Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com)

Posted by timothy on from the perfect-for-your-carnivore-word-salad dept.

An anonymous reader writes: David Chaum, father of many encryption protocols, has revealed a new anonymity network concept called PrivaTegrity. Chaum, on who's work the Onion protocol was based, created a new encryption protocol that works as fast as I2P and the Onion-Tor combo, but also has better encryption. The only downside, according to an interview, is that he built a backdoor into the darn thing, just to please governments. He says that he's not going to use the backdoor unless to unmask crime on the Dark Web. Here's the research paper (if you can understand anything of it).

24 of 179 comments (clear)

  1. two thoughts... by Anonymous Coward · · Score: 2, Informative

    1. Is anyone going to trust something with a backdoor?

    2. who's ?

    1. Re:two thoughts... by arth1 · · Score: 3, Funny

      1. Is anyone going to trust something with a backdoor?

      Everyone who doesn't know about it or have no clue what a backdoor is, or what it implies. That includes an awful lot of BAs with purchasing decisions.

      2. who's ?

      It's based on the Baba O'Riley protocol.

  2. Interesting - by Anonymous Coward · · Score: 2, Interesting

    When PrivaTegrity’s setup is complete, "Nine Server Administrators" in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.

    1. Re:Interesting - by AmiMoJo · · Score: 2

      There are two possibilities:

      1. All countries friendly, so worthless to the users

      2. US court says yes, Russian court says no, so worthless for the government.

      Spot the common feature.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Interesting - by epyT-R · · Score: 3, Interesting

      and this would protect against groupthink powered populist witchhunts how exactly? These days, most governments are more than willing to 'cooperate' when dealing with dissent in any one of their countries (eg: multilateral surveillance to get around civil protections). It would be relatively easy to put the squeeze on those nine people. It's hard enough to both design and implement crypto correctly as it is. It's a waste of time to bother implementing purposely compromised crypto.

    3. Re:Interesting - by plover · · Score: 2

      Three keys for satellites up in the sky
      Seven for the hackers, in their mommies' homes
      Nine keys for sysadmins in collusion with the spies
      One for the Dark Lord, in his Oval Office.
      In the land of Bruce, where the Schneier lies.
      One key to crack them all, one key to find them
      One key to bring them all and in the HSM bind them.
      In the land of Bruce, where the Schneier lies.

      --
      John
  3. Re: Interesting - TTP = FAIL by Anonymous Coward · · Score: 2, Insightful

    If you can trace criminals you can trace dissidents and political opponents. Anonymity is difficult enough without it being broken by design.

  4. Might as well have not made a damn thing by Anonymous Coward · · Score: 5, Insightful

    Just telling everyone your software has a backdoor is the same spending all of your development time masturbating. No-one is going to use this crap.

  5. Re:A secure backdooor? by Skewray · · Score: 4, Informative

    Is he claiming he found a way to safely have backdoored communications?

    Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

  6. Better place by Vlijmen+Fileer · · Score: 2

    Oh yes! The world will be a better place when governments are aided by secure communications developers in fighting crimes like apostasy, being gay, etc., and whatever new "crimes" might be defined out of thin air in the future.

    I'm sure the criminals that will be brought to justice, and hanged, shot and stoned will understand the wisdom of this move.

    In other words, what a simpleton.

  7. Re:A secure backdooor? by hawguy · · Score: 5, Insightful

    Is he claiming he found a way to safely have backdoored communications?

    Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

    Or, another way to put it, a government needs to compromise only those 9 users to gain unlimited access to all encrypted communications through the system.

  8. Re:A secure backdooor? by dissy · · Score: 5, Insightful

    Is he claiming he found a way to safely have backdoored communications?

    Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message.

    Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

    He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

    So far as the axiom holds that "technology can do nothing except enforce a policy" - he is correct.

    The question remains about those policies of course, not just at the time the nine servers are deployed and used but also for all time into the future.
    Something he states no opinion on, which is also probably wise. My own cynicism has great doubts about that as well.

    It's also worth pointing out that at least in the alpha stage of testing the protocol is currently in, this backdoor really is a "US backdoor", as for testing purposes all nine of those key servers are hosted within amazon cloud, so all under control of the same government.
    During development testing this is fine, but the people testing the protocol should be absolutely aware of this fact. Test the other aspects of the protocol, assure the protocol as implemented matches exactly the theory. Find and fix bugs. But it is not to be used for trusted communications yet.

    The next major hurdle of course is the very policies that need to be drafted and in place before the servers are codified to enforce them.
    You know how governments and policies can be some times. It very well may be the case the policies never actually make it to a state anyone agrees is worth using, making the protocol a bit useless, even if not at the fault of the protocol itself.

  9. Re: Understand? WTF? by bill_mcgonigle · · Score: 2

    It's DiceDot now. Corporate probably has focus groups of soccer moms saying the site assumes too much knowledge.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  10. So basically.. by Ostrich25 · · Score: 4, Insightful

    What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

    1. Re:So basically.. by swillden · · Score: 5, Insightful

      What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

      While I'll grant that the you're partially justified by the ridiculously bad summary, your takeaway is dead wrong.

      First, having just skimmed through the article and the (very interesting!) paper, let me point out why the summary is ridiculously bad. Chaum's protocol does not include a backdoor, and certainly not "just to please governments".

