 All right, so good morning everyone. Thanks for being here today. We're going to be talking about a chaotic encryption key system It's not it's not encryption algorithm. It's more like a ratcheting thing. It's a it's a research project So just be open-minded. We're still looking for ideas. We still got a lot of challenges to solve So yeah, so we'll talk about that So I'm John Francois Kruzie from the Quebec I'm working for my own small company, which is our cost research. We're doing consulting and we are Investing in research as well and I'm Francois Gagnon. I'm a teacher at Cégep Sainte-Foyre We're also do research in the cyber security research lab So this presentation will be divided into five big parts At first we'll do just a small overview of what complexity sciences are and what they are studying What is a chaotic system and then we will talk about the the concept that we are presenting today After that, we'll do a small demo discuss about the future work. They still need to be done and the challenges that we have and we'll have time for questions as well so a brief history of that complexity sciences is in 1892 they were trying to find a way to Improve navigations with with the boats without necessarily using like stars and all those things So they were working on the three-body problem to try to define like the position of the people on Earth or on seas by using the position of the Sun Earth and the Moon and Henri Poincaré just discovered that there is no general mathematical solution to the three-body problem just only approximations that will necessarily offset over time and will be you know, not very accurate on the long term Then it took almost 70 years later for Edward Lawrence in 63 to To explicitly demonstrate that you could have a completely erratic chaotic result with only three variables, which is a quite small Then the almost ten years later It was able to explain Why it was happening. It was because very small changes in the initial conditions will yield to drastically different results So that that's a butterfly effect. So again, it was just rediscovering or explaining why you could only approximate and the approximation is not Accurate in the long term because you have what we call a strange attractor, which is a kind of a point over which The result will us see it, but the usiation will Hit at some point a tipping point and just us see it over another attractor, but it will still be Not accurate and highly unpredictable Then it's very five following those researches Lee and York were the first to use the term chaos to To describe those behaviors of some systems then in the at the beginning of the 80s There was a bunch of people amongst them Brian Arter It was an economist with a very strong map background and he was studying all those all those economic all theories which are Well, I don't want to I don't know if there's a economist in here, but sometimes Economists are way off the map with their theories like the invisible hand and things like that. So it discovered that You you could have increasing returns which is feedback loops that you could cause lock ins in the system and He also explained why the butterfly effect was happening and why over time a chaotic system is absolutely inaccurate It's it's caused to it's because of the pad dependency or sequence dependency. So without knowing the eggs the exact sequence you cannot predict the future and you cannot Backtrack as well because the sequence is not existing anymore Once you get there. So you've met with the several people like Murray Gellman physicist a Nobel Prize and at the mid 80s. They created the Santa Fe Institute Which is an Institute studying complexity sciences So that was the beginning of the science So what exactly is complexity sciences? That's that's a question mainly very Simple explanation could be that the complexity sciences is studying low-dimensional chaotic systems and I dimensional chaotic systems So sorry for that. It's a very theoretical part but Just don't know just try to stay awake It's I know it's gonna be boring. So a low-dimensional chaotic system is a set of intricate variables or agents in relation It's erratic and seemingly random seemingly because it's a nonlinear, but it's still deterministic But you cannot always express them using mathematical equations because even mats have some limitations When studying some phenomenons I dimensional chaotic system It's still a set of intricate variables or agents It's erratic, but it also possess real random properties It's nonlinear and non deterministic and They cannot be represented at all because of the non deterministic factor by mathematical equations Which makes sense and all that because agents in the system can adapt learn Change or act You know way that is totally random So can those two types of system interact together if it's closed systems or autonomous? No, if it's open to other system. Yes, they can what what's happening if you have two different Systems interacting together with different dimensionality Let's say you have system a this which is a low-dimensional system and you have the system B Which is I dimensional system the myth of system AB if they are interacting together because of the mutual impact will become In in turn I dimensional that's a that's an interesting point that we'll discuss later So examples of chaotic systems meteorological systems biological systems like François or Anybody of you or when you talk together your Your I dimensional chaotic system itself Gravitational system like solar systems galaxies universe Social networks stock market and colonies Some types of nuclear reactions as well What are the characteristics of those system you have agents and variables and relations you have temporal factors because it's still Temporal dependent it's