Skip to main content
  1. Posts/

Encryption: Breaking the Lock

·20 mins

Encryption has become ubiquitous in our everyday life, to the point that it fades into the background. This page is served over an encrypted connection, as are most web pages. Our phones are generally encrypted, many laptops are encrypted, and virtually all communications that travel over the internet are encrypted in transit. To explain the utility of the technology of encryption, we often use the metaphor of “lock and key”. This metaphor is not wrong, but it is limited in a way that I think would benefit from broader understanding. This becomes particularly important when we start talking about public policy, and the relationship between encryption and governments.

After the explainers, I will opine for a bit on the current and upcoming news, as the technology and the world around it have both changed a lot in the past few years.

Lock and Key #

The encryption/lock metaphor is fairly straightforward. A lock is a device that restricts access to “something”. The lock is activated with a key, making that “something” accessible. Thus, we ensure that only authorized people may access that “something”, by only sharing the key with authorized people. Encryption is similar, but for data: It has a key, only shared with parties who should have access to the data. Without the key, the data is unreadable. However, by processing the data with that key, we can render it into a readable format.

This metaphor glosses over some details, but broadly speaking, it gives a fair understanding of what encryption does and how it works. However, there are a few lies here—some about encryption, and some about actual, physical locks.

The Technology of Physical Locks #

When we imagine a lock, we imagine a physical device, like a padlock, a deadbolt, or a safe. These devices use mechanical or electro-mechanical components in order to maintain and transition between two possible states: “locked” and “unlocked”. The device is built to transition state easily when presented with its matching key, but to resist transitioning state, especially from “unlocked” to “locked”, without that key. A mechanical component of the lock usually comes out of it, in order to create this physical effect, which allows us to link the system of the “lock” with other systems, like a door. On a deadbolt lock, this s the bolt. On a padlock, this is the shank. This part is also generally pretty sturdy, to avoid being circumvented by physical means.

However, locks are not absolute. They can be tricked, bypassed, broken, or used improperly. In one sense, this is an inherent limitation of the technology. In another sense, this is absolutely vital to the function of our society.

picture of a gate, locked with a padlock, which is free-standing and not connected to a fence, allowing anyone to simply walk around it, illustrating the pointlessness of a lock which is improperly installed

It is important to understand that locks are not purely a mechanical technology; they are also a social technology. A padlock is pretty easy to defeat, a mere $25 for some bolt. Despite this fact, people generally expect that when leaving their things in a public locker, their things will still be present upon return. This is because if a random person walks into a locker area with a pair of bolt cutters, a fuss will be raised, the person will likely be threatened, and police will likely show up. Even if the perpetrator escapes, they will likely show up on camera footage. These things are not inherent, nor are they properties of the mechanical device. Rather, they are properties of the associated social technology.

This is something that is broadly understood within the physical security industry. The purpose of a lock is not so much to “deny” unauthorized access, as it is to “delay” unauthorized access. This is also evident in the certification of safes; their security ratings are not based on whether it can be broken into with certain tools, but how long it takes for a person of sufficient skill to break in with a specific set of tools. The greater time and difficulty makes the attacker more conspicuous, more likely to be seen, heard, or caught on camera.

This is because the goal of a lock is not to prohibit access completely, but to impede or dissuade an attack, either ensuring that the attacker gets caught, or preventing the attack completely with the threat of catching the attacker.

In a similar vein, locks are an important construct from a legal standpoint. A part of the social technology of a lock is that, when a person encounters a lock, they may infer “this is private property that the owner wishes to exclude me from”, similar to a sign. Where opening a closed door may be trespassing, picking or circumventing a lock to open that door will usually upgrade the severity of that crime to “breaking and entering”, and may be used in assessing the criminal’s intent. “I was looking for the bathroom” becomes a less plausible excuse, if you’ve just finished drilling through a deadbolt.

