Update some citations
This commit is contained in:
jaseg
parent
2197956736
commit
ebf05f2548
5 changed files with 171 additions and 78 deletions
|
|
@ -12,11 +12,12 @@ All Cops Are Bastards, or ACAB is a slogan popular in far left and anarchist cir
|
|||
that expresses a rejection of state authority~\cite{constantinouAppliedResearchPolicing2021}. While politically, this
|
||||
blanket rejection is a fringe viewpoint with no mainstream acceptance, there exists an interesting parallel between this
|
||||
and modern cryptographic best practice. In modern cryptography, it is generally seen as best practice to have the least
|
||||
amount of keys possible involved in any computation, and cryptographers have time and time again strongly rejected
|
||||
amount of keys possible involved in any computation. and cryptographers have time and time again strongly rejected
|
||||
attempts by states and other authorities to insert backdoor access mechanisms into cryptographic systems~\cite{
|
||||
abelsonRisksKeyRecovery1997,
|
||||
abelsonKeysDoormats2015,
|
||||
andersonSecurityEngineeringGuide2020,
|
||||
rogawayMoralCharacterCryptographic2015,
|
||||
}.
|
||||
|
||||
The aversion of cryptographers against backdoor access shows up everywhere. From cryptographic protocol standards like
|
||||
|
|
@ -70,16 +71,26 @@ businesses.
|
|||
|
||||
\section{Cryptographic Principles and Physical Reality}
|
||||
|
||||
% cypherpunks: andersonCypherpunkEthicsRadical2022
|
||||
% cypherpunks: hughesCypherpunksManifesto
|
||||
% cypherpunks: CryptoWarsFight
|
||||
% moxie / "we should all have something to hide": marlinspikeWeShouldAll2013
|
||||
\todo{Cite cypherpunk and hacker movements}
|
||||
Cryptographers' aversion to backdoor access derives from a combination of two fundamental computing principles:
|
||||
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs' principle, named after Dutch military
|
||||
cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system should only depend on the
|
||||
secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle states the opposite of the
|
||||
widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security by making it sufficiently
|
||||
annoying to cryptoanalyze a system that nobody bothers. Complementary to Kerckhoff's principle is the principle of least
|
||||
authority, which describes that in a secure system each component should only have access to the smallest set of
|
||||
capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that the system's design
|
||||
should be transparent and not include any hidden components or opaque parts that cannot be inspected, and that the
|
||||
system's keys should be scoped to place the least amount of trust possible in each participating party.
|
||||
Kerckhoffs' principle, and the principle of least authority. Kerckhoffs'
|
||||
principle\footnote{
|
||||
\textcite{petitcolasKerckhoffsPrinciplesCryptographie} contains a high-quality OCR'ed copy of the original source, as
|
||||
well as a translation of the cited part from French. The original source is
|
||||
\textcite{kerckhoffsCryptographieMilitaire1883}.
|
||||
}, named after Dutch military cryptographer Auguste Kerckhoffs, expresses that the security of a cryptographic system
|
||||
should only depend on the secrecy of its keys, not on the secrecy of its design. In this way, Kerckhoff's principle
|
||||
states the opposite of the widespread industry practice of \emph{Security by Obscurity}, which aims to achieve security
|
||||
by making it sufficiently annoying to cryptoanalyze a system that nobody bothers. Complementary to Kerckhoff's principle
|
||||
is the principle of least authority, which describes that in a secure system each component should only have access to
|
||||
the smallest set of capabilities necessary to fulfill its purpose. Applying both to a cryptographic system means that
|
||||
the system's design should be transparent and not include any hidden components or opaque parts that cannot be
|
||||
inspected, and that the system's keys should be scoped to place the least amount of trust possible in each participating
|
||||
party.
|
||||
|
||||
Let's take a basic videoconferencing system as an example. In our example system's deployment, users log on to a central
|
||||
conference server, which receives and distributes the users' video streams. Allowing backdoor access to the video
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue