Paper 2021/321

Abuse Resistant Law Enforcement Access Systems

Matthew Green, Gabriel Kaptchuk, and Gijs Van Laer

Abstract

The increasing deployment of end-to-end encrypted communications services has ignited a debate between technology firms and law enforcement agencies over the need for lawful access to encrypted communications. Unfortunately, existing solutions to this problem suffer from serious technical risks, such as the possibility of operator abuse and theft of escrow key material. In this work we investigate the problem of constructing law enforcement access systems that mitigate the possibility of unauthorized surveillance. We first define a set of desirable properties for an abuse-resistant law enforcement access system (ARLEAS), and motivate each of these properties. We then formalize these definitions in the Universal Composability framework, and present two main constructions that realize this definition. The first construction enables prospective access, allowing surveillance only if encryption occurs after a warrant has been issued and activated. The second, more powerful construction, allows retrospective access to communications that occurred prior to a warrant's issuance. To illustrate the technical challenge of constructing the latter type of protocol, we conclude by investigating the minimal assumptions required to realize these systems.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in EUROCRYPT 2021
Contact author(s)
gabriel @ kaptchuk com
History
2021-10-25: revised
2021-03-11: received
See all versions
Short URL
https://ia.cr/2021/321
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/321,
      author = {Matthew Green and Gabriel Kaptchuk and Gijs Van Laer},
      title = {Abuse Resistant Law Enforcement Access Systems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/321},
      year = {2021},
      url = {https://eprint.iacr.org/2021/321}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.