an evolution you have tipping points you have Opacity Because you can't always know exactly what's happening in the system in the relations in the agents And because of those characteristics it generates a combinatorial explosion that could be Like for I dimensional chaotic systems absolutely infinite So because of those characteristics chaotic systems are highly unpredictable or not predictable at all For a rest for a second part of the presentation Francois will explain you exactly what a concept is about and how it works Okay, so what I'll try to do is I'll try to explain to you how we can leverage the chaotic systems into For for to use for encryption or especially specifically for a key management So just to set the expectation let's let's talk about what what is it what it's not so it's definitely a research project So whenever you feel something is wrong about it. It's because it's the research project. So That's it. So whenever you all the question at the end the answer will be well, it's a research project It's in very very early stage. So we don't have answers to all the question But please do ask them anyway. Maybe we we haven't asked some question ourselves It is a key management paradigm it's not an encryption algorithm like AES or something like that and We do have an implementation an implementation It is implementation. So it's not a good implementation yet So how it works? What we're going to use is we're going to use two chaotic systems to copy of the same chaotic systems One on each client that want to talk together and they will be will put them in a setup that they are co-evolving so they are synchronized and Those chaotic system will generate keys that will be will change the keys for every message So what we have a few priorities that we have is that they will look random and well look is a An important word here, we don't know yet our random they are we haven't studied that the theory says that it will be pretty random, but It's not clear yet. What it what it is They will have to stay synchronized all the way. So that's going to be a problem. We'll talk about it Our key will be used only once then we throw them away we we evolve the system and generate a new a new key and They won't be exchanged over the network. So the the systems are evolving and the keys are generated locally They don't have to transit on the network So let's say we have a chaotic system Which is build of 48 agents each agents as Many properties one of them we call the level which is 8 bits and what we'll do is we'll take the level of each agent at a specific moment and From that will be where it will derive key material. So for 48 agents. We will get two and 384 bits so when with that we can use a part for a key and a part for an IV and So what's important in all this is that the key part or the key material is just a very very small portion of the old system So the agent has a level but it has many other properties and those properties are very important for the evolution of the system But we don't use them for a key material I Just to give you a quick overview of what an agent looked like or what a system looked like So we could have for example a system with 48 agents each as a as I said 8 bit 8 bits level Each agent has a bunch of rule sets So 256 rule set the rules so think about it about the graph the nodes are the agents and the rule set are the Connections between the nodes and each agent impact other agents including possibly itself and the graph Will be evolving so the graph will be ever changing at some point We'll have a complete graph at some point. We'll have a disconnected graph so the the chaotic behavior will come and modify The underlying graphs so when we pick for the queue we pick only the the level so the The number in the notes, but then they're the old structure behind that is a Not related to the key part or not directly related to the key part and there's a notion of delays that a Connection at one point will have an impact in some future in the system So the impact is not always right away It's quite hard to get an idea of what is the space of all this or what is the commutatorial explosion about this We're we're looking on it. It's not it's not easy when I have a clear answer What we do know and I'll talk about a little bit about that later is that? Even that know the commutatorial explosions is really huge. There's going to be a bunch of equivalent states That are not exactly the same as a number, but they might behave exactly the same and will I'll just maybe come back quickly later so Again with the keys place So I'm just going to focus on the one agent in my system just to show you a property is quite in we believe is quite interesting So we've got agent a1. Of course, there's other bircher another bunch of agents in the system So a1 start it at level 5 and it has another Other values for the other parameters So P represent all the other parameters I'm not going to give values for those parameters in the example So when the system evolve the agent a1 would will change its level from 5 to let's say 12 and This change will will be impacted by other agents as well. So the red arrows shows Potential impact for other agents. So then a1 will continue to evolve 29 28 blah blah blah tree and at some point Obviously, it will come back to level of 5 But what's interesting here is that the next step will not be 12 or will not always be 12 because there's there are other factor that will impact the evolution and The parameters are probably not going to be the same So even though the the key generated by a1 or the key part that is generated by a1 is the same The next evolution will not be the same. So we can oh sorry. Yeah, go ahead So earlier when I was talking about sequence dependency if you don't know where the system Is from you