Introduction

The CORA API provides Quantum safe encryption today and tomorrow.

CORA-X_ev is an evaluation application meant for potential investors, partners, associates and clients. It is not a security product for securing your data and/or communication.

CORA-X_ev allows IT professionals and cryptographers to validate select aspects of CORA, such as MUPs (Multiple Use Pads) and CORA blocs, in a manageable manner.
"Manageable" allows for some isolation and does not implement the more complete "probabilistic" facets of CORA which would limit the ability to evaluate CORA.

Quantum Safe Cryptography

Quantum safe means that, no computer, including quantum computers, will break CORA's encryption.

This relys on you, the user, properly implement CORA-X with best practices; after all, the best 'safe' in the world only works 'if' you lock it, and don't leave the keys on top of the safe.

Safety, security and protection... what are these all about? Let's start with a brief analogy, think of your home. Security is like the locks on your doors and windows; it is important to secure your home. This prevents most unwanted visitors from violating your space, your home - they need your permission to enter.

Despite your best efforts, some thieves might break in without your permission. How might you protect your valuables? With a safe. Yes, this safe provides an additional level of protection, however, if the thief takes your safe home, then they have all the time in the world to crack it open.

In the digital world, this safe is better known as encryption. When standard forms of encryption lock a file, that file is essentially in a safe.
The problem here is that, if a thief takes the "safe" with the data from the server, they have all the time in the world to break it open.
Unlike a physical safe which is heavy and difficult to carry, when a computer is hacked, the digital files are light and easy to carry away.

This just isn't good enough, and that is where CORA comes in to play!

Using CORA help

The Information is presented (except in small viewing devices, such as a smartphone) along the left side of the browser and the Topics are "Affixed" to the right side of the browser.

If your viewing width is less than 768px then the Affixed Topics are hidden and the Information is presented on its own.

Thanks to jQuery and Bootstrap, these help files should be continuously readable and usable on any device or browser.

The topic, or sub-topic you are viewing will be reflected in the color and marker shown in the Affixed Topic section.

You may jump quickly to any topic by clicking/pressing on it in this Affixed Topic pane.


When you link to a particular topic, through an internal hyperlink, or the Affixed topic pane, an entry in the history chain is created and available for you to quickly move back and forth using the arrows at the bottom of the page.

In this example, the Next icon is disabled, meaning that you are at the right end of the history chain; there aren't any other topics that have been linked to after this current topic.


Feedback

You may provide context based feedback by selecting the Feedback Button in the top navigation bar. The current topic you are viewing will be placed into the Feedback message automatically, allowing you to post your question, concern, or suggestion.

Your name (min 3 characters), email address and feedback (min 9 characters) are mandatory fields .


Context Order Replacement Algorithm

CORA is an acronym. CORA takes parts of the original file and breaks them up into different pieces (containers). More importantly, these fragments are chosen in a context based manner so that, if someone steels one of them, they don't have enough to put "anything together".
Imagine encrypting a file, then breaking it into two pieces... this isn't context based! Each piece can provide "too much information" about the original file.
With CORA, we don't want the thieves to know anything, not even a single word from the original file!

CORA is a probabilistic encryption that relies on unfathomably large probabilities rather than complex mathematical algorithms. This makes CORA safe even when Quantum computers become a reality that breaks all other current standards of encryption.

Probabilistic Encryption

  • MUP sizes begin at 1.2 million bits. A 1.2 million bit encryption key is 10360,000 times stronger than 2048 bit encryption.
  • CORA varies the size of each MUP (encryption key). Unlike 2048 bit encryption in which the size is known, the size of the MUP is not known. Could this be relevant to side channel attacks?
  • CORA does not use a single "safe"; CORA distributes the encrypted solution using CORA blocs.
  • The number of CORA blocs is unknown and varies from one encryption to another.
  • The size of CORA blocs varies. The last one or two CORA blocs may be limited in size to allow for a fast transfer to a remote cloud or data centre.

CORA-X_ev

CORA-X_ev an evaluation application for professionals who are interested in evaluating the merits of CORA as 'quantum safe' cryptography; a step beyond encryption. For this reason, CORA-X ev should not be considered to secure "important data".

