October 30

Confidentiality, Integrity & Availability


Most of the conventional instant messenger systems (IMS) are built on a centralized authentication and authorization regime. Unfortunately, any centralized system is inherently susceptible to data breach. (More info here.) In contract, IMS built on top of Citium, paved by a network of decentralized nodes , is not at risk. For example, suppose that two users are trying to communicate with each other on Citium. Sender is Alice and the intended recipient is Bob. No third party can know for sure if he or she has been correctly deciphering a message from Alice to Bob because Citium utilizes the following security mechanisms: 1. Pretty Good Privacy (PGP) Encryption; 2. indiscriminate mesh-tree multicast (IMTM) threshold cryptosystem; and 3. Key/Message Equivocation. PGP is too popular to need further explanation. But since the IMTM threshold cryptosystem is unique to Citium and key/message equivocation is less known, we are going to spend more time explaining their InfoSec advantages.

Citium Off-the_Record Messaging (OTR) IM Cryptosystem Data Flow

Figure 1.1: Alice holds the two public keys given by Bob, i.e. KA & KB, because Alice and Bob have performed out-of-band authentication. Note that both of their devices manage their own cryptographic keys. In fact, all keys in Citium are generated or derived on-device. Private keys are never sent to anyone else, not even to the service nodes. Both public keys are used in the Hybrid Encryption module, which combines the deniability of a public-key cryptosystem, the efficiency of a symmetric-key cryptosystem, and the additional protection of threshold cryptosystem.

Figure 1.2: Citium Instant Messenger (CIM)  is an Off-the-Record Messaging (OTR) system. CIM user Alice posts* a message to another Citium user Bob. Here, Alice’s message is converted into a plaintext (M). M and Random Session Key (KR) are going to be processed through the Hybrid Encryption module as follows:

Plaintext (M) is first encrypted by the XXTEA and Blowfish algorithms with the Random Session Key (KR) resulting in a ciphertext (β). Slice β into n ciphertexts; and suppose n = 3, we have β1, β2 and β3.

⇒ β1, β2, β3

In order to create the θ, one β is randomly picked among the βn. Suppose β1 is randomly picked from βn. KR is encrypted by ECDSA algorithm with KA, resulting which in turn combined with β1 to be encrypted by ECDSA algorithm with KB resulting in a ciphertext (θ):


Finally, the cipertexts of β2, β3, and θ (i.e. βn-1& θ) are ready for IMTM. Note that β1 is not needed here because it has already been encapsulated in θ.

* We use the word “post” instead of “send” because it makes more sense in the communication network of Citium, which combines the beauty of both cryptography and steganography. But what is steganography? Imagine the word “post” in the sense of Alice posting many anonymous and randomly placed classified ads on multiple newspapers around the world so everyone can see but only the intended recipient Bob knows how to locate them all and make sense of the underlying message. This practice, called steganography, is the flip side of cryptography. In cryptography, everyone involved knows a message has been sent. What’s not known — except to the decoder — is the content of the message. Steganography hides the fact that a message was even sent, usually by hiding it in plain sight.(In the movie “A Beautiful Mind,” the main character, played by Russell Crowe, becomes convinced that the Communists are hiding messages inside news stories and loses his mind trying to decipher them.)

Figure 1.3: Most instant messenger systems are designed that messages are directly pushed onto the client apps of the intended recipients. However, in Citium Instant Messenger system, push notifications are limited to a generic text reminder (i.e. “You have a new message.”)(G) being sent to the intended recipients. The intended recipients are required to fetch in the messages on their own, which will be explained later in the data flow cycle. For now, Alice sends two pieces of information to Bob’s service node IMSP Bolivia in case Bob is not currently online. One is the generic text reminder (i.e. “You have a new message.”)(G), and the other is the ciphertext (θ) that encapsulates the Random Session Key (KR) and one of the randomly chosen sliced ciphertext (β1).

Figure 1.4: The cipertexts of β2, β3(i.e. βn-1) are sent to the Citium network by indiscriminate mesh-tree multicast (IMTM) which distributes indiscriminately to as many Citium nodes (i.e. service nodes and user nodes) as possible by mesh-tree multicasting, effectively preempting link analysis and eliminating data breach due to failure at any single point.

Figure 1.5: If plaintext (M) is larger than 1024 bytes, anything beyond that are separated into a single slice (i.e. the excess ciphertext (βE) uploaded onto the service node of Alice (i.e. IMSP Australia). IMSP Australia will keep the βE for 24 hours before permanently deleting it. This does not only prevent running out of disk space but also further maximizes the deniability nature of Citium.