can't know where it's going. So that's exactly that because of the delays and stocks in the system, right? So we can imagine that at some point Generating a lot a lot a lot a lot a lot lots of keys will get exactly the same key add that we've previously seen But the next one of that key will not be the next one of the same key in the previous states So the loop will be much longer eventually. We're going to loop But it's going to be much much much longer So then again, we generate new keys and then at some other point will fall in a on a state that has been previously Visited and then we'll go in another direction because of the other parameters. All right. So that was for key materials So all the system works And it's it's quite similar in to what Trevor Talked previously. So if Alice and Bob want to want they want to talk together They will each have a pair of system that are matched together. So for instance The output of Alice will be a system. So a system ID a one two three four five six And that's going to be the input system of Bob and then the output system of Bob One a to b 3c will be the input system of Alice. So they have to have matching systems a pair of matching systems So if we take a message from Alice sending to Bob, so they both have the same system Alice will generate a key from the system. So give me a key Will encrypt the message she wants to send with Whatever in great encryption algorithm. She wants to use so they have to agree with that She's going to send the cipher to Bob Bob's going to derive a key from the co-evolving system So he's going to get the same key then they will It will decrypt the message using the same algorithm and then Important part. They will both evolve the system to get in a new state where they can generate the next So the evolution will be Quite important and they have to Stay synchronized if one evolve and the other doesn't then we're kind of we have a problem because now they cannot decryp The message of each other so I'm going to talk a little bit about how we keep system synchronized or how we fail to in Possibly in that case and what needs to be addressed So for first, let's start with the sender So right now the sender will evolve his system So he's sending a message over TCP and as soon as he received the acknowledge from this TCP he evolved its system Okay, so it's Well, it's not it's not really secure so we could Dysynchronize those system simply by having an attacker that's doing something like a man in the middle preventing The message to get to Bob so Bob will not evolve the system and just faking An acknowledge and then Alice will evolve her system of course the the agent that Yeah, that girl has to have full control over the network to do that or a good control over the network But what's interesting here that wouldn't happen. Let's say for Another attack using we can do that as well with SSL or something is She has to do it only once So she prevents one message to reach Bob She sends a fake acknowledge and then she disappeared from from the network She doesn't have to men in the middle anymore. The system are Unsynchronized and then the attacker doesn't need to be there anymore So if obviously we'll have to work on that to have a safer acknowledge that's not been done yet from the other way around So when the receiver will evolve his system So if we only encrypt The message Send the message Then there's nothing telling Bob that what he received in the crypts is not just garbage How can he differentiate between garbage with an attacker just send garbage to Bob Bob the crib and say alright You send me that message. I'm gonna evolve. So we need to have a stronger I'm gonna skip skip through those and we need to have a stronger way to authenticate the message what is interesting so Where we'll go is the last one What is interesting is that we don't have a shortage of key we can generate key material We've got lots lots of Key material so we can use one key to encrypt the message and another key to authenticate the message with something like HMAC or That requires a key and and the two-party the two entities will have those key Generated from the chaotic system. So instead of using Generating a tree under the 84 bits of key We need a longer key one part for encryption one part one part for authentication So what happens if if the and the attacker gets an encrypted message then he has to brute force in this case to key one for Encryption one for authentication. So that's nothing you dare So what happens if he gets an encrypted message and the two keys? Or the keys used for that message So obviously can get the plain text easily But since the keys are used only once Then after decrypting that message There's nothing he can do anymore and the keys are not related. So having the key or In in cardiac system it translated to having the level of all the agent as a specific point doesn't help you predict What's going to be the next step because you need as Jean-François told before you need the history to predict the next key So you don't know what's going to happen next Now what if he gets an encrypted message plus the initial state? So now there's going to be a problem we're going to solve that problem so if he has an encrypted message so An attacker will have the encrypted message if he has also the initial system state then he can catch up He can simulate his own system and catch up. So he takes the initial state generate the first key Decipher the message Get something that could be the plain text then get the second key To authenticate the message and say ah authentication doesn't work So let's evolve our system do the same thing They don't match. He's going to do that a bunch of time about a few times and then at some point He's going to get he's going to catch up with the state of The