Last week, Project Everest announced the preview release of a new cryptographic provider EverCrypt which aims to improve the foundations of internet security. This collaborative effort was developed by Microsoft Research teams in the US, UK, and India, along with Carnegie Mellon University and French research institute Inria.
Project Everest claims that the current foundations of internet security are “brittle”. That’s a well-founded assertion based on several high profile security vulnerabilities. These include the 2014 Heartbleed and Poodle issues which reached the mainstream press and undermined the security of many websites. But they’re only the tip of the iceberg.
HTTPS, the widely used protocol for online communications, ensures that data exchanged with a website is private and secure. The padlock in a web browser usually represents it. Internet traffic running through HTTPS is encrypted using Transport Layer Security (TLS). And TLS is a collection of cryptographic protocols, used as the industry standard.
The foundation of internet security is built upon a collection of systems, including TLS, HTTPS, cryptographic algorithms, and other vital pieces of infrastructure which make up that brittle foundation. “Delivering an implementation of TLS that guarantees with mathematical certainty your communications will be confidential and protected is a vast and ambitious effort,” wrote Microsoft Research’s Jonathan Protzenko. “Like the building of a pyramid, it requires a strong foundation.”
EverCrypt is Project Everest’s cryptographic provider, a new, alternative implementation of TLS. It takes basic cryptographic algorithms, implements them for certain platforms and collects them in a library.
“Historically, writing a high-quality, trustworthy cryptographic library has been a difficult task, and many of the bugs found in security applications like TLS turn out to be in this underlying layer,” said Protzenko.
EverCrypt balances multi-platform implementation with high performance. Cryptographic libraries, since they are so complex, are rarely user-friendly. So EverCrypt stands out by having a comprehensive interface.
“Application developers want a single library that covers all of the functionality they’ll need,” Protzenko continues, “asymmetric and symmetric encryption and signing, hashing, and key derivation, at the very least.”
To a reader interested in distributed ledger technology (DLT), these terms will sound familiar. Though EverCrypt was constructed to work with TLS, there is indeed blockchain potential.
The Tezos blockchain leverages some of the EverCrypt work though “outside of Project Everest”. Tezos differs from other DLT services by providing a community-led blockchain with a self-upgrading system.
EverCrypt’s underlying verification language, F*, has been used to write a blockchain focused Merkle tree library. Merkle trees are immutable data structures key to DLT based systems. Blockchain systems use Merkle trees as they can undisputedly show whether some information has remained the same or changed.