Whitepaper

4 July 2017

Encryption of Things (EOT) Whitepaper

Abstract

The EOT cryptocurrency uses the Blockchain as a ledger of transactions distributed over a P2P network and is
decentralized. A consensus is agreed where network participants all agree on the validity of transaction before
it is recorded and is termed mining. With cryptography, the Scrypt algorithm is used requiring computer power
to process equations proving legitimacy. EOT is developed for use in the “Encryption of Things” (IoT) through
a process whereby physical items, which are linked to the Internet, are being safeguarded against intrusion by
the use of cryptography.

Bitcoin Protocol

Bitcoin is a virtual currency independent of any entity. It is a peer-to-peer network supported by its users via
their computing power. It was designed in 2008 by Satoshi Nakamoto (alias) and released publically as open-
source software in 2009. It has gained popularity as an online method for payments and may be used for
anonymous transactions. By using the peer-to-peer (P2P) network, issues with double spending are resolved. [1]

EOT is based upon the principles that Satoshi Nakamoto has implemented in the original code for Bitcoin:

• Anonymity

• Cryptography

• Decentralisation

• Transparency (transactions are public)



Blockchain

A blockchain is a distributed database that is used to maintain a continuously growing list of records, called
blocks. Each block contains a timestamp and a link to a previous block [2] and is typically managed by a peer-
to-peer network collectively adhering to a protocol for validating new blocks. The protocol EOT uses is the
Scrypt algorithm and is discussed further on in this whitepaper.

By design, blockchains are inherently resistant to modification of the data. Once recorded, the data in any given
block cannot be altered retroactively without the alteration of all subsequent blocks and the collusion of the
network. [3] This proves very useful with transparency with the inability to alter records.

Blockchain technology is the principle behind the cryptocurrency EOT. Intermediately the EOT coin doesn’t
function as a cryptocurrency but uses the cryptography aspect to encrypt and authenticate data. This is a very
important point to understand as firstly it has monetary value based on supply and demand, and
secondly, cryptography provides validation giving it value.

It must be realized that EOT has a two-fold process:

• Cryptography to encrypt and validate data

• Cryptography as a cryptocurrency (monetary)

The EOT cryptocurrency uses the Blockchain as a ledger of transactions distributed over a P2P network and is
decentralized. A consensus is agreed where network participants agree on the validity of transaction before it is
recorded and is referred to as “mining”. Cryptography is used (Scrypt algorithm) and equations are solved using
computer power as a “proof of work” and are then made available on the Blockchain for transparency.

Encryption

In cryptography, encryption is the process of encoding a message or information in such a way that only
authorized parties can access it. Encryption does not of itself prevent interference but denies the intelligible
content to a would-be interceptor.


In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an
encryption algorithm, and for EOT a Scrypt algorithm generating a ciphertext that can only be read if decrypted.
For technical reasons, an encryption scheme usually uses a pseudo-random encryption key (salt) generated by an
algorithm.

In principle, it is possible to decrypt the message without possessing the key, but for a well-designed encryption
scheme, considerable computational resources and skills are required and this is why the Scrypt was
selected. An authorized recipient can easily decrypt the message with the key provided by the originator to
recipients, but not to unauthorized users.

In our modern world encryption has become powerful to ensure privacy and security of
communication. Cryptography using blockchain technology is one of the most exciting developments of
modern times.

Please refer to Scrypt Technical Specifications of this whitepaper for a technical discussion on this topic.

What is EOT?

EOT coin has been designed for the use in IoT products to secure and authenticate data. By using the blockchain
a transparency has been obtained and keeping to Satoshi’s principles. Using the Scrypt algorithm, EOT uses
password-key derivatives to push the costs of brute-force attacks beyond reach.

Specifically, EOT is used for password storage and for encryption keys. Malware, poor key exchanges, and
untrusted networks can compromise this adding to the importance of why Scrypt was created in the first place –
by keeping your encryption keys safe [4].

EOT Coin specifics

Name: Encryption Of Things

Symbol: EOT
Coin Type: POW (Scrypt)

Time: 90 seconds
Block size: 1 MB

Reward halving: 500,000 blocks

Block reward: 100 coins

Total Coins: 200,000,000



A total of 50% is pre-mined equalling 100,000,000 EOT tokens and is available on the Waves Platform as a
waves-asset and is referred to as the EOT token. More information regarding this decision is covered later in
this whitepaper.

