The Symmetric Key Management Problem is Dead.

Long Live Keyless Encryption by Marpex Inc.


The Problem

In a classical exchange of confidential written information through the centuries, one person would prepare the content to make it unrecognizable, using a secret key. The intended recipient would need that same secret key in order to work back to the original "plain text". That's symmetric key encryption.

The problem: If the information is really important, it's worth the time of others to break that encryption. Think Bletchley Park and the Nazi Enigma code. Therefore the person encrypting has to:

Those are a few of the risks and ways in which things might go wrong. That's the symmetric key management problem. That's the stuff of thriller stories, real and fictional, through the ages.

The Invention

A solution to the problem was first described publicly in Full Speed Ahead and Damn the Qubits!: How Marpx Extreme Encryption Works by Douglas Lowry. See Chapter 4, entitled No Keys, Please. It takes hardly a minute to enter a new confidant in a personal list of those with whom one wants to share files and messages confidentially. Once that new entry has been tested, confidants may exchange content for as often and for as many years as they like. They never see or even have to think of keys. The user experiences this as keyless encryption. Actually, under the surface there are quickly rotating invisible keys.

The technique was built into a software product, MarpxPrivacy, and made the subject of application number 16/698246 to the USPTO (United States Patent and Trademark Office) on November 27, 2019. On February 27, 2020 the USPTO responded with a "Notice of Allowance" for issuance of a patent on this invention.

A web page https://marpx.com/CybKeyless.asp offers a video demonstration and detailed steps by which anyone can prove for themselves that Marpex Inc.'s solution to the symmetric key management problem works and works well. For a prospective collaborator, Marpex Inc. offers a preview of six chapters from a technical book currently underway on Keyless Encryption and a copy of the not-yet-published patent application.

 

*   *   *   *   *

This solution to the key management problem opens three areas of interest.

1. Significance for Post-Quantum Encryption

Outgunning quantum computers is made simple. The longer the symmetric key, the more difficult it becomes to break encrypted content.

NIST (the National Institute of Standards and Technology) currently sponsors a search for a new quantum resistant standard. Their focus so far has been confined to asymmetric keys, that is, public key/private key and other variations in which keys are not the same at both ends. The rationale offered is that the symmetric key management problem discourages consideration of the simpler alternative.

With the key management problem resolved, it would only seem right for NIST to broaden its review to include symmetric key methods.

To be fair, longer keys of themselves are not a total solution. There must be a reliable way to avoid patterns in encrypted content, patterns that might alert hackers to ways in which the tree of all possible keys might be trimmed. That, of course, is a major point of Marpex Inc.'s Patent No. 10,505,715 on Extreme Encryption™.

2. Significance for Lawful Access in Encryption

Consider an enterprise which has ownership rights for all files and messages produced on its equipment. It can make a case for both encouraging encryption and wanting access when called for to specific messages and files. The U.S. Department of Justice goes further, pleading for access to content that is deemed suspect by a court. The government does not own content generated and encrypted by members of the general public. Instead, it seeks a balance between the privacy of the individual and the safety and well being of society as a whole. See https://marpx.com/PlanEEBD.pdf.

3. Significance for End User Control

The cryptographic community backs away from imposing symmetric key encryption methods on the general public. It's too complex. Too many mistakes are made. When encryption is needed, the experts often take control.

With keyless encryption, adding one person to a list of confidants takes hardly a minute. To test a new confidant relationship, each sends a brief message to the other. In the lawful access version, a user selects a potential confidant from a web page. Rosters are built automatically behind the scenes. Going forward, the user simply selects a confidant, identifies material to be encrypted, and clicks a button. Point. Shoot. Done. It's the same for decryption... utter simplicity, full control.

Marpex Inc. stands ready to license other firms to build the keyless encryption technology into their cybersecurity offerings. The contact is Stephen Feher at 740 317-4847 or sfeher@marpx.com.

 

Site Map

 

MarpX Precision Search