[Cryptography] Chaum Has a Plan to End the Crypto War

Ray Dillinger bear at sonic.net
Thu Jan 7 20:54:21 EST 2016 


On 01/07/2016 10:24 AM, Christian Huitema wrote:

> 
> From the summary description of the proposal, it appears to use a "fragmented 
golden key." The classic golden key approach is to provide to
authorities a copy
of someone's private key, encrypted with the golden key. The fragmented
approach
appears to split the key in N fragments, each encrypted with the
specific golden
key of a different "council member," so that the N council members have to
cooperate to recover the private key. It is not clear to me whether the
design
calls for unanimity or "M out of N," but both variations are obviously
feasible.
> 
> Maybe I am just slow, but I don't see how in practice that fragmented golden 
key approach would be any more secure than the single golden key. It is
certainly
more complicated, which increases the probability of bugs and
compromises. And it
also provides a really big attack surface.

As I see it, it shifts the attack surface slightly away from
ubiquitous surveillance (although that could still happen) and
opens up a huge attack surface for various DDoS attacks.

Any actor who wants to shut this down can easily do so by
disrupting communications between any two of the nine servers -
making 72 different ways to kill it.

I am far less optimistic than Chaum about its ability to protect
privacy.  As I see it geographically distributing the servers to
different countries mainly insures either a "gift to" or an
"operation against" each of those countries from a cartel of
nations interested in ubiquitous surveillance.  At least insofar
as the servers are located outside those nations in the first
place.  He says he intends to keep one in the US?  Might as well
write that one off in terms of protecting the privacy of anyone.

And, if in fact these nine servers are free to cooperate (rather
than compelled to cooperate) to unmask malefactors, then all that
a particular malefactor has to do to be immune to such unmasking
is bribe or blackmail a single server operator.  Among nine they
can surely find one who will defect if suitably induced.

Finally, you have actions performed with anonymity by the selfsame
government agencies who can control the server in their country
in order to assure that they themselves are not unmasked.  This
creates an asymmetry of power in which government agencies can act
with impunity in terms of anonymity whereas anyone else runs the
risk that nine servers will cooperate to unmask them.

I normally respect David Chaum, but this is a pile of shit.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160107/61ca2273/attachment.sig>

More information about the cryptography mailing list