The Stack Archive

Research proposes ‘full-journey’ email encryption

Wed 1 Mar 2017

A group of researchers from Austin, NYU and Cornell universities have developed a scheme for genuine ‘end-to-end’ email encryption – though that term might need to be redefined in the context of their project.

Traditional end-to-end email encryption only provides security in transit between mail servers – once on the servers themselves, the emails are processed as plain text, facilitating processes such as spam filters.

The group proposes a system called Pretzel, which develops a cryptographic algorithm that permits two parties to ‘blindly’ contribute to encryption, and extends the concept to email.

However the researchers admit that providers will need to furnish additional computing resources in order to handle the encryption process.

The benefit of the scheme is the near-impossibility of interception/decryption from emails captured in transit. Gaining control of network nodes is a widespread practice on both sides of the law, with headlines in recent years going to official and malfeasant actors taking control of Tor exit nodes with a view to de-anonymising information.

In practice genuine end-to-end encryption has been available via PGP since the early 1990s, and the functionality is offered by certain of the larger providers – notably those who are party to the decrypted emails at the client end, at which point the information can be monetised by targeted advertising.

But the researchers note that the limited availability of PGP has more commercial than governmental imperatives behind it:

‘A crucial reason—at least the one that is often cited…is that encryption appears to be incompatible with value-added functions (such as spam filtering, email search, and predictive personal assistance…and with the functions by which “free” webmail providers monetize user data (for example, topic extraction)…These functions are proprietary; for example, the provider might have invested in training a spam filtering model, and does not want to publicize it (even if a dedicated party can infer it…So it follows that the functions must execute on providers’ servers with access to plaintext emails.’

Pretzel’s innovation is in following up email decryption (usually provided by public/private keys as in PGP) with a second protocol which operates between the email provider and each mail recipient, called secure two-party computation (2PC). 2PC schemes can process any function in a manner hidden from one or more of the concerned parties.

However the processing needs of full-scale 2PC systems would not be realistic as a transport mechanism, and so the researchers have produced a slimmed-down and more linear throughput, with certain algorithm functionality ‘baked’ into the procedure.

At the moment the team’s implementation of Pretzel permits core commercial operations such as email scanning (i.e. for advertising or spam-identification purposes), and a limited subset of other usual mail server functions. The researchers hope to add the ability to accommodate predictive personal assistance services and virus scanning in the future, as well as the ability to hide metadata – some of the most fiercely-sought information among security services and hackers alike.

‘Ultimately, our goal is just to demonstrate an alternative. We don’t claim that Pretzel is an optimal point in the three-way tradeoff among functionality, performance, and privacy…we don’t yet know what such an optimum would be. We simply claim that it is different from the status quo (which combines rich functionality, superb performance, but no encryption by default) and that it is potentially plausible.’


news privacy research
Send us a correction about this article Send us a news tip