      What Chaum did was to describe a really cool anonymous routing and communications protocol, with a number of highly desirable properties. The biggest one is that his protocol is designed to be secure against nation state access, unlike Tor. It should also be quite a bit faster than Tor because communications require no public key cryptographic operations; everything is done with very-fast symmetric crypto, building on top of a precomputed homomorphic encryption. Making this scheme work, though, depends on the existence of a trusted third party (TTP).

      In general, relying on a TTP is problematic in contexts where there isn't any obvious person or organization who could be trusted. And for a global communications network that will be used by lots of people and which many governments might like to penetrate, and which in fact is specifically focused on trying to prevent penetration by nation states, there clearly exists NO such single party.

      Chaum's solution to the problem of how to trust when no one is trustworthy (a common problem in security design, actually) is to distribute the trust (a common solution, though Chaum's implementation is particularly clever). By arranging things so that the TTP role is spread across many different nations, each of which is fairly trustworthy except in particular areas, and selecting those nations so the areas in which they're untrustworthy are different, and designing the cryptography so that any abuse of the TTP role requires willing participation of 100% of said nations, it may be possible to construct a TTP which is trustworthy in the aggregate, even though no individual member is fully trustworthy.

      This is a very clever solution to what I would have said is a completely intractable problem.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. It's sad by Opportunist · · Score: 2, Insightful

    With deep sorrow we announce the departure of another great security guy we once had. You will be missed.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Re:Here's an even simpler one by requerdanos · · Score: 2
    I think this exchange between ACs deserves to be highlighted:

    What [Chaum is] proposing seems complicated. Here's something simple. [describes convoluted proposal inspired by Rube Goldberg involving magic boxes, unprecedented cooperation among governmental bodies and somehow consistent 100% voluntary continuous public disclosure of same]

    Simpler than that: Make all encryption is 100% secure. Only Alice and Bob can read the data.

    If law enforcement wants access to the data for crime purposes, THEY GET A WARRANT for either Alice or Bob that demands they decrypt, and Alice and Bob have their normal rights to fight the demand in court, and failure to comply is risking contempt of court.

    If Alice or Bob are not in your jurisdiction, then its none of your fucking business. Go ask the country they are in to do it.

    See how simple that it?

    Yes, I think it really is that simple. We (~99% of governments) already have laws and systems in place to get information needed for valid law enforcement purposes. No need for complex or technical systems of malicious spying under the deceptive guise of "tough on crime".

  13. "private" with a 'backdoor" by jcr · · Score: 4, Insightful

    There's a term for that in data security circles. That's what we call NOT PRIVATE, for fuck's sake.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  14. Re: Understand? WTF? by Anonymous Coward · · Score: 2, Insightful

    In this case, a former /. member that hasn't bothered using their login for the last couple of years.

  15. Re:A secure backdooor? by dissy · · Score: 2

    At least I don't know any algorithm that can prove the correct decryption key is embedded without actually decrypting the message.

    On the technical side this does exist and is quite possible.

    It is known as Secret Sharing
    One example algorithm for this is called Shamir's Secret Sharing

    Now I admit I didn't do more than speed-read the first bit of the linked paper for this protocol, but at first glance it looks to utilize three separate "encryption wrapper" stages, where having a known static key embedded would only defeat one of those three.

    I can't say if that is enough to do as you claim however maybe you're right.

    So you go through nine jurisdictions, get a court warrant in each and find the decryption key is 0xDEADBEEF. Then what?

    On the political side, I can't answer your question because I am of the belief this can't possibly work politically. There's no real need to break something that was broken from the start after all.

  16. Cheese with that Wine? by LifesABeach · · Score: 2

    1. Get a copy of the PrivaTegrity,
    2. De-compile it
    3. Analise product
    4. Remove Back Door.
    4.1 Put a new back door in it?(this part never gets old)
    5. Miller Time.

  17. Who will watch the watchers? by Flytrap · · Score: 2

    Chaum is also building into PrivaTegrity another feature that’s sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something “generally recognized as evil” to have their anonymity and privacy stripped altogether.

    Whoever controls that backdoor within PrivaTegrity would have the power to decide who counts as “evil” - too much power, Chaum recognizes, for any single company or government. So he’s given the task to a sort of council system. When PrivaTegrity’s setup is complete, nine server administrators in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.

    So... my question would be... Quis custodiet ipsos custodes? who will appoint, monitor and document the decisions of these administrators and if necessary revoke their anointed status as the determiners of what is or isn't acceptable evil (e.g. is sharing a commercial movie evil enough to attract the attention of "the nine"... how about a casual statement calling for the non-constitutional overthrow of a government... clearly child porn would be considered evil, but what would the cut off age be, 16, 17 or 18... would planning to blow up a public facility in a western country be more evil than threatening to blow up a public facility in a country already mired in a civil war)? Will they be accuser, prosecutor, judge and jury? who will take cases to them and which legal system will apply... can they be sued in the event that they err? what will keep them beyond reproach and will their decisions be made public? will it be possible to appeal their decisions?

    Lots of questions and no clear answers.

  18. Re:Here we go with the kneejerk slashdot responses by Zero__Kelvin · · Score: 2

    " I'm posting this AC because I am an AC; I don't have an account. "

    Come on Slashdot. Get your shit together. One would think that you could find a way to implement new account creation by now!

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  19. It took 9 countries to find Snowden a shelter by ffkom · · Score: 2

    ... and > 9 "democratic countries" fell for the falsified "weapons of mass destruction evidence" the US presented to lure them into supporting the Iraq war.