Now spies can use secret handshakes when they meet to confirm who they say they are. A team of researchers at the Stevens Institute of Technology and their colleagues have unraveled a 15-year old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email, a challenge once believed to be impossible.
The study enlarges the value of the technology not for intelligence agencies and Web-savvy spies, but for anyone with interest in secure online communication, including journalists, financial workers, lawyers, medical professional, and others for whom security and privacy are critical priorities.
Among the researchers was Guiseppe Ateniese, who led the work, David, and GG Farber Endowed Chair in Computer Science. Ateniese explained that the demand for tools like this is incredible and privacy is growing more and more critical, and encryption is essential for almost everyone.
Digital handshakes, like in-person handshakes, use real-time interactions to verify the identities of participants. This tool is suitable for live communication including online chats. The machine, however, is a deal breaker for email-style conversations, in which messages may need to be decoded long after they were initially sent.
The Ateniese team along with Danilo Francati, a doctoral student of Stevens, as well as Daniele Venturi from Sapienza University of Rome and David Nunez from Nucypher, a cryptography company, combined existing key-based cryptographic algorithms in a novel arrangement to create a system called matchmaking encryption which simultaneously check the identities of both sender and receiver before decrypting a message. The crucial aspect is that matchmaking encryption does away with the need for real-time interactions, allowing messages to be sent on a "dead drop" basis and read at a later date.
Atenises explained further that a dead drop is similar to when a spy leaves a message behind a rock. They can use the information when they need to send a message to someone who is not at the moment but will find it if he or she is the intended recipient.
Also, they can use matchmaking encryption for individual-to-individual communication but also allows users to designate classes of people with whom they are willing to communicate. A Philadelphia FBI agent could make their messages accessible only to CIA agents in New York such as while CIA agents in New York could refuse to accept messages from anyone other than Philadelphia-based FBI agents.
To demonstrate their concept, the researchers built a bulletin board of matchmaking encryption accessible via the Tor Browser, a web browser that anonymizes one's web traffic, making it easy to protect one's identity online. Individuals using it can inspect the bulletin board for messages that are equivalent to their policies and for which they match the sender's behavior, and decrypt them in a few milliseconds, an indication that the matchmaking encryption system doesn't excessively hurt computing resources, suggesting it is both practical and efficient.