msc placeholder: complex coding specialist

[synctext]

Survey plus thesis placeholder. Still exploring directions for research. starting survey today :joy_cat: Due to permanent job msc time is limited to 4 hours/workday. (part-time not allowed US culture)

Committed of doing Survey in this Q4 quarter. For Sep 2023 still 2 master courses left.

Various background reading: Topic	Title of paper and URL
'decentral AI' in 2005	P2P-based PVR Recommendation using Friends, Taste Buddies and Superpeers
decentralisation history	The fifteen year struggle of decentralizing privacy-enhancing technology
collaborative money	Unstoppable DAOs for Web3 Disruption
collaborative money	"Generic DAO primitives for Full Academic Decentralization and Scalability"
strong identity	A Truly Self-Sovereign Identity System
strong identity	TrustVault: A privacy-first data wallet for the European Blockchain Services Infrastructure
strong identity	Zero-Trust Architecture for Legal Entities
strong identity	Distributed Attestation Revocation in Self-Sovereign Identity

More on passport-level digital identity. Warning given :smile_cat: "this is complex stuff". identity is the foundation of trust in the old analog world. Please make a reading list about SSI, EBSI, EBP and eIDAS2

• https://en.wikipedia.org/wiki/Self-sovereign_identity
• The Future of Integrated Digital Governance in the EU: EBSI and GLASS
• https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/identity/eidas-regulations
• https://gouvernement.lu/en/dossiers.gouv_digitalisation%2Ben%2Bdossiers%2B2022%2Bebsilux.html
• https://dl.gi.de/bitstream/handle/20.500.12116/38705/proceedings-05.pdf?sequence=1&isAllowed=y
• worldcoin
• [Rowdy strong identity revocation thesis]()

please note the survey @ Tribler lab methodology: https://github.com/Tribler/tribler/wiki/MasterThesis#10-ects-literature-survey-at-tribler-lab (e.g. try out all known open source wallets for suvey and grade them with stong/weak analysis in a table with screenshots { https://walt.id/ebsi ; https://github.com/walt-id })

update: government approved an EBSI intership

[synctext]

btw please register today at: https://mare.ewi.tudelft.nl/ "decentralised learning" as the draft thesis project title. Me as advisor please. (just a tentative commitment, gives me teaching credits)

Status: Survey started, looked at the code of wallet and read provided papers.

• Underlying scientific unsolved problem: Public Key infrastructure. Digital identity: Identity-Based Cryptography in Public Key Management.
• literature survey example from prior students
  • Survey on social reputation mechanisms: Someone told me I can trust you
  • Survey of stable coins {52 citations}
  • The Universal Trust Machine: A survey on the Web3 path towards enabling long term digital cooperation through decentralised trust
• Taxonomy in a single glance. Systematic overview of past years of innovation. Key milestones identified. Scientific grounding, 1 or more scientific article per entry/line/milestone. Table with overview and literature, see brilliant With Honours example:
• ToDo for next meeting: understand the "main literature table" in above examples

[tudatt]

Read the following (10) papers and started on a draft survey paper:

PB-PKI: a privacy-aware blockchain-based PKI - ORA - Oxford University Research Archive

An overview of PKI trust models

A blockchain-based PKI management framework

Ten risks of PKI: What you're not being told about public key infrastructure

J-PAKE: authenticated key exchange without PKI

The importance of PKI today

Implementing SSL/TLS using cryptography and PKI

Efficient Certificateless One-Pass Key Agreement Protocols

Design, analysis, and implementation of ARPKI: an attack-resilient public-key infrastructure

The plan is to survey several PKI designs, some alternatives to classic PK I such as the blockchain-based one, and then some alternatives which claim they'd make PKI redundant (such as the PAKE protocol). I'm planning to compare them in a table as above on several factors (such as security guarantees, ease of setting up in practice etc). I hope to be able to even implement one of these for the purpose of the survey.

[tudatt]

Essay.pdf

I have started writing a draft literature survey paper and I'm looking for validation of the overall direction and storyline.

[synctext]

• nice progress
• panoramic view of the academic, technological, and practical landscape surrounding public key cryptography and its integration into digital infrastructure Solid idea :rocket:
• What problem does it solve??? full chapter Be clear: {copied Schneier} "allow people who have no preexisting security arrangement to exchange messages securely", authenticate a message, and to provide an irrefutable digital signature to any contract, legal agreement or message in general.
• Blaise de Vigen`ere created a more complex polyalphabetic cipher Please remove all analogue technology. Focus on digital era only, feel free to replace with citation to historical books.
• RSA is not the original :astonished: :-)
  • 1970 UK secret https://cryptocellar.org/cesg/possnse.pdf
  • overview: https://www.schneier.com/essays/archives/1998/04/the_secret_story_of.html
• Please focus on upcoming sprint on finding out why normal people do not have a public key and not everybody uses this yet?
• 1999: Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.
• 2015: Maybe poor johnny really cannot encrypt: The case for a complexity theory for usable security
• 2015: There's Hope for Johnny: Automatic vs. Manual Encryption.
• Modern twist: DPKI: A Blockchain-Based Decentralized Public Key Infrastructure System

update eIDAS 2.0 EU PKI for its 448 million citizens and pushback, Article 45 protest

