vigilant TV

A California startup has announced a new email encryption system that uses Boneh and Franlkin’s identity-based public key encryption to remove the need for key exchange.

Under the Voltage system, the sender of a message uses software that converts the recipient’s e-mail address into a number and then encrypts the message using a mathematical formula. The recipient can then use a similar formula in conjunction with a secret key to decode the message. The company says it would be almost impossible for an eavesdropper to use the formula. The software can be used with several existing PC e-mail programs.

The new technology is based on the theoretical work of two computer scientists: Daniel Boneh of Stanford University and Matthew Franklin of the University of California at Davis. Two years ago, the two researchers proposed a theoretical solution known as “identity based encryption” as an alternative to the current, complex approach, using public keys, which must be validated with digital certificates held by a central and trusted repository. – NY Times, A Simpler, More Personal Key to Protect Online Messages.

However, the system has some serious drawbacks that aren’t mentioned in the NY Times article. As we reported here 2 years ago when it was first proposed, the identity-based system requires key escrow: secret keys are created and held by a third party (presumably Voltage, in this case). This means that Voltage will be a juicy target for subpoenas, warrants, hackers and stalkers.

Additionally, the algorithm as proposed by Boneh and Franklin offers no authentication mechanism.

There are some technical notes on the algorithm available at Stanford’s crypto group.