Tag, Track and Locate Electronic Data  

Keyless Signature Infrastructure (KSI)  is an exabyte-scale real-time authentication scheme for the world’s networked digital assets. 

The KSI signatures can used as a wrapper for data/meta-data or simply stored as additional meta-data. Unlike regular meta-data the KSI signatures are cryptographically linked to the underlying data such that assertions can be made at a later date regarding the time, integrity and provenance of the underlying data.

Guardtime's CTO Matt Johnson explains the basic concepts behind the KSI, including the seemingly insolvable differences between privacy and integrity and how KSI manages to enable widely witnessed integrity while retaining absolute privacy.  

The Main Innovations behind KSI

Scale: the KSI signatures can be generated at exabyte-scale. Even if an exabyte (1000 petabytes) of data is generated around the planet every second, every data record (a trillion records assuming 1MB average size) can be signed using KSI with negligible computational, storage and network overhead.

Independent Verification: the properties of the signed data (time – when was the data signed, integrity – the underlying data has not changed, and order – which data was signed in which order) can be verified without reliance or need for a trusted authority. The identity of the signing organization is also encoded in the signature and human identity can be included using any traditional authentication scheme.

Portability of Evidence: the properties of the signed data can be verified even after that data has crossed organizational boundaries and service providers, and even offline.

Real-Time: the signed data can be verified in real-time i.e. once the signature is generated it can be verified immediately afterwards by anyone, anywhere.

Indefinite Expiry: the cryptography behind the KSI signatures ensures that they never expire and remain quantum-immune i.e. secure even after the realization of quantum computation.

KSI Knowledge Base

Please log in to the KSI Knowledge Base that contains materials for learning more about the KSI technology, white papers, the mathematical background to KSI as well as various downloads for using KSI. If you don’t have the access details, please register your interest indicating your name, company and contact details, and we’ll get back to you.

Public Key Infrastructure (PKI)

For the last 40 years PKI has been the only tool in the cryptographic toolshed for authenticating data via RSA based digital signatures. PKI relies on trust authorities (a Certificate Authority, CA in the case of identity or a Time Stamp Authority (TSA) in the case of time)

PKI was invented before the Internet existed and was designed so that two parties can share a secret across an insecure channel – and for that purpose and that purpose alone it has been a massive success.  For everything else, and especially for authentication of data at rest the complexities and cost of key management make it impossible to scale. 

1990 to 2000 were the “Years of PKI”. Nothing materialized then, and in 2014 nothing much has changed. Like eating soup with a fork, it is the wrong tool for the job.