Secure encryption: no space for backdoors

Introduction With the rise of cyberattacks, encryption is becoming increasingly important in order to secure business-relevant, public-important or private-sensitive information. More and more companies are adding encryption technology to their security standards. Nevertheless, not all encryption solutions are the same. One important difference is between a form of encryption where secured data is still available to intermediaries and one where data is only available to its owner. The latter would be particularly important in real-time reporting systems, where huge amounts of taxpayers’ data is collected.

Scalability of TX++: 2021 update

Introduction In May 2020 we published an article about how many invoices summitto’s real-time reporting system could handle. We showed that TX++ could already serve e.g. Italy (between 2 and 3 billion invoices per year)[1] and Spain (4.8 billion invoices per year).[2] At that moment in time our software could handle 700 transactions per second, which refers to a maximum of 22 billion invoices per year. It is important for reporting systems to be future-proof, and to be able to handle changes in legislation and a growth in invoice usage.

Risk without the benefits - Data minimisation is not the solution

Introduction Data minimisation and the usage of metadata are being actively investigated by countries all over the world in relation to real-time reporting. The reason for their interest in such solutions lies in the need for more secure systems which may be more resilient regarding data leaks due to cyber attacks, human errors or even snoopy public officials. Although these systems may indeed require less data in order to perform the required tasks, they are not completely secure nor increase collection beyond what is possible with confidential systems.

Ransomware: impact on VAT

Ransomware attacks are surging all over the world, becoming one of the biggest threats to our everyday lives. Taking actions against them is therefore crucial in order to spare high costs for businesses and to prevent disruptions of their economic activities. In the first part of this blogpost we discuss the impact of ransomware attacks on our society, following the latest attack on the American tech firm Kaseya on Friday, while in the second part we will analyse the potential of modern cryptography and decentralisation for preventing such attacks, mostly focusing on tax administrations.

Microsoft data breach: what we should learn from it

Several thousands of organisations all over the world that make use of Microsoft’s Exchange Servers, are being hit by a gigantic cyberattack. The breach started in January 2021 but it became public only in March. According to Microsoft, hackers from China are making use of vulnerabilities in the company’s Exchange Servers in order to gain information about national security services, schools and businesses[1]. After becoming aware of the attack, Microsoft responded by providing security updates for its email providers.

Why the protection of invoice information is important, even from your own government

There is an even bigger threat to your invoice information you are not yet aware of, even if no public security hacks have been reported. Both on our blog and on our Twitter account, we often stress the importance of data security. Failures of this security can lead to data breaches which can result in significant costs for companies. This is especially relevant when we are talking about invoice information, as this contains pricing information.

Introduction to invoice hashing: securing VAT reporting with cryptography

Previously, we explained that real-time invoice reporting systems can tackle VAT fraud without collecting massive amounts of data. Companies will still need to register invoices, but instead of storing the data in “plain text” at a centralized location, always accessible to authorized personnel, VAT fraud can be detected even if the data is encrypted. An essential part of confidential real-time invoice reporting is that instead of storing invoice data itself, a unique fingerprint can be created of the invoice using so-called cryptographic hashing.

How to make deterministic PGP keys

In our last post, we discussed why we built a new PGP key generation. In today’s article, we’ll share a step-by-step guide on how to generate, use and store the PGP keys in a manner which is as secure and resilient as possible. This guide is inspired by the Glacier Protocol [1], which offers an extensive guideline on how to generate Bitcoin keys from your own source of entropy. The cryptocurrency community developed a suite of technologies and ideas to improve handling cryptographic keys.

State-level security with deterministic PGP keys

summitto released an open source software library and utility: https://github.com/summitto/pgp-packet-library https://github.com/summitto/pgp-key-generation These allow anyone to easily generate secure PGP keys with excellent support to backup your keys. In this article, we provide a brief but dense explanation of why we chose to build this. In the next post we will explain to you in depth how to use it. Pretty Good Privacy PGP stands for Pretty Good Privacy. Originally created in 1991, it is a protocol with a rich history.

#MoreOnionsPorfavor - Our website is now reachable via Tor

We care deeply about user privacy and anonymity on the web. Privacy by design is one of the things in our DNA, and we’re happy to say that our website is now live on the Tor network as part of the Tor Projects #MoreOnionsPorfavor campaign! The Tor Project develops privacy enhancing technologies to protect and advance human rights. We share the same values and you can see this also in our solution and approach to fight VAT fraud.