[Cryptography] Is it mathematically provably impossible to construct a mechanism to test for back doors in programs?

John Kelsey crypto.jmk at gmail.com
Fri Jun 6 10:58:39 EDT 2014


> On Jun 5, 2014, at 9:38 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:


...
> And not a very good one. And there is still no possibility of default
> that can't be noticed by an external passive audit party.
> 
> Collusion between the notaries only enables them to rewrite parts of
> the log that have not been made public already.

This is the critical thing that is necessary.  Even if we somehow get the intelligence agencies and surveillance state in the US under some kind of control, that doesn't deal with the possibility of coercion or bribery against people running important services, by them (extralegally, but the intelligence services in the US seem to be largely above the law) or by private criminals or other governments.  So the services need to be designed to minimize the trust needed for their operators.  The ideal situation is that the operators of the service simply can't do very much harm without being caught--in that case, coercing or bribing them just doesn't pay off, and so it won't be done much.  

...
> The NSA will do a lot when they don't think anyone will notice. The
> term is 'NOBUS' Nobody but us. They do not do stuff that attracts
> public attention. Threatening the German and Brazilian governments to
> unwind a national notary to intercept private communications without a
> warrant is not going to happen.

This is actually one of the more frightening aspects of the NSA's policies.  There's this bizarre apparent assumption among NSA's defenders that they're going to be the only ones doing this stuff.  Instead, they're helping usher in a world where every government will actively be trying ot subvert security standards and software and coercing weakening of security in their own country.  And since the 800 lb gorilla did it first and was too rich and powerful to push back against, the precedent will be set.  The US will probably lose more than anyone else from this precedent, in the long run.  (As with the precedents we're setting w.r.t. drone warfare and targeted assassination.)  But it's a short-term winner in terms of increasing budgets, getting contracts, and getting elected, so we're probably going to keep doing it regardless of how bad an idea it ultimately is.  

--John


More information about the cryptography mailing list