README
What Digital Information Can Key Shadowing Protect?
Key Shadowing can be applied to other information besides keys. The technology has been extensively tested to protect data with a size of up to 2^20 (1,048,576) bits. This is nowhere near the theoretical limit. Some examples of keys and other data that can be protected follow:
Symmetric Encryption Keys - typically 128 to 4096 bits
Asymmetric Public Keys - typically 128 to 2048 bits
Asymmetric Private Keys - typically 128 to 2048 bits
Blockchain/Cryptocurrency Public Keys - typically 128 to 2048 bits
Blockchain/Cryptocurrency Private Keys - typically 128 to 2048 bits
Maximum Sized AES Key - 256 bits
Credit card number - typically 64 bits, maybe less if encoded/compressed
Social Security Number - typically 36 bits, maybe less if encoded/compressed
Bank Routing Number - typically 36 bits, may be less if encoded/compressed
Bank Account Number - typically 36 bits, may be less if encoded/compressed
Door Access Code - typically 128 to 1024 bits
Garage Door Opener Code - typically 128 bits
Hotel Door Lock Code - typically 128 bits
Address - typically 2048 bits
Car Door (modern) Control Code - typically 128 to 256 bits
Genome Representation - vary widely
Further documentation or a full presentation can be provided upon request to info@keyshadowing.com
BASICS:
Q: What is Key Shadowing?
A: Key Shadowing is a patented secret sharing technology that permits a master key to be created, used to protect data in flight or at rest, “shadowed” into any number of parts, and then destroyed. The master key is never persistently stored. When the data needs to be accessed, a pre-defined number of the shadows (current options are 2, 3, or 4) can be used to regenerate the master key.
Q: Why does this matter?
A: Using old technologies, master keys are generally stored using a key management system. That system represents a single point of potential failure: If the system is hacked, a bad actor inside an organization grants access to the system, or the system is otherwise exposed, an organization’s master keys are exposed. Thus, their data is exposed.
Q: Is exposure of master keys really a significant problem?
A: Yes. Organizations have lost literally billions of dollars due to exposure of master keys. In addition, even if the organization catches potential exposure before incurring direct losses, they may have to re-encrypt all their protected data with new master keys, which can be a very expensive process especially for large organizations.
RELATIONSHIP TO CURRENT TECHNOLOGIES:
Q: Does Key Shadowing work with current encryption technologies?
A: Yes – Key Shadowing leverages existing cryptographic algorithms – ECC, RSA, and AES.
Q: Using patented Key Shadowing, is compromise and exfiltration of master keys possible?
A: If insufficient Key Shadows are accessible, comprise and exfiltration of master keys is not possible. This can be and in fact has been mathematically proven.
Q: Can anyone else guarantee this level of security?
A: No. Inferior solutions created before Key Shadowing are based on Shamir’s Shared Secret polynomial based concepts. These solutions permit exfiltration of master keys even if less than M parts of their “shared secret” is accessible. This weakness of the competing solutions has been validated in academia.
Q: Can existing key management systems be programmed to manage Key Shadows?
A: Yes. Management of Key Shadows is little different from managing master keys, except no master keys are persistently stored.
SCALABILITY:
Q: How will Key Shadowing scale in an Enterprise deployment?
A: Unlike key splitting solutions created before Key Shadowing, some of which are being sold today by companies such as Dyadic and have been purchased by Intuit, we do not need cipher text to be exchanged or passed around to (M) of the devices before decryption can happen.
• In competing technologies – passing of cipher text information across devices and machines – not to mention multiple cloud providers – limits performance of business-critical application servers and the scheme cannot be used for any high-volume application.
• Also, Key Shadows can be regenerated and/or revoked without having to re-encrypt the payload. The business implications are significant. (Note: Revocation is not offered through RapidAPI because additional architectural considerations are involved.)
Q: How much processing power does it take to run Key Shadowing (Core Code)?
A: Very little – in fact that’s one real differentiator between the Key Shadowing algorithm and all others before it.
