University of Cambridge > > Computer Laboratory Security Seminar > Anti-surveillance: Can Applied Cryptography, Law Enforcement, and Formal Methods be Friends?

Anti-surveillance: Can Applied Cryptography, Law Enforcement, and Formal Methods be Friends?

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.


In recent decades, intelligence, law-enforcement, business, and political organizations have developed a growing dependence on data. In the words of the NSA there is a desire to ‘sniff it all, collect it all, know It all, process it all, exploit it all’. Edward Snowden claimed that cryptography has a unique role in preventing this excessive collection. But what kind of cryptography has seen an increase in deployment? Which is still floundering and for what reasons? I will look at these questions by relating them to two of my research interests: anonymous credentials and the TLS protocol.

  • Anonymous credentials and e-cash, conceived in the 80’s and later the topic of my PhD, did not see broad deployment. With the success of bit-coin and theoretical breakthroughs in zero-knowledge arguments the deployment of fully anonymous crypto-currencies is now for the first time explored by the Zcash alt-coin.
  • The TLS protocol is the cryptographic work horse of the internet and is today used to encrypt more than half of internet traffic. This has put increased stress on its performance and security as its crumbling cryptography was optimized and patched. This in turn has led to the development of new cryptographic algorithms and the new TLS 1 .3 standard. I will talk about the efforts of the Everest project to formally verify these.

These two areas are very different, but they both feed into fears of law enforcement of ‘going dark’ and new calls for key escrow. I will argue that a principled stance on preventing key escrow and trapdoors backed up by formal and cryptographic analysis is necessary to prevent slipping back into the routine subversion of cryptographic protections of the pre-Snowden days. At the same time, I offer a compromise: A novel mechanism that enables targeted surveillance while enforcing hard limitations on its scope in a publicly verifiable way.


Dr. Markulf Kohlweiss is a researcher at Microsoft Research Cambridge in the Programming Principles and Tools group. He did his PhD at the COSIC (Computer Security and Industrial Cryptography) group at the K.U. Leuven, and his master thesis at IBM Research Zurich. Dr. Kohlweiss’ research focus is on privacy-enhancing cryptography and formal reasoning about cryptographic protocols. More specifically, he examines the interplay of cryptography and real-world security systems through collaborative projects on verifiable computation and SSL /TLS. For the latter he is a co-recipient of the Levchin Prize awarded to the miTLS team.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2023, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity