Q about "backdoors"

Buzz8331 · June 21, 2023, 6:36pm

Hi. new to xx-network concept/architecture. While researching I found an article in Wired (ref1) about David Chaum and he said that his idea (PrivaTegrity) had a backdoor controlled by a backdoor security council. That article is old. As I understand it, xx-network is based on PrivaTegrity concept .

My question is whether or not this (backdoor) is currently (or future) implemented?

Thanks

ref1 https://www.wired.com/2016/01/david-chaum-father-of-online-anonymity-plan-to-end-the-crypto-wars/

rothbardian · June 24, 2023, 4:14am

Of course it hasn’t been implemented in xx Network and it won’t be implemented because validators would stop validating on a network with a backdoor implementation.

Theoretically it could be implemented, but that wouldn’t be enough - something like that would have to be approved by the foundation and then supported by validators. Personally - as a validator - I’d simply stop validating and move on.

All xx Network source code is available on Github (mirror) and Gitlab.

Keith · June 26, 2023, 12:07am

No

rick · June 28, 2023, 4:15pm

The short answer is a hard no, the current system uses an E2E protocol inside the mix. So, if you some how managed to fully compromise each mixnode (an unprecedented feat), you would get location data for messages in that round, which is a substantially stronger protection than most other systems (e.g., TOR).

To give some more context: At the time of this article, there was significant discussion about backdooring all encryption, which has unfortunately resurfaced again lately. David was outlining the absolute closest you could get to a managed system they were trying to mandate which would still have some level of useful security. Unfortunately, I think what he was trying to say wasn’t what made it into the article. His proposal features a lot of things the side pushing for broken encryption would never accept:

Every node is in a unique jurisdiction, which forces multiple judges to issue warrants and all nodes to comply for each request. This spreads out the keys and rogue government “law enforcement” is prevented from abuse in this model.
Messages are split across rounds, so the requestors needs to know a priori when the messages were sent, which prevents mass surveillance and compounds the problem in #1.
It used a “trust the client” model to assume that messages would not be end-to-end encrypted (in xx network, they are end-to-end encrypted and there is a post-quantum version of that encryption available).

Obviously, this system was a non-starter for them.

In most systems (Whatsapp, Telegram, Signal, etc), the node operators are the same as the software providers. Updates are required and automatic. If we lose the current version of this backdooring debate, then law enforcement could force the providers to change their software to embed a backdoor. We have been lucky so far in that current law protects providers from being forced to change their software, but that may not always be true.

In xx, we are attempting to change that model. Node operators are separate from open source client software providers under a cheap but functional economic model.