Cryptography & Sovereignty

0. Cryptography as Civilizational Physics

Cryptography defines who can do what to whom, when, and under which assumptions. Two incompatible uses:

Names (machinery suppliers): Diffie & Hellman, Merkle, Rivest–Shamir–Adleman, Goldwasser–Micali, Yao, Boneh, Schneier, Anderson.

1. Threat Modeling First: Adversaries, Not Algorithms

Primitives are meaningless without a threat model.

1.1 Assets

• Confidentiality: plaintext, keys, internal state, and metadata (who/when/how often/where/volume).
• Integrity: ledgers, logs, contracts, system state, models and parameters.
• Availability: ability to transact, communicate, and compute when desired.
• Identity power: the capacity to act as an identity (sign, spend, vote).

1.2 Adversaries

• Commodity attackers and malware reuse.
• Organized crime / corporate espionage.
• Nation-states: passive global capture, active manipulation, legal coercion (“lawful intercept”).
• AI-augmented control stacks optimizing behavior shaping (metadata + inference).
• Insiders: admins, validators, HSM operators, devs.

1.3 Capabilities

1.4 Layers of failure

1. Math: break assumptions (factoring, discrete log, lattices).
2. Protocol: secure parts assembled into insecure flows.
3. Implementation: bugs, timing/cache/power/EM side channels.
4. Ops / UX: key loss, phishing, misconfig, insecure defaults.
5. Ontological: protocol design encodes centralization and control.

2. Symmetric Cryptography: Shared Secrets, Real Work

2.1 Model

• C = E_K(M), M = D_K(C)
• Bulk data lives here: AES (block), ChaCha20 (stream).

2.2 AEAD: confidentiality and integrity

• Non-negotiable in hostile environments: never deploy raw encryption without authentication.
• Examples: AES-GCM, ChaCha20-Poly1305.

2.3 Randomness, nonces, KDFs

• Key entropy: 128-bit baseline; 256-bit for long horizon / PQ margin.
• Nonce reuse (especially AES-GCM) is catastrophic.
• Passwords need KDFs (scrypt/Argon2) or the key space collapses.

2.4 Side channels

• Timing, cache, power, EM, branch patterns leak.
• Constant-time implementations for key-dependent operations are mandatory.

3. Asymmetric Cryptography: Identity & Authorization at Distance

3.1 Public / private key pairs

• Public key (PK) distributes; private key (SK) is guarded.
• Two use-patterns: public-key encryption; digital signatures.
• Backed by trapdoor one-way functions.

3.2 RSA and ECC

• RSA: hardness from factoring n=p·q (with correct padding).
• ECC: elliptic-curve discrete log; smaller keys for equivalent security.
• Signatures: ECDSA, EdDSA, Schnorr. Key exchange: X25519/X448.

3.3 Curve governance

• Some parameters are opaque; others are verifiably generated (“nothing up my sleeve”).
• For sovereignty: prefer transparent generation, broad scrutiny, and crypto-agility.

4. Key Exchange: Birth of Shared Secret on Hostile Wires

4.1 Diffie–Hellman

Public parameters: p, g. Alice sends A = g^a mod p; Bob sends B = g^b mod p. Both derive K = g^ab mod p.

4.2 Authentication and MITM

• Raw DH defeats passive attackers only.
• Active attacker can MITM and establish separate keys with each endpoint.
• Fix: bind exchange to authentication (sign DH values, PSK, certificates, etc.).

4.3 Forward secrecy

• Ephemeral DH: fresh keys per session (or message).
• Without FS: “harvest now, decrypt later” becomes default.

4.4 Merkle’s computational asymmetry

• Merkle puzzles: early asymmetry ideas; ancestor of later public-key intuitions.
• Modern echoes: hash-based and memory-hard constructions.

5. Hash Functions & Merkle Trees: Commitment, Memory, Time

5.1 Properties of cryptographic hashes

• Preimage, second-preimage, collision resistance.
• Uses: commitments, fingerprints, MAC/KDF/PRF building blocks.
• MD5/SHA-1: collision-broken → migrate (SHA-2/SHA-3/BLAKE2/…); keep agility.

5.2 Random oracle vs reality

• Proofs often assume an ideal random oracle.
• Real hashes approximate the ideal; they are structured algorithms.
• Therefore: algorithm choice cannot be frozen forever.

5.3 Merkle trees and time-chained state

• Root hash commits to an entire dataset; membership proofs are O(log n).
• Blockchains: blocks commit via Merkle roots, chained by previous block hash.
• Hash + Merkle + economic cost = expensive-to-rewrite memory.

6. Digital Signatures & Key Lifecycle: Authority at the Edge

6.1 Signature schemes

• KeyGen → (SK, PK), Sign(SK, M) → σ, Verify(PK, M, σ).
• Schemes: RSA-PSS, ECDSA, Ed25519, Schnorr.

6.2 ECDSA nonces: microscopic detail, catastrophic failure

• Nonce reuse/bias/predictability can leak the private key from signatures.
• Mitigation: deterministic nonces (RFC6979-style) reduce RNG dependence.

