Who We Are
NJVC is the engine of the secure, integrated enterprise, delivering mission-critical IT solutions for critical missions in enterprise management & monitoring, hybrid IT transformation & optimization, cloud migration and cyber security.
We are talking past each other.
In the ongoing public debate about creating backdoors in encryption algorithms for law enforcement agency use, the essential mathematical rules that enable encryption are getting lost in the rhetoric.
The core principles of secure electronic communications, as well as the tech companies, cryptographers and computers who helped create them, are being challenged by policy makers, editorial writers and a host of others, often without a firm grasp on a very basic problem in the debate.
The fundamental problem in asking for backdoor access to encryption is that no such universal mechanism exists, and current secure communications methods are predicated on users and senders being able to communicate over an internet structure that supports third-party credential establishment. No matter how much it is said that tech companies have a "moral obligation" to allow such access by creating new algorithms, no one can get around the basics of the mathematics of encryption.
So, why are we talking past each other and why are the basic rules of encryption being overlooked? A guess is that how encryption works isn't understood widely enough, and therefore, neither is why the mathematics of encryption make this request for backdoor access impractical.
As encryption touches nearly everyone -- and almost certainly everyone reading this post -- let's try and clarify how it works and why this requested access is impractical.
Encryption is the process of encoding messages. When utilized in a digital domain, it is convenient to talk of physical objects such as a ‘key’ to describe what is, in actuality, a precise mathematical operation – an algorithm – which must work every time utilized, yielding the exact same answer. Encryption keys are not totally analogous to physical keys. There is no concept of a 'master' encryption key similar to a master building key in an apartment building.
The possessor of a specific private encryption key is able to gain access only to a specific encoded message generated with that private key. Knowing which encryption algorithm is used is not sufficient to decrypt the message, the specific key used is necessary. Therefore, no 'master key' exists in the current structure.
There is good reason for this, which a quick look at the history of cryptography will help with.
There are two types of encryption schemes – symmetric (secret key) and asymmetric (public key).
Symmetric has been around since the days of the ancient Greeks, possibly earlier, and is the most relatable. A number or a word acts as a private key and is applied against a text message to alter the contents. One famous example is the German Enigma Machine used to send secure encrypted messages during World War II. It used mechanical and electronic rotors to shift each letter by a specified number of places in an alphabetical listing. If both sender and receiver know the private key, this method is simple, clean and easy.
Ease of use however does not mean secure.
Should that private key be compromised, an attacker can not only read encrypted messages, they can spoof a sender by creating messages that pretend to be the sender, wreaking even more havoc. In secure communications, the receiver must not only be able to decode the message, they need to know that the sender is exactly who they believe it to be.
To address these foundational weaknesses, computer scientists created asymmetric encryption schemes. This method uses a key pair, one private key and a second one made public. Any message encrypted using the public key can only be decrypted by using the same algorithm but also using the matching private key.The mathematical issue at work here – and note that mathematics has definite rules - is that the key pair is not simply a set of random digits. Instead, the pair has a distinct mathematical relationship such that computing in one direction is easy, in the other direction is virtually impossible.
Many articles on this subject imply that the technology community should simply build the new requested encryption infrastructures and that not doing so is faulting on their basic civil responsibility. That viewpoint, however, fails to recognize the underlying technical principles – and mathematics – that govern the world of encryption.
Many physical items demonstrate the same type of property as an encryption algorithm. In electronics, a diode has low (ideally zero) resistance in one direction and high (ideally infinite) resistance in the other direction. This permits current to flow in one direction only.
Similarly, in a logical relationship such as a family, a son is related in one direction to his parents. Two adults can create a child, but the child cannot be reconstituted into his parents. The relationship cannot be reversed. One has to be an ancestor to the other.
Something having asymmetric properties means that the two sides, or flows (as in electricity), or algorithms (as in computer science) do not match.
So, desiring to have some type of master key that can unlock encrypted text only in ‘special’ situations, means weakening encryption for all, both through weaker encryption algorithms or by creating a single point of failure for compromise of a public/private key pair. (Any master list of keys, after all, would need to be stored, and secured, somewhere.)
Just because we can conceive of an encryption universal backdoor does not mean one currently exists or is practical to develop at this time.
Computer Scientist Response
The response from the technical side of the ledger has been strong, consistent and at times even a bit snarky.
The centerpiece of the response is the MIT Technical Report,“Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications,” available here. Fifteen well-known and respected computer security researchers, cryptographers and professors came together to write this 31-page paper and it's well worth your time to read.
In the paper, they provide a measured response and point out this debate was held before in 1997 when the Clipper chip was being proposed. The title says it all – if you create algorithms that have keys under doormats – you are mandating insecurity for all – which hardly seems like a reasonable goal given all the internet commerce that is conducted each and every minute of each and every day.
Social media has also been used as a frequent public commentary mechanism. Here, some computer scientists have really shined., Matthew Blaze, a University of Penn Computer Science professor tweeted "Crypto causes crime" deserves no more consideration than "vaccinations cause disease". Following that, came this delightful insight:
I have the greatest respect for mathematicians, but we need a national conversation about their claims about the division by zero problem.
— matt blaze (@mattblaze) July 8, 2015
“It’s not just a matter of difficulty,” he said. “It involves the most fundamental unsolved problems in computer science.”
And in the End
Encryption is what enables the internet to provide secure electronic commerce between parties that are not in the physical presence of each other. It is essential to the functioning of each and every online purchase and also supports secure communications between individuals. Encryption utilizes mathematical principles codified in algorithms that work in the decentralized communication system that is the internet.
Cryptography enables cyber crime just as an automobile enables bank robber getaways. In both cases ‘technology’ is being used by individuals with malicious intent. We don’t require cars to have remote controls for law enforcement purposes and we should not compromise encryption by mandating any type of encryption backdoor – weakening online security for all.