為什麼要使用西蒂姆(Citium)? 眾所周知,訴諸中央化權威性和新穎性是謬誤的思維。但不幸的是,這種認知不曾妨礙看似值得信賴的中心化管理機構和自詡的專家持續向用戶兜售更新穎的資訊安全技術。可惜這些技術屢屢發生意外,例如:

這些種種意外都讓用戶後悔盲從,不應該再盲目相信業界推廣的各種只是看似專業的安全技術。有見及此,西蒂姆(Citum)作出了三個悲觀但嚴謹的資訊安全設計前設。

# 設計前設 描述
1 無人可信 參與者容易犯錯
2 權力腐敗 權利即系統漏洞
3 天下無密 加密文並不安全

資訊安全入侵者大可以通過種種手段入侵西蒂姆(Citium)的數據,例如通過 1、挑撥策反2、權柄濫用;或 3、破解密文 這些方法。我們甚至再假說入侵者竟然成功地揭發了本來不想被外人得知的私人數據內容!但因為基於西蒂姆的設計前設,即使事已至此,西蒂姆用戶都依然能理直氣壯地否認參與分發這些數據內容,因為西蒂姆的系統設計註定其資訊本質真假難辨;不論規模多麼龐大、做工多麼精細的網絡安全偵查取證,最終都只會徒勞無功。除此之外,西蒂姆的 「可推諉性」資訊安全功能大大降低了競爭對手或司法機關偵查或取證對付西蒂姆用戶的慾望

As we all know, it is fallacious thinking to appeal to centralized authority and novelty. But unfortunately, this knowledge cannot prevent seemingly trustworthy centralized governing bodies and self-proclaimed experts from peddling ever fancier InfoSec technologies to their users. A laundry list of disappointments has been blindsiding these users, such as

In view of these repeated incidents, Citium proposes three (3) pessimistic yet stringent InfoSec design premises.

# Design Premises Description
1 Trust
No One
Participant is fallible.
2 Power
Corrupts
Rights are exploitable.
3 No
Secrecy
Cipher is vulnerable.

In face of an intruder successfully uncovering private data in Citium through 1. inciting defection; 2. power abuse; or 3. ciphertext hack, Citium users can still justifiably deny that they have ever been involved because all security forensics are futile, no matter how extensive and meticulous they are. Citium inevitably makes the data source obscured and inadmissible. Besides, Deniability, as an InfoSec feature, greatly reduces the desire of any competitor or judicial authority to investigate or obtain evidence against users of Citium.

西蒂姆簡介
Overview

傳統來說,為了方便用戶使用密碼系統,折衷起見,中心化的系統的「權益持份者」(stakeholders)持有用戶的賬戶ID、密碼和個人信息授權訪問和服務。但往往這些折衷辦法都會引致無可挽回的副作用,例如數據洩露、強迫和勒索攻擊。幸運的是,現代密碼學技術賦予了設計者空間創造更優質的密碼系統:既可以祛除這些傳統常規的權利和權力,同時又不影響密碼系統的整體可用性!

西蒂姆(Citum)充分利用了這些久經考驗的技術構建了一個免費的、開源代碼的、完全去中心化的、無需准入許可的區塊鏈系統,並採用了密碼學上堅不可摧的資訊安全機制,例如 混合加密系統門限加密系統無差別網樹多點傳送(IMTM) 和 分身馬甲帳號。西蒂姆(Citum)當前的版本能兼容 文字音像視像即時音訊 的數據。使用西蒂姆(Citum)建造的去中心化應用程序(dApp)能享有非凡的數據安全功能,例如 可推諉性,非常適合用於建造 OTS無記錄通訊即時通訊系統(OTS-IMS)。

服務器IP地址混淆: 服務器IP地址混淆(SIPO)是西蒂姆(Citum)的獨特功能,可以讓HTML5的內容訪問者既可以訪問到內容但無從得知其服務器的來源IP地址,不單能有效 防止分散式阻斷服務攻擊(DDoS),更可以從IP地理情報層面杜絕情報收集,有效 防止網絡服務器被拆卸和扣押

Conventionally, compromising with usability, centralized stakeholders of a cryptosystem hold users’ account ID, password, and personal information to authorize access and service, which may all lead to irreparable blowback, such as data breaches, coercion and blackmail attacks. Luckily, modern cryptography technologies enable designers to create better cryptosystem: do away with these rights and power while still retaining the overall usability of cryptosystems!

Citium take full advantage of these time-tested proven technologies to establish a free, open-source, fully decentralized, permissionless blockchain that features cryptanalytically unbreakable cryptosystems and InfoSec mechanisms, such as Hybrid Cryptosystem, threshold cryptosystem, indiscriminate mesh-tree multicast (IMTM), and sockpuppetry. Citium’s current build is capable of serving text, image, video and real-time voice data. Decentralized Apps (dApps) built on Citium can enjoy extraordinary data security features, such as deniability, which is well-suited to build Off-the-Record Messaging (OTR) Instant Messenger System.