EOT Token specifics [5]

Name: Encryption Of Things Token

Symbol: EOT

Issuer: 3PAY9wimGC8k4Eq2hbrH5DjCs82MND8MSbk
Asset ID: GdnNbe6E3txF63gv3rxhpfxytTJtG7ZYyHAvWWrrEbK5

Decimals: 8

Total Supply: 100,000,000

EOT is a cryptocurrency and an encryption process. Transactions take place between users directly without the
interference of any third party and are done through a P2P network. These transactions are recorded and verified
in a public ledger every 90 seconds and this time duration has no bearing on how often data is encrypted, only
recorded within the Blockchain.

As EOT is decentralized, it does not belong to any person, business or country and is open source. It is also
deflationary due to capped volume, and no more than 200,000,000 EOT will be created.

It is specifically developed for use in the “Encryption of Things” (IoT) through the process whereby physical
items, which are linked to the Internet, are being safeguarded against intrusion by the use of cryptography.

The Internet of Things (IoT)

The Internet of Things (IoT) is the inter-networking of physical devices, vehicles (also referred to as “connected
devices” and “smart devices“), buildings, and other
items embedded with electronics, software, sensors, actuators, and network connectivity which enable these
objects to collect and exchange data.[6][7][8]


In 2013 the Global Standards Initiative on Internet of Things (IoT-GSI) defined the IoT as “a global
infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual)
things based on existing and evolving interoperable information and communication technologies”[9] and for
these purposes a “thing” is “an object of the physical world (physical things) or the information world (virtual
things), which is capable of being identified and integrated into communication networks”[10].

The IoT allows objects to be sensed or controlled remotely across existing network infrastructure, creating
opportunities for more direct integration of the physical world into computer-based systems, and resulting in
improved efficiency, accuracy and economic benefit in addition to reduced human intervention[11][12][13].

When IoT is augmented with sensors and actuators, the technology becomes an instance of the more general
class of cyber-physical systems, which also encompasses technologies such as smart grids, virtual power
plants, smart homes, intelligent transportation and smart cities. Each thing is uniquely identifiable through its
embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts
estimate that the IoT will consist of about 30 billion objects by 2020 [14].

In recent times more and more of these devices have become prone to hacking and in need of security solutions
thus the need for encryption, this is where EOT may be used.

EOT Coin and Token

Token

The first Exchange EOT was available on was the Waves Platform. It was not an ICO but a way to distribute
EOT for future businesses/ organizations and other speculating investors to purchase, and this is why there are
100 million tokens available on this platform.

Airdrops were arranged for EOT to be distributed on this platform as the team feels this was the easiest method
to expose EOT to multiple currencies. As fiat currencies and major cryptocurrencies are easily established to
pair with EOT, it seemed logical as a good starting point.


It’s important to understand assets on the Waves Platform. Basically, any asset is a representation of a currency
and is maintained on the Waves Blockchain. This is separate to the EOT Blockchain and does have a
mathematical relationship.

Waves offer five services crucial for EOT to be traded as mentioned in the Waves Whitepaper.

Token creation
Deletion of Token
Transfer of Token
Anonymous order books
Decentralised Token Exchange

Not all of the wallets on the Waves Platform are in public distribution. The developers control the following
Waves wallets with the first address being the seed.

3PAY9wimGC8k4Eq2hbrH5DjCs82MND8MSbk 3PNWKGCuhhVG63E1YncLNBsCnpDFR3ULcL2

The Waves platform operates assets on its own chain and this is independent to the EOT coin Blockchain. This
is to allow Waves assets to be bought and sold on the Waves Platform without interference and to allow for a
separate ecosystem to make tokens available.

EOT Coin

The cryptography used by the EOT coin is the backbone and the enabler for securing products that use the IoT,
not the token. It is the Blockchain that the coin uses that demonstrates transparency and it is the primary
functional chain.

There is a mathematical relationship between the coins and the tokens. A reserve of coins is held and equal to
the token total supply so we can trade on the Waves Platform.