• For example - Shamir based algorithms are slow and not cryptographically secure. Key Shadowing performance is very fast and scalable to high volume applications. We demonstrate this using functioning code on a laptop computer, for example via a WebEx. Often – we generate hundreds of thousands of calculations in a demonstration using an IBM laptop with a core i7 chipset from Intel.
QUANTUM CRYPTOGRAPHY:
Q: What is quantum cryptography?
A: Quantum cryptography leverages quantum computing to process information in a radical new way. Applications include factoring large numbers. The ability to factor a large number would render most current cryptographic solutions obsolete.
Q: Is Key Shadowing immune to quantum cryptography?
A: Yes.
Q: But you interoperate with existing cryptographic algorithms – ECC, RSA, and AES. Aren’t they susceptible to quantum cryptography?
A: Depending on the master key size, some or all of these algorithms are or soon will be susceptible to quantum cryptography.
A: Again, with the addition of Key Shadowing, no master keys are persistently stored. Thus, no master keys can be attacked using quantum cryptography.
OTHER SECURITY CONCERNS:
Q: Does Key Shadowing solve all of my security concerns?
A: No. However, compromise of master keys is a significant concern, which as mentioned above has cost organizations literally billions of dollars. With Key Shadowing, master keys are NEVER persistently stored and therefore cannot be hacked or stolen. This technology essentially enables a “keyless” system. Of course, master keys must temporarily exist during encryption and decryption processes, but they are then destroyed preferably using Department of Defense (DoD) approved protocols. Proper policies and architecture still have to be applied to protect Key Shadows, temporarily regenerated master keys, and the like.
• Key Shadows can be used to create trust between people or devices – adding an additional layer of security in the encryption chain.
• Key Shadows can be revoked and new Key Shadows can be re-issued without any need to re-encrypt the data. This ability creates added value for any organization when they detect an element of compromise.
Key Shadowing is covered by U.S. Patent No. 9,634,836. Additional patents are pending.
FOR MORE INFORMATION:
Further documentation or a full presentation can be provided upon request to info@keyshadowing.com
IDENTIFYING THE PROBLEM:
Modern data security has serious problems. According to IBM research, approximately 4 billion data records were compromised in 2016 with an average cost of $158 each. That is a total loss of $632 billion.
Attempts to address this problem generally rely on data encryption. However, this approach has a major problem. Namely, a key used to encrypt the data and/or a copy of the encrypted data still has to be stored. That stored information is subject to attack.
A solution that addresses the above described issues now exists: Key Shadowing Technology. The keys and/or data are never stored anywhere, but rather are regenerated from Shadows at the time of an authorized usage. After use, the keys and/or data are simply destroyed. Thus, that information is never at risk of being hacked, stolen, lost, or corrupted. Further details are provided below.
LEXICOGRAPHY:
Cryptography: The process of transforming information for transmission (“in-flight”) or storage (“at rest”) into coded information and then accessing the information using a Master Key (see below).
Encryption: The part of cryptography used to transform the information.
Decryption: The part of cryptography used to access the transformed information.
Asymmetric Cryptography: Cryptography involving encryption of information with one key and decryption of the information with another key, for example the one deployed by RSA (RSA, 2017). The security of Asymmetric Cryptography is predicated on the difficulty of factoring large composite numbers that are the product of two prime numbers.
Public Key: A key used for encryption in asymmetric cryptography.
Private Key: A key used for decryption in asymmetric cryptography.
Symmetric Cryptography: Cryptography involving encryption of information with a key and decryption of the information with that same key.
Examples include:
• IDEA (Khovratovich, Leurent, & Rechberger, 2017)
• AES (National Institute of Standards and Technology, 2001)
• DES (Diffie & Hellman) – generally considered to be no longer secure).
Symmetric Key: A key used in symmetric cryptography.
Master Key: A Public Key, Private Key, or Symmetric Key. Typically, a 128, 160, 256, or 512 bit long number.
Enterprise Key Management: Storing Master Keys in a database.
Key Shadows: Mathematical constructs that can be used to regenerate a Master Key.