In part, this is because a “perfect” lock is not possible. In part, this is because an perfect lock is not desirable. A perfect lock would never open without the key, even if the true owner of that lock was present. It would not open for a firefighter, or for a warranted search. It would become impossible for a locksmith to help you break back into your home if you lose the key. There are many problems here that the social technology can adapt well to.

The Hostility of Cyberspace #

Picture of a hacker dog sitting at laptop

On the Internet, nobody knows you’re a dog.

The social technologies that locks rely on generally do not translate particularly well to computer systems.

First, some background on what encryption is and how it works: Someone generates a “key”. That key is a small chunk of random data, about 32 bytes. There is an algorithm, which can pass some other data through, using the key like a filter. This is “encryption”. The result appears to be a bunch of random nonsense to anyone looking at it—completely invalid, random data. That data can be passed back through the algorithm, filtered back through the key, running in reverse, and restored back to the original data. This is “decryption”. This process, of rendering data into nonsense, and back into usable data, by using the key to form the filter, is the core of what encryption is.

Described above is “symmetric” encryption. There is a second kind of encryption, “asymmetric encryption”, which uses different maths and has somewhat different goals. Asymmetric encryption can obfuscate data similar to symmetric encryption, but it can be used for communication between two parties which do not have the same key, allowing messages to be sent safely without pre-sharing a key.

The greatest problem is a core characteristic of computers: they are excellent at copying data quickly and perfectly. When a message is sent over the internet, like when opening a web page, the local computer first forms the data it wants to send in-memory, then sends that data over the network. The data then reaches a router or repeater, which then reads the data, copies it, and sends the copy wherever it needs to go. This happens repeatedly as the data transits the internet, likely over a dozen times, before reaching its destination. For computers, copying information is so easy, we don’t bother moving it, and instead just copy, copy, copy. There is no distinction between the original data and a copy of it, because the copy is perfect. The process of copying computer data also does not inherently leave any trace; some computer systems may record some access activity, but these systems may themselves be compromised, and because data is copied extremely often, it can be difficult to differentiate between access by a human, and access which was functionally necessary.

Gaining unauthorized access to computer data is meaningfully different than getting access to a physical location, because access to data generally confers the ability to make a copy of that data. Imagine sending someone a text; you cannot prevent them from taking a screenshot, nor can you detect that they took a screenshot. We may suggest a solution of making the phone notify the other person in the conversation about the screenshot, but this could be circumvented by taking a picture of the phone, and would create many new problems.

Since copying data is necessary to the basic function the computers, it is not a particularly conspicuous activity. And once data is copied, it can be worked on later. Where bypassing a lock may require time working on the lock, tools, or both, making the attacker very conspicuous, these are not requirements for bypassing encryption. When encrypted data transits a network, anywhere it transits through may secretly take a copy, and take their time attempting to break in, and it is completely invisible and anonymous. There is little to no risk of someone noticing, and even if they notice, they probably can’t tie it to the attacker.

At the same time, anonymity on the internet is generally available. VPNs and Onion Routers can make it quite difficult to trace an attack back to the person who made it, which in turn makes the consequences for attempting to break in quite low.

The permissible gaps of locks enable also introduce problems. A physical lock may be opened by force in response to a legal warrant, but this capability does not exist for computers; it cannot exist. This is because, from an encryption algorithm’s perspective, there is no meaningful difference between a government attempting to gain unauthorized access, and a criminal enterprise attempting to gain, unauthorized access; their actions are fundamentally identical in the context of the system.

Ahem.

This all makes encryption much more subject to scrutiny than physical locks. Because it is easy to simply “make a copy” of the data you want to attack, and to do it privately, the mechanism of encryption itself must be practically perfect. While this is an undesirable characteristic for a physical lock, the sheer hostility of cyberspace means that anything short of “impenetrable” will be broken into by bad actors. This is why encryption is, and must remain, impenetrable.

