07 - Historical Background: When Asymmetric Cryptography Was almost made Illegal

History of the Crypto Wars

From the opening of Cory Doctorow’s video (also in the next section):

Back in the late 90s, the NSA [US National Security Agency] classed cryptography as a munition and imposed strict limits on civilian access to strong crypto.

They said, “We can’t afford to have the criminals go dark, they’re going to hide behind crypto and we won’t be able to spy on them.” In the face of all that resistance, we finally came up with a winning argument.

We went to the [US Federal Courts] and said, “We believe that the first amendment of the US Constitution, which guarantees the right to free speech protects [citizens’ access to strong cryptography]. Code is a form of expressive speech in the framework of the US Constitution.” And this worked. The reason you folks can use [strong cryptography] is because we won this case.

As we mentioned previously, asymmetric cryptography presents an enormous challenge to larger structures of power, particularly those tasked with national security. The inability of governments to “crack” high-end public key encryption is an unusual position for these institutions. In fact, there are documented attempts of public institutions such as the NSA to create “backdoors” into public key cryptography protocols. Crucial to note in these “backdoor” attempts is that the math itself behind public key cryptography is not being compromised. What would actually be compromised is the way in which the math is being used by a piece of software. It’s the difference between saying a criminal organization has “hacked” the Ethereum blockchain protocol (unlikely) versus a criminal organization has “hacked” a popular Ethereum software client (less unlikely).

It’s nearly impossible to build a “backdoor” into a concept, like public key cryptography. However, it is possible to compromise a popular piece of software that implements that concept. This is why it is critical that blockchain projects are open-source and very careful about the ways they handle sensitive data for users (like private keys). We’ll get into that more when we discuss MetaMask’s LavaMoat initiative and general security for working in the blockchain space.

Now, we said it’s “nearly impossible” to build a backdoor into a concept like public key cryptography. The one way in which applied cryptography could be broken is if someone is able to solve what’s called the “P versus NP” problem (video explainer) It’s way too complicated to get into now, but essentially if someone could build a machine that defies the traditional physics underlying modern computation it would break our society’s cryptographic systems. Theoretically, it’s possible this could happen with quantum computers. But, while that technology has made recent advancements, it’s far from where it needs to be. Last note, it’s highly unlikely (not impossible) quantum computing is being developed secretly by a nation-state as the engineering, resources and conceptual breakthroughs required for its development are considered beyond the capacity of a world government. Exciting times!

If you’d like to read more about the Cypherpunk movement, you can read this article from Wired magazine in 1993 (archived version here).

Additional Links