system for the two parties and he's going to be able to decrypt the message and Then he's in sync when the system with the systems So how we saw this particular problem? Is that we're using the message content with impact the system evolution So an attacker we need to we need to guess or to have access to all the messages and exchange so far To be able to catch up so it's still possible if you have the initial system and the full set of message exchange To do a catch up, but you cannot do it with only one message So the idea here is that the evolution will take the the exchange message as a parameter and From a specific state if you evolve with a given message you end up in one in States why and if you evolve with another message you end up in a completely different state That's also interesting is here the evolution because it might end up breaking the Equivalency of the state so you might have two equivalent systems, but since they are poked with something external Then they are not equivalent anymore. So we're gonna see if we can Have a better complex or better combinatorial explosion with An idea we're towing with so it's really important that it's an idea is using something that's related to the one-time pad So if we have a we're in a specific state we have we want to encrypt a message Of whatever night 900 bits So we're creating a clone of our system And then we're gonna generate key material as much key material as we need from that system So in that case, we're gonna need three states. These states are evolving without Any input from the the outside so the evolution years is with the empty message and We generate enough key material we encrypt our initial message Then the evolution of the original system will be done with the message and parameter So that's gonna end up with a completely new state That's not related with state x x plus one or x plus two And then we can delete all the clone we've got and keep going about just when the main system This is The same idea here of having a clone and evolving the clone will be applied To get one key to get two key or to get three key. So if we need one key for encryption one key for authentication Then we'll use we're using the same idea of cloning the system generate the keys on that clone and then Evolving the main So we'll go back to Jean-François So we had a great debate this morning Whether we're what we do is my computer or his computer. So I apologize. It's a Windows computer because that's that's his computer So Yeah, so just a little Precision is that when we say that the message is impacting the evolution We're talking about the plaintext message. So to guess the evolution of the system you would first need to decrypt the messages but to decrypt the messages you need to Guess the evolution. So it's kind of the chicken or the egg problem here. So Let's say we generate like a two hundred and sixty fifty six It's key it takes a few seconds because it's like thousands of thousands of parameters that we need to initialize So it's like three seconds But after that if we say that we want to generate like hundred thousand keys It's gonna be a kind of fast Did I put an extra zero or? well, oh Yeah, I think I just rolled a million so it it should take about like 290 seconds so less than point three milliseconds per key generation and evolution and all the rest So based on that you can We we created a very simple test chat application So we first need need to open a system definition which will just you know with matching systems Then we Put the listener Then what we can do is that like send a message It's gonna be encrypted decrypted and if we send the message a couple of times like one The second time third time or even the fourth time What we can see is that because the keys are changing and the message is impacting Devolution of the system and a bunch of other parameters The IV will be different the authentication of the message will be encrypted using a different key and the message itself will be encrypted using a different key so Yeah, so it makes thing a little bit harder to To the crib even with the same message So we still have lots of future work to do We need to prevent malicious Disynchronization because right now it's only like on the TCP act that we are training triggering the evolution If you if you guys have any ideas We have discussed like few ideas like we could use a kind of a one-way DH calculation just to send An acknowledge that could be understood only by someone having the previous information or the initial message But we still need to to discuss about it and see what we can do and also we would like to work on the How could we resynchronize the system? We didn't work on the initial synchronization so far but another idea could be like to use the fielman to Generate the seed that will be that would be used to generate the system at first But or we could just not synchronized over the internet like if you have a dongle VPN dongle or something like that or a machine machine interface that you can just install yourself but it's still like along with there because we need to We still need to do a lot of work like to just make it work properly so we will still need contributors help and ideas are very welcome in this project and Yeah, we have a small challenge just to demonstrate or trying to to see if Someone can predict the the key sequence from having the keys only so In the summer what we're going to do is we have a small project that is funded by in part partly by NS ERC the research Council of Canada and We'll re-engineer the proof of concept because that's my own Implementation it's a proof of concept like patch over patch over patch over patches make it work So we're going to be building a new architecture with a better approach from what we've learned in the past So