Public Key Exchange (Command Group 4)
These services allows computers that do not share a common secret to trade keys. This is designed to be a quantum safe replacement for TLS/RSA.
Command Codes
| Command Code | Service | Notes |
|---|---|---|
| 39 | Send Key | The fastest way for client to exchange a quantum safe key with a server |
| 40 | Receive Key | Server listens for a client to Send Key |
| 41 | Key Post | Allows the Initiating Client to put key parts on the RAIDA |
| 42 | Key Alert | Allows the Initiating Client to inform the Passive Server to pick up keys |
| 43 | Key Get | The Passive Server calls this service to receive the key parts |
| n/a | Peer To Peer | How computers who have exchanged keys can connect with each other |
Byte Codes Used With These Services
| Byte Code | Name | Purpose |
|---|---|---|
| CH | Challenge | This is for mutual identification. The RAIDA server must decrypt this and return it with the response |
| ID | Key ID | Client makes a random key ID. ID is needed for a direct connection. Client and receiver will need to store this. |
| IP | Receiver's IPv4 | The IP address of the server to exchange keys with. Or,the sender can specify that the receiver must have that IP address to get the key. (Optional. Zeros if empty) |
| DN | ID Denomination | If the client wants the receiver to authenticate, it can require a denomination and serial number |
| SN | ID Serial Number | Client can prove their identity by supplying this. |
| KY | The key Part | Can hold any data and keys up to 128 bytes (3.2 KB across the entire RAIDA). |
| KS | *Key Start | Because the fixed key space could be zeros if empty, the client may fill unused bytes with random numbers. This is the byte (indexed by zeros) that is the first byte of the key |
| KL | Key Length | This is the total number of bytes in the key and is used for finding the end of the key. |
| PO RT | Port Number | Specifies the port number of the server to receive the key. |
| OF | Offset | The number of bytes ahead were the second key is located |
| RD | Random Number | Just a random byte. |
| E3 | End bytes | Specifies the end of the Request Body. Not encrypted. |
Send Key
Allows clients to send a 128 bit cryptographic key to a server or other machine for the purposes of encrypted communication. This key is undiscoverabl except in the case where all 25 raida administrators unite their data within a few seconds of the key being sent.
Here are the steps to share a key with a server
- QClient resolves the server's IP address, port numbers,raida membership and key IDs using DNS service records(SRV)
- QClient generates a Raida Scatter Table to scatter the key parts amoung random data.
- QClient shardes the scatter table into 25 rows. One shard for each raida.
- QClient encrypts each shard using existing shared secrets with the raida (128 bit AES).
- QClient sends each shard to the corrensponding raida's "Send Key" service.
- Raida decrypts the client's request and finds the server's IP, port, key ID, challenge and other information.
- Raida uses the server's key ID to encrypt the shard and sends the request to the QServer "Receive Key service".
- QServer decrypts the raida's request, puts together the shards, finds the key in the Raida Scatter Table and records the key.
- QServer encrypts Qclient's challenge and respondes to one of the raida.
- Raida sends the QServer's acknoledgement and responds to the QClient with other requirments like key changes
- QClient stores the key and follows the QServers requests
RAIDA Scatter Table
The scatter table is designed to allow a client to pass a key to another machine without the raida admins being able to discover the key. The scatter table can also protect the key from tappers unless they are able
Here's how it works:
Input:
You provide a number called "remainder" (between 0 and 24).
Goal:
Generate a list of 25 random numbers (each between 0 and 24) that, when added together, gives a sum that has the same remainder as the input "remainder" when divided by 25.
Process:
The client algorithm keeps creating random lists of 25 numbers.
For each list, it adds up all the numbers and checks the remainder when the sum is divided by 25.
If the remainder doesn't match the input "remainder," it throws out that list and tries again with a new random list.
It repeats this until it finds a list where the sum's remainder matches the input "remainder."
Output:
The final list of 25 numbers, where each number is between 0 and 24, and their sum, when divided by 25, has the specified remainder.
