News | November 30, 1998

Virtual Matrix Encryption

Could this be the world's first truly unbreakable data security system?

By: Michael Vaknin, Meganet Corporation

Contents
• A New Concept
• Additional Security
• How Does It Work?
• Summary

Computer security is a hot topic these days. That's not surprising when you consider how crucial computers are to all aspects of modern life. Unfortunately encryption technology has not kept up with the rapid pace of computer development.

Existing Public Key Cryptography and algorithms, which were introduced around 1977, are all based on an asymmetric key set, meaning one key is private and the other is public. Mathematically, it was thought to be almost impossible to derive the private key from the public key because they used a key length that would've taken 100 years to break by brute force computing with the equipment available twenty years ago. In other words, Public Key algorithms were never supposed to be impossible to break - just impractical. Spending 100 years to break the code for a transaction worth only a few hundred dollars made no sense.

Twenty years have gone by, however, and today's personal computers are faster than yesterday's super computers. Today's super computers are capable of computing trillions of calculations per second. On top of that, parallel computing has evolved to the level of hundreds and thousands of concurrent CPU's, creating tremendous computing power. As if that weren't enough, we now have the ability to network thousands of computers through the Internet, creating monstrous computing power from relatively simple personal and university computers.

The weakening of the public key crypto-system initially surfaced in 1997. First, it was the 40-bit key that was broken using a mass of networked computers through the Internet. A few months later the 48-bit key was broken by the same method, in less time than it took to break the previous key. The most significant key to be broken was the 56-bit key, because it is used worldwide by financial institutes, government arms, corporations and many other organizations.

While the 128 bit key has not yet broken, and is exponentially much stronger than 56 bit --the parameters to break this algorithm are still the same -- computing power and time. With technology changing every three-months on average, it is not certain when the 128 bit will be officially broken.

These events clearly indicated the need for a new algorithm, an algorithm that does not rely on computational complexity to exist, and is not sensitive to brute force attacks. An algorithm not unbreakable by virtue of the time it takes to break, but by virtue of the fact that the data is not actually encrypted. If the data is not encrypted, it cannot be decrypted. What you would have, in effect, is an algorithm that cannot be broken, regardless of the time and computational efforts expended. That is the basic concept behind a new technology called Virtual Matrix Encryption (VME).

Return to Contents

A New Concept

The base of VME is a "virtual matrix," a matrix of binary values which theoretically is infinite in size and therefore has no redundant values. The data to be encrypted is compared to the data in the virtual matrix. Once a match is found, a set of pointers that indicate how to navigate inside the virtual matrix is created.

That set of pointers (which is worthless unless pointing to the right virtual matrix) is then further encrypted in dozens other algorithms in different stages. The result is encrypted data that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different virtual matrix and that the data pattern within the virtual matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set. The result is a data security method and apparatus that provides an exceptional degree of security at low computational cost.

This data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the massage is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, which is a large (infinitely large in concept), continuously changing array of values.

The VME uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure massage and a computer used to receive a secure massage. A smaller, Specific Transaction Key is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key.

A central Virtual Matrix algorithm is surrounded by a myriad of other algorithms.

This means that a single byte may be encrypted many, many times, with each successive result being passed to another algorithm in what may be regarded as a random path. This path is determined by reseeding a random number generator at various junctures using values from the very large key, the smaller key and various other user supplied parameters. These parameters may include, for example, source user, destination user, file name, save-as file name, and description.

Return to Contents

Additional Security
An optional higher level of security is also available. If the massage is secured using the same string as the file name and save-to file name, when unlocking is attempted for the first time, the original file will be overwritten, affording only a single opportunity for the massage to be unlocked. A message may be secured in accordance with various options specifying an intended audience, including Global, Group, Specific and Private options.

Global allows anyone having a copy of the data security software to decrypt the massage, providing that person has the correct keys and is able to supply parameters matching those with which the message was secured.

Group allows the possibility of successful decryption by any of a number of users within a group, identified by its members having copies of the software program with a common prefix.

Specific allows only a user having a particular numbered copy of the software program to decrypt the data.

Finally, Private allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the massage to be unlocked.

The present system further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force.

Return to Contents

How Does It Work?
1) Virtual Matrix Encryption (VME) reads data from the original file into memory, and then compares it with an internal random matrix of values named "Virtual Matrix" (VM). A set of pointers to the location in the matrix, called "Virtual Matrix Pointers" (VMP) is created. These pointers are than passed further to be encrypted by additional algorithms in VME. The original data is never encrypted or transferred in any form or shape. Since the data is not encrypted, there is no way to decrypt it. The process utilizes "Progressive Virtual Matrix" (PVM) and "Regressive Virtual Matrix" (RVM).

