ENCRY is a multi-disciplined international holding company specializing in the creation of high-tech products in the telecommunications field, as well as decentralized and distributed services. We talked with ENCRY’s founder Roman Nekrasov and the technical director Andrei Chmora about the implication of blockchain in the telecom industry and how ENCRY’s developments can drastically improve the security of users on the Internet.
- How did you start working with decentralized technologies?
Andrei Chmora: Cryptography has been in the field of my scientific interests since the beginning of the 90s. Prior to that, I was working with algebraic codes and was partially in touch with tasks that were related to cryptography, but directly I began to deal with this issue in the 90s. The first surge of interest in cryptography arose in the world at that time due to the development of payment systems and electronic cash, but it was Satoshi Nakamoto, who later managed to formalize the existing technologies into one coherent system. For its time, it became unique because it managed to create a consistent concept and apply well-known cryptographic solutions correctly. At that time, I was working with cryptographic technologies in the field of cybersecurity and still was interested in peer-to-peer payment systems.
Roman Nekrasov:
Speaking about our main project - in the field of telecommunications - EncryptoTel, it has grown on the basis of many years of our experience in this and related fields. Having graduated in information technology, I worked in the IT sphere for several years, this experience includes the position of technical director of one of the major VoIP providers. It was there when I clearly saw how traditional businesses and call centers are “moving” to the Internet, how competitive telecommunications infrastructure helps companies effectively optimize their routine tasks and significantly save money. However, I also noticed how vulnerable were the telecom systems that existed at that time. It was interesting for me to figure out how to make communication on the Internet more reliable and accessible to a wide range of users. How to do so in order to maintain the convenience of virtual PBX with its extensive functionality for business, while sending information in the safest possible way? At the beginning of 2012, I simultaneously got intrigued by how Bitcoin mining is organized and the blockchain technology itself, took part in discussions at specialized forums and even assembled mining farms myself. Having fully studied the technology itself, inspired by the concept of decentralized and reliable applications, the idea of the ENCRY project was born, which eventually became the cradle of several developments at once.
- One of your proprietary technologies is the Decentralized Public Key Infrastructure (DPKI), which aims to replace the existing PKI. Why change anything?
A. Chmora: Interaction on the Internet always involves the transfer of data. We are all interested in ensuring that data is transmitted in a secure manner. For this, methods of asymmetric cryptography or cryptography with a public key are typically used. Asymmetric cryptography methods are actively used by most resources working with personal data and payment information. For example, banks, insurance companies, airlines, payment systems, as well as government service portals such as the tax office.
But the current public key infrastructure is vulnerable because of its centralization. Trusted certification authorities (CAs) are responsible for the distribution and maintenance of digital certificates. But for a couple of decades of using digital certificates, there have been several cases where CAs have been compromised. Unconditional trust to the CA is expected from users, but is it possible to trust someone whose work in fact cannot be verified in any way?
Our proposal is to leave behind the centralized infrastructure and store information about public keys in a distributed registry. Let us explain schematically what the essence of the proposal is. The public key, together with metadata, is presented in the form of a specialized transaction, which is placed in the pool as well as all other transactions. Then the transaction is being processed from the pool and, after making a positive decision on the result of the checks, it is saved in the registry entry. All such transactions belonging to a single owner are linked in a chain. Anyone who has access to registry entries can verify connectivity and thereby establish the ownership of the public key. Note that the digital signature mechanism is also involved in the verification. The very first transaction in the chain, or "anchor", plays the role of an identification document and indicates the owner. All subsequent transactions are tied to this anchor one by one as they become available.
R. Nekrasov: If we talk about the fundamental difference, then this is a classic example of contrast between centralization and decentralization. The main drawback of centralized systems, whether it is an infrastructure of public keys or something else, is a single point of attack. Any centralized system is vulnerable to attacks, not only from hackers, but also vulnerable to corruption, political lobbying. And if the system is vulnerable, then it will easily lose users trust if a successful attack is committed.
Decentralization helps to avoid these shortcomings and build trust among users in the decision-making process without trust between the participants themselves, that is, in a trustless environment.
- But how is the user identity resolved? In the current infrastructure registration centers are responsible for public keys. If there were none, wouldn’t this lead to complete chaos with identification?
A. Chmora: If we talk about identification, then there is a direct connection with the problem of falsification of credentials for the purpose of impersonification. Note that this problem belongs to the fundamental category. A full-fledged solution does not exist due to informational-theoretical reasons - without the availability of reliable ‘a priori’ information, it is impossible to confirm or deny the subjects authenticity. Both in centralized infrastructure and in decentralized, this problem is equally relevant. Registration centers are now verifying credentials using a set of identity documents. It is clear that everything here depends on how much the presented documents are protected, but, as you know, solutions that provide a 100% guarantee of reliability do not exist. In terms of decentralized infrastructure, members of a distributed community can perform the same function. Although at first glance this approach may seem less reliable than the current rules, in practice we see how the community actively and very successfully identifies people. For example, in 2018, BBC journalists were able to find the perpetrators of the terrorist attack in Africa in which civilians died, as well as determine when and where exactly the crime occurred.
In short, the problem of identification as it was and still remains, is simply solved in a different way. The proposed method is neither better nor worse. Just different.
- You propose building a decentralized infrastructure of public keys on a blockchain of your own design - ENCRY. Why? Aren’t there too many blockchains in the world?
R. Nekrasov: The main requirement for the registry is the ability to form transactions of any type. The Bitcoin network, for example, lacks the necessary mechanisms for processing arbitrary data sets. The ENCRY blockchain uses its own interpretation of the Proof-of-Work (PoW) consensus. We chose the PoW algorithm, because we believe that it is better than many other consensus algorithms in protecting the network from attacks. We also decided to create our own proprietary programming language Prism, which provides the flexibility we need when solving various technological problems. For example, it helps to better calculate the complexity of the script until it is launched and this helps to filter out excessively heavy scripts and not overload the network.
- And how do you use blockchain technology in telecommunication services?
R. Nekrasov: As I have already said, confidentiality, communication security, privacy are the main vulnerabilities that I see on telecom platforms. Our development EncryptoTel is a virtual public branch exchange (PBX) with an increased level of confidentiality, which can be achieved thanks to cryptographic and distributed methods. For example, if you store payment information in the blockchain, users will be able to forget about situations when their accounts were suddenly bloated due to the application of hidden and unnecessary services. Just a few days ago, we launched a beta test of the secure messenger. The messenger is designed for anonymous messaging between clients through a distributed network of nodes with multi-level encryption of outgoing and incoming messages. This is a truly anonymous messenger, and it is not like the currently existing services, which use the words "cryptography" and "privacy" only as advertisement. I think that it is hardly possible to achieve real privacy without decentralization.
By the way, we are not trying to impose our blockchain for this project at all. Our software can integrate with nodes of other applications. We plan to integrate with many popular blockchain platforms soon.
Accessibility and communication security is our common goal, and we are happy to share our ideas with the community. We have recently published a detailed material on how we propose the use of decentralized registry technology, and we invite the community to engage in a constructive discussion.