Example
Suppose the input "remainder" is 7: The algorithm generates a list like [3, 12, 8, ..., 15] (25 numbers). It adds them up, say, to 307.
It checks: 307 ÷ 25 = 12 with a remainder of 7 (since 25 × 12 = 300, and 307 - 300 = 7).
Since the remainder (7) matches the input, it returns this list.
If the remainder didn't match (e.g., it was 10), it would generate a new random list and try again.
Why It Works
Since the numbers are random and between 0 and 24, the sum of 25 numbers can produce a wide range of remainders when divided by 25.
By repeatedly generating lists, thealgorithm eventually finds one that satisfies the condition.
This trial-and-error approach ensures the remainder matches the input, though it might take multiple attempts.
This method is like rolling dice until you get the desired outcome, ensuring the list is random but meets the specific remainder requirement.
The client sends each RAIDA one of these 25 stipe to a random raida without using the standard
Random Number Table Generator
Each row contains 25 random numbers (0-24) and these numbers are five bits in length. The sum of these numbers has a specific remainder when divided by 25. Here is an example of a table generated so that each column has a unique remainder 0 through 24. These values are shown in Base25.
| Decimal Base25 | 0 0 | 1 1 | 2 2 | 3 3 | 4 4 | 5 5 | 6 6 | 7 7 | 8 8 | 9 9 | 10 A | 11 B | 12 C | 13 D | 14 E | 15 F | 16 G | 17 H | 18 I | 19 J | 20 K | 21 L | 22 M | 23 N | 24 O |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Raida 0 | M | 1 | H | H | 1 | K | H | 5 | 1 | E | D | J | 2 | 0 | H | H | 5 | F | D | O | 1 | M | 4 | A | O |
| Raida 1 | K | L | 3 | 6 | L | L | G | 9 | L | M | 0 | N | B | 6 | 2 | B | N | 1 | C | B | M | C | I | 9 | K |
| Raida 2 | 4 | F | D | N | K | 8 | 6 | G | G | 5 | 5 | I | F | 5 | J | M | 6 | 0 | O | O | L | I | 2 | 6 | 6 |
| Raida 3 | M | M | 0 | B | A | B | E | L | A | 0 | L | O | B | J | L | H | 6 | 7 | C | N | K | 6 | B | H | G |
| Raida 4 | E | O | F | L | 0 | 1 | N | F | D | 4 | A | 6 | 0 | 9 | E | 2 | F | B | J | H | 0 | 1 | K | C | O |
| Raida 5 | M | K | K | 8 | C | D | F | 7 | J | B | 4 | B | 0 | D | K | J | 8 | 7 | 5 | C | J | M | 7 | N | D |
| Raida 6 | G | C | G | 6 | D | E | A | O | D | E | 4 | 1 | 4 | C | C | H | 7 | C | 8 | L | M | 6 | 1 | 3 | F |
| Raida 7 | 7 | K | K | 7 | 5 | J | 5 | H | O | 7 | H | N | D | I | L | H | 1 | B | J | 9 | 1 | 6 | C | 6 | 0 |
