Efforts to break encryption in new crypto wars are ongoing, but there are many successes to recount in the past year.
Speaking in the closing session of the virtual ISSE Conference Professor Bart Preneel from the KU Leuven, where he heads the COSIC research group, said more and more research crypto has been published this year and he praised the work to enable contact tracing, but was critical of government and law enforcement’s efforts around end-to-end (E2E) encryption.
Saying the “crypto wars have come back again, something I’m doomed to live with for the rest of my life,” Preneel referred to the case in 1993 when AT&T introduced a secure phone with E2E-based on Triple DES, which the US government was not happy with “as it stopped them intercepting phone calls, especially outside US.” The clipper chip with key escrow project failed, and now the crypto wars have come back as cryptography has shifted from hardware to software.
He said there is a case for interception of those people communicating child abuse images, terrorist acts, and kidnapping cases, and governments are unable to access encrypted communications, “so the government has no access.” Preneel also said some people use Facebook Messenger for those purposes, and it is possible at the moment as it is not E2E encrypted, but Facebook announced E2E for Messenger to stop that channel of access, “and the stupid people will not be able to escape.”
He said this proposal was met with criticism as most people are not happy with backdoors, and as a society, we can agree to filter for abuse messages and images, but it could also be used against the freedom of speech of people you don’t like, and for political purposes.
“It keeps coming in different forms and shapes, but the debate is essentially the same and the main complaint is police and intelligence services have lots of metadata, once they find one person they can use that infrastructure to find other people, once you have metadata you have access,” he said. “It is a one-sided debate as law enforcement does not show what they acquired in the last 20 years, so that is actually a debate that is happening, and it is difficult to debate with one side who doesn’t disclose.”
Among other cryptography highlights from 2020, Preneel cited the breaking of RSA 250, where the researchers found two prime factors. “It is important as a large part of digital infrastructure relies on RSA,” he said. “It was amazing as they used so little power, and more effort and money was put in.”
Speaking on quantum computing, he said despite Google, Intel, and Microsoft building and spending in quantum computing research, there were no big examples of successes this year, even by companies “spending small fortunes.” He said in order to break RSA 2048 you will need something like 20 million qbits, and most companies were very far from that, so he predicted that we will be safe until 2035.
With regards to contact tracing, Preneel welcomed the work done to create apps that anonymized user details, and using decentralized proximity tracing (DP3T), he said there had been 57 million downloads of DP3T-based apps across 18 EU countries and Switzerland. He said: “There are still problems in integration in some national health systems, but it is a solution that seems to work. There are clear indications it works and people are being warned and it is cost-effective. The solution was security and privacy-friendly.”