Policy and News #

The article to this point should explain, in broad strokes, why a “perfect lock” does not, and cannot, exist in the physical world, but is a necessity for information security. Hopefully, the examination of the social technology behind locks, and the extended application of that metaphor, lead to some severe issues.

End-To-End Encryption #

A technology has been rising, called “end-to-end () encryption”, or its counterpart, “zero-knowledge encryption”.

Let’s say that you open MySpace, and send a message to your friend Tom. When you open MySpace in your browser, the connection is encrypted. This means that your message is sent to MySpace privately, and no one in between you and MySpace can snoop on its contents. MySpace then sends the message to Tom, also using encryption. This means that your message to Tom is not entirely private; the carrier of the message, MySpace, also gets to see it.

This is the default way that the internet, and communications on it, work. For some communications, it is entirely appropriate, but for some communications, this is not a sufficient level of privacy. End-to-end encryption solves this problem, by having the local computers encrypt it. This means that the provider (MySpace) is never able to see the contents of the message sent. MySpace can still see that a message was sent, and probably its approximate size and frequency, but not the contents.

Zero-Knowledge Encryption is a somewhat similar concept, but not for communication. When uploading files to Google Drive, Google can see all of the contents of those files. Zero-knowledge encryption platforms, on the other hand, ensure that the data is encrypted before it is uploaded to their servers, so that they do not have access to their contents.

The gold standard for end-to-end encrypted communications is Signal. They have a high-quality protocol, using strong algorithms, are early adopters to quantum-resistant cryptography, and their technology is open-source for free inspection by security researchers and consumer advocates.

Some other mentions:

  • WhatsApp is E2E encrypted using the Signal protocol, but their implementation is closed-source and is owned by Meta, which I do not consider to be trustworthy stewards of data.
  • iMessage is E2E encrypted, but the details are not readily available.
  • Text messages (SMS) are never E2E encrypted.
  • Email is never E2E encrypted, and essentially cannot be.
  • High-quality encryption can be added to otherwise-unencrypted communications using PGP, but this is generally complicated and annoying.

The Government #

The United States government, as well as many other governments, have expressed an interest in being able to decrypt their subjects’ encrypted communications, or, failing that, to eliminate civilian encrypted communications entirely. This is an extraordinarily bad idea.

An old approach to this is called “Key Escrow”. The basic idea of this is that the government has a secret key, which is able to decrypt all encrypted materials. This generally requires an algorithm that supports such a key, which would mean that other forms of encryption would need to be prohibited. This was attempted in the 90s, and failed spectacularly, with the government’s encryption demonstrated to be insecure, even before the real challenges showed themselves. If the key ever leaked, because someone with access decided to spy on their ex, or to sell the key on the black market, or because they were an asset of an adversarial nation, just once, then that key would now be out in the wild—every bit of data using that encryption mechanism would become possible to decrypt by anyone who had a copy of the data.

Historically, the FBI has occasionally highlighted a criminal as “this is why we need to ban encryption”, to play to emotional manipulation. They like to draw metaphors to “warrants”, and to claim that the private sector is refusing to cooperate, even when they are doing everything that they can to help.

Various legislative attempts have been made to ban encryption over the years, or, failing that, use liability to create an effective ban. The way this generally works is that the legislature sets out the requirement that any company which is incapable of turning over user content to the government on request becomes liable for their users’ activity. In effect, this makes it legally untenable to “do what end-to-end encryption does”, without using the words “ban encryption”. When critics pointed out that this would have an extreme chilling effect on the offering of encrypted services, to the point of effectively banning end-to-end encryption, the legislators slyly mentioned that “the bill does not mention encryption”.

It is worth recalling the bit about computers, how “copying data” is a pretty easy thing to do. A powerful key would expand the government’s surveillance abilities dramatically, and if the government (or a rogue government employee who couldn’t get over their ex) were to surveil citizens without a warrant, it would be virtually impossible to prove that they had done so, and it would almost certainly happen. I am not inclined to trust that the government will be respectful of its citizens’ privacy based on their previous behavior. Remember, also, that because copying is generally covert, it would be virtually impossible to prove or disprove that this kind of thing was going on.