2) At that stage, 5 different keys are being created: "Million Bit Key" (MBK) is a key of 1 Million Bits in size that is unique in concept. Since a million bits equal 128kb, it would be very slow to transfer over slow communication lines (2 minutes at 28.8k). Therefore, it is recreated at both sides (based on a secret reference file) of the connection without being transferred. A "Standard Transaction Key" (STK) is another key created. Its size is 2,048 bits. That key is transferred with the encrypted VMP on a public network. This key is a unique non-redundant key per-transaction, assuring that even if the same data is encrypted time after time again, it will never yield the same encrypted code (hence preventing a possible security breach). A third key "Users Key," also a 2,048-bit key, is created based on users input (Username, Password, Etc.) and used in the encryption process. Two additional 2,048-bit keys are created randomly and are utilized to further encrypt the data.

3) The encrypted pointers are then further encrypted by a variety of highly secured algorithms: "Multiplication Matrix Modulo" (MMM) is a matrix of mathematically inverse keys utilized to encrypt/decrypt the pointers. Since the specific order is random and based on the actual pointers encrypted, there is no way to pinpoint the right combination, hence any combination can be valid. "Subtraction Matrix Modulo" (SMM) is a system that utilizes a mathematical algorithm to add multiple numbers together in a register to create an overflow of limited size. The overflow actually gives us an unpredictable number that is used to further encrypt the pointers. "Multiple Algorithm Matrix" (MAM) is a collection of 256 unique encryption/decryption algorithms utilized to further encrypt the pointers. Since the specific algorithm used at a certain point is dependent on the variety of keys and data flow for the specific session, there is no way to know which of those algorithms was used. Therefore, regardless of the strength of a specific algorithm, it is impossible to break. "Bit Level Encryption" (BLE) is another innovative algorithm that encrypts data one bit at a time. A specific bit can have a value of only 0 or 1, and the encrypted value is also only either 0 or 1. Considering the fact that a single bit is meaningless (versus a byte that can signify a character for example) it is impossible to decrypt.

4) In addition to the previously described algorithms, an additional algorithm, known as "Date Limit Algorithm" (DLA), is implemented. The DLA allows further encryption of the pointers in such a way that they can be decrypted correctly ONLY between a defined date range - therefore creating for the first time, an encrypted content that is time sensitive. The implementations are endless - you can encrypt data for a specific date in the future (software vendors who wants to debut a new software on a specific future date can distribute the encrypted code months ahead and give the password on the specific date). DLA also prevents brute force attacks. Since it reads the date from the real time clock, once it goes out of the date range, the decrypted data will never be correct, even if the right keys are used (since there will be no way to tell if the problem is the key or the date).

5) The last stage of encryption consists of "Targeted Delivery System" (TDS) which is a system targeted at covering all the scenarios and needs for encryption. The "Global" option is as it sounds - anybody on the planet with a copy of VME and the right keys and passwords can decrypt the data. "Local" means that only people from the same organization holding a copy of VME will be able to decrypt the data. An outsider, even with a valid copy of VME with all the keys and the passwords will not be able to decrypt it. "Private" means - your copy of VME is the only copy in the world that will be able to decrypt the data, regardless of who acquires the correct keys and passwords. "Specific" is targeted at sending specific material a specific person, even on the other side of the world - the data is encrypted in such a way that only the TARGET user can decrypt it. Not even the originator can decrypt the file.

Return to Contents

Summary
According to its inventors, VME will forever change the way data is being encrypted. Whereas DES has been broken in 56 hours on a single machine valued under $250k, and RSA in different strength levels have been compromised, VME is suited to replace both traditional symmetric and public key cryptography. Given the tremendous increase in computing power in the last 2 decades, and the fact that the Internet has given us the ability to harness the power of thousands of such computers, there seems to be little or no place for encryption methods that are dependant on computing power and time.

From super computers, to personal computers, to cellular phones, to satellite communications, to set-top TV boxes, in businesses from financial institutions, to government agencies, to industry and E-commerce, it's foreseeable that VME could create a new direction in the world of security and create the trust needed to make E-commerce an accepted means of conducting future transactions.

Contributed by: Meganet Corporation, 19528 Ventura Blvd #317 Tarzana, CA 91356 Tel: 818-757-3890 or fax to: 818-757-7278.