It is possible for a 1:1 token/coin swap, either way, using the product Swiss Bank In Your Pocket (SBIYP)
device. You can purchase this hardware on the available website or senior community members available on
Slack and Discord can also swap your coin/token for a small fee. Remember the swap can go either way.


Every token on the Waves chain must be represented on the EOT coin Blockchain to allow for the 1:1 swap.
There is a reserve of 100,000,000 EOT coins on the Blockchain allowing this swap to take place.

The following four coin addresses are controlled by the developers and have been put aside for future
projects/devices. The first coin address is the original main wallet.

EeJdxdvjEbq1kw7KkGovvLMnAs9h7nB7e9 EVEHaEUdD7hQ4uw9nyr5LteDLNkiigDCwT
ETZ7powGjKeCRySD5YWbPLuj52LphXAbfc EL5Km7NNY2wdMfHAmp3BLon7B9tAykQe62

Let’s review the EOT Coin Blockchain Explorer rich-list at the year ending, 31st December 2017 for the
mathematical relationship.

This list shows a wealth distribution roughly year ending of 147,399 blocks mined. This would bring 14.7399
million (147399*100 EOT coins) mined EOT coins into circulation with a coin supply of 114.7399 million.
This is after adding 100 million of coins held in reserve for the 100 million tokens available on the Waves
Platform.

The remaining 85.2601 million coins (100,000,000-14,739,900=85,260,100) coins have not been mined and are
not in circulation. Just keep in mind block halving takes place at block 500,000 and at the end of 2017 we were
at block 147,399. Every block is recorded at 90 seconds intervals.

Differences Between Blockchain\Cryptocurrency Technologies

There is a difference between the Blockchain and cryptocurrency using the Blockchain.

The EOT coin uses the Blockchain as a ledger distributed over a P2P network that prevents double spending. A
consensus is agreed where network participants all agree on the validity of transaction before it is recorded
permanently on the Blockchain. The Scrypt algorithm for cryptography is used for this process to work and the
EOT coin requires computer power to process this encryption.


When EOT coin is used for functional purposes it then is transferred to inherent private Blockchain where its
function is no longer a cryptocurrency but instead has the purpose of using cryptography for data security.

Multiple Blockchains and IoT Products

There are multiple Blockchains using EOT for security. It is important to state that no EOT will be burnt. Any
EOT used with any product is reissued back to the ecosystem. The only loss of EOT is when a product is
destroyed or a wallet is made unavailable for whatever reason.

The EOT Blockchain is obviously the primary chain, and an alternative chain would be on the Waves Platform
enabling the existence of the token. As mentioned above they have a close mathematical relationship allowing
the 1:1 swap to take place anytime. This allows the price for the coin and token to be the same.

Other chains mentioned are the inherent chains that allow the functionality of the products. For an example, if
using the messaging function with the Bitvault® the encryption and validation for this application would take
place using the EOT coin. It would operate on an independent private chain for these actions. Another separate
chain would exist if using a different application such as a phone call with the Bitvault®, using encryption
software or a Router that uses the EOT coin.

These separate private Blockchains prevent compromise. This is added security making each application
independent.

Once the user finishes using the application that private chain is no longer active and the spent EOT coin is then
made available to the developing team to redistribute back to the public Blockchain. The redistribution is part of
the process and is vital for sustainability.

That private blockchain does not exist for anyone to review and it’s no longer available after the call, message
or whatever it was used for. Only the recipients that know the private keys are privy to this chain.

It is important to understand that the EOT Blockchain is a public ledger for the EOT coin and does not reflect
the inherent Blockchains.


EOT cryptocurrency is used initially and then at the end of the cycle will end up back on the public Blockchain.
Intermediately the EOT coin doesn’t function as a cryptocurrency but uses the cryptography aspect to encrypt
and validate.

Trading Dynamics for EOT

Without getting into the entire dynamics of trading the answer is supply and demand.

The focus here is to build wholesale/reseller channels with products given varying audiences in the following
industries as examples:

• Defence Technologies
• Fintech Companies and Banks
• Media and News
• Mobile Phone Industry
• Private Individuals

Building a network of people wanting to use a product that requires EOT will then create a demand. It is the
innovation of products to produce this market that is important for the use of EOT.