| Raida 8 | 2 | I | 6 | M | 1 | C | G | 9 | H | I | L | C | I | 4 | G | 2 | 3 | I | O | 0 | I | J | 4 | E | K |
| Raida 9 | N | 9 | 0 | 1 | 9 | 8 | 8 | 9 | F | D | H | L | 0 | 4 | 3 | 4 | I | O | I | K | L | M | 4 | 8 | B |
| Raida 10 | 3 | D | K | 9 | F | 2 | J | 4 | E | D | L | C | H | H | 3 | 7 | 9 | N | 4 | O | 9 | 1 | 1 | H | J |
| Raida 11 | 9 | M | D | 3 | 2 | K | 7 | N | 6 | E | K | G | E | A | F | 2 | E | N | 5 | 8 | 1 | D | 4 | 9 | H |
| Raida 12 | 2 | 7 | F | 2 | M | E | C | 2 | N | 0 | N | 7 | K | J | B | 2 | L | F | A | 9 | O | F | N | 4 | 9 |
| Raida 13 | B | L | G | M | C | A | A | 8 | 3 | O | 5 | G | G | L | L | B | 8 | 1 | I | 6 | D | O | 6 | H | H |
| Raida 14 | 4 | F | J | E | 2 | O | N | K | 1 | 6 | L | O | 9 | H | E | E | J | 1 | N | J | 0 | B | 4 | D | 4 |
| Raida 15 | B | C | A | I | 1 | 7 | 9 | O | 7 | A | 8 | A | M | 0 | L | 7 | M | O | K | L | D | 4 | 1 | M | 6 |
| Raida 16 | N | 8 | 3 | 4 | 7 | F | G | 7 | 8 | N | A | 7 | 2 | 3 | L | M | J | C | 8 | 0 | D | D | K | N | I |
| Raida 17 | J | 3 | 8 | F | I | 6 | 0 | 8 | 6 | J | O | J | G | G | I | 8 | C | 3 | 2 | 5 | I | 6 | 8 | 6 | 1 |
| Raida 18 | I | 5 | 1 | 7 | F | K | A | 2 | 5 | 9 | 6 | K | 8 | 4 | M | L | N | 1 | H | E | B | B | E | 9 | 1 |
| Raida 19 | 7 | 3 | I | 5 | E | 0 | 7 | 9 | 7 | H | 8 | H | C | B | I | 3 | N | F | L | A | B | O | 7 | K | 0 |
| Raida 20 | E | M | D | B | 1 | K | D | 8 | F | 8 | 1 | K | 0 | 6 | N | B | H | F | 0 | O | 8 | N | L | D | M |
| Raida 21 | I | B | J | M | A | H | J | C | B | L | L | E | A | O | 0 | 5 | L | K | L | L | 6 | 3 | 2 | N | B |
| Raida 22 | 9 | 5 | M | 0 | A | 3 | O | F | 9 | 8 | N | A | G | L | I | 0 | 0 | A | B | A | 5 | K | B | 0 | E |
| Raida 23 | D | A | F | 5 | G | 1 | N | 8 | K | A | 9 | 7 | L | M | 0 | 9 | A | H | K | N | F | 3 | J | 4 | 2 |
| Raida 24 | E | 5 | F | A | 0 | 4 | 9 | I | J | 3 | M | F | N | 7 | L | N | N | 0 | H | F | O | 2 | 5 | M | O |
| Decimal Sum | 327 | 324 | 317 | 269 | 237 | 290 | 331 | 300 | 303 | 293 | 334 | 372 | 280 | 288 | 371 | 273 | 333 | 286 | 351 | 370 | 316 | 307 | 229 | 310 | 314 |
| Decimal Remainder | 2 | 24 | 17 | 19 | 12 | 15 | 6 | 0 | 3 | 18 | 9 | 22 | 5 | 13 | 21 | 23 | 8 | 11 | 1 | 20 | 16 | 7 | 4 | 10 | 14 |
Examples of data sent to the RAIDA
These values are shown in Base25 and in Hexidecimal after they Base25 is converted. Each RAIDA will get a different set of 16 bytes.
