Backdoors in Cryptography

Cryptology is literally the science of secrecy. It forms the foundation of all protection for information and communications against eavesdropping, tampering, and other attacks that have emerged alongside the new capabilities offered by this science (such as digital signatures and timestamping). Cryptography is therefore at the heart of information technology, which originated from the work of Claude E. Shannon. The most critical feature is encryption, which allows multiple parties to communicate secretly without passive or active – – interference from a third party. In this chapter, we will focus on encryption, keeping in mind that it alone encapsulates an issue that extends to all information security technologies, all of which depend on it.

Since World War II, cryptology—and more specifically encryption—has been subject to varying degrees of government control. While such control has also been applied to a wide range of other technologies, goods, and services since the late 1940s, its objective has been to restrict access to “sensitive” or so-called “dual-use” technologies (which can be diverted from civilian to military use). In other words, the goal is to maintain the strategic, economic, and security advantage of the countries possessing these technologies, at the expense of those that do not.

In the case of cryptography, this control has extended to the citizens and businesses of the countries that master it. The imperative to maintain a dominant position—primarily Western and vis-à-vis the rest of the world—has expanded to include the desire to control citizens themselves and to prevent the existence of any sphere that escapes state surveillance and control. Since World War II, Western states have indeed faced numerous upheavals, both domestic (crises, political protests, non-national political movements, domestic terrorism, etc.) and international (domestically supported decolonization movements, sympathies for non-Western regimes, internal destabilization, various conflicts, economic warfare, etc.). The state cannot, therefore, tolerate citizens legally organizing themselves democratically, exchanging ideas, and protesting without the state being able to monitor them. This represents a delicate balance between the necessary preservation of state and citizen security and the ever-present temptation to cross the “Rubicon” that protects democracy—often in the name of particular interests that are more or less removed from actual security needs.

The nature and intensity of these attacks have evolved over time because the world, technology, and practices have themselves evolved. One of the main constants in this monitoring is the deployment of backdoors. It is important to understand what this entails and, above all, not to confuse...