Recently, however, the government has changed tact somewhat.

The Telecom Hack and CISA #

The Unites States telecommunications industry has recently experienced one of the largest hacks of all time, believed to be perpetrated by hackers backed by the Chinese government, using a back door that the US installed to be able to wiretap its citizens. This should demonstrate a secondary issue with government interference. As mentioned before, there is no meaningful distinction in a computer system between “lawful unauthorized access” and “unlawful unauthorized access”. Any rails that are set up for the government, can be used by other actors.

In 2018, a new government agency was formed, the Cybersecurity and Infrastructure Security Agency (CISA). This agency’s goal is to work to make sure that the United States’ digital infrastructure is reasonably secure against foreign intrusion, including private infrastructure. More recently, they have been trying to amp up encryption within the US private sector, because the country is under-prepared for the impact of cyber warfare, as the United States foreign policy apparatus is pivoting to deal with “near-peer” adversaries.

As this foreign policy pivot kicks into gear, I would expect the calls to remove encryption to get a bit quieter, as any compromise to encryption to facilitate domestic surveillance would also weaken the country’s national defense posture. We may also get contradictory views from the domestic law enforcement apparatus and the foreign policy apparatus, which may have disaligned objectives on this matter.

Quantum Computing #

Quantum Computing has been advancing in recent years.

This is important because quantum computing makes an algorithm, Shor’s algorithm could be used to break current asymmetric encryption schemes. If this were to occur today, the owner of that computer could wreak unbelievable havoc. It would become possible to break into a large number of computer systems that are impenetrable today, as well as to move laterally within compromised systems, and to impersonate all sorts of people and governments. It would be… quite bad.

It is worth noting that this is only known to affect asymmetric encryption, which is used in communications; symmetric encryption, like the kind used to password-protect computers and disks, is not under threat.

More worrying, is “capture now, decrypt later”. This idea is that a powerful institution with deep pockets, like a government, would collect massive amounts of encrypted communications, waiting for a quantum computer capable of cracking them, to become available. Once available, this institution could begin the work of decrypting all of those captured communications. It is generally believed that most world powers are probably engaging in this to some degree, although “to what degree” is not public knowledge, and this is largely speculation. That said, from a government’s perspective, there is little reason not to do this; storage is cheap, and “what the American public doesn’t know, is what makes them the American public”.

The first bit of good news here is that “quantum-resistant” encryption algorithms already exist, and are being implemented in platforms like Signal and iMessage, layered with “traditional” encryption to hedge against the risk of problems in these new algorithms, while still realizing quantum-resistant benefits.

The second bit of good news is that, while Quantum computers are advancing, they are far from being able to break these encryption paradigms. With new optimizations, it is understood that RSA 2048, the weakest and most common asymmetric encryption algorithm, could be cracked by a quantum computer a few thousand high-quality qubits. With the breakthroughs recently, we are able to construct quantum computers with just over 1,000 low-quality qubits. To approximate the equivalence, 1 high-quality qubit is proably worth about ~12 low-quality qubits, because that is the number of qubits necessary to perform error correction effectively enough to provide one logical qubit. Quantum computers currently have exceedingly high error rates, which make them difficult to use for a precision task like cracking encryption. Many more years of steady progress, and a few more breakthroughs, will be necessary before this is a true threat. The napkin math these days is that a quantum computer of the necessary power and quality is probably at least 20 years away.

Crypto Currency and Crypto Assets #

In 2025, the topic of encryption merits a discussion of cryptocurrency.

Recall earlier the discussion of how locks have both “mechanical” and “social” components to their technology. Financial systems act similarly. We have many mathematical technologies, and computerized applications of those technologies, which make up our financial systems. These technologies are also applied and administered by human beings. A company may use a credit score to decide whether you qualify for a loan, but the decision about the score required to qualify will be informed, if not by a human, then by an algorithm written by a human, to achieve certain outcomes of risk, profit, and liquidity for the financial institution.