Details:
| Raida | Base25 Hexidecimal |
|---|---|
| RAIDA 00 | M1HH1KH51EDJ20HH5FDO1M4AO B0 63 10 D2 25 0B 9B 31 02 31 2B DB 80 D8 8A C0 |
| RAIDA 01 | KL36LLG9LM0NB62BN1CBMCI9K A5 46 6A D6 09 AD 81 75 98 4B B8 58 BB 32 49 A0 |
| RAIDA 02 | 4FDNK86GG55IF5JM60OOLI266 23 DB 7A 20 D0 81 4B 27 96 76 30 31 8A C8 46 30 |
| RAIDA 03 | MM0BABELA0LOBJLH67CNK6BHG B5 80 B5 2D D5 50 2B 85 CE B1 31 D9 7A 19 71 80 |
| RAIDA 04 | EOFL01NFD4A609E2FBJH01KCO 76 1F 50 06 EF 69 14 60 25 C2 7A E7 10 06 8C C0 |
| RAIDA 05 | MKK8CDF7JB4B0DKJ875CJM7ND B5 28 86 35 E7 9A C8 B0 36 93 41 CA C9 D8 F7 68 |
| RAIDA 06 | GCG6DEAODE414CCH7C8LM613F 83 20 66 B9 58 6B 88 12 31 91 3B 11 5B 18 23 78 |
| RAIDA 07 | 7KK75J5HO7HNDILH1BJ916C60 3D 28 72 CC B1 C1 E3 76 CA B1 0A E6 90 99 86 00 |
| RAIDA 08 | 2I6M1CG9HILCI4G23IO0IJ4EK 14 8D 60 B2 09 8C AA C9 12 02 1C B0 09 4C 8E A0 |
| RAIDA 09 | N9019889FDHL0434IOIKLM48B BA 40 14 A1 09 7B 63 50 10 64 96 25 4A D8 88 58 |
| RAIDA 10 | 3DK9F2J4EDLCHH379N4O911HJ 1B 68 97 8A 64 73 6A C8 C4 67 4D C9 84 84 31 98 |
| RAIDA 11 | 9MD32K7N6EKGEAF2EN581D49H 4D 9A 31 50 F7 33 A9 07 29 E2 75 CA 80 B4 89 88 |
| RAIDA 12 | 27F2MEC2N0N7KJB2LFA9OFN49 11 DE 2B 39 82 B8 2E 7A 4D 62 AB D4 9C 3E E4 48 |
| RAIDA 13 | BLGMCAA83O5GGLLB81I6DO6HH 5D 61 66 29 48 1E 0B 08 56 AB 40 64 66 E0 D1 88 |
| RAIDA 14 | 4FJE2ONK16LO9HEEJ1NJ0B4D4 23 E6 E1 62 F4 09 AB 84 C5 CE 98 6F 30 2C 8D 20 |
| RAIDA 15 | BCAI179O7A8AM0L7MOKLD41M6 5B 15 20 9D 38 3A 90 AB 02 A7 B6 29 56 90 36 30 |
| RAIDA 16 | N8347FG78NA723LMJC80DDKNI BA 06 43 BE 07 45 D4 71 0E B6 9B 10 06 B6 97 90 |
| RAIDA 17 | J38FI6086JOJGGI8C325I6861 98 D0 F9 18 08 34 F1 38 42 48 60 C4 59 19 06 08 |
| RAIDA 18 | I517FKA2596K84MLN1HEBBE91 91 42 77 D1 42 2A 4D 44 12 D5 B8 62 E5 AD C9 08 |
| RAIDA 19 | 73I5E0797H8HCBI3NFLABO7K0 38 E4 57 00 E9 3C 51 16 2E 43 BB EA A5 E0 F4 00 |
| RAIDA 20 | EMDB1KD8F81K06NBHF0O8NLDM 75 9A B0 D1 A8 7A 03 40 1A EB 8B C1 84 5E AD B0 |
| RAIDA 21 | IBJMAHJCBLLEAO05LKLL632NB 92 E7 65 46 6C 5D 6A E5 60 05 AD 2B 53 0C 57 58 |
| RAIDA 22 | 95M0A3OF98NAGLI00ABA5KB0E 49 6C 05 0F 0F 4A 2E A8 56 40 02 96 A2 D1 60 70 |
| RAIDA 23 | DAF5G1N8KA97LM09AHKNF3J42 6A 9E 58 06 E8 A2 92 7A D8 09 54 69 77 8E 64 10 |
| RAIDA 24 | E5FA049IJ3MFN7LNN0HFO25MO 71 5E A0 11 32 98 EC FB 9E B7 B8 22 FC 08 B6 C0 |
| Encryption Key | 5C4AK0A63HHNML47D895O0A95 2B 08 AA 01 46 1C 63 7B 54 87 6A 12 5C 01 49 28 |
Byte Layout of SendKey Request Body: 50 bytes fixed.
NOTE: The server will decide the DNs and the SNs of the two keys. The server will also decide the second key by sending the "offset" of the second key. If the scatter table is flattened out into one array of bytes. Then the offset is how many index numbers that should be added to find the byte of the second key. After the table is flattened, it will have 400 bytes. If the first byte of the first key part is at index 55 and the offset is 20 then the first byte of the second key will be byte at index 75. It will need to wrap around after 400.
Response Format:
Shows the denomination and serial numbers of the keys that have been created.Response Status Codes
| Code | Status | Details |
|---|---|---|
| 0 | Fail | Failed but no details provided |
| 1 | Success | Key sent successfully |
KEY POST
The sender computer that wants to initiate an encrypted session with a receiver server will take a key and divide into parts. Then it will post each part on a different RAIDA.
It is the client that must handle the keys as the Post Key service has no logic besides storing data. See the Key Post Client Guidelines below for details.
Each RAIDA can store 128 bytes of a key.
Sample Request: 185 bytes fixed.
NOTE: The Key Start and the Key Length help to strengthen the encryption. It also reduces DOS attacks designed to use up system resource. The key used to encrypt the request will write over any other requests it has made. Each encryption coin can only make one request at a time and is the Primary key in the RKE server's key table.
Response Status Codes
| Code | Status | Details | Implemented Now? |
|---|---|---|---|
| 0 | Fail | Failed but no details provided | Yes |
| 1 | Success | Key posted successfully | Yes |
| 3 | Fail | Client's IP Address was zero. Anonymous clients not allowed. | No |
| 4 | Fail | Receivers's IP Address was zeros. Anonymous receiver not allowed. | No |
| 5 | Fail | Key Start was invalid. | Yes |
| 6 | Fail | Key Length was invalid. | Yes |
| 7 | Fail | Coin used for encryption was used too many times. | No |
| 8 | Offline | Service temporarily offline | No |
KEY ALERT
Tells the Receiver that there are keys waiting for it. The client can use any combinations of RAIDA it wants to. It can use all 25 or just 2. However, the receiver has the option of using a subset of the key parts that they Sender has suggested. This is because the Receiver may not trust all the RAIDA suggested. In this case, the client will need to assemble the key parts in a different manner.
| Byte Code | Name | Purpose |
|---|---|---|
| CH | Challenge | This is for mutual identification. The server must decrypt this and return it with the response |
| ID | ID | Hash of the key part that the client has created and stored on a RAIDA |
| IP | RAIDAs IP | This is the IP address that the key receiver must go to to download the key part. |
| PT | RAIDAs Port | This is the port number the receiver will need to use to get the key part (RAIDA's port number) |
| DN | Denomination | Used if the Receiver wants to authenticate the sender. |
| SN | Serial Number | Client can prove their identity by supplying this. |
| E3 | End bytes | Specifies the end of the Request Body. Not encrypted. |
Sample Request (Unencrypted): 62 bytes for every key part plus two ending bytes.
Sample Response to Sender:
Sample Response Body Showing that key parts 0, 1 and 3 where used and key part. They must be put together in that order.
KEY GET
Allows a client to get a key on an RKE server that was left for them by a computer initiating a private conversation.
Sample Request fixed size:
Sample Response fixed size:
The receiver and the client must store the Key ID and its key. They key ID will be bytes 17,18,19,20 and 21 in the request header.
