Human Proxies in Cryptographic Networks E-Book

Table of Contents / Inhaltsverzeichnis

1 - Introduction to Human Proxies

2 - Graph-Theory and Echo-Protocol

3 - The introduction of proxies in the friend list of a messenger

4 - Basic examples of a constellation of a Human Proxy

5 - Human Proxies in Relation to further Characteristics and Developments

5.1 - Proxies in political and social life

5.2 - In times of global indexing of all Human Beings, Human Proxies enable everyone to be able to delegate

5.3 - Human Proxies and Plausible Deniability

5.4 - Human Proxies and Data Retention: Beyond Cryptographic Routing

5.5 - Is the inner envelope a copy or the original?

5.6 - Human Proxies are currently a most modern because even the most complex remedies against mass-surveillance with totalitarian intentions

5.7 - From „Trepidation of Memory” to „Trepidation of Relationship”

6 - When machines steer machines: Assess everyone as a proxy

7 - Research and development perspective: proxifying proxied data (the meta level of Inner Envelopes) and the vision of interoperability of endpoints in communications

8 - Human Proxies – A new direction and level for End-to-End encryption

9 - Didactic questions

10 - References

„Everyone's a Proxy, baby - that's the truth!“

Hot Chocolate.

Human Proxies in Cryptographic Networks

- Establishing a new direction to end-to-end encryption with the introduction of the inner envelope in the echo protocol

Uni Nurf

Abstract:

Human Proxies offer new directions to end-to-end encryption: End-A-to-End-Z encryption must be rethought when it turns out to be an End-B-to-End-Z encryption. And, Human Proxies raise questions that were neither answered by science, journalists nor the public.

Regular Proxies on a network are forwarding Internet requests, e.g., to download a webpage. Also, in political and social settings a Proxy as an intermediate, deputy or representative with a similar function is given.

Human Proxies now enable within the Encryption and Messenger Application Spot-On to choose a friend as a Human Proxy.

The Spot-On program is a most modern and elaborated encryption suite available for several operation systems and provides many innovations in applied cryptography. It builds based on the Echo Protocol a cryptographic network, that is beyond Cryptographic Routing.

With Human Proxies now a friend from the Messenger friends list sends out the chat message instead of the original sender.

The construct of the „Inner Envelope“ behind the Human Proxy function also creates new cryptographic challenges, provides plausible deniability to included nodes, and offers new perspectives in encryption, its analysis and decryption:

As all messages in the network are encrypted, end-to-end encryption is new defined and gets with Human Proxies a potential second and plausible deniable start point. The essay in this book discusses some related aspects of Human Proxies and their referring’s to encryption, networking, graph theory and comparable social and political processes of Proxies.

This leads to a further general approach: Endpoints in Encryption are equipped by the application Spot-On with the vision of interoperability of endpoints in communications.

1 - Introduction to Human Proxies

The encryption suite Spot-On encrypts not only chat, email, and files as well as a web search in a distributed but only locally searchable URL database by establishing a network of encrypting network-nodes. In addition to numerous other cryptographic innovations, the software application has now furthermore introduced the function of Human Proxies in early 2023: The Human Proxies function is another developed aspect of the interesting Echo and its protocol (Spot-On 2013).

A proxy is generally a communication interface in a network of computers: a starting point or an instance for putting through or for forwarding chats and data on the Internet instead of the original address, e.g. the IP address.

The term proxy derives from the Latin word „procuratorem“ and means „to care for something“, or with alternative terms it means also to be a „representative“, a „delegate”, an „intermediate” or an „agent“.

The proxy therefore works as an intermediary which accepts inquiries on the one hand and then establishes a connection to the other side via its own address. This is a usual basis for the Internet.

If the proxy is used as a network component, the actual address of a communication partner remains hidden from the other communication partner. That creates a certain anonymity. At the same time, a proxy is also a protective shield outward to fend off attacks at its (this) position and to protect internal nodes behind it.

Within the implementation in the encryption suite Spot-On, a friend in the Messenger's list of friends is defined as a proxy by the sender of the message. A user or sender can thus send the message to the recipient via another friend.

