plus/minus epsilon

I've decided to start writing a regular series of short blog posts about crypto. The focus will be more on the social and problem-solving aspects of crypto rather than the math.

For the social aspect, I basically want to memorialize my point of view. I was riding in a taxi to the airport a few days ago, when a story came on the news that senior officials in the US, UK, and Australian governments had written an open letter to Facebook. They had asked Facebook to refrain from encrypting its messaging services in a way that would hamper investigations into child abuse and terrorism. I had just spent two days as part of an IETF working group, with a small number of Facebook engineers, developing an open-source protocol for doing exactly that: encrypting messaging services.

I was mostly just excited that anyone cared enough about something I was working on, to write a letter trying to stop it. But also, it reminded me how much of the development and deployment of new cryptography is a social problem, not a technical one. Facebook might not move forward if there's a news narrative (or if they genuinely come to believe) that they're enabling child abuse, which sucks because they could be the largest, most credible deployment of our protocol. Unlike technical problems, social problems are rarely written down: they live in the minds of the people living through them, and that makes them easy to forget and impenetrable to outsiders.

For the problem-solving aspect, I want to discuss the technical context for cryptosystems. Cryptosystems are all related to one another, either because one literally builds on top of another, or because they solve the same problem with different trade-offs. Talking about those relationships is often overlooked, but it's the best way to explain what a new cryptosystem adds to the world that didn't exist before.

And ultimately, crypto is just fun for me to write about, which is good enough justification on its own.

Fig. Taxonomy of a few types of encryption.