The Toolkit For Building The Future …

I’ve just read a white paper on a new Web 3 advancement, and it all reads well and is nicely presented. But it lacks any real detail on…
Photo by Todd Quackenbush on Unsplash

The Toolkit For Building The Future …

I’ve just read a white paper on another new Web 3 advancement, and it all reads well and is nicely presented. But, it lacks any real detail on the actual practice. As a cryptography researcher and academic, I spend a good deal of my time reading peer-reviewed work, so any real advancement must show how things work and the advancements involved. We can all talk a good game, but it is what happens under the surface where the real innovation happens.

Cryptocurrencies have been the vanguard, now we need to build the rest

Many people can define the problems of our current Internet, and propose ways to address these problems, but the real skill will be to make sure that all the different elements will work, as a weakness in one part of this can cause the whole infrastructure to fall. Cryptocurrencies have been the vanguard for this — and have shown many strengths, but also many weaknesses. We all need to learn from initial failures and make sure we carry forward all the good things into building a trusted world of our future. To me, we have barely started building a new digital, and are still prototyping. But, slowly, a consensus evolves in the way that our new Internet needs to be built — and the details of this matter.

Cryptography research and industry advancement in step

My advice to any innovator or early career researcher (ECR) is to continually read papers, and properly understand them. I think, overall, that cryptography is a field where academic research is in step with industry advancements. I love working in the area as it has a strong peer review ethic — as it needs to, as you shouldn’t “cook your own crypto”, and continue to understand the latest methods and vulnerabilities. The superficial approach to the topics that exist in a few areas of cybersecurity, just cannot happen in cryptography. If something hasn’t been peer-reviewed, you must worry about it as a method.

The toolbox of learning

As I read papers, there’s a general focus on the evolution of the “toolbox” of building the future of the Internet. So step forward the methods of the future, and that I recommend those in software development, data architecture, and cybersecurity to learn:

  • Elliptic curve cryptography (ECC). For just now, it is ECC that is building a foundation for many of the methods. With quantum computers still many years away, there’s only really one show in town for creating a cryptographic foundation, and its ECC. Overall, ECC has been shown to be efficient and secure in a distributed world. You can learn more about ECC, try here.
  • Verifiable Shamir Shares. Wow! A method that can provide perfect security, and also Byzantian fault tolerance, if required. An important area of development is within splitting encryption keys into secret shares, and then rebuilding them when required. In this way, encryption keys don’t have to be stored in a single place, and when we rebuild the keys, we can use advanced authentication methods. But, the great advancement will be the usage of Verifiable Secret Shares (VSS), and where each of the parties involved in sharing a secret can verify that the shares used are defined correctly. If you want to understand them, try here.
  • Fiat-Shamir. The rise and rise of Non-interactive Zero-Knowledge Proofs (NI-ZKP) will be one of the great growth areas of the future and provide ways to prove the knowledge of things, without giving away private data. If you want to understand it, try here.
  • Schnorr. And so it was Peter Schnorr who came up with a method that allows us to aggregate digital signatures. If you want to understand how Schnorr signatures are created, try here.
  • ECDSA and EdDSA. For digital signatures, you can’t avoid ECDSA, and it is the basis of trust for many applications (including Bitcoin and Ethereum). But, it has weaknesses and is not easy to integrate with secret shares. And so step forward EdDSA, and which uses a Schnorr approach, and thus allows for signature and key aggregation. You can learn about ECDSA here, and EdDSA here.
  • ElGamal and Paillier. As many people talk about a fully homomorphic encryption work, and where we can process encrypted data, it is unlikely to happen at scale any time soon. But, most of the things we perhaps need to do are quite simple operations, such as adding and subtracting. And so the partial homomorphic methods are fit for this at the current time. ElGamal and Paillier do these things well. The basics of using the ElGamal method for homomorphic addition is here, and with Paillier here.
  • zkSnarks, Bulletproofs, and so on. What a magical concept that we have with zkSnarks. We can create a complex computation and then solve it with a secret, and give the proof of the computation and answer, without revealing the secret. The magic of them is that the checking of the proof is fast, and allows for proof of knowledge. I can’t underline enough how important this little method will become within a privacy-preserving world. A simple example of zkSnarks is here.
  • Distributed Key Generation. One of the major problems of the Internet is its reliance on a centralised source of control. So, what happens when the central controller goes bad, or when one of the parties involved in an information system becomes malicious. We can cope with this using a Distributed Key Generation (DKG) infrastructure, and where there is no dealer, and where each of the parties can generate their own random part of the overall secret.
  • Byzantine Fault Tolerance. If we build in Byzantine Fault Tolerance (BFT), we can cope with failures of parts of the infrastructure or can cope with parties becoming malicious. If we build with DKG and BFT, we have an architecture for building systems which can cope with outages and where malicious agents take over elements of our infrastructure.
  • Post Quantum Cryptography (PQC). This all depends on your risk landscape, but every system will need to be assessed for its robustness against the risk of being broken by quantum computers. While it will be extremely difficult to replace PQC robust methods with ECC, there should be some consideration in the migration path — when required. Dilithium for digital signatures and Kyber for public-key encryption/key exchange methods look good bets for this. You can try some of the proposed methods here.

Conclusions

I haven’t discussed MPC (Multiparty Computation), security-by-design or privacy-by-design, as these should be a core part of building systems using the methods I have defined in this article.

To me, cryptocurrency will boom or bust, but it has supported the building of one of the most amazing infrastructures for research that I have ever seen. They will, though, leave behind a legacy for many others areas to take forward. It will then allows us to properly build a new Internet — and which is inherently secret, robust and more trusted. For just now, it is a bunch of disparate networking and service protocols that were mainly developed in the 1980s — and where we have just patched with sticking plaster in order for them to scale-up.

The more we can start to see blockchains, smart contracts and distributed ledgers as tools rather than a solution, the better we will be able to build this new world. Whenever I see conferences that focus purely on blockchains, I worry that we are stuck in an endless loop of seeing them as a solution, and not as part of a solution. The more we do this, the more that the industry will see them as a hype element. They need lots of other things to make a whole system work, and it is cryptographic elements which will build a secure foundation layer and not blockchains.

Overall, I wasn’t able to contribute to the growth of the Internet (as I was just a student at the time), but I have the chance to influence and build a new future … and where we all build on the shoulders of others. This involves proper research and in failing at times. So go and contribute and help build a better and more trusted digital future.