There are approximately 2.5 billion home computers around the world and about 4.5 billion, if we count devices like tablets and mobile phones and an estimated 4.2 billion people using email. The amount of emails daily transmitted in 2022 will increase in 2026 by 4%, if we can believe the forecasts. But what's staggering is the daily number, which is estimated by over 330 billion. How many of the 4.2 billion users you think can afford hardware & software (most of them with the need for costly updates from time to time) to protect their communications when based on text, images, videos etc.? The next generation of computers (quantum or hybrid) will ensure that we can retire the current systems used to protect these devices.

These generations of machines and encryption systems will rely on additional hardware and software, with more mathematical equations added towards them^*1) to buy users time. Because this is the only benefit and gain we can expect these systems will have to offer and of course, there is a price tag attached to it. Like the previous and current systems, their claims of security are based on assumptions, hoping that the time required to break their encryption exceeds reasonable timeframes. Here too, the assumptions of the time it would take to break ciphertext, created by these systems, are based on unquantifiable equations. Unquantifiable, because they only take into account the current knowledge we have about mathematics and technology, but that might not go hand in hand with the knowledge and technology adversaries have at their disposal. The proof for this argument can be found in the past, when estimates of time required going into the millions of years, now have been reduced to minutes by simply using current home computers.

The one system standing out is a system, which according to common opinion is outdated and not practical in a modern world, the One-Time Pad. What separates it from all other systems is the fact, when correctly operated it will supply every single plaintext that fits the length of the ciphertext as the possible plaintext. All other systems as soon as the algorithm is discovered will only supply one valid plaintext. The seal of approval (Vernam Cipher/One-Time Pad) was given by Claude Shannon, when at the end of the 1940s his papers were published (declassified), which came with the mathematical proof.

Some readers might think now "Here we go again! Another blog about the One-Time Pad (OTP), repeating what has been said and written in thousands of publications and online blogs." A gospel preached since Shannon's proof was publish and repeated over and over again until it was declared an axiom. Whoever tried to change the modus operandi was told that it would be impossible and there was no other way of operating it. Far from it, because in our blog we are going to rewrite how the OTP can be operated. We will remove key requirements, which according to common opinion prevent the OTP to be an encryption system in our times.

The reason why we looked at the One-Time Pad is the fact that all previous attempts to create a system, capable to generate ciphers which were impossible to crack, have failed. Since we use computers and the Internet these magical algorithms and encryption systems came with statements, which in itself contradicted the same statements. The first statement in the adverts always pointed out that the ciphers generated with these system could not be cracked. The second statement then pointed out the time required to crack these ciphers (millions of years etc), invalidating the first statement. Since Albert Einstein we know that time is relative (E = mc²) and might not proceed with the same tact everywhere, a tact we take for granted. The same applies to cryptography and has been proven for all the so called unbreakable systems. The only system that can place a claim to it is the One-Time Pad when correctly operated.

When we reached Shannon's papers and his conclusions about the Vernam cipher (today's OTP), after covering nearly 3000 years of crypto history, we felt that something wasn't right and that somehow, we were lead down the wrong path intentionally. The mathematician, helping us told us this too, when we tried to understand the mathematical algorithms NIST has chosen and supposedly providing us with some kind of security (more time) before the next generation of supercomputers arrive.

We will also take a look at Passwords, which from their conception on and there after have been a trouble spot on the Internet. The latest news by large service providers on the Internet is to phase out the current way of creating passwords and replace them with biometric data (fingerprint, eye or face). Will it improve security? Doubtful, but it will provide them with more data, which we might want to stay private. It will also encourage malicious people to develop different attacks on these biometric passwords and find new ways to cause harm to users and business. Users of course were not asked and it will provide governments with an additional source of data, which they can access via national security laws and secret courts, without users being informed about it.

The last blog dealing with the Internet will be data compression/encryption and some ideas we had to make some improvements. There is already talk about, that the substance we need (silicon) and used to store our data will be in short supply from the middle of our century. Research groups, private and at universities try to find materials to substitute for it. However, until these materials are found and ways to implement them with our IT systems we are stuck with the current option. Of course we can use compression programs like ZIP, RAR and all the other available programs to dramatically increase the amount of data we can store, but once we have reach the the highest compression ratio, we have reached the end of that road. After maximum compression we are told, that no further compression is possible. The question for us was, what is the highest compression ratio? We found that already compressed files could be further reduced in size to 50% or 60% of the previous compressed size and if required even further (12% in some cases).

Do not go where the path may lead, go instead where there is no path and leave a trail.

In our Comment Section we take a look at a process that slowly is trying to remove one of our fundamental rights, which is the right of having privacy in our communications with friends and family members. Crime and National Security are used by politicians to demand backdoors into encryption software and systems. The politicians in our democracies requesting these steps, are the same people who don't hesitate to claim national security interests, which allows them to withhold information that should be made public. In that respect National Security has become a tool to act as shield to avoid accountability and on the other hand a tool to force the removal of privacy and intoducing self-censorship for the rest of us.

^*1)

If we look at the four systems chosen by NIST (National Institute of Standards and Technology - part of the U.S. Department of Commerce) to be part of the possible post quantum solution, we will realize that the path we are set on again, was described by Nicola Tesla as: Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality.
The only security these system offer is the time factor required to break them. The mathematics and functions used in these systems are only understood by a few mathematicians and the rest of us has to rely on faith. But faith is something we should reserve for religion and in cryptology/cryptography we have to look at the facts. Here a few facts you should keep in mind before reading this blog:

How likely is it that NIST would recommend encryption algorithms which could not be cracked by the NSA or other U.S. intelligence agencies?

How likely is it that mathematicians will find a magical algorithm, which would provide perfect secrecy based on a short key shared between two parties or for today's private and public key encryption, when the testing of these algorithms by NIST only allows one result (meaning that the rest of the data during a brute force attack will only yield senseless data)?

NIST, like all government agencies is bound to observe the rules that govern National Security. Recommendations it makes on security and hardware and software solutions will never suggest systems which can not be cracked by U.S. intelligence agencies. The logic here is straight forward, because the mathematical algorithm now being tested are in the public domain. Any system NIST declares post quantum secure in the future, will also be available to anybody else and could also be used by them. It was admiral Alexander, former head of the NSA, who after the scandal revolving around the revelations by Edward Snowden and the illegal activities by the agency said: "If you look for a needle in a haystack, you collect all the hay." Recommending and implementing a foolproof system by NIST would prevent the NSA from doing its job, because there would be no needles left in the hay. It is naive to believe, that one agency would be permitted to supply tools under national security laws and guidelines, which rendering the other agency toothless. A professor for mathematics and cryptology in Berlin made a remark in an interview with the German magazine Der Spiegel, permitting us to quote him: We have always known that our opponent (sic. NSA) has billions of dollars at its disposal, which we don't have and access to a technology we don't possess.

That brings us to the second point here, which is mathematics and to find a way to come close to Shannon's proof of perfect secrecy for the Vernam Cipher (OTP). We will never achieve perfect secrecy until our random key source matches the length of the plaintext we encrypt and as long as we use mathematics and pretend it could produce random results. It is generally accepted that perfect secrecy requires a unique random key for each plaintext character and that without knowledge of the key any plaintext that makes sense (and also plaintext that doesn't make sense) and fits the length of the ciphertext can be the possible solution. Using a key that doesn't match the length of the ciphertext and a mathematical algorithm would not comply with Shannon's definition of perfect secrecy and here Shannon is the authority. His definition of perfect secrecy is the only one until today, which has the mathematical proof attached to it.