The function is also available in the messenger Goldbug, which offers a simpler graphic user interface of the Spot-On program. With the name Goldbug, the messenger is a reminiscence to the writer Edgar Alan Poe, who tells the short story of the same name about a so-called cryptogram - an encrypted riddle - in which three friends are included (PC World Magazin / Joos 2014, Kahle 2020, Poe 1843).

Since only encrypted packages are sent in the messenger network, it is not clear for the proxy network node what content it forwards or sends again.

The associated aspects and facts such as the peculiarity of the (multi-)encryption used and the Echo protocol related to the network should be explained further below, also the question should be investigated to what extent Human Proxies redefine the end-to-end encryption or lift it to a new level.

Because: With Human Proxies, the end point of an end-to-end encryption is placed on another end or starting point - without decoding or breaking the encryption. An „Inner Envelope” with the same (encrypted) message (within a message of the original sender) enables to send out the message (still in the encrypted cipher-text) from another node defined by the original sender:

A friend from the sender's messenger-friends-list takes over the shipping instead of the original sender.

This not only offers the opportunity for a discussion of technical, social, and legal-philosophical questions, but the construct of the „Inner Envelope“ also creates new cryptographic challenges and offers new perspectives in encryption, its analysis and decryption.

In particular, the end-to-end encryption experiences a Copernican turn: the end-point of a graph in the network is no longer the end-point we are talking about. The sender can be any end-or starting-point in the network with Human Proxies.

Its network of relationships (e.g., to a friend acting as a Human Proxy) can remain unknown in an external view of the network because the key-exchange is in the past and this friend in the network does not have to appear until this node is finally addressed.

We will address that in a later section.

Let us first look at the basis of the encrypted network: the Echo and what role individual routes in the network can take, considering a view in the theory of the graphs.

2 - Graph-Theory and Echo-Protocol

Individual users, respective node-instances or servers within the Spot-On program, are connected via the Echo protocol established within the network.

Echo means simplified that a user forwards an encrypted packet to all users or nodes connected. Just as you call into the forest (aka node), the Echo resounds back (to all).

Each instance tries to decipher and unpack any passing packet with all the keys present locally in the node. This is successful if a legible original text (also called plain-text) arises from the cipher-text of the sent respective incoming package: Then the key was suitable and the attempt to decrypt was successful.

This is the case if the decrypted text is identified as the original plaint-text via a hash value. The hash is a unique, short string that is derived from an overall text but is not reversible, i.e., cannot be reverted back into the overall text. (The hash value is included in the program Spot-On within the encrypted packet and since the hash function is not reversible, this does not harm the encryption).

This means that the Echo in the network can always be seen in relation to an analyzable graph design.

A graph is an abstract structure in the graph theory that represents a lot of objects together with the connections existing between these objects: colloquially, a route simplifies as a route-plan via various stations (Berge 1958, Jungnickel 1994, Bollobás 2002, Diestel 2010).

If all nodes forward a packet to all connected nodes, a packet respective a message always takes a very individual network route that can be represented as a graph in the network until it reaches the recipient. And ultimately, a message will pass many network nodes.

In each node, a specific function called „Congestion Control“ ensures that double (redundant) packets - i.e., messages that have already come to the node and with which attempts were made with all known keys to unpack and decipher a message - are not once again subjected to a decryption attempt.

Based on the determination of a hash value for the packet, the node knows whether this packet with exactly this hash-value has already been analyzed. If this is the case, an examination is not carried out again with all keys.

With this function called Congestion Control, the procession load is reduced and the workload for the testing attempts is minimized in every node.

The Echo protocol is documented in detail in the technical documentation (Spot-On 2013) and in manuals for the Spot-On program (Edwards & Project 2019).

Described metaphorically, the program Spot-On therefore handles a stack with envelopes that represent encrypted news packets.

Because of the encryption and due to the fact that the packets with the enclosed hash-value of the original message are subjected locally to a decryption attempt, an external monitoring does not know whether the readable message was determined for this node.

