News

Introduction

Waitman Gobble

06 Mar 2025 — 3 min read

Some gold leaf Q's on a triangle laid on a background of a fiery sky.

We will explore forward secrecy and build the components for a working system. The concept is to have a group of devices sharing application data through an HTTP server that has zero knowledge of the data. This system will be loosely based on the Tree-KEM proposal, using hybrid ML-KEM "Kyber" keys.

I shall attempt to explain the complex in simple terms.

PKI, or Public Key Infrastructure, uses asymmetric keys to encrypt information. A user would have a secret key, for example "secret123" that nobody else knows (although an actual key is a long string of random characters), and a public key, such as "public123" which can be shared with anyone and even published in public.

It's asymmetric because there are two parts to the "password", a secret part and a public part. Another person can use the public part to encrypt information, such as a message, and send it to the recipient who owns the associated secret key. Only the person with the secret key can decrypt and read the message.

A "symmetric" system uses just one "password", which is secret. Anyone who knows the secret and encrypt and decrypt information, or a "message". It's perhaps similar to the concept of a group of friends sharing a social media account, those who "know the password" can log in and read the private posts. In basic terms.

A hybrid system uses both asymmetric and symmetric encryption keys. This method is considered "Quantum Proof", however quantum computers are still being developed, so there is little or no field-test "attacks". A hybrid system might use AES symmetric encryption, which is used, for example, to encrypt credit card numbers in an ecommerce processing system. Then the encrypted data is again encrypted using an asymmetric key, such as an RSA key, which sends the encrypted data/message to a specific person. That recipient has to have both their secret key and also the symmetric key "password" to decode the message.

A new hybrid system is Kyber/ML-KEM which has not yet been officially standardized at the time of this writing, but soon shall be a standard. ML-KEM uses a different algorithm than RSA and also encodes the symmetric key into the asymmetric key, so it's a single "unit", instead of two pieces of the puzzle.

When we encrypt information, we "throw in" some random data, called salts and nonces, which randomizes the encrypted data. For example, a large site with tens of thousands of user accounts, and the private user information is encrypted before it is stored in a database. Without the random data used in the encryption, an attacker who accessed the encrypted data could look for patterns and determine the secret key. As a simple example, let's say 10% of users enter "password123" as their password. If that is encrypted as "AGHYUJKIHFR" without any added random data, then there would be roughly 10% of the data with the same "AGHYUJKIHFR" so an attacker could use that to figure out the secret and decrypt the rest of the data. By throwing random data into the mix, the encrypted data will always be unique.

With PKI and hybrid systems, the issue that makes things complicated is groups of three or more. With a symmetric key system, you just have to let each group member know the secret (somehow, without sending it by email, etc., which could potentially expose the secret to unintended people). Using an asymmetric system, each group member merely needs to know the public key of each member of the group. But here's the problem: to send a "group message" a person would have to encrypt to each member individually. With three members, this isn't such a big deal, really. But consider 1,000 or 10,000 or more members. A person would have to encrypt the same message individually to each recipient.

Using the proposed Tree-KEM method can solve this problem of encrypted group messages. We will explore this in a future post.