Behind the Facade Paradigms in Ubiquitous Cryptography

摘要

Despite continued maturation since the latter half of the last century, cryptography still bears the vestigial traces of its roots as an arcane art. Cryptographers have abandoned any fondness for obfuscation and turned to the irrevocable properties of mathematics and prime numbers to ensure the privacy of those who would wield their tools. Notwithstanding its apparent modernity, the majority of recent cryptosystems have not enjoyed widespread adoption. Usage is limited primarily to the sophisticated elite who possess the time, interest, and inclination required to understand the behaviour of these systems, if not necessarily their inner workings. While we may find more apt metaphors for conveying the complex properties of ciphers and cryptosystems, the effort behind such ad-hoc approaches will always have to be adapted to suit new algorithms, and will have to contend with their ostensibly simpler plaintext counterparts. mastodon accountt new primitives can continue to be described in terms of progressively more elabortate boxes, locks, and keys, it is difficult to imagine an explanation sufficiently compelling to extend to all those who do not enjoy the luxury of privacy. Modern cryptographers have embraced Kerckhoffs's principle, that: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge We will argue that this is insufficient, and that a second principle is necessary: A cryptosystem should be secure even if nothing about the system, except the plaintext system it replaces, is familiar to its operator In simpler language, assuming they seek a future in which everyone is able to control the spread of their personal information, those in the field of cryptographic development must create systems which are difficult to misuse. We will present CryptPad, an open-source, browser-based suite of collaborative editors which employs end-to-end-encryption to protect the contents of user documents from passive surveillance, including that of the server operators. It implements familiar fagades (login and registration forms, document curation facilities, access control policy definition, and a variety of applications) using a small set of common cryptographic primitives. While the underlying mechanisms of the system are not especially sophisticated, their properties are sufficient to facilitate schemes matching existing user expectations as set by established plaintext platforms. Though we will refer to established systems as the initial results of this design philosophy throughout, our goal is to describe in concrete terms the methodology which continues to shape their development. We will outline the benefits of this paradigm of system design, describe the aspects of various cryptographic algorithms which challenge users and developers alike, and recount the results of our iterative user acceptance testing. We will demonstrate the value of serving an audience which is uninterested in the technical details of the platforms they use, exploring not just the abstract notion of the network effect, but detailing the types of social networks through which we have observed the adoption of the platform. By reframing issues of deployment in this manner, we hope to contribute towards the wider accessibility of cryptographic research beyond the purview of its core constituents. In order to move towards our envisioned future of ubiquitous cryptography, we must dissociate the means of securing information from the experience of doing so.