Introduction

The CORA API provides Quantum safe encryption today and tomorrow.

CORA-X lite is a portable applicaton to protect your sensitive data. CORA stands for context ordered replacement algorithm. CORA Cyber Security Inc empowers data security and cloud security in a manner that supersedes encryption. CORA is quantum safe (safe from all computers including quantum computers) cryptography for your data security.

CORA-X lite allows individuals, teams, businesses, offices, and organizations to secure their data.
This application uses the CORA API which can be used to protect any application, cloud or enterprise solution.
The CORA API incorporates our MUPs (Multiple Use Pads) and CORA blocs to provide probabilistic encryption rather than factorization based which is one of the reasons why quantum computers will not break CORA.

Using CORA help

The Information is presented (except in small viewing devices, such as a smartphone) along the left side of the browser and the Topics are "Affixed" to the right side of the browser.

If your viewing width is less than 768px then the Affixed Topics are hidden and the Information is presented on its own.

Thanks to jQuery and Bootstrap, these help files should be continuously readable and usable on any device or browser.

The topic, or sub-topic you are viewing will be reflected in the color and marker shown in the Affixed Topic section.

You may jump quickly to any topic by clicking/pressing on it in this Affixed Topic pane.


When you link to a particular topic, through an internal hyperlink, or the Affixed topic pane, an entry in the history chain is created and available for you to quickly move back and forth using the arrows at the bottom of the page.

In this example, the Next icon is disabled, meaning that you are at the right end of the history chain; there aren't any other topics that have been linked to after this current topic.


Quantum Safe Cryptography

Quantum safe means that, no computer, including quantum computers, will break CORA's encryption.

This relys on you, the user, properly implement CORA-X with best practices; after all, the best 'safe' in the world only works 'if' you lock it, and don't leave the keys on top of the safe.

Safety, security and protection... what are these all about? Let's start with a brief analogy, think of your home. Security is like the locks on your doors and windows; it is important to secure your home. This prevents most unwanted visitors from violating your space, your home - they need your permission to enter.

Despite your best efforts, some thieves might break in without your permission. How might you protect your valuables? With a safe. Yes, this safe provides an additional level of protection, however, if the thief takes your safe home, then they have all the time in the world to crack it open.

In the digital world, this safe is better known as encryption. When standard forms of encryption lock a file, that file is essentially in a safe.
The problem here is that, if a thief takes the "safe" with the data from the server, they have all the time in the world to break it open.
Unlike a physical safe which is heavy and difficult to carry, when a computer is hacked, the digital files are light and easy to carry away.

This just isn't good enough, and that is where CORA comes in to play!

Context Order Replacement Algorithm

CORA is an acronym. CORA takes parts of the original file and breaks them up into different pieces (containers). More importantly, these fragments are chosen in a context based manner so that, if someone steels one of them, they don't have enough to put "anything together".
Imagine encrypting a file, then breaking it into two pieces... this isn't context based! Each piece can provide "too much information" about the original file.
With CORA, we don't want the thieves to know anything, not even a single word from the original file!

CORA is a probabilistic encryption that relies on unfathomably large probabilities rather than complex mathematical algorithms. This makes CORA safe even when Quantum computers become a reality that breaks all other current standards of encryption.

Probabilistic Encryption

  • MUP sizes begin at 1 million bits. 1 million bit encryption is 10300,413 times stronger than 2048 bit encryption.
  • CORA varies the size of each MUP (encryption key). Unlike 2048 bit encryption in which the size is known, the size of the MUP is not known. Could this be relevant to side channel attacks?
  • CORA does not use a single "safe"; CORA distributes the encrypted solution using CORA blocs.
  • The number of CORA blocs is unknown and varies from one encryption to another.
  • The size of CORA blocs varies. The last one or two CORA blocs may be limited in size to allow for a fast transfer to a remote cloud or data centre.

Why is CORA Unbreakable

Why CORA is unbreakable when properly implemented and used! Let us consider the main layers to CORA:

Notice above that the user must 'authenticate', then, the user must install the Encryption package which includes their MUP, which is different for every user, and at least 1 million bits long.

