In 2024, the company "Extra Systems" developed a console commercial encryption communication system in Kyiv, based on the RSA algorithm with 1024-bit keys (of course, the architecture of our system allows the use of other keys, in principle, of any size). In accordance with the canons generally accepted at the present time in modern cryptography (the Kerckhoffs principle and Shannon's maxim), the algorithms of the Extra Systems Cypher Net encryption system are open.
The RSA algorithm, due to its inherent slowness (even in the case of using inserts in assembly language), is naturally used by us exclusively for the agreement between the subscribers of our system (without any active participation in this process of the central server, which simply sends bytes back and forth, without understanding their meaning) of the stream encryption key (each time its own for this particular communication session). In further events that occur within the secure communication channel created in this way, it (the RSA algorithm) no longer takes part in any way. In fact, we (the Extra Systems company) did not invent the wheel here - such a concept (for organizing encrypted communication) is generally accepted all over the world today (with the exception of the "feature" we invented of refusing to exchange public keys between subscribers in this process, which ultimately allowed us to create a commercial encrypted communication that is fundamentally unhackable by any means).
This site is intended precisely to bring to the attention of any interested public all the necessary details about the operating mechanisms of the unique system of absolutely reliable commercial encrypted communication developed by us in Ukraine in 2024.
The main programming language of this system is the C language. Due to this, the entire Extra Systems Cypher Net system is completely cross-platform. However, to speed up the RSA algorithms, our system optionally contains assembly language inserts (only the implementation of the "long math" procedures), which can, at the customer's request, be used only on some of the most common platforms. On those platforms for which we do not yet have these assembler modules, our system works exclusively in the C language (without assembly language inserts, the system, naturally, works slower).
It should be emphasized that in any of these two cases, the cryptographic algorithms of the Extra Systems Cypher Net system will be identical (since they are all entirely written in C; the assembly language inserts in the Cypher Net source code relate only to the optimization of the "long math" procedures and have nothing to do with cryptography as such).
We should also note that Extra Systems Cypher Net does not contain any calls to third-party libraries, and all of its code was written by us from start to finish. Our modules contain only a small number of calls to the most basic functions of the standard C library (open a file, read a file, etc.) and operating system services (get the current time, create a stream, etc.).
The delivery set consists of a receiver and a transmitter (two console programs), a public and private key (the standard length is 1024 bits, but can be changed at the customer's request), as well as digital fingerprints that identify the client and allow him to establish communication with other network subscribers through the central server of our system.
In order to be able to communicate with other subscribers, the client must receive public keys from them. For security reasons, our server does not send any keys (including open ones) to anyone, and there is also no exchange of public keys between subscribers (which is very important) during the negotiation of the session key, which makes our system absolutely unhackable, since an intruder simply has nothing to hack.
In other words, to establish communication between subscribers N and M, subscriber N must have a private key N, a public key M, and a fingerprint_N_M (the latter is issued by us), and subscriber M must have a private key M, a public key N, and a fingerprint_M_N (the latter is issued by us).
The safety of both private and public RSA keys lies entirely with the subscribers themselves. Provided that these keys are not distributed (by the subscribers themselves), our system provides all subscribers with an absolute level of secrecy. In the event of violation of this rule by some individual subscribers, problems with secrecy arise only for these specific subscribers, without in any way affecting the security of other subscribers who strictly adhere to the rules.
Digital fingerprints contain two subscriber identifiers with a random "salt", are protected by a hash and encrypted with RSA by the public key of the central server. It should be emphasized that this key is not published anywhere and is not transferred to anyone - this is why fingerprints are made by us. Such a policy completely deprives an intruder of the opportunity to hack the system in this area.
After identifying subscribers N and M via fingerprint, the server simply sends information between them without any interference in this process. The server does not have any closed or even public keys of subscribers. The agreement of session keys, therefore, occurs exclusively between the subscribers themselves, without any interference or participation of the Extra Systems Cypher Net central server.
The content of this page is also available in French, German, Portuguese, Spanish, Ukrainian and Russian.
| © Extra Systems, 2024 |
|