What?

Cinode is an experimental project, something like a sandbox for ideas. It does/will utilize some cryptography to materialize new kind of application environment. As a result of this project, I’d like to come up with a pretty good idea on how we could create new set of apps built on top of solid cryptographic base: secure by default but still relatively easy to create.

This solid cryptographic base is the major goal here.

Set of apps being a target for this base would be everything that requires content storage: mailbox-like systems, backup storage, photo gallery, forum, maybe even something facebook-like. What I won’t be targeting (at least at the beginning) is everything that requires low latency communication - chats, conferencing systems, payments etc.

I don’t consider myself a good cryptographer but I know enough to not try to invent to much of new stuff here. Instead, I’ll try to use as much of existing technology as possible, so TLS and PGP are definitely a must here. Even if I’ll have to get down to some lower-level stuff, it can’t be lower than some proven crypto primitives such as AES+CBC (yeah, and I know about authenticated encryption).

Why?

First and foremost there are some ideas I have to release from my head. They’re there for much to long. But I also hope to add something to the cryptography world we have today.

Two years ago, when Edward Snowden revealed the truth about surveillance methods, it convinced me that there’s not enough of good cryptography ever. I still believe we’re lacking some major technologies and protection layers.

What bothers me the most today is that a lot of our activities jump into various cloud systems. We lose control of the execution environments where our apps are running. Few years ago I would have an external HDD to keep all my photos, today I’d use some cloud service for that.

And still, contrary to common attitude to “evil hackers” that present potential threat to our security and safety, we rarely put companies into bad guy’s shoes. What I really see is that we are biased, we are bribed. There’s no healthy balance of trust anymore.

How?

In this blog series I’ll start describing what I came up with. This will be an ongoing research - I’ll start describing aspects I consider to be good now. I’ll also try to clarify new things I didn’t yet had chance to dig through. Sometimes it will be stuff that’s not designed yet at all, sometimes those would be things I’d like to fix or do better.

Also please do not consider this experimental project as something secure for now. Without a proper formal proof I wouldn’t consider this to be anything more than childish play with “secret” notes. This place is here for discussion, exchange of ideas and research.

I also hope that nobody will use this stuff to exchange illegal content. So if you came here with such intention, just leave. I don’t want this project to be another BitTorrent, really great protocol which many consider a synonym for illegal today. We’ve spoiled to many great protocols already.

I hope to put something new here once every week or two, all depends on the amount of free time I’ll have.

See you soon
BYO