[Cryptography] Is it mathematically provably impossible to construct a mechanism to test for back doors in programs?

John Kelsey crypto.jmk at gmail.com
Fri Jun 6 10:47:50 EDT 2014


> On Jun 3, 2014, at 12:05 PM, Bear <bear at sonic.net> wrote:
> 
>> On Mon, 2014-06-02 at 07:50 -0400, Phillip Hallam-Baker wrote:
>> 
>> We can achieve a robust notary infrastructure that is proof against
>> defection for considerably less money. Let there be 32 independent
>> notary log maintainers who maintain a Harber-Stornetta style hash
>> chain log (i.e. what is used in Certificate Transparency). Each notary
>> has very limited defection opportunities and any defection would be
>> quickly noticed.

...
> So, one day, your 32 independent notary log maintainers all get 
> secret orders and have no legal recourse but to submit to jail if 
> they do not participate in betraying or subverting the protocol.  
> Further, they are forbidden or prevented from even sounding an 
> alarm.  "Warrant canaries" are an endangered species; if they are 
> identifiable to their audiences they are identifiable to their 
> predators. 

First, I agree with you about warrant canaries.  I expect using one after receiving an NSL will get you locked up and charged, and the idea that maybe the supreme court will hear your appeal in a decade or so won't feed your family or get you out of prison in time to see your kids graduate high school.  (And since the powerful people in the US are about 99% lined up behind the surveillance state, it's not all that great a bet the SC will ever get around to hearing your appeal.)  And NSLs are the kindest form of persuasion you need to worry about.  Mobsters won't be concerned with any legal niceties at all. 

But putting the notaries in different countries, under different legal regimes, seems like a pretty good defense against both of these.  Will the governments of (say) Finland, Belgium, the US, Brazil, and India coordinate their legal pressure against the notary operators?  

>            Bear

--John


More information about the cryptography mailing list