Why does this matter? Consider other forms of encryption, such as 1024 bit AES. This encryption always uses 1024 bits. It isn’t like yours might be 1025 bits and mine is 1031 bits. Here at CORAcsi, we don’t like giving away “any information” to a hacker or thief.

Lets talk about 1,000,000+ bit Encryption. How much stronger is a 1,000,000 bit encryption compared to a 2048? It is 10 300,413 times stronger; a number that we simply cannot relate to, however, consider that the age of our universe is approx 10 17 seconds old.

Note:

  • The number of CORA blocs may vary between 2 and 40.
  • The user has control over where the CORA blocs are stored.
  • The last 1 or 2 CORA blocs may be limited in size to 2-3 kB to allow for fast transfer to the Cloud, should a user prefer added security by storing 1 or more blocs in the Cloud.
  • The Primary System refers to the Encryption package which is mostly made up of CORAcsi's MUP (Multiple Use Pad).
  • It is highly recommended that users disperse their system and their CORA blocs onto different devices. See examples below.

CORA-X lite is designed to have a user initialized their system once when this application is first opened so that there isn’t a risk of a thief discovering which dispersed files are used to generate the system files.

Ideally this application will run until it is time to restart the computer. The user may lock and unlock CORA-X lite as often as needed, rather than closing then opening the application which would require loading the system each time.

Can you break CORA?

So you don't believe our wildly ambitious claim that CORA is quantum safe; that not even quantum computers can break CORA.

Cool, that’s great! We want you to try!
In fact, we want to host a hackathon in which we will give away a “Tesla” if you can break CORA.

Go ahead and get a head start. If you break CORA at any time, at the very least, we will provide a reward that will never be less than $1000.

It really is simple, OTP (One Time Pads) have long been identified as perfect encryption (secrecy). The only problem is that if the “same” OTP is used for two different messages, it can be broken.

CORAcsi has engineered MUPs (Multiple Use Pads) – our fancy term for OTPs that can be reused indefinitely without being broken.

Go ahead and try – use the same MUP, with CORA, on multiple messages and break it. We welcome your attempt. Let us know you are interested in breaking CORA using the online Feedback in the navigation bar above.

CORA-X lite

This is a work in progress. We will update this list as we receive additional input from users.

Why does the About Dialog pop up everytime I start CORA-X?

This happens if you haven't agreed to the End User License Agreement (EULA). Once you agree to the EULA, this diaglog should only appear if you open it, or a new EULA needs your approval.

Do I need to use the "CORAcsi...support" button? I thought CORA-X lite was free to use.

No you do not need to use this button. If you are pleased with CORA-X lite, we would obviously appreciate your support through a donation, however, that is your free choice to make.
This link is also available for those who re interested in getting involved with CORAcsi; there are many opportunities for partnerships and joint ventures.

The Backup & Restore dialog, and the Setup dialog both have a "Use Cloud CORA" checkbox. Why is it grayed out?

Cloud CORA will provide distinct advantages and will be available as a subscription. This subscription service is not yet available and that is why it is grayed out. Please stay tuned.

What happens if I accidentally delete a CORA bloc?

It is important to always backup your data. CORA is unbreakable! By its very nature, it is meant to prevent the restoring of your data unless all CORA blocs are available, "and", you have the proper System profile, including the MUP (encryption key).

This shouldn't be too surprising really. If you delete a file, and it isn't in your recycle bin, then it is gone, unless backed up.

For this reason, CORA-X lite has a backup and restore enginve for your system and user data. Additionally, there is the Backup selected data menuitem in the CORA-X Actions menu. This is meant to provide a secure backup for your actionable items to avoid this very situation in which you have CORAfied a file, and then accidentally deleted a CORA bloc.

 

Do I have to register with CORA-X.com?

It is highly recommended that you register your copy of CORA-X.com, however, it is optional unless you check for updates, or use the "Report Engine" to communication with CORAcsi.

There are benefits to registering with CORA-X.com, including, but not limited to:

  • Obtain unique identifiers.
  • Opportunity to report issues and recommendations.
  • Opportunity to use Cloud CORA once it is available to CORA-X lite.
  • Obtain hints, feedback and check for the most recent version of CORA-X lite.
  • Helping CORAcsi move confidently into the future. We would like to know how many instances of CORA-X lite are in use.
Registering CORA-X lite does not include information about your computer hardware, software or email addresses.

