Advantages & Benefits
| Standard
| User's side
| Authority's side
| Technical
| Comparaison
|
Besides ClassicSys ciphering at high speed, two more advantages
make ClassicSys prime candidate for THE standard application in
cryptography :
1. ClassicSys uses only 1 secret key to meet ALL
the cryptographic needs of an end-user such as :
- to authenticate himself
- to authenticate messages with a time reference
- to generate all the SessionKeys he needs for Email (as one
possible application)
- to generate several keys for other applications : banking,
electronic commerce, electronic voting, casino games at home,
...
2. ClassicSys is designed in such a way that there is no valid
reason to forbid it's use in any country in the world. ClassicSys
gives all the required guarantees to its users and their government
: secret keys must not be divulged and Security Services can always
decipher suspect messages.
ClassicSys offers more than the known advantages of encryption
solutions :
- Very high speed of encryption (see below).
- The chip contains the SED algorithm and all the other features
of ClassicSys. One system covers all cryptographic needs,
for all applications.
- New applications can be added without updating the chip.
- ClassicSys works is fully automated, requests to the
TA are returned directly, without human intervention.
- PrivateKeys are completely unknown to everybody, even
the Trust Authority's manager ! All keys are written into chips
and are not accessible to humans or other machines. This guarantees
the privacy of all the end-users.
- Once an end-user has received the information to generate
his ApplicationKeys, he does not need the intervention of the
TA anymore. Email for example, users do not need the TA to
exchange messages between themselves.
- ClassicSys acts like a public key cryptosystem : every
end-user has one public ID number, which is used in a similar
way to public keys. Email for example, when somebody wants to
communicate with another end-user, he sends to the TA his ID number
and the one from his correspondent. In return he receives information
from the TA to generate their SessionKey.
- ClassicSys enables the TA and National Security Service
(NSS) to act completely separately, under different authorities,
as required by our Democracies. Requests from the NSS to the TA
are recorded encrypted by the TA (TA doesn't know the ID of Alice
or Bob in a suspect message). This guarantees the confidentiality
of the NSS's investigation, however, the recorded provides an
audit trail for any Competent Investigating Authority. Optimum
ClassicSys operation should have the TA and NSS under different
authorities, but every country can implement it as seen fit.
- ClassicSys enables the NSS to decrypt the content of suspect
incoming and outgoing international messages, without the
necessity for users to deposit their private secret keys
in the corresponding countries (as with the RSA).
- Only the NSS is able to request necessary information to the
TA to investigate suspect messages.
- Each country remains independent regarding the deciphering
of the incoming and outgoing messages : each message contains
the necessary information to be deciphered by the 2 National Security
Services.
- Each Trust Authority has its own PrivateKey. Consequently
they can only compute PrivateKeys for domestic users.
- ClassicSys is easy to implement in integrated circuits
because :
- it uses only XOR and branching functions
- no reporting arithmetic bits are needed
- programming can be done with a polynomial structure.
- the length of the blocks of key and data are identical and
equal to 128 bits (16 bytes).
- Security of ClassicSys is enhanced compared to other
systems because :
- deciphering is not the reverse of ciphering
- the ciphering and deciphering keys are different
- all the PrivateKeys (end-users, TAs, NSSs) are included in
an IC and therefore not accessible.
- There is no known way to reconstruct, by cryptanalysis,
the secret key, knowing a clear and it's corresponding encrypted
message.
- Differential cryptanalysis is not suitable to the SED
algorithm. On average, there is only one key corresponding to
a clear and its associated encrypted text and therefore, each
bit of the key has equal weight in the algorithm.
- Only 1 secret key of 128 bits is enough to meet all
the cryptographic needs of an end-user such as :
- to generate all the SessionKeys he needs
- to authenticate himself
- to authenticate messages with a time reference
- to generate several keys for other applications (banking,
electronic commerce, electronic voting, casino games at home,
...)
- Unlike the RSA algorithm, where every key requires a determined
space, the SED algorithm can use every block contained in the
space 2128.
- The SED algorithm is very fast for the following reasons :
- the length of the blocks (key and data) is small (128 bits
against more than 512 bits) but long enough to disable every exhaustive
cryptanalysis.
- on average, it is possible to compute at 1/3 of the clock
frequency (8 to 10 Mbytes/sec).
- The SED algorithm is completely transparent. Due to
the theory of Multiplicative Groups we can confirm that there
is no Trojan Horse in the SED algorithm.
- The SED algorithm permits chained mode ciphering, allowing
reduction of the authentication information to one block of
128 bits, whatever the length of the data to authenticate.
The table below compares the important features of the DES, the
RSA and the SED algorithms, used within global cryptographic systems.
| Feature
| DES
| RSA
| SED
|
| speed | high
| low | high
|
| deposit of keys | needed
| needed | not needed
|
| country independence
| no | no
| yes |
| Trojan Horse | not proved
| no | no
|
| data block length
| 64 bits | minimum 512 bits
| 128 bits |
| key length | 56 bits
| minimum 512 bits
| 128 bits |
| use of data space
| full, 64 bits (264), 8 bytes
| variable, limited, not defined,
| full, 128 bits (2128), 16 bytes
|
| ciphering & deciphering key
| same | different
| different |
| ciphering & deciphering algorithm
| different | same
| different |
| algorithm contains only XOR and branching
| no | no
| yes |
| average number of key for one pair E&C=1
| probably not | probably yes
| yes |
| cryptanalysis method
| differential method
| product factorization
| no known method |
| global system including algorithm
| not suitable | not suitable
| ClassicSys |