top of page

CEW Systems Canada Inc.

CEW_Square300x300.png

 

Post-Quantum Encryption

Randomized Data Handshake (RDH)

AES has been studied and declared as a quantum resilient. ASCON Encryption has been declared quasi quantum resilient.

However, symmetric encryption routines like these are incapable of creating and exchanging their own session keys and have relied upon asymmetric handshakes to exchange a session key on their behalf. Until now.

Introducing the Randomized Data Handshake or RDH.  It is a hybridized handshake wrapped around the AES and ASCON encryption which allows a sender and receiver to mutually authenticate each other while exchanging only 100% randomized data (with the exception of a hashed user ID, used by a receiving device or server to lookup the user's authentication codes).

While the NIST selected post-quantum encryption algorithms are useful for general purpose, they leave gaping vulnerabilities open for vertical markets such as IoT and Fintech.  The RDH handshake has been specially designed for these vertical markets. 

The handshake was designed for:

  • Remote Keyless Systems, this includes automotive car FOBs, garage door openings, etc.

  • Internet of Things (IoT) technologies, Blue Tooth

  • Industrial Internet of Things (IoT) technologies

  • RFID based smart cards for office and apartment buildings

  • Private, corporate and government drone technologies.

  • Autonomous vehicles wireless communications

  • Satellite communications

  • New Credit and Debit smart cards with upgradable firmware for existing POS terminals. (FINTECH)

  • VPN protection for “work at home” employees

  • Data storage

Our white paper was published under The Journal of FinTech titled: 

 

White Paper: Quantum Resilient Upgrade for ASCON (and AES) with Novel RDH Wrapper Designed for FinTech and IoT

Abstract:

With the looming quantum computer threat, the National Institute of Science and Technology (NIST) has done an exhaustive search for both quantum resilient encryption, creating new asymmetric algorithms and a separate \lightweight cryptography" suitable for small IoT electronics, selecting ASCON. However, NIST admits that ASCON is only quasi-quantum resilient. AES has also been independently declared quantum resilient. Unfortunately, the four selected quantum resilient asymmetric algorithms and AES are far too computationally heavy for FinTech smart cards' use. The proposed Randomization Data Handshake (RDH) has been designed to wrap around both ASCON (and AES) allowing each to create andexchange instructions to build their own non-transmitted quantum resilient session keys using 100% randomized data, while simultaneously authenticating both sender and receiver. Furthermore, credit cards, debit cards, PINs, passwords and session keys are never transmitted. In a way, RDH emulates the quantum entanglement's ability to exchange data (keys) without sending the data.

Additional research discussed and included in the paper:

During the course of development, we received a Canadian government grant that allowed Saskatchewan Polytechnic to evaluate our technology, then called Bi-Symmetric Encryption. The publicly available CTO-funded third-party peer-reviewed report (Coupal, n.d.), (https://5d6f9a®-035d-4667-807c-4f3241f5df83.usrfiles.com/ugd/5d6f9a 89233d6ea24245c78687f7698d0e92a5.pdf) written by Dr. Cyril Coupal of Saskatchewan Polytechnic Institute's Digital Innovation Center of Excellence (DICE) (Saskatchewan Polytechnic, n.d.). RDH is based on the original Bi-Symmetric Encryption system. However, the underlying proprietary symmetric encryption system
called CKV has been replaced with the ASCON and AES symmetric encryption algorithms. While doing so, the handshake was updated and expanded upon. Due to unforeseen events, the Bi-Symmetric Handshake and CKV were unfortunately not submitted in time to NIST for evaluation. Fortunately, the RDH handshake provides extra functionality and security protections (previously described) not found in ASCON.

Dr. Coupal's report was written as a review of the Bi-Symmetric Encryption software and did not delve into how the algorithm functions. His paper was centered on e-commerce applications and how Bi-Symmetric Encryption can be used for smart cards, POS terminal purchasing and online ecommerce applications. Dr. Coupal's report did not describe how the handshake worked. This was left for a separate future paper to be submitted to a peer-reviewed journal. This paper describes how RDH has been expanded
upon from the original Bi-Symmetric Encryption and how handshake functions.


A firrst draft copy of Dr. Coupal's paper was given to a potential client (who signed an NDA), whose employee decided to have a secret third-party evaluation done. He transmitted the paper, without approval, to a hacker blogger who only goes by an online pseudonym (hereby referred to as the blogger). The blogger reviewed the paper and posted his review on his blog site: https://soatok.blog/2021/09/28/the-bi-symmetric-encryption-fraud. Since the original version was designed around existing standard e-commerce practices, he found and listed a number of currently known, but little talked about, vulnerabilities. Additionally, since the report did not disclose the methodology of the encryption, nor the handshake, the blogger took an extreme view and assumed that the obfuscation (an often-used industrystandard approach) was instead nefarious and fraudulent in nature. Unfortunately, titled and filled his review with overzealous language. This paper both reveals and describes how the handshake functions and its underlying encryption. Therefore, the accusation of fraud is answered with transparent and concise details on the methodology of the handshake functions.

Conclusion:

This paper proves that POS terminal purchases and online credit card authorizations can be processed without ever directly transmitting the bank debit and credit card data. If the banking or credit card data is never sent, it becomes much more di±cult to determine what keys were used to encrypt the 100% randomized intercepted data. However, this proposal most likely requires larger changes to the FinTech industry than experts have originally anticipated.

Through this paper, we argue that the various IoT and Fintech industries should seriously consider adopting the various RDH hybridized handshakes wrapped around ASCON and AES for their speci¯c vertical use cases. The standard use general purpose NIST post-quantum asymmetric encryption routines cannot account for other forms of attacks that Fintech technology is currently vulnerable to which completely bypass the need to decrypt intercepted data.


Additionally, until a software compiler can be created that can never be decompiled, this paper shows that wherever possible, it would be extremely wise to incorporate RDH hardware-based 2FA to manually approve important actions such as online purchases, banking app logins and banking app transactions.

bottom of page