Researchers have found a way to put handshake-style encryption in email and other communication tools, which is good news for spies.
Secret handshakes have long been a method of verification for spies in the field, but digitally things are about to change in a big way. Similar to the physical handshake, digital handshakes are used to verify communication participants’ identities in real time.
While fine for instant messaging, it has proven impossible to replicate in communication methods such as email whereby messages may need to be decoded long after they were originally sent.
However, a research team from the Stevens Institute of Technology has revealed a new cryptography breakthrough that could solve this 15-year-old problem. This could be hugely beneficial not only to intelligence agencies, but anyone with an interest in secure communications, such as journalists and doctors.
“The demand for tools like this is incredible,” said Giuseppe Ateniese, who led the research. “Privacy is growing more and more important, and encryption is essential for almost everyone.”
To achieve the breakthrough, Ateniese and his team combined existing key-based cryptographic algorithms in a novel arrangement to create a system called matchmaking encryption. This simultaneously checks the identities of both the sender and receiver before decrypting the message.
Opens ‘new frontiers in secure communication’
Crucially, matchmaking encryption does away with the need for real-time interactions, allowing messages to be sent on a ‘dead drop’ basis and read at a later date.
“A dead drop is like when a spy leaves a message behind a rock,” Ateniese said. “It can be used when you need to send a message to someone who’s not there at the moment, but will find it if he or she is the intended recipient.”
To use this form of encryption, both parties create policies – or a list of traits – that describe the people with whom they are willing to communicate. When both digital policies are happy that each party is who they say they are, the message will be sent.
Aside from person-to-person communication, it could also be used to group classes of people together. So, for example, CIA agents in New York could refuse to accept messages from anyone other than Philadelphia-based FBI agents.
Messages that don’t fit the bill will not be decrypted, with no information being sent. Team member Danilo Francati said: “This is important for intelligence – I don’t want to reveal to you that I’m an FBI agent, so I want assurances that you are who you say you are. Matchmaking encryption provides that assurance as well as a level of privacy that’s stronger than anything else that’s available.”
The team believes that the breakthrough opens “new frontiers in secure communication” and that additional applications will quickly emerge as researchers explore the new technology and make matchmaking encryption more powerful.
Ateniese will present the team’s findings at the upcoming Crypto 2019 conference.