Now we have unbreakable key distribution as well.
Combination technology from OTP encryption and one-key authentication yields unbreakable in any communication system and will in the near future have massive implications for all global networks. With that, let’s examine how.
The IoT security landscape is devoid of any common provision (there are more than 20 communications protocols), and has so many moving parts that the so-called smart home concept hasn’t truly taken off.
The fragmentation of devices (memory and storage limitations, power profiles, connectivity methods, etc.), protocols (types, standards, default contents, etc.), ownership (commercial, consumer) and control (apps) of the IoT marketplace demands one authentication and encryption solution. This solution has to be flexible enough to apply, broad enough to encompass, uniform enough to limit required customization, and capable enough to actually perform within usability requirements.
That’s why the current system just doesn’t work—and unbreakable will. When applied, it will finally deliver universal security to this market, transforming offerings to meet the consumer’s vision.
For over 20 years, HTTPS – the Secure Internet – only gets used less than 75 percent of the time. This privacy void is directly related to the methods used by the current protocol that provides authentication and encryption—that locked, secure browser. HTTPS is terrifyingly slow, cumbersome, complex, crammed with one-off extensions and can’t provide the next generation of cloud-based, content rich, ever-present secure, private internet.
What is required, then, is the unbreakable OTP: order of magnitude performance improvement, streamlined efficiency, easy end-user participation, and universal application. A model for individual, secure connectivity to global content – whether provided by a Mom-n-Pop underpowered website or a processing-rich Web presence—is the future of the Internet Everywhere.
There has been a promised explosion in P2P financial applications…for…ever. The only problem is, there isn’t any way to actually be certain that the security is complete and end-to-end. And until those required properties appear for the back-end (e.g., banks, processors), the middle (e.g., commercial entities – brick n mortar, web), and the end user (e.g., everyone) it’ll remain just that: a promise.
Unbreakable will provide end-to-end security in a fast and efficient manner, which is the thing everyone wants to hear when it concerns their money. This universal uniform application of the unbreakable OTP will actually deliver on the expectations of the market.
That means end-to-end unbreakable, fast payments. Finally.
Paul McGough is co-founder and CTO of Qwyit.