Skip to main content

Crypto misconceptions due to poor semantics

Let's start by explaining a use case and the confusion it gives due to poor nomenclature in the crypto-world. The case of me giving a so-called private-key to someone, so I can send the person an encrypted message with the pared public-key, so only the receiver can open it.

In this use case, in fact, I make a private-key public and assume the public-key to be private.

This use case makes clear that the naming of private-key and public-key are a poor semantic choice. It is a poor choice because depending on the use case, the private-key can be public and the other way around.

We better call the private-key just the encryption-key, and the public-key an encryption-vault. Let's then revisit the example use case now with the new naming.

The case of me giving a so-called encryption-key to someone, so I can send the person an encrypted message in an encryption-vault, so only the receiver can open it.

We have 4 clearly define objects now:

  1. public-encryption-key
  2. private-encryption-key
  3. public-encryption-vault
  4. private-encryption-vault

And vaults can have two states, namely be empty or being filled.

So we can split 3 and 4 in two types of boxes; empty and filled:

  1. encryption-vault (empty)
  2. encrypted-vault (filled)
     

Comments

Post a Comment

Popular posts from this blog

Localization is not one class, they are four

It is rather stupid that localization and language in web-apps are the same. They are not one, but separate classes. While US English is the dominant language in science, the old Roman Imperial measurement system is not. One should be able to use en-US for spelling etc. While using metric measure; ISO date format and in numbers the ‘,’ for thousand separator and the ‘.’ for decimal separator. So there is not 1 class, there are four: language; measure-system; dating-system and number-notation system.
Post a Comment
Read more

Brussels could do a better job

Abstract Legal systems should enable good public services, not just complicate things. We (the people) don't really need governments, we need good public services. These days, too little is done to ensure a level playing field for companies on a global scale. Enabling big companies to lock buyers into their influence sphere and squeeze as much as possible money out of them. Below three examples where our public services fail. Selling hardware with preinstalled OS should be illegal If a consumer buys a smartphone or a personal computer, it is always sold with an operating system preinstalled. This fixes the consumer into the commercial influence sphere of the hardware seller. Apparently, the Brussels bureaucracy is not really interested in a plane playing field that enables European suppliers to participate in the smartphone and desktop computing market. Would Brussels really be interested in a plane playing field, it would not be allowed to sell end-user devices (smartphones and pe...
Post a Comment
Read more

De EU en de crypto war! Overheid zie toch eens de kansen!!

  Naar aanleiding van het uitstekende artikel van Fred Hage in de Computable van  27 november 2020. Overheden worstelen met End-to-end encryptie en ‘lawful interception’. Met andere woorden privacy op internet aan de ene kant en de mogelijkheid criminaliteit te onderzoeken aan de andere kant. Het blijft me verbazen dat overheden blind zijn voor de kansen die dit dilemma biedt! Stel "ik kan bij de NL-overheid mijn encryptie regelen" (met de wetenschap dat ze mee kunnen kijken). Dan doe ik dat toch zolang ik niets te verbergen heb! Dus: Overheid wordt eens wakker en bied zelf encryptie services aan! Ga met de betrokken internet diensten zoals Google, Amazon, Facebook, Microsoft .. etc. om de tafel zitten en ontwikkel encryptiediensten en standaards voor (vertrouwde) burgers waar ze gebruik van kunnen maken. De diensten kunnen dan vertrouwd verkeer van onvertrouwd verkeer onderscheiden. Ze kunnen vertrouwd verkeer direct, eventueel automatisch, onderzoeken. En me...
1 comment
Read more