[masscrypteria]

There’s no discussion of how to build exceptional access encryption that solves the weakening issue, just that it “can’t be done”.

The spirit of this initiative in 2019 is likely more about stopping strong encryption at scale, which is certain to be a frustrating black hole for LEO and the IC.

Perhaps HN would do well to ask how to solve the problem from a technical perspective, given the requirements. This includes both how to build a better mousetrap (one that doesn’t have a “backdoor” or significantly weakens the encryption mechanism), and how to solve concerns about abuse of exceptional access.

[kyboren]

> This includes both how to build a better mousetrap (one that doesn’t have a “backdoor” or significantly weakens the encryption mechanism), and how to solve concerns about abuse of exceptional access.

There is a simple way to solve concerns about abuse of "exceptional access": Not to include any "exceptional access" mechanisms. Securely implementing a cryptosystem is a daunting task almost never achieved. Intentionally creating a human-controlled mechanism to access plaintext makes the problem much, much worse.

> There’s no discussion of how to build exceptional access encryption that solves the weakening issue, just that it “can’t be done”.

Please consider that there is fundamentally no way to solve concerns about exceptional access. "Exceptional access" means that there is necessarily a human attack vector: Those humans who control whatever mechanism exists to provide LEO access to plaintext. This necessarily weakens any cryptosystem. If those people are compromised, "exceptional access" will simply be "routine access". Further, because decryption of data emits no obvious signs of physical tampering, even citizens who trust that "exceptional access" is not being abused cannot verify that.

I actually appreciate the name of your 5 hour old account. You're correct. We are experiencing mass hysteria over cryptography. However, it is not security professionals who are hysterical: it's people like you, who apparently never met an argument against liberty that they didn't like.

[masscrypteria]

Let’s leave politics and assumptions about me out of it, please.

Same point: figure out a technological and procedural solution to the human attack vector. If “security professionals” all agree on ideology or theory that it’s not possible and thus refuse to help solve the problem, then exceptional access solutions generally will be worse off for it. It’s independent of whether they actually are deployed.

[jki275]

You've missed the point.

There is no solution. If you build in your "exceptional access" exception, then the system is broken by design and no one will use it. That's the end of the discussion, there's nothing more to discuss. You can rube goldberg "solutions" all day long, but in the end you're just figuring out ways to deploy a broken system.

[masscrypteria]

The government has a different idea of what constitutes “broken” in this case. Of course adding a third party introduces additional risks. Two parties versus three parties: All can access the clear info; neither scenario is without risk. The goal is to find a solution that minimizes the risks of providing exceptional access.

Again, simply arguing that “it can’t be done”, which is of course theoretically true if the goal is to have zero additional risk by introducing a third party, isn’t going to stop such systems from being deployed, it will simply reduce the quality of such solutions due to talent refusing to work on the problem.

An idea that comes to mind: third party can’t trivially decrypt the data (maybe it requires substantial computation to decrypt) thus reducing practicality of bulk decryption. Make the exceptional access truly exceptional.

I agree that having a trivial way for governments to access encrypted comms at scale is bad; I don’t agree that governments should be completely locked out, without exception, of all comms deployed at scale by mega tech corporations.

[jki275]

You're describing a broken and unusable cryptosystem. What you believe requires "substantial computation" to break today requires a consumer GPU tomorrow.

There is no minimizing the risk. Your concept is broken. It does not -- and cannot -- provide security of any use. And I don't care what the government thinks about it.

[masscrypteria]

It’s just a brainstorming idea. There would be a key as well - the idea would require both the key and substantial computational power for exceptional access

Brainstorming ideas are meant to be thrown out. Attacking the idea respectfully is fine. It’s to help inspire other ideas.

Of course there’s a trade off involved. But whether it’s two party encryption or three party encryption with exceptional access none is perfectly secure anyway. There is major conflation of political ideologies with hardline technical viewpoints going on

[masscrypteria]

Pre quantum algos have this shortcoming built in

[kyboren]

> [...] arguing that “it can’t be done”, which is of course theoretically true if the goal is to have zero additional risk by introducing a third party [...]

So then you recognize that "exceptional access" mechanisms necessarily weaken a cryptosystem, which are already notoriously difficult to implement securely. This brings us back to your OP, where you complain about people telling you the truth you already recognize, and make two entreaties for assistance from HN:

1. "Perhaps HN would do well to ask how to solve the problem from a technical perspective, given the requirements. This includes both how to build a better mousetrap (one that doesn’t have a “backdoor” or significantly weakens the encryption mechanism) [...]"

2. "[...] and how to solve concerns about abuse of exceptional access."

I understand now that you suffer from severe cognitive dissonance with respect to the first. You just acknowledged that the "weakening issue" with "exceptional access" cannot be solved, yet still argue that it can be solved, presumably with more effort from security professionals.

I already addressed the second: Concerns about abuse of "exceptional access" also cannot be solved, except by avoiding their inclusion in the first place.

Your idea is also a non-starter. Human political masters will set the work parameters, not users (otherwise: Who would choose anything but an infinite amount of work to decrypt their communications?). Users would have no way to verify the work required to decrypt as, again, they cannot verify that communications have or have not been "exceptionally accessed". The work parameters must be updated as technology improves, so there must be a way for human political masters to update work requirements (potentially reducing them). Nobody outside certain SCI or ECI compartments has any idea what kind of cryptanalytic power USG can bring to bear. Maybe, like Skipjack, the proof of work cryptography is subtly weaker than expected in a way that only they know. Maybe the USG will just start allocating $100B/year to routinely use "exceptional access". And certainly, after such a backdoor scheme is deployed, LEO and IC will howl that they cannot access enough plaintext to stop child molesting terrorist superpredators, and anyone who would just think of the children would support reducing or eliminating the burdensome computational obfuscation parameters. Once again: Any such "exceptional access" scheme necessarily reduces security by inserting a critical dependence on trust in humans that cannot be verified and whose compromise has Biblically enormous value to many groups.

> I agree that having a trivial way for governments to access encrypted comms at scale is bad; I don’t agree that governments should be completely locked out, without exception, of all comms deployed at scale by mega tech corporations.

If we agree on the first part, then we should agree on everything that I've written. "Exceptional access" schemes only make sense for unconstitutional dragnet surveillance purposes and are a severe threat to liberty. If a target is known, and is found to be using cryptanalytically impenetrable cryptography, targeted physical surveillance will defeat that cryptography every time. If some impenetrable communications happen between two non-targets, it doesn't matter that those communications cannot be read, because the government doesn't want to read those communications anyway--right? Of course, serious criminals and terrorists--the ones on whom collection is really important for security--are not going to use known-compromised cryptosystems when non-broken ones are already ubiquitous. Therefore this "exceptional access" is only useful on the average citizens; unless, that is, the government is doing dragnet surveillance and attempting to "winnow" out secure communications, something they can only do effectively if they attempt decryption of every "exceptional access-enabled" communication.

Finally, consider your request in the historical context. For the great deal of our history, communications have defaulted to being private (there were no microphones in Lincoln's log cabin) and inaccessible to government agents except through testimony (which cryptography does nothing to prevent). Now your claim is that the government must have the ability to access any communication. But why? Our government and society worked just fine without substantially all communications being recorded and accessible to the government. Such a large shift in the balance of power will, I fear, lead inevitably to tyranny.

[masscrypteria]

It’s a trade off. There’s no cognitive dissonance, just refusal to work towards better compromises. Lovely argument, though. Euphemistically it’s clear you’re very passionate about this issue. Maybe my hacker news throwaway should’ve been called cryptopassion