Tinkering with keys weakens encryption
Politicians sometimes claim to have the solution to "the problem of encryption". They think encryption is important, but they also want the police to be able to read along. Therefore they propose to "just" add an extra key and "leave the encryption untouched". But is it?
Relying on math
Encryption is a way of protecting data by making it unreadable to anyone other than the intended recipient. When you send a message via WhatsApp, the message is encrypted on your phone and can only be made readable on the recipient’s phone. Making it unreadable is done through a mathematical process. The arithmetic involved is called the algorithm. A strong algorithm is a mathematical calculation that is so difficult that you can only solve it if you have the keys, or an unrealistic amount of computer power. And that is what makes encryption so suitable for everyday use.
The public discussion about encryption often revolves around whether or not to break the underlying algorithm. That is not surprising. Malicious parties and government agencies usually do not have the key used to encrypt messages so that there is nothing left but to break through that algorithm. Because computers develop at a rapid pace, an algorithm that was previously considered unbreakable may now be solvable. Yet that algorithm is not where the greatest risk lies. After all, the use of an algorithm is nothing more than the fully automated application of a mathematical principle.
No, the greatest risk is in the management of the keys. Indeed, this is where the human role is greatest. Because someone has to create those keys, keep them secret and sometimes revoke them. And where people play a role, mistakes are made or someone can be misled or bribed. We have known this for a long time. The 25-year-old research report “Why Johnny Can’t Encrypt” describes how users of an at that time unbreakable algorithm made mistakes when encrypting messages. As a result, information is unintentionally sent unencrypted or users unintentionally share keys that they are supposed to keep secret. And it is not just users like you and I who make these kind of mistakes. Even the best-known U.S. intelligence agency loses the most sensitive information from time to time.
In short, if you are talking about the security of encryption, you should also be talking about key management. Or maybe especially so. Therefore, a well-known saying (at least among security experts) is, “Hackers don’t break encryption, they find your keys.” We need to worry less about breaking the algorithm and focus more on handling keys. Key management is an integral part of the whole of encryption. You cannot say that you are not weakening the encryption (for example, because you are not modifying the underlying algorithm) if at the same time you are tinkering with the key management or configuration.
Do not let yourself be fooled by a politician who says that she or he is “just” adding an extra key and therefore is not weakening encryption. That kind of solution is actually destructive to the trust in the technology. It is the same as if you were to impose restrictions on the strength of the algorithm. Both weakenen the system as a whole. We can only trust encryption, and therefore the security of our confidential data, if the whole of encryption is unaffected.
The article was first published here.
The article is also available in Dutch.
(Contribution by: Rejo Zengert, Policy Advisor, EDRi member, Bits of Freedom)