Key Escrow for 21st century national security

I am fairly certain that the debate is already over (SJC hearings are scheduled July 8th) and the key escrow die has been cast for a STEM solution. STEM people can either help shape a solution or be left out.

Sept 16: WashPost leaks draft of NSC position (July) on strategic encryption options. Compare to my points re stakeholder demands/constraints I listed beginning of July.

Strong pushback has come from national security officials who think that they ought to be able to retrieve text messages, photos and other material when they have a warrant and who think that their inability to do so is hampering criminal and counterterrorism investigations. If they can’t gain access to decrypted data, they warn, there will be a tragedy that could have been averted.
“The encryption issue . . . both in this country and abroad is going to have a major impact on how law enforcement and intelligence do their jobs,” said a senior administration official, who was given permission to be interviewed, but on the condition of anonymity because of the topic’s sensitivity. “It’s not surprising that they want to make sure that the public discourse includes a healthy debate about their issues as well.”
draft of NSC position on encryption

July 6th OpEd WSJ

Earlier this year Mr. Comey asked Congress to act unless technologists come up with ways of allowing encryption to protect privacy from hackers while also allowing government agencies to conduct legal searches. “Technical people say it’s too hard,” he said. “My reaction to that is: Really? Really too hard? Too hard for the people we have in this country to figure something out? I’m not that pessimistic.”

Polished brief by @followFDD with feasible technical ideas (eg beacon, using approaches similar to say Blackhat 2011 Cui)


The first thing is to acknowledge that the era of absolute privacy, a short Western Enlightenment parenthesis in human history, is closing for good.

Any STEM solution will likely be imperfect so let’s aim for a minimax solution, as befits advanced deliberative republics such as the US.


We have four blocks to play with: Scientific, technological, engineering and mathematics (STEM). We have three (maybe four) stakeholders: US IC/LE, US public, US Constitution and rest of world.

  1. IC will need & want access to all keys, gov won’t settle for less.
  2. US citizens / society needs court enforceable, un-repudiable accountability of use.
  3. Solution must be compatible in spirit and letter with the US Constitution.
  4. World acceptable/tolerable or at least abuse detectable, or/and post-factum after time limit inspectable.
A problem worthy of attack proves its worth by fighting back

Here’s what I am thinking so far

  1. Need holistic society-tech-math-eng solution that leverages nation state advantage superlinearly on resources viz smaller groups/other nation states for now and foreseeable future.
  2. Distributed proof-of-work schemes for m-out-n secret key-split scheme. Problem must be suited for US Gov superior available resources both in nature and size (say DWave solving speedups for certain problem types). Key splitting to protect US citizens from single entity abuse.
  3. P-o-W effort for problems in scheme must grow with foreseeable STEM progress (get progressively harder eg BitCoin approach) yet still stay accessible to US Gov resources but not other parties (even pooled)
  4. For world and US Constitution, need a ledger a la blockchain for verification, non-repudiation with built-in timer fuses for release, inspection decision etc.
  5. Key management provisions: Explicit key revocation, key access and key rotation procedures

July 8: @krypt3ia comments made me aware of a glaring oversight (point 5; Schmitt 1922 “Sovereign is he who decides on the exception”)

July 8: @Dave_Korn_ had an insightful comment, useful to illustrate the various aspects I am angling for

Dave makes a good point. It isn’t, in some aspects, from a TEM point of view. DUAL_EC_DRBG lacked the ‘S’ (what could be called societal science) , points 2–4 of stakeholders: US public, US constitution and rest of world (hence n/m scheme, block chain, growth reqs etc)

July 8: A position paper by leading cryptographers and security experts on access mandates

1. Exceptional access would force Internet system developers to reverse forward secrecy design practices that seek to minimize the impact on user privacy when systems are breached.
2. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws.
3. The prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

July 10: @ericgeller released (in making since May) historical review of the 1994 Communications Assistance for Law Enforcement Act and the so-called Crypto Wars, EFF role, SkipJack etc.

Recommended to get up to speed on various issues

The points above are used for reference in the debate space will be addressed as we flesh out our minimax solution.

July 30: @matthew_d_green makes a valid design/engineering point about system fragility and component interdependency / failure isolation.

The standout feature of Clipper’s design is its essential fragility. If one leg of the tripod fails, the entire construction tumbles down around it. [..]
The flaws in authentication illustrated that the designers and implementers of Clipper had made elementary mistakes that fundamentally undermined the purpose of all those other, expensive design components.

July 10: Let’s get down to business and look up a couple of numbers, do a couple of rough estimates (and/or back of envelope calculations when more applicable)

  1. Projections (trajectory) of traditional computing (TFlops + power consumption)
Slide from @MikePFrank 2006 talk on reversible computing. Mike’s is under-appreciated genius, way ahead of his time, see MIT PhD (1999). He’s as of July 2015 at Sandia National Labs.

2. July 14: Projections of crypto key-length security (taken from useful BlueKrypt). Let’s take US NSA (Suite B) as a baseline, and for sanity checks French ANSSI and German BSI estimates

NSA Suite B (2014) crypto key strength recommendation
French ANSSI (2014) crypto key length symmetric / asymmetric schemes
German BSI (2015) crypto key length for electronic signatures

3. Current legal parameters US and world-wide

4. Computational complexity parameters

MIP* ⊇NEXP: Any multi-prover interactive proof system can be made to resist provers colluding secretly with quantum entanglement

Scott Aaronson BQP polynomial hierarchy talk

https://www.dfn-cert.de/dokumente/workshop/2015/Folien_Zimmer.pdf

Post-Quantum Crypto for IPSec https://www.dfn-cert.de/dokumente/workshop/2015/Folien_Zimmer.pdf
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.