 

Why are the ticket numbers not assigned sequentially in the Report Manager?

CORA-X is all about probabilistic security. Hence the ticket numbers are randomized rather than sequential.

 

When I open the About dialog, the EULA isn't visible.

Once you have agreed to the EULA, it will not be shown by default. You may view it at any time by clicking on View EULA.

 

I don't like the tooltips with the grey background.

You may turn off these "overlapping" tooltips:

  1. Use the 'Help' menu.
  2. Select the 'Show only Statusbar tooltips' menu item.
  3. Tooltips will only appear in the statusbar (bottom of the CORA-X lite window) when your mouse is over the button or control.

 

 

CORA

This is a work in progress. We will update this list as we receive questions about CORA (Context Ordered Replacement Algorithm).

What if I put all of my blocs on the same hard drive?

CORAcsi recommends using different devices for you CORA blocs. That said, you will still have the benefit of probabilistic encryption that surpasses ever other form of encryption for the following reasons:

  • CORA's encryption is unimaginably (10300,000) stronger than other forms of encryption.
  • CORA's encryption length varies; unlike 2048 bit encryption which is always 2048 bits, CORA's encryption is different for each instnace and each key.
  • CORA blocs (even on the same device) represents a logistics nightmare. Consider a simple example in which there are just 200 CORA blocs. A CORAfied (encrypted) file might produce 2, 3, 4... or 40 CORA blocs. Hence one must ask, how many combinations of 2 CORA blocs might go together? How about combinations of 3, 4,.. 40?
    How many possible tries would a hacker possibly try? More than a billion, billion, billion - with just 200 CORA blocs.
    In addition to knowing which CORA blocs go together, the theif would have to have the MUP (key)!

 

Having to use dispersed files for my Key seems complicated.

CORA is about security; it just doesn't make sense to keep an encrption key together in one place.
Smart, motivated hackers often know where to look, or what to look for.
They have often found the encryption keys and used them to decrypt the protected data.

  • CORA-X lite is meant to load the System (key) once when the computer first starts, and then it is in memory. You don't have to do this again until you reboot your computer or server.'
  • CORA-X lite does have the "Silent load" feature to help you more quickly load your System (key).
  • Soon CloudCORA.com will be launched making it much easier to setup and use "dispersed files" in CORA-X lite.

 

Isn't a large MUP a problem for memory?

Back when computers where first on the market, memory was expensive and hard to come by. "Back then" it made sense to have shorter keys while making use of complicated mathematical transformations.

Today memory is cheap and readily available. This is true for computers, and well as ASIC chips used for autonomous and connected vehicles, and all IoT devices.

More importantly, Claude Shannon long ago identified One Time Pads as perfect encryption (secrecy). In other words, having longer keys is by far more secure, if only they could be practical and reusable. CORA is practicle and reusable. Probabalisitic is far more secure!

Finally, a million bit key is only 125 kB, and with dispersed files, only part of that needs to be on a smaller IoT device.

 

 

Cloud CORA

This is a work in progress. We will update this list as we receive questions about Cloud CORA from users of CORA-X lite.

What is CloudCORA?

CloudCORA.com will provide a subscription service for CORA enabled applications.
  • CORA-X lite will provide various options in which users may benefit from CloudCORA.com
  • CloudCORA will provide 'off device' streaming for dispersed files, backups and CORA blocs.
  • With CloudCORA the setup and installation of a user's system (key) will be much simpler. That said, a user can use CORA-X lite without any subscription or dependence on a single computer or service.
  • With CloudCORA users may stream small CORA blocs to 'somewhere' in the Cloud. This simply provides an additional layer of security; if your computer is hacked, what are the chances that the hacker can determine if and where in the Cloud some CORA blocs are stored, and then hack that server - before you use the Emergency stop and/or delete those CORA blocs?

 

How do I register for CloudCORA.com?

    When CloudCORA.com's subscription service is released, users may initiate registration "directly in CORA-X lite".
  • After select security identifiers are validated, a secure browser will allow users to continue to register with CloudCORA.com
  • Registered Users may then select a subscription package, which will then be available in CORA-X lite.