Its trivial and common to have one or more than one key that unlocks the actual key that is in fact used to decrypt data see LUKS the standard for full disk encryption on Linux for example. This trivially lets you change your passphrase without rewriting all your data on disk.
It's also useful for recovering data that the user has forgotten their self set passphrase or wont share it in case of a hostile ex employee. Furthermore one can have multiple passphrases and revoke one if it is known to be compromised.
For the governments concept on it see "key escrow" and the clipper chip fiasco
Problems are legion and multifaceted. To put it briefly based on past actions no reasonable party would trust the US government to be respectful of their rights and privacy nor even competent enough to keep a secret.
It would force the entire world of computer security to be shackled and standardized upon what an incompetent bureaucracy understands and it would be a disaster inside a year.
If one recalls a lot of current woes with malware can be traced back to one of their geniuses that took home a hard drive full of tools and lost it all to the bad guys.
If a golden key that unlocked everything in existence came into being it would be in the hands of state actors within 30 days and everywhere next year.
It has always required monumental arrogance and profound lack of foresight to suggest we should backdoor all security for the benefit of the keystone cops and their current fearless leader Sergeant Shultz here.
As the iconic tv character used to say "I know nothing. Nothing!!"
Government generates a public/private key pair Gpub/Gpriv, and publishes the public part. It also requires the following scheme to be used: if you want encrypt a message M with a key P, you generate random key K, encrypt M with K to obtain Enc_K(M), encrypt K with Gpub to obtain Enc_Gpub(K), and encrypt K with P to obtain Enc_P(K), and then send this triple (Enc_K(M), Enc_Gpub(K), Enc_P(K)). This way, either of the P or Gpriv can be used to decrypt M (you just use it to first decrypt K, and then decrypt M). This scheme is as strong as the scheme used for encryption is, and no cryptography is weakened by its use, except of course a huge negative impact in case Gpriv leaks. With stakes this high though, you could bring likelihood of leak to be very low, and you could modify the scheme to mitigate the impact of the leak.
I don't like it as much as anyone else, but unfortunately I think this is viable in practice. Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.
> Of course, nothing stops you, a hacker, from using non-backdoored encryption, but government is fine with that, as long as Google, Apple, Facebook etc. are forced to use backdoors.
Which just goes to show that this isn't actually about catching hardened criminals (who will just use non-backdoored encryption, either alone or layered on top of the compromised channels) but rather about enabling pervasive surveillance of ordinary citizens.
Not necessarily. There is a middle ground between the two: common criminals that simply use the tools that Google, Apple etc create to make security for normal people easy. If it's effortless to enable full end to end encryption on your phone, then not only will your grandpa enjoy benefits of it, but also a cocaine dealer or a burglar trying to fence stolen goods.
But yes, I think that there are lower-hanging fruits available for pick up here. I wish we lived in a reality where backdooring encryption was the best available path to reduce crime.
The lazy sort of criminal that relies on commonplace, corporate-controlled communications apps would be caught using a traditional investigative approach regardless of any end-to-end encryption. It's the more sophisticated ones that they're using as justification for these backdoors—exactly the type that might be mildly inconvenienced at most by backdoors in standard communications services.
If what these criminals are doing is causing actual harm then there must be sufficient offline physical evidence to track and convict them by without direct access to their communications networks. Far from reducing crime, the enforcement of compulsory backdoors would itself be a crime committed by the government against its own citizens on a massive scale.
> Government generates a public/private key pair Gpub/Gpriv [...]
Isn't that exactly the Clipper Chip scheme? The arguments against it are as valid now as they were then. If you haven't seen them before, they can be found at the 1997 paper "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", and its 2015 followup "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications".
Not exactly the same, it offers slightly different trade-off between the benefits and the drawbacks. But yes, the idea is clearly not new or non-obvious. There are plenty arguments against doing that, and thank you for the references (I wasn't aware of the second one). Nevertheless, just because it has some (in fact, many) drawbacks, doesn't mean it's completely broken and useless, and that means that we shouldn't expect that something like this won't ever materialize.
It's also useful for recovering data that the user has forgotten their self set passphrase or wont share it in case of a hostile ex employee. Furthermore one can have multiple passphrases and revoke one if it is known to be compromised.
For the governments concept on it see "key escrow" and the clipper chip fiasco
https://en.wikipedia.org/wiki/Clipper_chip
Problems are legion and multifaceted. To put it briefly based on past actions no reasonable party would trust the US government to be respectful of their rights and privacy nor even competent enough to keep a secret.
It would force the entire world of computer security to be shackled and standardized upon what an incompetent bureaucracy understands and it would be a disaster inside a year.
If one recalls a lot of current woes with malware can be traced back to one of their geniuses that took home a hard drive full of tools and lost it all to the bad guys.
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-balti...
If a golden key that unlocked everything in existence came into being it would be in the hands of state actors within 30 days and everywhere next year.
It has always required monumental arrogance and profound lack of foresight to suggest we should backdoor all security for the benefit of the keystone cops and their current fearless leader Sergeant Shultz here.
As the iconic tv character used to say "I know nothing. Nothing!!"