transparent decryption
{{Short description|Process for decrypting data}}
Transparent decryption is a method of decrypting data which unavoidably produces evidence that the decryption operation has taken place.{{cite arXiv |last1=Cheval |first1=Vincent |title=Automatic verification of transparency protocols (extended version) |date=2023-04-16 |eprint=2303.04500 |last2=Moreira |first2=José |last3=Ryan |first3=Mark|class=cs.CR }} The idea is to prevent the covert decryption of data. In particular, transparent decryption protocols allow a user Alice to share with Bob the right to access data, in such a way that Bob may decrypt at a time of his choosing, but only while simultaneously leaving evidence for Alice of the fact that decryption occurred. Transparent decryption supports privacy, because this evidence alerts data subjects to the fact that information about them has been decrypted and disincentivises data misuse.{{cite book |last=Ryan |first=Mark D. |chapter=Making Decryption Accountable |date=2017 |title=Security Protocols XXV |series=Lecture Notes in Computer Science |volume=10476 |pages=93–98 |editor-last=Stajano |editor-first=Frank |chapter-url=http://link.springer.com/10.1007/978-3-319-71075-4_11 |access-date=2024-08-29 |place=Cham |publisher=Springer International Publishing |doi=10.1007/978-3-319-71075-4_11 |isbn=978-3-319-71074-7 |editor2-last=Anderson |editor2-first=Jonathan |editor3-last=Christianson |editor3-first=Bruce |editor4-last=Matyáš |editor4-first=Vashek}}
Applications
Transparent decryption has been proposed for several systems where there is a need to simultaneously achieve accountability and secrecy. For example:
- In lawful interception, law enforcement agencies can access private messages and emails. Transparent decryption can make such accesses accountable, giving citizens guarantees about how their private information is accessed.J. Kroll, E. Felten, and D. Boneh, [http://www.cs.princeton.edu/~felten/warrant-paper.pdf Secure protocols for accountable warrant execution], 2014{{Cite journal |last1=Nuñez |first1=David |last2=Agudo |first2=Isaac |last3=Lopez |first3=Javier |date=2019 |title=Escrowed decryption protocols for lawful interception of encrypted data |url=https://onlinelibrary.wiley.com/doi/10.1049/iet-ifs.2018.5082 |journal=IET Information Security |language=en |volume=13 |issue=5 |pages=498–507 |doi=10.1049/iet-ifs.2018.5082 |issn=1751-8717|url-access=subscription }}
- Data arising from vehicles and IoT devices may contain personal information about the vehicle or device owners and their activities. Nevertheless, the data is typically processed in order to provide user functionality and also to investigate and fight crime. Transparent decryption can be used to help users monitor when and how data about them is being accessed and used.{{Cite journal |last1=Li |first1=Meng |last2=Chen |first2=Yifei |last3=Lal |first3=Chhagan |last4=Conti |first4=Mauro |last5=Alazab |first5=Mamoun |last6=Hu |first6=Donghui |date=2023-01-01 |title=Eunomia: Anonymous and Secure Vehicular Digital Forensics Based on Blockchain |url=https://ieeexplore.ieee.org/document/9627586 |journal=IEEE Transactions on Dependable and Secure Computing |volume=20 |issue=1 |pages=225–241 |doi=10.1109/TDSC.2021.3130583 |issn=1545-5971}}
Implementation
In transparent decryption, the decryption key is distributed among a set of agents (called trustees); they use their key share only if the required transparency conditions have been satisfied. Typically, the transparency condition can be formulated as the presence of the decryption request in a distributed ledger.
Alternative solutions
Besides transparent decryption, some other techniques have been proposed for achieving law enforcement while preserving privacy.
- Solutions that allow competing parties to unify their data access policies. Attribute-based encryption with oblivious attribute translation (OTABE) is an extension of attribute-based encryption that allows translation between proprietary attributes belonging to different organisations, and it has been applied to the problem of law-enforcement access to phone call metadata.{{Cite journal |last1=Idan |first1=Lihi |last2=Feigenbaum |first2=Joan |date=2022-07-21 |title=PRShare: A Framework for Privacy-preserving, Interorganizational Data Sharing |url=https://dl.acm.org/doi/10.1145/3531225 |journal=ACM Trans. Priv. Secur. |volume=25 |issue=4 |pages=29:1–29:38 |doi=10.1145/3531225 |issn=2471-2566|url-access=subscription }}
- Solutions that rely on sophisticated cryptography, such as zero-knowledge proofs that the actions of law enforcement is consistent with judge rulings and the actions of companies, and multi-party computation to compute results.{{Cite journal |last1=Frankle |first1=Jonathan |last2=Park |first2=Sunoo |last3=Shaar |first3=Daniel |last4=Goldwasser |first4=Shafi |last5=Weitzner |first5=Daniel |date=2018 |title=Practical Accountability of Secret Processes |url=https://www.usenix.org/conference/usenixsecurity18/presentation/frankie |journal=USENIX Security Symposium |language=en |pages=657–674 |isbn=978-1-939133-04-5}}