How Would Crypto Back Doors Work?

frantzdb writes "We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Why use crypto at all then?

[DanEsparza]

I think it's a stupid idea to even toss around the idea of a 'crypto back door'. I can understand why politicians are desperately attempting to dig up the 'silver bullet' that would have stopped the WTC tragedy (and will stop the next horrific event from happening) -- but they're barking up the wrong tree for several reasons.

Making crypto 'safe' with a back door effectively makes it useless. Why would anyone in their right mind use a cryptographic algorithm knowing that a perfect stranger has a 'backdoor pass' to their information? The whole point of crypto is to only allow the intended recipient to view the secret information.

This idea would weaken any cipher that this idea is applied to. Why? Simple. Key recovery in a datastream you haven't ever seen before depends basically on one of 2 things: Brute force, and a little ingenuity. If you know that the cipher has a 'universal backdoor' then each stream encrypted with the cipher will be that much easier to crack -- because the streams will have to be somewhat similar.

What happens when the wrong people get the 'back door' key? You don't think that someone dangerous is going to somehow either recover the key manually, or steal it? Think again. A 'back door' key (or set of keys) of this scope would be too good to pass up. Why bother attempting to recover a key that unlocks one stream, when you can unlock a whole set of streams?

The cat's already out of the bag Why would somebody who really wants to keep information secret use a cipher that didn't keep it secret -- especially when there are so many good ciphers (RC4, Twofish, etc.) that don't have a backdoor? In short -- this is a braindead thought process that will lead the U.S. straight into another disaster.

Several options

[jd]

• Key Escrow, where some percentage of the private key is registered with the Govt.
  
• Synonyms (which requires weak algorithms), where a third "key" is generated, which is different from, but functionally identical to, the private key. One way to do this is to fix certain bits. This was accidently done in some early SSL implementations for Netscape.
  
• DH duplicates, where key exchanges are automatically forwarded by the hardware and/or software.
  
• "Skeleton Keys", where the hardware logs the keys used, and transmits them on request.
  
• A requirement to use Microsoft encryption code. Ooops, sorry, already covered. :)
  
• Plain-text logging by hardware, prior to all encryption, available on request.
  
• Requirement for HW manufacturers to build TEMPEST into all machines, with images forwarded.
  
• Keyboard loggers mandatory on all machines, with data stored and/or forwarded.
  
• A return to mainframe-style machine operation, where everything is handed over to approved operators. (So THAT's why certification programs are so popular....! :)
  
• A ban on all privately-owned computers, with all machines becoming dumb terminals to a central machine. One box to rule them all, and in the darkness BIND them...
  

Re:Answer: they could never work

[reverse flow reactor]

There are method of hiding data in plain sight. Just read "Chaffing and Winnowing: Confidentiality without Encryption" at http://theory.lcs.mit.edu/~rivest/chaffing.txt [mit.edu]


Also, said Terrorist could use multiple techniques together:

- write message
- apply method of Chaffing and Winnowing (above) or method of hiding messages in spam [spammimic.com].
- hide that message in favorite media with outguess [outguess.org].
- encrypt that with PGP [pgpi.com] or GnuPG [gnupg.org].
- encrypt that with the mandated, key-esrowed, back-doored technique
Now there are several barriers to break down, but only the easy one is known about until an investigation is already under way.

Or:
- said terrorist could avoid electronic communications, and meet face to face in a public park or on a public bus or in a crowd

Ask a gardener how they deal with weeds. Do you just remove what you can see, or do you go after the roots? Ask a doctor how he/she deals with a disease. Does he/she treat the symptoms and hope for the best over time, or does he/she treat the source of the disease?

Yes, cutting off one of their means of communication would be an incovenience for people who have evil plans. But is there a better we that we can deal with their evil plans in the first place?

I don't know the answers, I just ask the questions.

Take a look at DES...

[(codic)]

Some conspiracy theorists already claim that DES has a backdoor, even though there is no public evidence to support the theory and lots to suggest otherwise.

When DES was invented (by IBM, IIRC) and the government wanted to adopt it as a standard, the NSA took a look at it and changed around the S-boxes (where S, I believe, is for Substitution) for the version that is actually used. They offered no description of how they created their S-boxes or what features they offered that the other ones didn't, etc.

One possible explanation is that the NSA added a backdoor into DES that secretly weakened it some how (e.g., the ciphertext provides information about the key to make an exhaustive key search several orders of magnitude quicker) to the point where they could decrypt a document without necessarily knowing the key ahead of time with a reasonable amount of effort.

There is no public information about successful cryptanalysis of a full (16 round?) version of DES. That is, if such a backdoor exists, and if someone has found it, it's all very hush hush.

The concept of backdoors in cryptosystems is really very messy. It depends way too much on keeping crucial information about the cryptosystem secret. Chances are, if you disclose enough details to implement a cryptosystem and say it has a backdoor, people (good and bad) are going to find it*. If you don't provide information on how it works, it can really only be implemented in "tamper-proof hardware" (a concept almost as flakey as cryptosystems with backdoors), since any software implementation could be disassembled.

To answer your second question, they really can't (as I assume you suspected). So, if the sniffers found some data they couldn't decrypt, they would have to assume it is either, as you said, random data, or data encrypted with an outlawed (read "aparently secure") cryptosystem. In both cases, the sender must be trying to hide something from the government, and is therefore a threat and should be dealt with accordingly. Simple as that.

For anyone who missed it, the current call is for a global ban on strong crypto, not a national one. And in this case "global" means really global, not a "World Series" kind of global.

The next few weeks/months/years will potentially be filled with events and ideas, like this, that change the world we live in. I'm not afraid for our generation. Most of us know what freedom is like, and I really don't think it's something that can be taken away no matter how hard they try. But our unborn children and grandchildren don't. I don't want them living in a world where freedom and privacy are anything other than fundamental rights. I'm currently optimistic; I just hope that's not misplaced.

* And if DES does have a backdoor and no one has found it, then the NSA deserves a pat on the back because they've stumped us all! :)