This is a most excellent place for technology news and articles.
Its funny, I'm watching this show called Prime Target and basically the NSA is trying to prevent people from figuring out some sort of mathematical equation that would instantly break all encryption and talking about how it would be the end of the world as we know it.
Meanwhile the EU is forcing everyone to put in an express lane IRL.
I haven't seen that show, but it sounds like it has a basis in reality: there has been a real concern that quantum computers might be able to break much of current encryption because they are far quicker than classical computers at problems like finding the prime factors of a number, and widely used schemes like RSA encryption depend on that being hard to do. And that could be fairly catastrophic, not only for current communications and for data encrypted at rest, but because communications data can be collected now and decrypted later when the technology becomes available. As far as we know, no one has done it yet, but quantum computers are developing rapidly so the day may well come. So there's a reason to move to encryption algorithms that are hard for quantum computers, even before such computers become a practical reality.
They do talk about quantum computing in the show in a different context, saying it's still a decade away. Their tech has something to do with Prime numbers (hence the title).
But also several companies already advertise "quantum resistant encryption" for whatever that's worth.
I'm no cryptographer, so take this with a good heap of salt.
Basically, all encryption multiplies some big prime numbers to get the key. Computers are pretty slow at division and finding the right components used to create the key takes a long time, it's basically trial and error at the moment.
If you had an algorithm to solve for prime numbers, you could break any current encryption scheme and obviously cause a lot of damage in the wrong hands.
Basically, all encryption multiplies some big prime numbers to get the key
No, not all encryption. First of all there's two main categories of encryption:
The most widely used algorithms of asymmetrical encryption rely on the prime factorization problem or similar problems that are weak to quantum computers. So these ones will break. Symmetrical encryption will not break. I'm not saying all this to be a pedant; it's actually significant for the safety of our current communications. Well-designed schemes like TLS and the Signal protocol use a combination of both types because they have complementary strengths and weaknesses. In very broad strokes:
This is crucial because it means that even if someone is storing your messages today to decrypt them in the future with a quantum computer they are unlikely to succeed if a sufficiently strong symmetric key is used. They will decrypt the initial messages of the handshake, see the messages used to negotiate the symmetric key, but they won't be able to derive the key because as we said, it's safe against eavesdropping.
So a lot of today's encrypted messages are safe. But in the future a quantum computer will be able to get the private key for the asymmetric encryption and perform a MitM attack or straight-up impersonate another entity. So we have to migrate to post-quantum algorithms before we get to that point.
For storage, only symmetric algorithms are used generally I believe, so that's already safe as is, assuming as always the choice of a strong algorithm and sufficiently long key.
That's a comment I was hoping for, thanks :)
Yep that's kinda how they explained it, too.
If this is passed, would this only apply to people in France? Like Signal and WhatsApp, etc, could they make a different version of the app / backend that's unencrypted just for them? Is that even possible? I can't imagine Signal adding a backdoor for everyone in the world.
Or would they just outright pull their software / apps from being used in France? But then what's stopping someone in France from sideloading the app and using a VPN?
But then what’s stopping someone in France from sideloading the app and using a VPN?
The need for a phone number and SMS verification to create an account. Signal should do something about that.
There are ways around that, but the goal isn't to stop everyone from using E2EE; it's to make E2EE non-mainstream.
Nothing technically stops you. But if the government can prove you have been using Signal, all of a sudden you can be in a lot of trouble. This could be used for political oppression. Plus, the fewer the number of countries allowing E2EE, the less incentive there is to make or distribute such software. As it becomes harder to find, most people will end up using sanctioned, backdoored software, which makes the few that don't stand out even more.
I don't think the current proposal in France sanctions individuals for using E2EE; it sanctions service providers for providing it.
It is possible to do, to some extent. Everything's possible. But then, when people that are on both side of this encryption barrier wants to talk, then both must use unencrypted messages. You'd also have the obvious case of someone having a phone/device/account from country A temporarily crossing through country FuckingFranceOrUK, so what do you do in that case?
You'd need to implement that, add UI features to know if you're using encryption or not, and above all, it's fucking stupid and against what most sane messaging solutions wants to do.
I'm sure it's possible to find people that would gladly do all that. Hopefully those people are not in the business of making all the useful communication services we currently use.
😂 a crosspost from privacy cross posted from Europa
not at all arguing this is okay, not even a little
but
If you are the French government, and you know what the French populace has a history of doing to the French government, it would be understandable to want to keep your eye on them, no?
again. It ain't cool. But I'm honestly surprised they didn't hop on the "intrusive surveillance" bandwagon sooner, like, as soon as mass surveillance became feasible, and have the privacy laws they do.
