Tag: cryptography

Artificial Intelligence, Blockchains, cryptography, Germany, Uncategorized

Latest Trends in Crypto Key Management: Insights from Germany

Yogi Nelson

Namaste Yogis.   Welcome to the Blockchain & AI Forum, where your blockchain technology questions are answered!  As a bonus, a proverb is also included.  Today’s question comes from Wolfgang in Stuttgart and he wants to know what is the latest in crypto currency key management from Germany?

Wolfgang, you came to the right place.  I understand why you would ask this question and its importance.  After all, as often said in the crypto world, “not your keys, not your crypto!”.  With that in mind I drove deep into academic research for the latest findings.  I discovered an article titled, “Perceptions of Distributed Ledger Technology Key Management – An Interview Study with Finance Professionals”, Guthoff, et al, 2023, Helmhotz Center for Information Security, Germany.  Their paper is focused on key management for financial institutions not individuals, nevertheless it is fascinating to learn what the BIG BOYS & GIRLS are thinking. .https://publications.cispa.saarland/3948/1/guthoff2023keymanagement.pdf

RESEARCH BACKGROUND AND METHODOLOGY:  The researchers focused their attention on private key management within the traditional financial sector (trad-fi) and the cryptocurrency space (de-fi).  By incorporating the views and perspectives of employees working in trad-fi and de-fi, the unique perspectives of the established and newer financial institutions were both included. Nice!  In section two, the authors define a number of essential terms readers must understand to completely comprehend the findings.  Below are two examples of terms that were defined:

Key Management:  the activities involving the handling of cryptographic keys and other related key information during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, use, and destruction. According Guthoff, key management is a combination of different key-related aspects, including key usage and storage.  Guthoff explains further that the goal of key management is to generate, store, distribute, use, and revoke cryptographic keys (integrated into enterprise processes) while keeping the private key secret. Key Management is not necessarily equal to a (cryptocurrency) wallet, but a wallet may be used as a simple tool for key management.

Custodial Key Storage: is the storage of keys by a separate party, which can be either in-house or a third entity that does not use the key. This party can, but does not have to, take care of all other aspects of KM. For self-managed assets, this could be a cryptocurrency exchange. For financial institutions, custodial key storage can be implemented in-house or externally by an intermediary.

Research Findings:  Essentially, the threats to key management fall into four different categories: internal, external, systems and infrastructure, and force majeure.  Force majeure means unforeseeable circumstances.  Unfortunately, the research paper covers too many findings for me to discuss them all; hence, instead I’ll give you just a few highlights.

Multi-signature keys:  Multi-signature keys were a hot topic among respondent and participants were enthusiastic about the concept.  According to the survey participants the two main benefits of this technique were resilience against key loss or compromise and added protection against malicious employees. Some participants also proposed storage of keys at a bank or a notary as a backup option.

Invisible Key Usage. The invisible key usage pertains to trad-fi but has implications for de-because management of private keys definitely holds back mass adoption.  In the view of the survey participants, they preferred a solution where key usage is mostly encapsulated within an application and hidden away from the user.  Although participants were referring to enterprise systems, the principle applies–the risk of losing a key through an attack or intended malicious actions by an employee.  Participants thought usage of the key is best through access via personal credentials like username and password or multifactor authentication, using a phone or biometric features.

CONCLUSION:  Bad news–researchers are skeptical whether existing key management systems can function effectively at the enterprise scale.  They say efforts to maintain on-chain authentication and audit functionality covering day-to-day operations, e.g. employee absence or shifting responsibilities within the organization – as well as – contingencies such as key compromise or force majeure events – is unmanageable, except for the smallest institutions. 

Time to say goodbye with a proverb from Germany: “one becomes wise through damage”.

Until next time,

Yogi Nelson

Blockchains, China, cryptography, Patents, Yogi Nelson

WHY ALL THE FUSS ABOUT 3924 3924, 3924, 3924, 3924, 3924, 3924

Yogi Nelson

Namaste Yogis.   Welcome to the Blockchain & AI Forum, where your technology questions are answered, mostly correct!   Here no question is too mundane.  As a bonus, a proverb is also included.  Today’s question, submitted by Albert from Iowa and his question is, why the number 3924?

Albert, you came to the right place.  Let’s talk about this number, 3,924.  According to the Blockchain Global Patent Authorization, as of December 2020, there were 3,924 patents granted for blockchain technology worldwide.  For a new technology, 3,924 is a staggering number and as I said previously the number reflects 2020 statistics.  Holy worldwide adoption, Batman!

This naturally leads to the next question.  What countries lead in blockchain patents?  According to Lexology, U.S. companies accounted for 39% of all patents granted, South Korea comes in second with 21%, and China was a close third at 19%.  In other words, the US, South Korea, and China accounted for 79% of all blockchain patents globally up to year 2020.  But that is backward looking data.  If we want to understand the next wave, we must examine pending patent applications as that tells a forward-looking story. Okay, let’s do it.