By flooding the network and running through many nodes, an analysis of metadata is also difficult.

Because even readable messages can be packed again and in turn forwarded to all connected nodes.

The forwarding is comparable to the extraction of a water sample in a mail-bottle from the river, which - as it was - is added back into the river respective the network. It can hardly be monitored whether someone can draw conclusions from the analysis of the water sample and can decipher a message. Metadata does not occur; decryption or analyzing attempts remain unattended locally. The amount of water in the bottle-mail turns to the next resident on the river, who extracts this water sample in the bottle, analyzes it, and again returns it again to the river.

3 - The introduction of proxies in the friend list of a messenger

The messenger respective the encryption program Spot-On is pioneer in multi-encryption and quantum computing safe encryption with the McEliece algorithm and has created and documented essential innovations in cryptography: Like the encrypted messaging via email server (POPTASTIC with EPKS (Echo Public Key Sharing, or later in other implementations, also called Autocrypt (Adams 2016, Lindner 2016)). Here two friends automatically exchange the public key of an asymmetrical encryption and secure the channel).

Or also the Cryptographic Calling, which equipes a channel for encryption with new keys (also symmetrical) up to the use of short-term (ephemerals) keys such as the Secret Stream keys (Spot-On 2011, Gasakis/Schmidt 2018, Tenzer 2022).

Now the file and communication encryption application Spot-On has provided its friends list with a check box in front of a friend on the friends list. With just one click, a friend - if he is online - can be used as a proxy for outgoing chat messages and data.

Of course, there are already different proxy programs for the web and some may also have a authorization concept. Users need access data in order to be able to use these regular proxies with their own IP-address, in order to then continue to act with the IP-address of the proxy.

A regular proxy may also have different monitoring functions. For example, a proxy for websites records which URLs have been addressed. Or a local copy of a website will already be hold in its cache and will be sent instead of the current original page.

The operator of an open regular proxy has almost full control over all connections, can record data and even falsify any web content without the user noticing anything about it.

Regular proxies that build on a friend-to-friend-network are hardly established. Here, too, processes would be based on trust in the friend and the connections would probably not be encrypted.

Human Proxies in the Echo network, on the other hand, only know encrypted packets. They do not host them either, but just forward them like any internet node, as they are - with or without a successful attempt for decryption.

And: The Human Proxy nodes do not require the content of the encrypted packet or letter. At least they cannot read the letters that they pass on because they are encrypted. A concept of trust is not required.

Human Proxies are proxies based on a friend-to-friend-network. They process encrypted data so that the friend or proxy cannot read any messages. However, there is still an end-to-end encryption between the hidden (original) sender and recipient of a message.

And finally, the message reaches the proxy through a graph design of the path in the network, which is based on the complexity of the Echo protocol and its encryption.

This architecture respective specification of the function of the Human Proxies is therefore new, respective innovative, and so far, only researched in the beginning.

Let's look at examples that are shown with a corresponding graph.

4 - Basic examples of a constellation of a Human Proxy

Suppose A, B, and C are three participants. Also suppose that A is paired with B and C. Now suppose that B is optional a so-called Human Proxy. Optional because B may optionally place itself with the responsibility of being a proxy. Now let’s imagine that A wishes to transfer a message to C through B.

See Figure 1.

The Human Proxy process describes as followed.

1. A specifies B as a messaging proxy.

2. A writes a message to one or more participants, perhaps even B.

3. For a recipient R, the transmitted message is B(R(M)). R(M) contains some important information. B(…) is a traditional message.

Figure 1: Graph-model including a Human Proxy

Source: own graphic

4. Once B receives B(R(M)), it extracts R(M) through the traditional Spot-On mechanisms and detects that R(M) is present. How? R(M) contains a special keyed digest which B detects.

5. Because R(M) is destined for someone else, B completes its interpretation of R(M) and transfers a trimmed version of R(M), say R’(M), to its neighbors.

6. R’(M) is now a traditional message within an Echo network. That means every knot is sending the message to all connected knots.