You can limit the supply to prevent deflationary rates or make it scarce to add value. But what gives anything
value is demand. Making the demand for EOT, is a product that requires EOT to be spent. Having products
available like the Bitvault®, EOT encryption software, EOT camera’s and EOT Routers etc are examples of
products to build a reason to use EOT, it does not build price.

Individual people will have to buy from the market but most expenditure for EOT would be from in-app
purchases, for an example when playing a game you would upgrade something in the game, spending
EOT. Anyhow, buying from the market increases the price.

Targeting large enterprises gives the opportunity for bulk orders and therefore more EOT to be spent. This is
why industries and governmental institutions are targeted. Even with preloaded devices, at some point, these
agencies would need to purchase from the market. How often they use the product would determine how


quickly they would use EOT. An example would be an EOT Router or EOT camera being continually used.
Most cities already stream data and use cameras continuously so once cities become IOT compliant they could
consider this avenue and continual use would spend EOT quickly.

Those companies who bought in bulk would have to spend lots of money to purchase EOT on the open market.
As large enterprises are targeted it would be better to preload products and include it in the initial cost. This
would provide them with price security and increase the chances of them buying into the product giving them
market appeal. Agencies buying into a product with this method will enable future EOT price growth, as they
need to buy in the future.

Another consideration would be having any product with unspent EOT, this would remove EOT from
circulation for a period of time making it scarcer until it is used and returned to the ecosystem. The more
products in use, the more EOT removed from the market, therefore, increasing price.

Slowly building customers with products and having real-life solutions will prevent hype. Having hype will lead
to a quick price increase and is more often reflected in low quality. You often see a price spike following good
news then a price retracement to previous support levels and then continuing to fall if it has no basis.
Psychologically the assumption is with the price plummeting after the spike, there was no real cause to sustain a
high price, thus hype has a negative connotation. If the project is more robust and people see stability and slow
growth, then a slow and steady price increase is demonstrated.

EOT might be held in some products for 3-4 years but again this is limited. The answer is two-fold and depends
on how often it is used and what product is in use as commented in above.

At some point in the far future, the pre-mine will be exhausted (because of unavailable wallets or broken/unused
products) and no option is left but to buy on the open market. As it is designed now, the recycled EOT has
extended this period. This by no means is detrimental but has a business model of sustainability and giving
market appeal for buyers of products.

News brings an increase in price and so does FOMO. Having a product behind this cryptocurrency is a rarity
and especially with real-life solutions. It is innovation that helps create demand.


Scrypt Technical Specifications

Designed by Colin Percival, Scrypt is a password derivation function and was originally designed for the
Tarsnap back-up service. The aim of the algorithm is to derive a key from a password (password-based KDF)
for user authentication, encrypting and signing files [14].

With current hardware, the cost of cracking a password that has been encrypted by Scrypt can exceed 100
billion times more than cracking the same file that has been encrypted with OpenSS1.

By using the subsequent key function the design is to be computer intensive requiring a long time for this
process. For authentication, authorized users will perform this function once per operation so the time required
is minimal [15].

With previous password-based KDFs they have low resource demands and are not memory hungry. They can be
easily implemented into hardware such as in ASICs and unfortunately can allow an attacker to exploit these
resources by building thousands of implementations of the algorithm in the hardware and searching for different
subsets of the key space. This reduces the amount of time needed for a brute-force attack making it possible to
crack [16].

The function of Scrypt is to use a large amount of RAM raising the memory resources and to hinder the
attempts of an attack. By increasing resource demand, password cracking becomes an expensive exercise, as
there is a parallel relationship between the costs of ASICs and the size of ASICs [17] [18]. Having a strong key
derivation function by using a large circuit key (as only half as many copies can be placed on an area of silicon)
will increase the length of time [18].

Theoretically, a memory-hard algorithm on RAM is an algorithm which uses S(n) space and T(n) operations,
where S(n) ∈ Ω T(n)1−ε . This uses the largest amount of storage possible for the same running time [19].

Scrypt is sequential memory-hard and is very secure against hardware attacks while using a lot of memory.


A sequential memory-hard function is a function which (a) can be computed by a memory-hard algorithm on a
Random Access Machine in T(n) operations; and (b) cannot be computed on a Parallel Random Access Machine
with S∗(n) processors and S∗(n) space in expected time T∗(n) where S∗(n)T∗(n) = O(T(n)2−x) for any x >
0 [20].