In Digital Finance by Baxter Hines, he cites The Block as the source for pending patents.  According to that source, Chinese companies should dominate the next wave of blockchain patents.  In fact, the top five companies with blockchain patents pending are all Chinese.  Tencent, Alibaba, and Ant Financial alone have 1,263 patents pending whereas the top three American companies (Walmart, IBM, and Microsoft) have only 123.  Is there more to the story?  I think so.  Read on. 

Let’s go back to 2019.  In 2019, Chinese President Xi Jinping identified the advancement of blockchain technology as a national priority and declared China will “lead the next wave of digital transformation” and called for greater study, investment, and regulation.  What happened next?

Well, in typical top-down authoritarian fashion, more than 35,000 firms responded to Xi’s appeal by registering their companies as “blockchain related” and expanding the use of blockchain technology into their businesses’ operations.  Holy jumping right on the task, Batman! But hold on there is more to the story.

Of the 35,000 that responded only 730 qualified for the Chinese government’s blockchain certification (2%).  Nevertheless, more than 10,000 blockchain patent applications were filed!  But quantity and quality are not always synonymous, and the Chinese government approved only a small fraction of the applications.  Perhaps, Xi needed to be more explicit in his order.  I suggest he try this next time: “Listen up comrades.  We need lots of high-quality world class blockchain patents.”  Lol!

Research and development into blockchain technology is big business.  There is a battle for blockchain technology supremacy between the US and China, with South Korea in the hunt also.  The winner of this battle will have an advantage across many developing technologies, including artificial intelligence (AI).  Many technology analysts are forecasting a fuse of blockchain, AI, and the internet of things (IOT) converging into a tsunami of tech advancements in the next decade.  Hold on to your safety belts, Batman!

I close today with a proverb from Denmark, where people say:  Never advise anyone to go to war or to marry.  Wise words indeed!

Until next time.

Yogi Nelson

Artificial Intelligence, Blockchains, cryptography, Yogi Nelson

WHAT IS CRYPTOGRAPHY?

Yogi Nelson

Namaste Yogis.   Welcome to the Blockchain & AI Forum, where your technology questions are answered, mostly correct!   Here no question is too mundane.  As a bonus, a proverb is also included.  Today’s question, was submitted by William from La Puente, CA and he wants to know what is cryptography?

William, you came to the right place.  William the only reasonable place to start is with a definition.  Let me answer by referring to an awesome movie called My Big Fat Greek Wedding.  In the movie the father of the bride would constantly say, “… the Greeks invented that, the Greeks did that first, etc.”  Well perhaps the old man had a point because in the case of cryptography the word comes from the Greeks.  Kryptos means hidden and graphein is to write; hence, cryptograph is to write in a hidden manner.  Holy hidden message, Batman!

Okay the word has its origin in Greece, but what does cryptography do?  Essentially, cryptography provides information protection/security.  Using cryptography, data can be transformed by substitution.  For example, an early and primitive form of substitution cryptography was to shift every letter three spots.   A sentence that would normally read like this: “Encrypted using Caesar cipher” becomes Hqfubswhg xvlqj Fdhvdu fiskhu.  The other method, known as transposition, involves moving the order of characters of words by a pre-determined agreement.  No, it’s not pig Latin!  Lol.

Cryptography concepts are likely foreign; hence, we should start slowly. I’ll cover just three topics today and save the rest for later.  Let’s start with the security services of cryptography, there are four. 

First is authentication.  By authentication I mean the assurance the communicating entity is legitimate.  Second, data confidentiality.  In other words, the protection from unauthorized disclosure.  The third is data integrity.  In this context I mean the data has not been altered; it was received exactly as sent.  Last, comes non-reputation.  Non-reputation refers to the notion that the receiver can prove the alleged sender sent the message.  Impressive!

We are off to a fast start.  Let’s try two more topics beginning with cryptographic keys. 

In cryptography there are two types of key systems–symmetric and asymmetric.  Symmetric is where one key is used to encrypt and decrypt messages.  The keys are essentially shared by the two parties and the data is transferred via a secure network.  However, authentication nor non-reputation is provided, and the origin of the message cannot be determined.  Let’s compare that to asymmetric cryptography. 

In asymmetric there are public and private keys.  The public key is derived from the private.  As you can guess, asymmetric was developed due to the problems with symmetric cryptography.  Asymmetric wins the crypto security battle handily.  However, if you lose your private key there is no way to access the data, value, or information that was sent!  You best hold on tight!

Hashing is an ideal spot to end the lesson.  Hashing, (I don’t mean potatoes, although I love hash browns) in cryptography is the process of transforming data or a string of characters into a short and fixed length value.  The value produced is unique; no other record has it.  Hashing algorithms are used to perform the hashing process in three steps:  1) data input; 2) hashing function #; and 3) hash output (of a fixed length). By the way, blockchains make extensive use of hashing.  More on that later.

There is more to say but for now I’ll stop with a proverb from our friends in Tajikistan, where they say:  In every drop of water, there is a grain of gold.

Until next time,

Yogi Nelson