Response Status Codes
| Code | Status | Details |
|---|---|---|
| 0 | Fail | Failed but no details provided |
| 1 | Success | Key downloaded successfully |
| 2 | Fail | Client Authentication - Authentication was required but not provided |
| 3 | Fail | Client Authentication, Bad User - the receiver account does not exist |
| 4 | Fail | Client Authentication, password was incorrect. |
| 5 | Fail | Anonymous Receivers not permitted - No receiver address was provided and that is not allowed |
| 6 | Fail | Key Not found - the SN of the sender does not exist |
| 7 | Fail | AN and PN were the same. The PN must change everytime |
| 8 | Fail | Blocked Sender - Client was blocked because of client's SN |
| 9 | Fail | Blocked Receiver - Sending keys to that receiver is not permitted. |
| 10 | Fail | Blocked PAN - Your AN was the same as the PAN. They must be different on this server. |
| 11 | Offline | Service temporarily offline |
| 12 | Fail | Key not found - There was not key with that ID on the RAIDA. |
Pass Key Through RAIDA
The client sends the key to the RAIDA and the RAIDA sends it to the server.
The client takes a key and stripes it and create parity stripes. Then the client sends each stripe to a random raida without using the standard way of writing it. The standard way is that stripe 0 goes to r5, 1 goes to r6 etc.
Here is the algorithm
The algorithm creates a list (array) of 25 random numbers, where each number is between 0 and 24 (inclusive). The goal is to ensure that when you add up all 25 numbers and divide the sum by 25, the remainder matches a given input number called "remainder" (which is also between 0 and 24).
Here's how it works:
Input: You provide a number called "remainder" (between 0 and 24).
Goal: Generate a list of 25 random numbers (each between 0 and 24) that, when added together, gives a sum that has the same remainder as the input "remainder" when divided by 25.
Process: The algorithm keeps creating random lists of 25 numbers.
For each list, it adds up all the numbers and checks the remainder when the sum is divided by 25.
If the remainder doesn't match the input "remainder," it throws out that list and tries again with a new random list.
It repeats this until it finds a list where the sum's remainder matches the input "remainder."
Output: The final list of 25 numbers, where each number is between 0 and 24, and their sum, when divided by 25, has the specified remainder.
Example Suppose the input "remainder" is 7: The algorithm generates a list like [3, 12, 8, ..., 15] (25 numbers). It adds them up, say, to 307.
It checks: 307 ÷ 25 = 12 with a remainder of 7 (since 25 × 12 = 300, and 307 - 300 = 7).
Since the remainder (7) matches the input, it returns this list.
If the remainder didn't match (e.g., it was 10), it would generate a new random list and try again.
Why It Works
Since the numbers are random and between 0 and 24, the sum of 25 numbers can produce a wide range of remainders when divided by 25.
By repeatedly generating lists, the algorithm eventually finds one that satisfies the condition.
This trial-and-error approach ensures the remainder matches the input, though it might take multiple attempts.
This method is like rolling dice until you get the desired outcome, ensuring the list is random but meets the specific remainder requirement.
PEER TO PEER
How computers connect to each other after key exchange.
- The client and server must have the RAIDA Token Core Traffic Router Installed
- The client and server must be direct software to use the traffic router as a default gateway.
- The encryption type in the request header should be '3'
- Bytes 17 through 21 in the Request header should be the key ID This is used when two computers who have used RKE to exchange keys are using byte 17 through 21 of the header as an ID for a key instead of a coin.
Post Key Client Protocol
This is how clients should use the RAIDA to send keys.
Assume we have the following Bitcoin Address:
The client should first break this up into 16 parts. The table below shows the key part and what RAIDA that key part should be stored on. R05 means RAIDA 5.
| R05 | R06 | R07 | R08 | R10 | R11 | R12 | R13 | R15 | R16 | R017 | R18 | R20 | R21 | R22 | R23 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| E987 | 3D79 | C6D8 | 7DC0 | FB6A | 5778 | 6333 | 89F4 | 4532 | 1330 | 3DA6 | 1F20 | BD67 | FC23 | 3AA3 | 3262 |
Then the parity information is calculated horizontally and vertically according to the following diagram.