Crypt21 - Crypto for the 21st Century

This ain't your daddy's crypto!

Our project is providing a set of libraries and utilities to implement a variety of advanced cryptographic functions which are quite different in character from most of those found on the net.

These aren't simple encrypt/sign/decrypt/verify utilities. Nor do they provide an ever-growing laundry list of interchangeable encryption and hash functions.

Rather, we are taking cutting-edge cryptographic protocols and systems from current academic research and making them available now, for people to begin using and experimenting with. Among the utilities available or planned:

• Ring signatures - These allow you to sign a file from a group of keys, such that any one of the key holders may have issued the signature, but there is no way to tell which one did it. The other people in the group don't have to cooperate or even be aware that their keys are being used in this way. If you want a moderate degree of anonymity, ring signatures allow you to hide in a crowd of your own selection. A simple ring signature program was released anonymously last year but we have taken it and extended it to support more key types and incorporate the latest published improvements from the research community.
• Timelines - A cryptographically verifiable timeline hides a secret value in such a way that it can be provably recovered with a specified amount of work (which can be a matter of days, months, or years!). The recovery algorithm is inherently sequential and can't be effectively accelerated using mesh or large-scale distributed computing efforts. This can be used for example to reveal a secret key at some point in the future. It can also be used as a basis for secure signature exchange, for auction bidding, and for software escrow.
• Limited message decryption - Suppose you received a PGP message and are now being compelled by the courts to decrypt it. But handing over your PGP secret key and passphrase will give the cops more power than they require. We provide a simple program which will decrypt a specified set of PGP messages in a verifiable way, without giving up your PGP key. The courts can confirm that the file you provided is a true and accurate decryption of the original message, just from your public key. This could be a life-saver in some contexts!
• Signature exchanges - You're prepared to sign a contract, and so is your counterpart. But you don't want to hand over your signature until you see his, and vice versa. Impasse? Not any more. With our verifiable signature exchange software you each first prove that you have a signature on the document in question, then exchange the data gradually, bit-by-bit. Neither of you can gain a significant advantage over the other by cheating. And the signatures use perfectly legal OpenPGP formats!
• Credentials - Using multiple identities on the web is great - but each one has to stand alone, for privacy. What if you could transfer the credit and approval you've earned from one nym onto another? That's what our credential tools allow. You can create a new nym and prove that it has a `brother' loaded with signatures offering approval and support. Your new nyms no longer have to start their lives from scratch! And you can similarly transfer credentials from one nym to another, making the use of multiple identities far more useful and practical than before, and enhancing the value of this privacy-preserving technology.
• Games - Poker, blackjack, craps - all these can be played online, securely, fairly, and with no cheating possible. But you've never seen them. Why not? They've been in the literature for 20 years! We're providing the crypto and communications layers for online P2P gaming with guarantees that the cards and dice are falling fairly. No pretty GUIs, but hopefully others can get involved and put a nice face on the underlying functionality.
• OpenPGP libraries - All these functions are going to be based as much as possible on your existing OpenPGP keys. We are providing a set of utility libraries to read, parse, manipulate and create OpenPGP data structures, keys and messages.
• Dining Cryptographer nets - DC nets are the gold standard for privacy and anonymity. But no one's ever implemented them because they were thought to be too slow and inefficient. For low volume applications like chat or email, though, DC nets can work well with dozens or even hundreds of subscribers. We are developing a P2P style DC net chat program as a proof of concept. A Python version was released two years ago but we are updating it to C/C++ which will improve performance and make it more widely useful.

All our projects are written in C and use OpenSSL as the crypto library. They are being developed in Linux but should be portable to Windows or Mac easily enough. They are command-line based in order to demonstrate the crypto functionality. We encourage enthusiasts to wrap GUIs around these programs and make them even more accessible and fun for average users.

We have more project ideas in mind, plus the research community is constantly coming up with new protocols and technologies, most of which never make it out of the academic journals. We are dedicated to bringing this technology to life and giving it a real-world tryout. Stay tuned for more good stuff!