Show simple item record

dc.contributor.authorWright, Charles V.en_US
dc.contributor.authorVaria, Mayanken_US
dc.coverage.spatialLondonen_US
dc.date.accessioned2019-09-04T14:18:52Z
dc.date.available2019-09-04T14:18:52Z
dc.date.issued2018
dc.identifier.citationCharles V Wright, Mayank Varia. 2018. "Crypto Crumple Zones: Enabling Limited Access without Mass Surveillance.." Euro S&P. 2018 IEEE European Symposium on Security and Privacy (EuroS&P). London, https://doi.org/10.1109/EuroSP.2018.00028
dc.identifier.urihttps://hdl.handle.net/2144/37650
dc.description.abstractGovernments around the world are demanding more access to encrypted data, but it has been difficult to build a system that allows the authorities some access without providing unlimited access in practice. In this paper, we present new techniques for maximizing user privacy in jurisdictions that require support for so-called “exceptional access” to encrypted data. In contrast to previous work on this topic (e.g., key escrow), our approach places most of the responsibility for achieving exceptional access on the government, rather than on the users or developers of cryptographic tools. As a result, our constructions are very simple and lightweight, and they can be easily retrofitted onto existing applications and protocols. Critically, we introduce no new third parties, and we add no new messages beyond a single new Diffie-Hellman key exchange in protocols that already use Diffie-Hellman. We present two constructions for crumpling cryptographic keys to make it possible-although arbitrarily expensive-for a government to recover the plaintext for targeted messages. Our symmetric crumpling technique uses a hash-based proof of work to impose a linear cost on the adversary for each message she wishes to recover. Additionally, our public-key crumpling method uses a novel application of Diffie-Hellman over modular arithmetic groups to create an extremely expensive puzzle that the adversary must solve before she can recover even a single message. Our initial analysis shows that we can impose an upfront cost in the range of 100Mtoseveralbilliondollarsandalinearcostbetween1K-$1M per message. We show how our constructions can easily be adapted to common tools including PGP, Signal, SRTP, full-disk encryption, and file-based encryption.en_US
dc.format.extentp. 288 - 306en_US
dc.language.isoen_US
dc.publisherIEEEen_US
dc.relation.ispartofEuro S&P
dc.subjectEncryptionen_US
dc.subjectGovernmenten_US
dc.subjectLaw enforcementen_US
dc.subjectSurveillanceen_US
dc.subjectExceptional accessen_US
dc.subjectProof of worken_US
dc.titleCrypto crumple zones: enabling limited access without mass surveillanceen_US
dc.typeConference materialsen_US
dc.description.versionAccepted manuscripten_US
dc.identifier.doi10.1109/EuroSP.2018.00028
pubs.elements-sourcemanual-entryen_US
pubs.notesEmbargo: No embargoen_US
pubs.organisational-groupBoston Universityen_US
pubs.organisational-groupBoston University, College of Arts & Sciencesen_US
pubs.organisational-groupBoston University, College of Arts & Sciences, Department of Computer Scienceen_US
pubs.publication-statusPublisheden_US
dc.identifier.mycv394172


This item appears in the following Collection(s)

Show simple item record