Dr. David Chaum is a well-known inventor and cryptographer that has been titled as ‘Godfather of anonymous communication’. He is back once again with a new encryption scheme to finish the conflicts between privacy advocates and governments that is known as “Crypto wars”.
Chaums’ new encryption scheme named “PrivaTegrity” and provides secret, anonymous communications that no one can crack, whether a hacker or an intelligence agency. It’s claimed to be more secure and efficient on contrary to other online anonymity systems like Tor or I2P and will be fast enough to work as a smartphone app. It has not been approved that the project is fully coded and tested but the alpha version of the project is in a development phase on android platform to serve as an instant messaging app and more features such as larger file sharing for photos and video will be added in the future.
The controversial feature of PrivaTegrity is a controlled backdoor that prevent abuse of encryption by anyone doing something “generally recognized as evil”.
“Anyone using PrivaTegrity for something “generally recognized as evil” can have their anonymity and privacy stripped altogether.” reported Wired who published a detailed post on the topic.
Evil is defined by who controls that backdoor and this task is given to a sort of council system. It means nine server administrators located in 9 different countries need to work all together in order to trace criminals and their communications within the network.
While privacy advocates are against mass spying, law enforcement agencies argue that encryption has provided a heaven for criminals to hide their devilish activities. This suggested approach by Chaum satisfy the need of both sides of the crypto wars. Dr. Chaum says if we want to solve this apparent logjam:
“We don’t have to give up on privacy. We don’t have to allow terrorists and drug dealers to use it. We can have a civil society electronically without the possibility of covert mass surveillance.”
Mix network is an influential privacy idea that was coined by Chaum in 1979. It anonymizes messages by encrypting them in layers and routing them through a series of computers that serve as intermediaries. cMix is a new kind of mix network introduced by Chaum also to be used within PrivaTegrity. cMix designed to be far more efficient than the layered encryption scheme he created decades ago.
According to Wire.com, in Chaum’s cMix setup, a smartphone communicates with PrivaTegrity’s nine servers when the app is installed to establish a series of keys that it shares with each server. When the phone sends a message, it encrypts the message’s data by multiplying it by that series of unique keys. Then the message is passed around all nine servers, with each one dividing out its secret key and multiplying the data with a random number. On a second pass through the nine servers, the message is put into a batch with other messages, and each server shuffles the batch’s order using a randomized pattern only that server knows, then multiplies the messages with another random number. Finally, the process is reversed, and as the message passes through the servers one last time, all of those random numbers are divided out and replaced with keys unique to the message’s intended recipient, who can then decrypt and read it.
PrivaTegrity has nine-server architecture that makes possible its unique backdoor decryption feature. Only when all nine servers cooperate, they can combine their data to reconstruct a message’s entire path and divide out the random numbers they used to encrypt it, therefore, decryption cannot be done by one single server or even eight of the nine servers. “
It’s like a backdoor with nine different padlocks on it,” Chaum says.
According to Chaum, Amazon’s cloud will be used for the prototype of PrivaTegrity but in final version of the app, he plans to spread out to nine different countries and require each server to publish its law enforcement cooperation policy. List of these countries has not been published, but Chaum suggests they will be in jurisdiction of democratic governments such as Switzerland.
“It’s like the UN,” says Chaum. “I don’t think a single jurisdiction should be able to covertly surveil the planet…In this system, there’s an agreement on the rules, and then we can enforce them.”
Spreading the keys to decrypt communications among nine servers would prevent abusive government surveillance and make his backdoor far harder to hack. In addition, Chaum suggests developing unique security protections by servers’ administrator and even implementing distinctive code to PrivaTegrity’s protocol, avoid any single bug that could be common to all nine nodes.
“These systems would be far more hardened than even corporate systems, and to abuse the backdoor you’d have to break all of them,” he says.
If reality of PrivaTegrity meets descriptions of its potential, it could be a revolutionary encryption systems that can protect innocent people from spying without offering immunity to criminals.
“You have to perfect the traceability of the evil people and the untraceability of the honest people,” says Chaum
About the Author Ali Taherian
Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.
Edited by Pierluigi Paganini
(Security Affairs – PrivaTegrity, encryption)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.