The CryptoWars or Crypto Wars make mention of a series of events carried out by different governments but especially the United States government for controlling cryptographic technology and in general violating our right to privacy.
Lhe war has always been the incubator for many technological advances around the world, and crypto has been no exception. From the beginning of human history this has been an inescapable truth.
Take, for example, the Caesar cipher. Created in the middle of the XNUMXst century BC, this system was used with a clearly military cut. Julius Caesar He used it to send communications to his generals. The intention is clear, only its generals could read the message. Only they knew how to decipher it, and that gave him a huge advantage in safely sending messages on the battlefield.
This situation continued to repeat itself to this day. Nazi Germany in World War II created the machine Enigma. A powerful crypto system that gave the Allies more of a headache. But the advances of cryptanalysis paid off and were able to break the encryption. The advantage to the Allies was clear. The Nazis sent secure messages from their system, but the reality is that the Allies intercepted and deciphered them.
At the end of the Second War, the arrival of the computer age, changed everything. Encryption systems became complex, computers would allow encryption systems to be analyzed and broken faster than ever. All this, in the middle of the Cold War and the constant fear of terrorism. This even led to classifying its citizens as "a national security danger."
This was the start of the Crypto Wars. A silent war, where the weapons are codes and computers. One in which the soldiers are people who fight for privacy and freedom, and where the enemy is the one who wants to control everything.
What are Crypto Wars?
The quickest and easiest definition of Crypto Wars is as follows:
Crypto Wars is an unofficial name for attempts by the governments of the United States and allied governments to limit public and foreign nations' access to strong crypto to resist decryption by national intelligence agencies.
The intention behind these actions is clear: no person or nation can count on encryption systems that national intelligence agencies could not break. In this way, no one could escape unscathed from spying by agencies such as the NSA, the CIA or the FBI. This situation arises from a hard time worldwide, the Cold War.
On the one hand, the Western block wanted to protect its communications and prevent strong encryption systems from reaching the Eastern block. On the other, they wanted to do the same. Both factions simultaneously wanted to spy on each other, looking for ways to break their systems. A situation that led to curious measures.
Crypto Wars - The Cold War
La Cold War led the United States and its allies to create strict export control standards. These were designed to prevent a wide range of Western technology from falling into the hands of the Eastern bloc. For the export of this technology "criticism", a license was required. Among the technologies protected by this means were; the encryption system. Even when they had a dual use (military and commercial).
This situation was driven by why the crypto sector was almost completely military after the Second World War. For that reason, encryption technology was included as an element of the Category XIII on the United States Munitions List. Multinational control of crypto export on the western side of the Cold War division was accomplished through the mechanisms of CoCom.
However, in the 1960s, financial organizations began to demand strong business encryption in the rapidly growing field of wire money transfers. The introduction by the United States Government of the standard DES in 1975, it meant that commercial uses of high-quality encryption would become common. It was then that serious problems of export control began to arise. In general, these were addressed through case-by-case export license application procedures submitted by computer manufacturers, such as IBM, and by their large corporate clients.
The arrival of the era of the PC and the Internet
The arrival of the age of the PC and the Internet marked a huge milestone in the creation of new encryption systems. It started with the efforts of David Chaum and creating your blind signature system. This advance allowed to sign messages in a cryptographic way without having to reveal information. One of the beginnings of what would later become the basis for the Zero Knowledge Protocol (ZKP). Then with the beginnings of the movement cypherpunk A strong need for secure crypto systems was born.
This is for the sake of maintaining privacy online and avoiding espionage of citizens by government agencies. In this point Timothy C. May, marked the way forward. With the launch of its "Cryptoanarch Manifesto" In the year of 1988, May called the world to defend itself against a clear violation of privacy. A practice that from his point of view would become more and more common with the advent of computer networks, which we now know as the Internet.
The birth of the cypherpunk movement brought together personalities like Eric Hughes y Adam Back. Both responsible for creating the Cypherpunks mailing list. This was an important meeting point to publicize projects in favor of security and privacy.
At this point begins what was perhaps the hardest period of the Crypto Wars.
The arrival of PGP and its impact on Crypto Wars
The arrival of software PGP in 1991, it marked the beginning of the flare-up of Crypto Wars. This software created by Phil Zimmerman, was intended to allow the sharing of messages privately and securely. However, the United States government considered it "one ammunition" In this way, the PGP software was subject to export licenses.
This action by the US government was aimed at preventing strong crypto systems from falling into the hands of civilians and foreign governments. At the time, the U.S. government was also pushing to plant weaknesses in various hardware and software crypto systems. All in order to allow their agencies to break the encryption and thus facilitate their espionage activities. This was rightly viewed as a serious violation of privacy, rights and a huge security hole by cypherpunks.
Since encryption of the public key was considered ammunition, T-shirts like this were created as a form of civil disobedience. On the shirt, the five-line Perl implementation of the algorithm was written RSA created by Adam Back.
Expansion and flare-up
The fight for privacy between users and governments grew stronger. At this point, the US government and its allies were tightening their grip on encryption systems. It was at this point, where efforts like that of the chip occurred Clippers. This chip that was used to “securely send voice and data”, contains a backdoor created by the NSA. In this way, the NSA could literally spy on any phone device that will use a chip. Clipper.