The purpose of CORA-X is not data security. The intent is to demonstrate in a manageable manner that CORA is all that it claims to be. If CORA is fully and properly implemented in a "probabilistic" manner, then, not only can it not be broken, but it cannot be evaluated in a realistic or timely fashion.

  1. CORA-X_ev is a 64-bit application.
  2. CORA blocs are not implemented in the secure fashion that they are designed to be. The intent is to make these outputs more available to realistic analysis and attacks.
    When implemented properly, it would be impossible for IT staff to evaluation the merits of CORA.
  3. The CORA MUP and related internal data sets are not protected in the same manner as they are designed to be. Once again, understand that this is an evaluation application - it is not meant to secure your sensitive data.
    Contact CORAcsi to inquire about "CORA-X lite" if you are interested in a 'data security product' that will properly secure you sensitive data.
  4. Backups are not implemented to provide redundancy in the even that the system files become corrupted.
  5. When CORAfying a file (files) the original file is encrypted:
    • as a single file in the same directory in which it was original found. This is to facilitate an attack on the MUP (Multiple Use Pad). A single MUP is used repeatedly; attacks on OTPs (One Time Pads) have been understood for decades, hence anyone in information theory should readily verify that when this MUP is used repeatedly, it remains unbreakable.
    • CORA blocs are saved in the folder "CORA blocs" to provide an understanding as to why CORA "makes the hack irrelevant".

Starting CORA-X_ev

You will received the following in the main folder:

Do not modify or corrupt any of the files in the "evsys" folder. Your original compressed file should be kept as a backup should you need to re-install CORA-X_ev.

CORA-X_ev is a portable application and may be opened from a portable USB drive.

Begin using CORA-X_ev by selecting the CORA-X_ev.exe executable in this folder (directory).


To dissuade the use of "CORA-X_ev" as a data security product, a number of messages must be agreed to before using CORA-X_ev.

These messages that must be agreed to are in lieu of the standard password or other methods of authentication that would normally be employed.

The CORA API provides a number of security warnings, such as:

  • Program(s) (DLL) that attach(es) to CORA. Your operating system and anti-virus software involve many such DLLs that may attach to CORA without concern.
  • Program(s) (DLL) that change after you accepted said DLLs as trustworthy.
  • A minor time violation. Should a process take too much time, a warning will be provided. This might occur on slower machines, or if another program (or hacker) is debugging your application.
  • A major time violation. This warning occurs when there is a significant concern for the time required to complete select tasks within the CORA API.

Your choice to accept these situations will NOT be recorded between sessions.
The option to detach select DLLs that have been used by, or attached to CORA, will not be available in CORA-X_ev.

The About CORA dialog

The First time you start CORA-X, you will see this dialog box:

You must read and accept the End User License Agreement (EULA).

After accepting the EULA, you may close this Dialog and continue to CORA-X_ev.

You may use the View EULA link at any time to read the EULA again.


The Main Window


The actions and most of the Menu items will not be available until the user has "Agreed" to the introductory messages.

Once the user has agreed to these introductory messages, then most Menu items and actions will be enabled.

The Menu

The first 3 menu items are actions (Exit, CORAfy, unCORAfy).

The Help menu provides additional actions

Preferences

There are two options available to users intent on evaluating the merits of CORA.

  • Show CORA blocs - on by default, this saves CORA blocs in the Folder "CORA blocs".
    This folder will quickly become overwhelmed with CORA blocs, which is the point being made. Once the evaluator understands the significance of CORA blocs and why they are significant contributors to CORAcsi's assertion that "CORA makes the hack irrelevant", the evaluator may turn this feature off rather than continue to populate this folder with CORA blocs.
  • Stop Security Messages from API � off by default and disabled.
    It is likely that the evaluator will receive security messages from the CORA API advising that select DLLs have attached to, or been used by, this application. This is meant to inform the user about those DLLs that are in play, and to give the user the choice about trusting these DLLs. Most are common to the operating system, and possibly your anti-virus.
    Normally the application would save the user's choices so that repeat messages aren't sent when the application starts up. This evaluation application does not save the "accepted DLLs" between session, nor does it allow for the "detaching" of select DLLs.
    There are generally 3 types of message the user might receive:
    1. New Module attachments � a new module (DLL) has attached to this application. Most of these are normal and part of the operating system, however, this affords the user the opportunity to verify that they trust the module.
    2. Module changed � a module that was previously detected has changed. This may have various causes depending on the type of change.
    3. Timed alerts � if an internal process takes more time than expected, then an alert is posted. This may be due to limited system resources, or of greater concern would be that an external process (such as a debugger) has attached to and is interacting with this application. There are 2 levels of Timed alert: Alert 1 (less significant) and Alert 2 (more significant).
    After the user accepts at least one thype of 'security alert', this "Stop Security Messages from API" menu item will be enabled, however, it will only prevent a particular type of security message from appearing instantly if the user has already received that type of security alert.
    These security messages will be available for examination through the Security Messages menu item in the Help Menu.

Security Messages

The Security Messages dialog will automatically appear when an alert is sent from the CORA API (unless you have asked not to receive such alerts using the "Stop Security Messages from API" menu item.

The following is an example of a "Timed alert"; we obtained this particular alert by attaching a debugger to CORA-X_ev.


The "Security Messages" menu item will open the Security Messages dialog which will present up to 300 security messages from the CORA API. These messages may be filtered by:

  1. Attached Modules: original (previously accepted) and new (new to this current execution).
  2. Changed Modules. These may be further filtered by:
    1. Name � the name of the attached module has changed.
    2. Process Id � the Process Id has changed!
    3. Size � the size (number of bytes) has changed!
    4. Path � the path (location) has changed!
    5. Handle � the handle to this module has changed.
    6. Base Address � the base address (location in memory) has changed.

Factory Reset

Warning - extreme caution must be exercised - any previously CORAfied (encrypted) data will be forever " unrecoverable"!

A Factor Reset:

  1. Will remove all system files.
  2. Will exit this application
  3. When this applicaiton is restarted, a new set of system files will be "randomly" generated.
    The random generation of these system files is meant to enable evaluators to verify that:
    • A single MUP (Multiple Use Pad = One Time Pad that is reusable) can be repeatedly used to secure data (messages).
    • This MUP (encryption key) empowers quantum safe cryptography � it is so large that quantum computers will not have any advantage in attaching CORA.
    • Evaluation is not reverse engineering. The randomization here is not intended to aid the evaluator in understanding the details about how MUPs work.
      While CORAcsi is intent on securing the Global Community and on sharing this task and its rewards with investors, partners, and associates, CORAcsi embraces the concepts of integrity, innovation, and mutually beneficial financial rewards.
      Those who lack scruples or the will to recognize and reward innovation should save themselves the time and trouble. You may learn some of the lessons that CORAcsi has realized, however, as you shine the industries attention on MUPs and CORA blocs, CORAcsi will benefit, and you will lose the opportunity to join with us in a mutually beneficial relationship.
  4. Does not allow for recovering a previous system; this evaluation application does not have Backup or Restore functionality.

CORAfy (encrypt)

Users may CORAfy files using the "CORAfy button", or the "CORAfy menu item". Both of these will open a common dialog that will allow the user to select files from the computer to CORAfy.

Once the file(s) have been CORAfied, they will be added to the List box.

The CORAfied Files list box.


unCORAfy (decrypt)

Users may unCORAfy (decrypt) a previously CORAfied file by:

  1. Selecting one or more entries in the list box and then initiate an unCORAfy action (button or menu item).
  2. Using the unCORAfy action (button or menu item) without any items selected in the list box. This will open a common dialog to search for a file to unCORAfy (with a ".pcora" extension).
  • If a user closes CORA-X_ev externally (forces a shutdown) before it updates recent changes (such as new items add to the list box), then it is possible for entries to be missing from the list box. In this case, the user may have to search for the CORAfied (encrypted) file to unCORAfy (decrypt) it.