[tudatt]

Survey_on_PKC_ATitu.pdf

Progress after 3 weeks of reading/researching. And 1 week of writing

[synctext]

• The gold standard for securing our digital content – the password – is being phased out in favor of more secure "passwordless" authentication forms., https://www.statista.com/topics/10883/passkeys/
• Storyline: passkeys are past the point of no return. This is going/attempting to reach mass adoption.
• Only took 53 years since initial invention by J. H. Ellis, January 1970. SECRET ORIGINAL report from 1970.
• Provocative title: Public Keys: 53 years of evolution survey
• :fearful: :astonished: :fearful: Big Tech tech is going to own your Private Key Vault
• Taxonomy table tips: start at secret invention of Public Keys, RSA, first password, hashing function, Why Johnny Can't Encrypt, DPKI, FIDO begins forming 2009; basically mix PKI {failure} milestones with password{-less} evolution ??
  • Column idea: single point of failure :x: :heavy_check_mark: self-sovereign :x: :heavy_check_mark:
• European Commission competitor to passkey. However, this is vastly more ambitious. Not merely password replacement. EU digital ID is the cyber security foundation for the integrity of the entire digital European economy :monocle_face:
• Switch to 2-column IEEE format
• Enterprise usage and corporate security as a key driver for adoption
• Add history of passwords: https://news.mit.edu/2019/mit-professor-emeritus-fernando-corby-corbato-computing-pioneer-dies-0715
• Add passkeys, modern development pioneered by Apple. https://technically.substack.com/p/what-are-passkeys
• blog post on password-focused history
• vendor lock-in? (battle of Google,Apple,Microsoft)
• Google Passkey not working properly? Bug Or Mistake on my side?

Try	fail

Talk about the passkey storage war? Who controls the users password?

[tudatt]

Update December 12th

Progress: 90% done Survey_on_PKC_ATitu (1).pdf

Still needs to happen:

• spell checking
• proper formatting
• write evaluation and conclusion sections
• add references (basically all papers linked in this issue, and then some)

[synctext]

Think of more advanced taxonomy table please Table 1: Solution evaluation table. Ready for grading next meeting ??? :monocle_face:

Lacks an analysis: why are we failing for 53 years? Brainstorm

1. Diverse user needs. No single universal solution. No solution portfolio for various usage patterns.
2. Lack of usability. Too technical tools. Inherent complexity and nobody invested in a solution.
3. Certificate authority approach works for webservers and TLS. However, evolutionary dead end for consumers. Too complex architecture, too demanding for key management, too difficult to use for normal people (requires at least a bsc in computer science).

Please investigate if you agree with my analysis:

• ownership. Owning the digital identity of your users yields profit. User lock-in in your ecosystem, it all starts with identity. Passwords mean you own your identity versus cloud-based identity
• ownership of the infrastructure. Your 2.5 Required Infrastructure does not mention any profit motive. Big Tech seeks out durable monopolies to extract profit? See courtcase outcome today of Google versus Epic games :monocle_face:
• PKI lacks profit. No business incentive for creating this infrastructure. Unacceptable uncertain return-on-investment. See the keybase story, it failed. Possibly a loss-making public infrastructure paid by government (as EBSI in EU). Keybase alternatives.
• Check that you are you! Authentication is merely 1 of 4 security requirements. Would promote that to cardinal goal of PKI, others are secondary requirements. Possibly delete all section 1 and 2 text. Replace with storyline that has authentication at the core.
• {repeating} What problem does it solve??? full chapter

{discussed thesis options, beside 100% contract; 1 course left}

[tudatt]

9th January: Survey_on_PKC_ATitu (1)-1.pdf

[synctext]

From 12Dec - 9Jan not much progress was made. Only few lines added. Hopefully you can make more progress next sprint. (brainstorm) Making storyline more complex and wrap-up. Authenticate to your friends, e-commerce website, government, or the company you work for.

• mature storyline
• add latest development like Touch ID

[tudatt]

54 years of evolution survey.pdf

Final version of literature survey - ready for grading.

[synctext]

• Contains all this information, nice overview of 54 years.
• The writing itself and the organisation could be much polished.
• No figures and no architectural pictures
• Clear example is the passkeys
  • incorrect organisation, section with single subsection. 3.5.1 Passwordless and FIDO Alliance
  • hidden that passkeys represent a significant advancement for usability
  • hidden that you think this standard will be dominant
  • hidden if this solve PKI after 54 years
  • hidden that it requires the fingerprint of the users. All the user needs to do is to provide their fingerprint (or any form of biometric authentication the device supports) or device password, when prompted for it.