N-Spheres: The surface of all points in any dimension spaced equidistant from a defined center in that space. In a two-dimensional space, an N-Sphere is a circle. In a three-dimensional space, an N-Sphere is the surface of a sphere (i.e., ball). In a four-dimensional space, an N-Sphere a set of spheres that lie on the surface of the hypersphere (Harley, 1989) and (Frankel).
True Random Number Generator (TRNG): A device that provably creates truly random numbers for example via quantum mechanics (Symul, Assad, & Lam, 2011).
Pseudo Random Number Generator (PRNG): A device or algorithm that creates an approximation of truly random numbers (Pseudorandom number generator, n.d.).
Quantum Computing: A form of computing that does not use variables defined as ones and zeros, but instead uses “q-bits” defined as both a one and a zero at the same time (DWave, n.d.). Quantum Computing has the potential to factor large composite numbers in a short period of time rendering most if not all existing asymmetric cryptography obsolete.
N-DIMENSIONAL MATH:
A Master Key is just a number albeit a very large one. A point representing the number can be generated in an abstract space. The point preferably is generated using a TRNG or cryptographically secure PRNG and some additional math.
A simple explanation of Key Shadowing technology starts with a two-dimensional case involving generated random positions and distances defining N-Spheres of order 2 (i.e., circles) that intersect at the point representing the Master Key. Any two of the Key Shadows intersect and therefore permit regeneration of the Master Key.
Any number of Key Shadows can be generated.
Certain constraints are placed on the random positions and distances that comprise Key Shadows of the Master Key. Each Key Shadow passes through every possible Master Key. In other words, no single Key Shadow by itself contains any information about the Master Key. Thus, without two Key Shadows, no information about the Master Key can be determined even using Quantum Computing.
HIGHER DIMENSIONS:
In one higher dimensional case, each Key Shadow is an N-Sphere of order 3 (i.e., a surface of a sphere or ball). Any two 3-spheres intersect in a circle. A third 3-shpere intersects that circle at two points, one of which represents the Master Key. Thus, three Key Shadows are sufficient to regenerate the Master Key.
Again, each N-sphere passes through all possible Master Keys. The circle that is the intersection of two N-sphere also passes through all possible Master Keys. Thus, two Key Shadows provide no information about the Master Key in this three dimensional case.
Key shadowing has also been implemented using N-Spheres of order 4 (i.e., hyperspheres).
Higher dimensional cases are more easily understood with illustrations; however, this marketplace does not support graphics. We are however willing to provide such upon request.
Almost twenty years were spent ensuring (1) less than the required number of Key Shadows provides no information about the Master Key, and (2) the Master Key can be regenerated every time a sufficient number of Key Shadows are provided. These aspects have been extensively tested.
EXAMPLE ARCHITECTURE:
An example architecture can also be provided upon request.
KEY SHADOWING AND BLOCKCHAINS:
Asymmetric cryptography or public cryptography is an essential component of blockchains. Public key cryptography is used in several places in any blockchain protocol. Public key cryptography relies on a pair of keys: (1) a private key that is kept secret, and (2) a public key which is broadcasted out to the network.
Blockchain Vulnerabilities:
• If you lose your private key, you cannot authorize new transactions. For example, you cannot spend or redeem your Bitcoins. This has happened without any bad actors involved.
• If someone hacks your private key, the hacker can pretend to be you.
• If someone derives your private key from the public key, the hacker can pretend to be you. This vulnerability has become more acute due to the surprisingly rapid advances in quantum computing. See, e.g., MIT Technology Review, “Quantum Computers Pose Imminent Threat to Bitcoin Security,” November 8, 2017.
• Bitcoin is an example of a blockchain implementation. Bitcoin wallets include private key(s). “Wallets can be compromised, manipulated, stolen and transferred, just like any other store of value on a computer.” The same applies to keys involved in any other blockchain.
HOW KEY SHADOWING WILL HELP
• Create shadows of your private key, share those shadows with a Circle of Trust, and then destroy the private key. As long as enough people and/or devices in the Circle of Trust come together, you will be able to recreate your private key.
• A private key that is never persistently stored is much harder if not impossible to be “compromised, manipulated, stolen and transferred.”
