There are many cryptocurrencies that claim to have high security, but only a few are resistant to attacks by quantum computers (FYI, Bitcoin is not). High security is one of the most important factors in choosing an investment target especially for cryptocurrencies as it will be fatal to its credibility when it gets hacked.
As for excor, it’s level of security based on the international standard called Evaluation Assurance Level (EAL) and is currently being reviewed.
This article will dig into EAL and excor’s security.
What is Evaluation Assurance Level (EAL)?
EAL is a numerical grade ranging from EAL1 (lowest) to EAL7+ (highest), assigned to an IT product or system after a Common Criteria Security Evaluation. The higher the grade reflects added assurance requirements that must be met to achieve Common Criteria certification.
The intent of the higher levels is to provide higher confidence that the system’s principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.https://en.wikipedia.org/wiki/Evaluation_Assurance_Level
It should be noted that the grade and the security levels are not necessarily correlated, but the higher the level of certification, the more widely the ‘Target Of Evaluation security assurance’ was tested and verified.
However it can be safe to say that the higher the grade, the more difficult and costly it becomes to hack. Requirements for certification are specified and tests to measure its resistance are conducted in Common Criteria laboratories.
Common Criteria (abbreviation: CC) is an international standard for computer security ‘ISO/IEC 15408’.
The scope of EAL is simplified in a presentation by the University of Hawai’i’ West Oahu “Security Architecture and Design“
Source: Phillip Robbins (2015) “Security Architecture and Design” Slideshow of Information Security & Assurance Program. University of Hawai’i West Oahu.
The EXC Platform was made by improving FeliCa which had already been certified EAL6+. Although EXC is still under review and EAL 6/7 is military class security, we expect to be above at least EAL6+.
Evaluating Past EAL Certified Systems
The official website of the Common Criteria has published statistical data over the last 20 years on EAL certified products.
Based on ‘Certified Products by Assurance Level and Certification Date‘ I made a graph of the number of EAL certifications by level. The category “None” is not included.
Source: Common Criteria (2019) ‘Certified Products by Assurance Level and Certification Date”.
EAL4+ has the most number of certifications, followed by EAL5+ and EAL2+. The general EAL of trusted financial institutions are EAL4, meaning that a system above EAL4 will be possible to gain international trust.
It seems like being certified EAL4+ is a requirement for IT product introduction in the US, evident as Windows 2000 was certified as EAL4+.
From a bird’s eye view, it seems that the authentication from EAL1 to EAL5+ is the volume zone. From this graph, you can see how difficult it is obtaining a certification of EAL6 or higher.
There have only been 71 EAL6+ certifications other than FeliCa over the past 20 years. The number of EAL7 and EAL7+, which are said to have been certified for the launch systems of nuclear missiles, is limited to 7.
As mentioned above, EXC is currently undergoing the test for a EAL certification.
Will EXC Get Above EAL6+?
Since FeliCa has already acquired EAL6+, and EXC was developed by improving FeliCa, it is highly likely that EXC will receive a higher rating than EAL6+.
Obtaining a certification level above EAL6+ will enable EXC to gain trust from government bodies and central banks. It is said that most cryptocurrencies have difficulties obtaining EAL1, so this is another factor that will bring EXC apart from other digital currencies.
When the central bank of an economy actually attempts to adopt a digital currency, one of the most important factor is security. It is highly likely that EAL, which is an international standard, will be used as the criteriafor security.
Many white papers and technical papers of the cryptocurrency projects have some exaggerated claims and it will be hard for government officials to tests its credibility. In this respect, as EAL is used worldwide and is deemed trustworthy, an EAL certificate will enable EXC to gain an advantage over other global financial institutions.