Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com)

Posted by timothy on from the perfect-for-your-carnivore-word-salad dept.

An anonymous reader writes: David Chaum, father of many encryption protocols, has revealed a new anonymity network concept called PrivaTegrity. Chaum, on who's work the Onion protocol was based, created a new encryption protocol that works as fast as I2P and the Onion-Tor combo, but also has better encryption. The only downside, according to an interview, is that he built a backdoor into the darn thing, just to please governments. He says that he's not going to use the backdoor unless to unmask crime on the Dark Web. Here's the research paper (if you can understand anything of it).

9 of 179 comments (clear)

  1. Might as well have not made a damn thing by Anonymous Coward · · Score: 5, Insightful

    Just telling everyone your software has a backdoor is the same spending all of your development time masturbating. No-one is going to use this crap.

  2. Re:two thoughts... by arth1 · · Score: 3, Funny

    1. Is anyone going to trust something with a backdoor?

    Everyone who doesn't know about it or have no clue what a backdoor is, or what it implies. That includes an awful lot of BAs with purchasing decisions.

    2. who's ?

    It's based on the Baba O'Riley protocol.

  3. Re:A secure backdooor? by Skewray · · Score: 4, Informative

    Is he claiming he found a way to safely have backdoored communications?

    Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

  4. Re:A secure backdooor? by hawguy · · Score: 5, Insightful

    Is he claiming he found a way to safely have backdoored communications?

    Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

    Or, another way to put it, a government needs to compromise only those 9 users to gain unlimited access to all encrypted communications through the system.

  5. Re:A secure backdooor? by dissy · · Score: 5, Insightful

    Is he claiming he found a way to safely have backdoored communications?

    Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message.

    Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

    He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

    So far as the axiom holds that "technology can do nothing except enforce a policy" - he is correct.

    The question remains about those policies of course, not just at the time the nine servers are deployed and used but also for all time into the future.
    Something he states no opinion on, which is also probably wise. My own cynicism has great doubts about that as well.

    It's also worth pointing out that at least in the alpha stage of testing the protocol is currently in, this backdoor really is a "US backdoor", as for testing purposes all nine of those key servers are hosted within amazon cloud, so all under control of the same government.
    During development testing this is fine, but the people testing the protocol should be absolutely aware of this fact. Test the other aspects of the protocol, assure the protocol as implemented matches exactly the theory. Find and fix bugs. But it is not to be used for trusted communications yet.

    The next major hurdle of course is the very policies that need to be drafted and in place before the servers are codified to enforce them.
    You know how governments and policies can be some times. It very well may be the case the policies never actually make it to a state anyone agrees is worth using, making the protocol a bit useless, even if not at the fault of the protocol itself.

  6. So basically.. by Ostrich25 · · Score: 4, Insightful

    What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

    1. Re:So basically.. by swillden · · Score: 5, Insightful

      What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

      While I'll grant that the you're partially justified by the ridiculously bad summary, your takeaway is dead wrong.

      First, having just skimmed through the article and the (very interesting!) paper, let me point out why the summary is ridiculously bad. Chaum's protocol does not include a backdoor, and certainly not "just to please governments".

      What Chaum did was to describe a really cool anonymous routing and communications protocol, with a number of highly desirable properties. The biggest one is that his protocol is designed to be secure against nation state access, unlike Tor. It should also be quite a bit faster than Tor because communications require no public key cryptographic operations; everything is done with very-fast symmetric crypto, building on top of a precomputed homomorphic encryption. Making this scheme work, though, depends on the existence of a trusted third party (TTP).

      In general, relying on a TTP is problematic in contexts where there isn't any obvious person or organization who could be trusted. And for a global communications network that will be used by lots of people and which many governments might like to penetrate, and which in fact is specifically focused on trying to prevent penetration by nation states, there clearly exists NO such single party.

      Chaum's solution to the problem of how to trust when no one is trustworthy (a common problem in security design, actually) is to distribute the trust (a common solution, though Chaum's implementation is particularly clever). By arranging things so that the TTP role is spread across many different nations, each of which is fairly trustworthy except in particular areas, and selecting those nations so the areas in which they're untrustworthy are different, and designing the cryptography so that any abuse of the TTP role requires willing participation of 100% of said nations, it may be possible to construct a TTP which is trustworthy in the aggregate, even though no individual member is fully trustworthy.

      This is a very clever solution to what I would have said is a completely intractable problem.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. "private" with a 'backdoor" by jcr · · Score: 4, Insightful

    There's a term for that in data security circles. That's what we call NOT PRIVATE, for fuck's sake.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  8. Re:Interesting - by epyT-R · · Score: 3, Interesting

    and this would protect against groupthink powered populist witchhunts how exactly? These days, most governments are more than willing to 'cooperate' when dealing with dissent in any one of their countries (eg: multilateral surveillance to get around civil protections). It would be relatively easy to put the squeeze on those nine people. It's hard enough to both design and implement crypto correctly as it is. It's a waste of time to bother implementing purposely compromised crypto.