• Create shadows of the public key, share only those shadows with the world or defined group, and then destroy the public key. At least some number of people and/or devices would have to come together to recreate the public key just as a first step to try deriving your private key from the public key.
• A public key that is never persistently stored is much harder if not impossible to be “compromised, manipulated, stolen and transferred.” Also, deriving a private key from a public key that is never persistently stored is also much harder if not impossible.
BENEFITS:
Key Shadowing provides a significant change for the cryptography market. Exemplary use cases include:
• Securing payment systems,
• Enterprise Key Management,
• Securing electronic medical records,
• Securing device communications,
• FIngerprint electronic hardware,
• Tracking document custody,
• Multi-factor authentication,
• Financial transaction fingerprinting,
• And, e-discovery protection, to name a few
Enterprise Key Management involves storing, managing, and controlling access to Master Keys. This represents a single point of failure. Namely, if the Enterprise Key Management system is compromised, the Master Keys are exposed. If the Enterprise Key Management system fails, all data protected by the previously stored Master Keys is lost.
With Key Shadowing Technology, only Key Shadows have to be managed. No choice has to be made about who has to perform Enterprise Key Management and accept the associated business and financial risks because no Master Keys are ever persistently stored.
Key rotation strategies are impacted because Key Shadowing allows for the implementation to revoke a shadow and add new shadows to a Master Key without the need to decrypt and re-encrypt the data. Since the Master Key exists only at time of use, the Key Shadows can be treated and handled under a completely difference set of policies. Key Shadows have the ability to implement military type two-person or multiple person integrity before the Master Key is temporarily recreated for access.
Furthermore, we believe that Key Shadowing Technology is the only key management system immune to Quantum Computing.
PATENTS:
Key Shadowing Technology is patented. See U.S. Patent No. 9,634,836 issued on April 25, 2017. Additional patents are pending.
REFERENCES:
https://www.research.ibm.com/5-in-5/lattice-cryptography
Diffie, W., & Hellman, M. E. (n.d.). Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Retrieved 2017, from https://web.archive.org/web/20140226205104/http://origin-www.computer.org/csdl/mags/co/1977/06/01646525.pdf
DWave. (n.d.). The Quantum Computing Company. Retrieved 2017, from https://www.dwavesys.com/
Dyadic. (2015). Dyadic Technology. (Dyadic, Producer) Retrieved 2017, from https://www.dyadicsec.com/technology_mpc/
Frankel, R. (n.d.). The HyperSphere, from an Artistic point of View. Retrieved 2017, from http://groups.csail.mit.edu/mac/users/rfrankel/fourd/FourDArt.html
Harley, F. (1989). Differential forms with applications to the physical sciences. Dover Publications.
Intuit, Inc. (2016). Intuit Data Protection Services. Retrieved 2017, from https://security.intuit.com/index.php/idps
Khovratovich, D., Leurent, G., & Rechberger, C. (2017). Narrow-Bicliques: Cryptanalysis of Full IDEA. Retrieved from http://www.cs.bris.ac.uk/eurocrypt2012/Program/Tues/Rechberger.pdf
National Institute of Standards and Technology. (2001, November 26). ADVANCED ENCRYPTION STANDARD (AES) .
Pseudorandom number generator. (n.d.). Retrieved 2017, from https://en.wikipedia.org/wiki/Pseudorandom_number_generator
RSA. (2017). Retrieved from https://www.rsa.com/en-us
Symul, T., Assad, S. M., & Lam, P. K. (2011, May). Real time demonstration of high bitrate quantum random number generation with coherent laser light. Applied Physics Letters.
United States Department of Defense. (n.d.). US Department of Defense 5220.22-M Clearing and Sanitization Matrix. Retrieved 2017, from https://it.ouhsc.edu/policies/documents/infosecurity/DoD_5220.pdf
https://news.bitcoin.com/guy-lost-bitcoin-computer-upgrade/ (Note: This is just one example. The current value of the lost Bitcoins in this single example is now over $1M.)
FOR MORE INFORMATION:
Further documentation or a full presentation can be provided upon request to info@keyshadowing.com
