Global Encryption Day and the War Against It

Breaking encryption would put at risk billions of lives and secrets for there stands no doors only for the good or bad people. A door is a door -- anyone can come through.

No wonder that humans are a top-quality species compared to others but they are equally confused when it comes to taking decisions, which is why major (or many) decisions happen in groups and not taken by a single person or entity. But what is surprising when people who aren’t even into the domain take decisions for the world which will be detrimental to them as well as the fundamental functioning of society in the long run. For the initiated, you might understand where I’m coming from. I had written an article on that on Telegraph but haven’t found it at the time of writing — will attach it if I find it.

hashed text

What is encryption?

According to Wikipedia, encryption in modern day can be defined as, “The process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.” Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. For the uninitiated, at its most basic level, encryption is “the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties who have the key to unscramble it can access it.” You can learn encryption in detail over here.

The most ancient use of encryption was in Egypt which was first found in the tomb of Khnumhotep II who lived in 1900 BC. Then the significant use of encryption was done by the Spartans’ Scytale & Roman dictator Julius Caesar. His encryption cipher is popularly known as the “Caesar Cipher” and was used to encrypt his messages to the generals on the field. That was the most basic use of encryption-decryption and could be pretty easily cracked. But now, the encryption algorithms have changed and have become much more robust and powerful than their past counterparts. The present is most secure.

I put it that way because we don’t know the future of quantum computing. Quantum computers have the ability to use 0 & 1 bits simultaneously which makes them immensely faster than the present-day computers. Something that would take 12 years to de-factorize in order to find the decryption key could be done within hours using a quantum computer though thankfully we don’t have large scale access to these machines to be able to crack and find the decryption keys. So, there is evident threat to modern encryption from a quantum computer, which a few people have realized, thankfully enough.

The evolution of encryption

The evolution of encryption is inherent and a necessity (mother of all inventions they say). We’ve come a long way from the Scytale to Roman encryptions - the most basic forms of encryption using the shift cipher: shifting the alphabets by a few digits, say, C = A which is a classic example of backshift cipher by 3 units. The first actual use of modern encryption was done during the World War 2 when the Germans created the Enigma machine to encrypt their military, diplomatic and other such communications. If I recall properly, it was German Reich that invented the machine which spurred an allied war effort to break it.

The machine was so good because they had the proper tech. To decrypt, it would take 17,000 combinations within 24 hours which gave the Reich a head-start and their strong belief in their creation. To speak of German software engineering in specific, it can be compared to a Sniper and an American cowboy. You might think this of a weird analogy but it’s true. A sniper works on the target and observes it but when it is time to attack, he figures out that the target has moved. The cowboys go without any recon and plainly attack which achieves the goal, even though a little roughly. To put it mildly, Germans develop robust tech but a little behind.

In the early 1970s, encryption was mainly used by governments and military — objectively due to their kind of work which had to be shrouded in secrecy and also because computers were very expensive and the need for data retention. The retail users (general public) used offline pen-paper records and documentation so they didn’t feel the need for encryption. The first mainstream use of encryption was due to the development of the World Wide Web and the widespread use of computer systems by the general public.

Both industrial-commercial and personal communication had to be protected. For example, financial services were some of the first to require secure electronic transactions. Other businesses wanted to secure their digitally stored trade secrets. Finally, individuals wanted to rest assured that their online communication was secure. Today virtually all digital communication is, or should be, encrypted. It was an area and time of digitalization where people realized that digitizing their data is economical and very beneficial in the long run as they can lessen their reliance on paper documents which were to go bad when kept for longer periods.

The encryption algorithms

As noted above, encryption can be classified into two types: symmetric & asymmetric encryptions which are named after their key-sharing practices. In symmetric encryption, the same key is used to encrypt and decrypt the messages; therefore, it is important to consider a very secure method to transfer the key. In asymmetric encryption, a key pair is used to encrypt and decrypt messages/contents. It has two keys: a public and a private key. The public key is given to authorized users or public at large to encrypt the message whereas the private key is used to decrypt the messages encrypted using the corresponding public key.

RSA Encryption is the most popularly used asymmetric encryption algorithm which was named after its creators — Rivest, Shamir & Adleman. It generates a public-private key pair using large prime numbers algorithm. Although the two keys are mathematically related, calculating the private key from the public is extremely complex and time-consuming, thanks to a mathematical problem called prime factorization. The RSA algorithm also laid down the foundations for modern authentication methods as the use of a private-public key pair was perfect for identifying if the sender is who he says he is and also ensured better safety in messaging.

Rijndael, or popularly known as Advanced Encryption Standard is an encryption algorithm based on symmetric encryption technique. While as good as the rest and better than others, it is kind of not viable to be used for encrypting digital communications, but instead be preferred to encrypt data at rest as it has more applications there given the same key can be used to encrypt and decrypt the data. As the data is not in transit, good storage security with AES 256-bit encryption would prove useful. AES is also used for web security by combining it with TLS/HTTPS/WEP encryption methods. That is how you can be sure your card details are not snooped by some third party during a transaction.

Don’t shoot the messenger

Politicians often try to score points by blaming encrypted messaging apps for all the evils of modern society. Government officials call for backdoors in popular end-to-end encrypted apps to "stop terrorism", neglecting the fact that this can't and won't work. Worse than useless, undermining encryption can only expose hundreds of millions of lawful users to hackers and corrupt officials in less fortunate countries – as well as make unchecked mass surveillance possible again.

People mostly fear that terrorists would use encrypted apps to send secret messages to prepare and coordinate their attacks. If you don't look too closely, it may indeed seem tempting to simply ban end-to-end encryption to stop terrorists from exchanging coded messages. The sad truth is that this will not work. Terrorists are prepared to face great discomfort to ensure that their communications are secure and their task is successful, including the ultimate discomfort of death. So, if you ban or backdoor existing messaging apps, they will immediately switch to one of the following tactics:

1. Make their own apps: Terrorists are willing to go to great lengths to be successful which also includes making their own apps. We see every day in news when we learn that a terrorist is nothing but a person hard lined by his past. Where did he study? In a very prestigious college. Someone went to prestigious institutes and became a terrorist. So that begs the question, why do you think they’d not make their own apps if they did a master in software engineering from MIT? End-to-end encryption is public knowledge.

2. Use coded language: Steganography is a fancy word for hiding information in plain sight. You can use any public or monitored channel safely if only you and your intended recipient know what "Uncle Alex is going tomorrow" means.

3. Use other methods of communication: You, as an ordinary user, would not want to buy a new phone, make one call, write one text message, and then throw the device into a dumpster. But this is exactly how the Paris terrorists communicated to organize and carry out the deadliest ISIS attacks in Europe to date.

It is not possible to build a backdoor that can be exclusively used by the "good guys". If a backdoor exists in a service, it is only a matter of time before hackers find an unofficial way of using it to get to your data. And if you live in South America, Russia, China, or many other regions, you may find that the official use of those same backdoors may differ wildly from what you can expect in societies with a stronger rule of law.

The future of encryption

As we move to cloud storage technologies and our data gets bigger and bigger, more intimate and complex, we need to make sure we have strong encryption standards. Signal Messenger has upgraded its encryption protocol to make sure they’re quantum resistant. End-to-end encryption plays a very important role in protecting the data of general public and government servants. A move to backdoor could be misused by wrong people and harm — what if they hack a government representative and leak his communications which would have national security implications?

We need stronger and wider encryption in our daily communications instead of it being weakened. On this day, let us take an oath to strengthen our encryption practices and resist efforts to weaken what we have.