“A memory-hard algorithm is thus an algorithm which asymptotically uses almost as many memory locations as
it uses operations; it can also be thought of as an algorithm which comes close to using the most memory
possible for a given number of operations, since by treating memory addresses as keys to a hash table it is trivial
to limit a Random Access Machine to an address space proportional to its running time” [21].

This proportionate amount of memory is also equivalent the number of operations performed making the cost of
hardware for this operation expensive.

The following is the ROMix algorithm and has a hash function H, an input B, and an integer parameter N
compute

V i=Hi(B) 0≤i<N

and X = HN(B), then iterate

j ← Integerify(X ) mod N

X ← H (X ⊕ Vj)

N times; and output X.

The ROMix algorithm is best thought to produce a large number of random values and to access them randomly
so they are then stored on the RAM.

Having large vector of pseudorandom bit strings is the cause for this large memory requirement and once
generated are used in a pseudo-random sequence to produce the derived key. ROMix fills V with these pseudo-
random values before accessing them. If the process were to be straightforward the vector would be kept in the
RAM and accessed when needed [22].


In reality elements of the vector are generated algorithmically and are expected to be accessed many times
causing a trade-off in speed in order to remove large memory requirements. It is this trade-off where memory
requirements are decreased by doing more operations and taking longer, or a speed increased by using more
memory, that is behind the algorithm. That is to say, Scrypt exploits the costs in either direction [23].

So what does this practically mean? With cracking passwords we find the financial cost is parallel so if you
double the hardware used (eg ASIC), the time taken is half.

Cost of ASICs ≍ size of ASICs

When used for logins Scrypt is: [24]

≈ 25 times more expensive to attack than bcrypt

≈ 28 times more expensive to attack than PBKDF2

≈ 215 times more expensive to attack than MD5 CRYPT

When for file encryption Scrypt is: [25]

≈ 212 times more expensive to attack than bcrypt

≈ 215 times more expensive to attack than PBKDF2

≈ 237 times more expensive to attack than MD5

To best way to calculate the cost is to count the cryptographic operations for the time and the size of the chunk,
that is to say, area of silicon wafer that corresponds to one chip (die) [26] [27]. It is fair to assume this is
accurate as key derivations functions are mostly cryptographic. Scrypt is memory resource hungry and the die
area required for cost calculations is also considered (memory costs are expensive).

To further this cost other parts of the ASICs such as power supply units, packaging, operational costs and
electronic boards have been reported adding to password-cracking costs by a factor of 10 [28].

Having both CPU and RAM cost to consider Colin, when designing Scrypt assumed the costs into three
factors: “N”, “r”, and “p”. The resulting memory usage is calculated as follows: [29].

Memory in bytes = (N * r * 128) + (r * p * 128)



Scrypt Summary

• PBKDF2 is used to convert a password into a bitstream (key derivation)

• Feed this bitstream to ROMix

• Feed the output of ROMix back to PBKDF2 to generate the derived key

Cryptographic primitives used:

• HMAC-SHA256 Salsa20/8 core

• The Salsa20/8 core outputs lots of bits very fast, which means that Scrypt can use lots of memory [30].

For a more detailed explanation of the Scrypt algorithm please refer to:

https://tools.ietf.org/html/rfc7914

https://www.tarsnap.com/scrypt/scrypt.pdf

https://github.com/Tarsnap/scrypt

Dark Gravity Wave

EOT coin has implemented Dark Gravity Wave (DGW) as a response to the time-warp exploit found in
Kimoto’s Gravity Well. By using data found in the previous block, difficulty adjustments are made while
preserving the block-time [31].

Created by Even Duffield, DGW is a mining regulator that uses moving averages to best retarget the difficulty.
Retargeting the difficulty causes adjustments against larger fluctuations in mining power smoothing out this
process making it fair [32].

The protection against the time-warp exploit prevents a miner from mining an array of blocks over everyone
else’s and high-jacking the blockchain. Faster transactions can sometimes be a consequence as confirmation
times from exchanges may be lowered. Other benefits may include less orphan blocks due to regular block
intervals [33].