Cryptocurrency is an attempt to create a distributed computer system, controlled by no one entity, which can perform the full function of a transactional financial system, without the need for intermediaries or arbitrariness. A system defined not by who controls it, because no one controls it, but by firm rules, as unmovable as mathematics itself. A system which is perfectly fair, perfectly equal, and perfectly accessible. The principles of cryptocurrency are in encryption, which makes it relevant, and makes it inherit many of the characteristics discussed earlier.

An important departure, however, is cryptocurrency’s defining characteristic: strict uniqueness. While it may be possible to “view” a bitcoin, or even to “copy” it, but doing so would not transfer the bitcoin. When that bitcoin is transferred, it is not copied, but moved. Further, this is done with no central authority keeping track of who has the currency. This is an incredible technological feat, to use cryptography to overcome what have historically been fundamental limitations of computer systems.

Unfortunately, in practice, cryptocurrency’s primary value proposition is illicit payments, although it has assembled an impressive secondary ecosystem of grifters, scammers, and gurus.

Most cryptocurrency, like the U.S. dollar, is “Fiat money”. It does not have any backing source of inherent value. Instead, its value is based in whatever it can be redeemed for. For example, most stores near me will accept U.S. dollars, while relatively few will accept Bitcoin. Bitcoin has many problems, but one of them is that as a medium of exchange, it is both expensive and slow. On a good day, the average Bitcoin transaction is about $50, and takes over an hour to complete. The transactions are absolute, and impossible to reverse due to fraud or other reasons. Further, the underlying currency has an extremely unstable value, and may change significantly between the start and and of the transaction. Visa may have their issues, but they are also the better option.

For paying for lunch, these limitations are unaccessible. However, for illicit payments, these trade-offs are often worthwhile. Cryptocurrency makes it possible to anonymously transfer large sums of money over long distances in a way that cannot directly be associated with the identity of either participant. These characteristics are highly desirable for dealing drugs, evading taxes, extortion, and other illegal activities.

This first rose to prominence in the rise of The Silk Road, where it enabled buying and selling of illicit goods and services over long distances. This could not have had the success that it did without cryptocurrency, and at the time, was the main selling point of bitcoin. Ultimately, they failed not because of insolvency, but because of a government raid.

These days, the Silk Road is no more, but Crypto is still a great tool for illicit payments. Most prominent and problematic is Ransomware, software which encrypts computers, rendering them unusable, and suggests that they will be decrypted should sufficient payment be sent in cryptocurrency. This is currently an endemic problem for businesses and municipalities. Cryptocurrency is what makes this criminal enterprise viable.

The other major use of cryptocurrency was “Non-Fungible Tokens”, or NFTs; they have largely fallen out of fashion. These take advantage of the “strict uniqueness” characteristics that Crypto offers, and to imbue them into small tokens, representative of… something, usually implied (but not explicitly stated) to be something similar to “ownership”. It is possible to mathematically prove to whose wallet that token belongs, but not much else. They have no legal bearing, and any practical use would require software services to support that specific kind of NFT, which has not been meaningfully implemented anywhere except Twitter (and even that is no more). It seems people have largely lost interest.

Blockchain technology is intriguing, but the greatest importance that I can sense from it is downstream of cryptocurrencies themselves. They led to the development of GPU devices that is now facilitating the AI boom we are currently seeing, which has come in to build out practical applications for the historically powerful compute devices that were created to sate the demand of crypto miners. Other technologies, like ledger databases, are also becoming mainstream, exploiting the benefits and cryptographic guarantees of blockchain technology, while mitigating the drawbacks by being less distributed and operating within trusted environments. The existence of blockchain technology, while mixed in practice, has also measurably moved the technology industry forward by inventing, demonstrating, and popularizing the capabilities inherent to blockchain technology.