Figure 1.6: Service node of the intended recipient Bob (i.e. IMSP Bolivia) pushes the generic notification (“You have a new message.”) (G) and the ciphertext (θ) that encapsulates the Random Session Key (KR) and one of the randomly chosen sliced ciphertext (β1) to Bob’s node.

Figure 1.7: At this point, Bob is fully aware of the fact that someone has tried to post a message onto the Citium network with him as the intended recipient. Bob pings the whole Citium network with IMTM to fetch in the cipertexts of β2, β3, (i.e. βn-1).

Figure 1.8: Now, the cipertexts of β2, β3, and θ are ready for the Hybrid Decryption module.

Figure 1.9: Bob’s Private Key A (KA-1) is the corresponding private key to Bob’s Public Key A ((KA). Bob’s Private Key B (KB-1) is the corresponding private key to Bob’s Public Key B ((KB). They are both ready for the Hybrid Decryption module.

Figure 1.10: The Excess Ciphertext (βE) is fetched in from the Service Node of sender Alice (i.e. IMSP Australia) and is ready for the Hybrid Decryption module.

Figure 1.11: Before the deciphering process happens in the Hybrid Decryption module, all the ciphertext slices have to be in place. Assuming all of them from figure 1.8-10 are already in place, we’ll see θ being deciphered first by ESDSA algorithm resulting in β1 and KR.

ECDSAKA-1(ECDSAKB-1(θ)) ⇒ β1, KR

Combining β1 with the rest of its siblings (i.e. β2, β3) that were sliced at Alice’s side, Bob can now decrypt everything back to the plaintext as follows:

XXTEAKR-1(BLOWFISHKR-11 + β2 + β3)) ⇒ M

Finally, the correct plaintext (M) is revealed and delivered to Bob.

IMTM Threshold Cryptosystem

Indiscriminate mesh-tree multicast (IMTM) threshold cryptosystem means that a ciphertext is cryptographically split into multiple slices, which in turn are distributed indiscriminately to as many nodes  as possible by mesh-tree multicasting, effectively preempting link analysis and eliminating data breach due to failure at any single point.

In order for the intended recipient (Bob) to correctly decrypt the message from the sender (Alice), Bob has to obtain all slices of the ciphertext and to decrypt it with the right key. Bob has to make request to as many nodes  as he can through indiscriminate mesh-tree multicast (IMTM) until he collects all the slices. Only the intended recipient (Bob) can correctly reunite and decrypt all slices of the ciphertext.

Cryptanalytically Unbreakable: Unless some hackers can hijack all node  that holds the pertaining sliced ciphertexts and decipher them all with a quantum computer that only exists in theory, nothing during transit of the pertaining sliced ciphertexts can threaten the confidentiality of the message.

Key/Message Equivocation

In the Citium cryptosystem, an enemy hacker or a cryptanalyst might be able to intercept a ciphertext (C). There is a critical concept called key equivocation and message equivocation as shown in the diagram below:

Key/Messaging Equivocation of Intercepted Ciphertext in Citium OTR

The key and message equivocation are a measure for the strength of a cipher system under a ciphertext only attack for the key and message respectively. Key Equivocation and Message Equivocation refer to key strength under known plaintext attacks and key strength under plaintext attacks. The longer the received ciphertext, the greater the probability that the cryptanalyst will discover the secret key or plaintext. The probability of a cryptanalyst successfully deciphering a ciphertext generally increases with the length of the ciphertext. In Citium, the sliced ciphertexts minimize the size of the individual ciphertext so that the strength of the cipher is maximized.

Integrity ✓

In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. InfoSec integrity means that data cannot be modified in an unauthorized or undetected manner, and its definition is not to be confused with referential integrity in databases. A ciphertext slice cannot be changed during transit on Citium because it is encrypted by ECDSA (Elliptic Curve Digital Signature Algorithm). It is not only computationally intractable but also has enjoyed almost two decades of usage in open-source projects, such as Bitcoin. A successful hack (deciphering it without a private key) would allow any would-be attacker to make a tremendous amount of profit. The fact that this appears to have never happened is a very good empirical evidence for its security.

Availability ✓

No single point of failure (SPOF) can impact the spread of cybertext slices and collection of them through indiscriminate mesh-tree multicast (IMTM).

Fully Decentralization: The majority of the contemporary online application service providers are using some forms of centralized methods (e.g. servers hosted in a datacenter) to structure their user management systems. It means monitoring. Because no matter how vigorously the service providers assert that they are effectively guarding the user information (e.g. email, IPs, username & password) against maladministration or hack, theoretically, they hold the power to modify or delete the information. Therefore, decentralization is absolutely necessary to achieve the level of confidence that one can rule out even theoretical mishaps from happening.



You may also like

The Unsecure Email

Define: Message-oriented middleware (MOM)

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!