6.3 Crypto vs legal “non-repudiation”

• Crypto claim: valid signature implies “someone with SK signed M.”
• Reality: shared keys, server signing, coercion break “intent.”
• Sovereign stance: treat signatures as capability tokens; use multi-sig/threshold/auditing for accountability.

6.4 Key hierarchies and thresholds

• Split roles: spending vs viewing vs governance keys.
• Threshold / multi-sig: M-of-N authorization; distribute compromise impact.
• Lifecycle planning: generation, use isolation, backup, rotation, revocation, inheritance.

7. Zero-Knowledge Proofs: Verifiable Truth, Hidden Reason

7.1 Definition

• Completeness, soundness, zero-knowledge.
• Goldwasser–Micali–Rackoff: “knowledge” becomes an object of proof.

7.2 SNARKs and STARKs

• SNARKs: succinct proofs, fast verify; often need a trusted setup.
• STARKs: transparent (no trusted setup), hash-based; larger proofs.
• Other families: Bulletproofs, Halo, … trade-offs matter.

7.3 Uses

• Private transactions, attribute proofs, verifiable computation.

7.4 Double-edged: privacy vs opaque governance

8. Secure Computation: Joint Functions Without Data Surrender

8.1 Problem

Inputs x₁…xₙ, output y = f(x₁…xₙ): learn y, learn nothing else.

8.2 Yao’s garbled circuits (2PC)

• Express f as a Boolean circuit, garble wires with symmetric keys.
• Use oblivious transfer to deliver only input-consistent keys.
• Evaluation yields output without revealing other inputs.

8.3 Secret-sharing MPC

• Split secrets into shares across parties; operate on shares.
• Security depends on adversary model (semi-honest vs malicious) and collusion thresholds.

8.4 Homomorphic encryption (HE)

• Compute on ciphertexts (partially or fully homomorphic).
• Enables analytics/ML without raw data release (but see leakage).

8.5 Leakage through outputs + metadata

9. Governance: PKI, Standards, Hardware, Toolchains

9.1 PKI and certificate authorities

• Classic web trust: OS/browser roots; X.509; CA mis-issuance enables impersonation.
• Alternatives/augmentations: TOFU (SSH), web-of-trust, CT and key transparency logs.
• Sovereign direction: reduce reliance on single global root sets; make key history visible and contestable.

9.2 Standards and RNGs

• “Approved” ≠ trustworthy against all adversaries.
• RNG is a first-class primitive; treat it as an attack surface.
• Crypto-agility: keep the ability to swap primitives without central permission.

9.3 Hardware, TEEs, and supply chain

• TEEs/HSMs/TPMs can isolate keys but often rely on vendor firmware + attestation services.
• Risks: vendor revocation, remote update coercion, public vulnerabilities, pre-shipment implants.
• Sovereign conclusion: TEEs are replaceable optimization layers, not ultimate roots of trust.

10. Post-Quantum Cryptography: Algorithm Lifetimes

• Shor: breaks RSA/ECC (factoring/discrete log).
• Grover: quadratic speedup vs symmetric/hashes → increase key sizes.

Mitigations

• Symmetric: larger keys/digests (e.g., AES-256; 256-bit hashes).
• Asymmetric: migrate toward PQ schemes (lattice/code/hash-based, etc.).
• Hybrid schemes during migration (classical + PQ).

11. Composability: Secure Primitives ≠ Secure Systems

Components can be provably secure under stated assumptions and still fail when assembled. In real stacks: multiple protocols, nested channels, side effects, side channels, and human interfaces.

12. The Thinkers as Law-Givers

• Diffie & Hellman: key exchange over hostile networks.
• Merkle: authenticated structures → global logs, blockchains, time-anchored commitments.
• RSA: scalable public-key crypto + signatures.
• Goldwasser & Micali: semantic security + zero-knowledge foundations.
• Yao: secrecy generalized from messages to functions (secure computation).
• Boneh: modern applied crypto operationalization; threshold/pairings/real protocols.
• Schneier: security is socio-technical; incentives and systems are usually the weakness.
• Anderson: security engineering as a discipline; real failure modes catalogued.

13. Integrated Stack: From Primers to Sovereign Infrastructure

1. Assumptions & threats: passive/active adversaries, endpoint compromise, legal coercion, AI inference.
2. Primitives: AEAD, strong randomness, careful nonces/KDFs; public-key with transparent parameters; hashes/Merkle; signatures with nonce discipline.
3. Protocols: authenticated ephemeral key exchange + forward secrecy; authorization via signatures + thresholds; ZK with auditable circuits; MPC/HE with explicit output leakage models.
4. Governance & toolchain: auditable/forkable key infrastructure; contestable standards; supply chains verifiable where possible; minimal TCB.
5. Civilizational semantics: keys as property; ledgers as expensive history; protocols that resist centralization and remain forkable under hostile governance.

Resources (linked)

Each item below is linked and referenced inline where it fits best.

Optional media pairings for system-level threat realism: Citizenfour • The Internet’s Own Boy