This effort was also joined by weakening encryption A / 51 used in telephone networks GSM. The very simple objective, to facilitate espionage since the original operation of the system was not vulnerable at the moment. This situation was disclosed in 1994, almost 10 years after the standard began to be discussed.
The arrival of the new millennium and Edward Snowden
With the arrival of the new millennium, government efforts to control all crypto space continued. One of the best known projects at this point was the program Bullrun of the NSA. In declassified documents by Wikileaks of Edward Snowden, talk about this program and its objectives:
Introduce vulnerabilities in the commercial encryption systems, IT systems, networks and endpoint communication devices used by the targets.
With this vision Bullrun He used a whole series of tricks to guarantee his goal. From the intervention in the design of cryptographic systems, to the creation of computer systems capable of analyzing and violating encryption systems. The results were surprising. One of his main achievements was Dual_EC_DRBG, a random number generator for elliptic curve systems. With it, the NSA could violate all elliptic curve algorithms. All this because the random number generator is weak. An example of the capacity of this vulnerability could be seen when access to the firmware of the PlayStation 3. All this because Sony used this "standard" in its hardware.
The case of Dual_EC_DRBGIt spread so much that it even came into the hands of RSA, a pioneer in cybersecurity. The company was embroiled in a great scandal. RSA received $ 10 million in exchange for using Dual_EC_DRBG in their products. This contravenes what precisely said company must grant: security.
Another important achievement of the program was the reduction in the security levels of the SSL / TLS protocols used on the Internet. For example, the standard elliptic curve used by certifying companies (secp256r1), may be committed by the Bullrun program.
New attacks and responses
At this point, there is no doubt that the power of governments to attack everyone's security and privacy is immense. However, just as powerful are the responses to these cases. An example of this situation is the NSA program, TEMPEST. This was an old-time program that started in 1950. It had two purposes: to protect military equipment and to create information theft methods for those who did not have such protections. In 2001, a Wall Street Journal paper talked about TEMPEST and its scope. However, the article was taken as fanciful. But in 2002, the whole truth came to light, thanks to several documents being declassified. The community response to this was to create countermeasures that will help mitigate the situation, such as the SoftTEMPEST.
To the many attacks that have been made against security and privacy, the anarchist crypto community has responded. Blockchain technology, advanced zero-knowledge protocols, and newly developed crypto systems are an example of this. And that is a situation that will not change, as long as civil liberties, security and privacy are in jeopardy.
Implications and consequences of Crypto Wars
The implications and consequences of Crypto Wars are varied and controversial. However, among them the following can be mentioned:
- The need for good level cryptographic systems to safeguard data and privacy was understood. It was no longer a military and government problem, it was a general problem that affected everyone.
- It led to the creation of a wide variety of cryptographic technologies and techniques in order to improve security. Blind signature systems, zero knowledge protocols, asymmetric cryptography, all were created in between and in response to Crypto Wars.
- He made public that governments, their institutions and companies manipulate public-level cryptographic systems at will. "Security" was nothing more than a fallacy, one that allowed them full control.
- It led the organization of communities to deal with the (mostly illegal) activities of governments against privacy. The birth of the Cypherpunks or the EFF occurred in these years. Organizations that are still struggling to preserve the rights to privacy and security of our data.
- It was understood that the Internet is a good tool to strengthen ties worldwide. But also, it was a perfect tool to spy on and realize the dream of the Orwellian Big Brother.
How much do you know, cryptonuta?
Was CryptoWars and the civil movement to fight them vital for building public encryption systems and even vital for the birth of cryptocurrencies?TRUE!
The civil movement that was born to oppose the government's attempts to control with the CryptoWars marked the beginning of a fight for the privacy of our data and our digital life. The birth of encryption software, the spread of its use or the birth of institutions like the EFF are part of these achievements. Even its impact is such that much of the road traveled towards the development of cryptocurrencies is thanks to this movement and the victories achieved.
Crypto Wars trivia
Snefru
This is a project of Daniel bernstein. It is inspired by a work produced by Ralph Merkle for Xerox-PARC in 1989. Snefru is a hash function written in 1990, when Bernstein was still a student at New York University. With Snefru, Bernstein played with export laws. I knew that encryption systems were subject to restrictions, while hash functions were not. So Bernstein wrote a program that transforms the Snefru hash function into a powerful crypto system. This other program is called Snuffle. For it to work, both sides were needed, otherwise it was useless.
Bernstein later explained that: "It turns any good hash function into a good encryption function."
Canada a cryptographer's paradise
Despite strong action by the United States and many of its allies, Canada had a different approach. Its crypto export laws were much more flexible. This served so that many projects interested in it will move to that country. This is the case of OpenBSD, a UNIX-based and security-focused operating system.
OpenBSD by default includes many cryptographic systems that at the time were classified as military grade. In fact, the project still maintains that profile being one of the safest systems in the world. Thanks to the flexibility of Canadian law, OpenBSD could be exported anywhere in the world. This is in contrast to the American counterpart, where such action could not be performed.