Server IP Obfuscation: Server IP Obfuscation (SIPO) is a unique feature of Citium. It can hide a server’s originating IP address from its visitors while letting them visit HTML5-based content on the server seamlessly. Not only can SIPO effectively prevent distributed denial-of-service (DDoS) attacks, but it can also curtail IP intelligence gathering (e.g. geolocation lookup), effectively preventing web server takedown and seizure.

可抵賴可推諉 ✓
Deniability ✓

很多中心化通訊系統自稱帶有 不可否認性 作為訊息安全功能之一,因為他們的用戶本身目標就是希望能系統化地讓溝通對手承擔法律責任。西蒂姆(Citum)不是為這種目標而設計的,而是提供了完全相反的資訊安全功能:可推諉性。「可推諉性」是針對強制披露和其後患的最後一道防線。

一些服務商,比如說Facebook,試圖提供可推諉性,但卻沒能排除他們自己的嫌疑。這裡直接引用2017年5月18日Facebook 發布的、基於他們的 Facebook Messenger《秘密對話技術白皮書》中的一段話。

第三方可推諉性屬性確保了Facebook以外的任何一方都無法通過密碼學方法確定報告的有效性。

這意味著 Facebook仍然可能被強制脅迫披露,甚至自願接受監控,更不用說數據洩露的可能性了。所以,Facebook 的秘密對話功能極其量提供了半生不熟的「可推諉性」。反觀,西蒂姆(Citum)提供了「完全的可推諉性」(full deniability);沒有參與者或中轉機器可以以任何形式犧牲「可推諉性」。

西蒂姆(Citum)去中心化系統協議背後的主要動機是為對話參與者提供一個可推諉的溝通網絡,同時保持對話的機密性,例如現實生活中的私人對話,或新聞採購中的記錄。 與之相反的是,某些中心化通訊系統卻輸出可以稍後用作通訊事件和參與者身份的可驗證記錄。

Many centralized communication systems claim to have non-repudiability as one of their FnfoSec features because their users purposely want to systematically hold their communicating parties legally accountable. Citium does not cater to that purpose. In fact, Citium offers the complete opposite: deniability, which is the last line of defense against forced disclosure and its repercussions.

Some service providers, such as Facebook, are trying to offer deniability but they fail to rule themselves out of the picture. Here a direct quote from the Technical Whitepaper of Messenger Secret Conversations in Facebook Messenger published on May 18, 2017:

“[T]he third-party deniability property ensures that no party outside of Facebook can cryptographically determine the validity of a report.”

It implies that Facebook can still be vulnerable to forced disclosure and or even voluntarily submitting to surveillance, not to mention the chance of data breach. Thus, Secret Conversations of Facebook’s Messenger offers half-baked deniability at best. In contrast, Citium offers full deniability; no participant or mediatory machine can compromise deniability in any way.

The primary motivation behind Citium decentralized system protocol is to provide a deniable communication network for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with some other centralized communication systems that produce output which can be later used as a verifiable record of the communication event and the identities of the participants.

SafeMail & SDTP

西蒂姆(Citum)繼承自開源項目:BitmessageSafeMail。儘管西蒂姆(Citum)即時通訊系統項目與 SafeMail 協議完全兼容,但我們還是決定將其稱為 Citium Instant Messenger(CIM) 而不是Citium Mail,因為它很多方面(用戶界面和操作)形似大多數市場上流行的即時聊天工具軟件。

CIM和SafeMail都使用的通信機制是「安全數據傳輸協議」 SDTP。 SDTP規定,所有形式的通信都將相同的通用通知推送給預期的接收者。收到通知後,要求預期的收件人自己檢索消息。

Citium is inherited from the open-source projects: Bitmessage and SafeMail. Although the Citium Instant Messenger project is fully compatible with SafeMail protocol, we decide to call it Citium Instant Messenger (CIM) instead of Citium Mail because it is in many ways (e.g. the user interface and operation) more akin to most of the popular instant messengers in the marketplace.

The communication mechanism used by both CIM and SafeMail is the “Safe Data Transfer Protocol” (Safe Data Transfer Protocol). SDTP dictates that all forms of communication push the same generic notification to the intended recipients. Once notified, the intended recipients are required to retrieve the messages on their own.

Push & Pull(Fitch)
推播與拉取(撲捉)

大多數即時通訊系統都設計為將通訊信息主動推播到「預期收件人」(intended recipients)的客戶端應用程序上。然而,在西蒂姆(Citum)即時通信系統(CIM) 中,推送通知只限於一般的文字提醒(即“You have a new message.”;中文翻譯:“您有一條新消息”),並以加密的加密文本(“密文”)的方式將消息的極微小的片斷發送給目標收件人。預期的收件人需要自己去從芸芸眾多西蒂姆(Citum)的節點 (即服務和用戶節點)去撲捉、拉取消息,最終與其手頭上收到了的極微小的片斷重組一起,才能獲取原有的、正確的信息。

Most instant messenger systems are designed that messages are directly pushed onto the client apps of the intended recipients. However, in Citium Instant Messenger (CIM) system , push notification is limited to a generic text reminder (i.e. “You have a new message.”) and a very thin slice of the message encrypted in a ciphertext being sent to the intended recipients. The intended recipients are required to actively fetch the remaining slices on their own from the sea of Citium nodes (i.e. service & user nodes), and eventually, recombining with the thin slice at hand to acquire the original, correct message.

門限加密系統
Threshold Cryptography

在任何密碼系統中,將純文本訊息轉換為密文再轉換回來的最重要組成部分是密鑰。 密鑰是密碼學整體安全性的基礎,這意味著密鑰的保護也已成為重要的命題。 可以減少密鑰洩露風險的一種方法是門限加密。 門限加密學的基本思想是,在將密鑰分發給相關節點 之前,將其分為 N 個份額。 為了再次生成密鑰,不需要所有共享。 相反,一個實體只能組合 K 個份額(稱為門限)來重建密鑰。 換句話說,即使將密鑰分為 N 個份額,也僅需要 K 個份額即可重建密鑰。

In any cryptographic system, the most important component of transforming plaintext messages to ciphertext and back is the key. The key is the foundation of the overall security of cryptography, which means that the protection of the key has also become an important issue. One of the methods that can reduce the risk of the key being compromised is threshold cryptography. The basic idea of threshold cryptography is that the key is divided into n shares before being distributed to the involved entities. In order to generate the key again, not all the shares are needed. Instead, an entity can combine only k shares (known as the threshold value) to reconstruct the key. In other words, even though the key is divided into n shares, only k out of shares is needed to reconstruct the key.

作為額外安全措施
As Extra Security

歷來只有具有非常有價值的秘密(例如證書頒發機構,軍隊和政府所隱藏的)才使用門限加密系統技術。西蒂姆(Citum)的門限加密方案是確保密鑰安全並防止密鑰被洩露的額外步驟。這是因為對手將需要攻擊 K 個節點 以便獲得 K 個份額來生成密鑰,而不是損害一個節點 則可來獲取密鑰。這使得攻擊難度大增。

Historically, only organizations with very valuable secrets, such as certificate authorities, the military, and governments made use of threshold cryptosystem technology. Threshold cryptography scheme in Citium is an advanced and extra step to securing the key and to preventing the key from being compromised. This is because an adversary will need to attack k node(s) in order to obtain k shares to generate the key, rather than compromising one node to obtain the key. This makes it more difficult for an attacker.

在西蒂姆(Citum)中,不僅是密鑰,而且消息被加密後的密文本身也與密鑰的N個共享碎片一起被分割成N個碎片。共享的密碼文本(”密文”)被無差別地、不加區分地分發到盡可能多的西蒂姆(Citum)節點 (即服務和用戶節點)。這樣一來,所有的內容對所有節點的所有者都是良性的。任何人都不需要對分發的任何信息負責。沒任何人知道在他們自己的節點 上在分發的內容是什麼、從哪裡來或給誰發的。在西蒂姆(Citum)的門限密碼系統設計是 K = N,這意味著所有的 N 個份額都要被收集和合併。這是門限密碼系統最嚴格的資訊安全设置。

In Citium, not only the key, but also the ciphertext (i.e. encrypted message) itself are divided into n slices along with the n shares of the key. The shared ciphertexts are distributed indiscriminately to as many Citium nodes (i.e. service & user nodes). In doing so, all contents are benign to the owner of all nodes . No one is needed to be held responsible for any message distributed. No one knows what/whence/to whom they are distributing on their nodes . In the Citium’s threshold cryptosystem, it is designed that k = n. It means all n shares have to be collected and combined. It is the most stringent InfoSec setting on the threshold cryptosystem.

資訊安全功能
InfoSec Features

以下是一個西蒂姆(Citum)的資訊安全(有時簡稱為InfoSec)功能列表。資訊安全是一種通過減輕信息風險來保護信息的應用功能實踐。 它是信息風險管理的一部分。 它通常涉及防止或至少減少未經授權/不當訪問,使用,披露、破壞、刪除/銷毀、損壞、修改、檢查、記錄或貶值的可能性,也可能涉及減少事件如果不幸發生後的不利影響,例如「强制性披露」 (force disclosure) / 「強制性密鑰披露」 (mandatory key disclosure)。

Here is a list of available InfoSec features on Citium. Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation, although it may also involve reducing the adverse impacts of incidents (e.g. force disclosure / mandatory key disclosure).

:closed_lock_with_key: 資訊安全功能
InfoSec
風險與威脅
Risk & Threat
無需許可
Permissionless
審查
Censorship
機密性
Confidentiality
信息洩露
Data Breach
完整性
Integrity
篡改
Tampering
可用性
Availability
阻斷服務攻擊
DDoS Attack
授權性
Authorization
特權提升
Privilege Escalation
驗證性
Authentication
欺骗
Spoofing
可推諉性
Deniability
強制型透漏
Forced Disclosure
不可否認性
Non-Repudiation
可否認性
Repudiation

:closed_lock_with_key:: ✓ 有該功能; ✗ 無該功能


:closed_lock_with_key:: ✓ available feature; ✗ unavailable feature

下一章 / NEXT CHAPTER

可推諉性和不可否認性

Deniability & Non-Repudiation