Can you hide from a dictator? - Part 1
Today we see how to defend your communication from an authoritarian regime like the UK is becoming, and some NEWS in the end
Introduction
If you think “crypto” is shorthand for “cryptocurrency” and the future of finance, you surely know govs don’t like it. But WAIT, there is more!
Governments ALWAYS hated cryptography. At first, cryptography was considered a “munition” and people literally had to print code on paper. That was the only way to appeal to the first amendment and be able to ship books with cryptography code on it. (See what Phil Zimmermann the inventor of PGP did here).
It’s 2025, no different plan, just different targets. Nobody (even Zimmermann) actually uses PGP (for good reasons) and so no government cares anymore. Governments now want your chats instead of your emails, because people think in chats and pretend in emails.
Below I give you a brief recap on the some recent battles in the modern war on crypto and the research on encryption to defend from it. In the next post, I will give you other methods beside encryption to defend from it and we will see the practicality of the methods.
Modern Wars on Crypto
FBI vs Apple (2016, 2018)
Tension between the FBI and Apple started with the San Bernardino case in 2016, where the FBI sought to compel Apple to unlock an iPhone, only to eventually withdraw the request after finding an alternative solution. By 2018, the FBI was grappling with a growing number of devices it couldn’t access.
Reports from that time indicated that the FBI was unable to retrieve data from 7,775 seized devices in ongoing investigations, underscoring the scale of the issue from their perspective.
One significant but less publicized development involved Apple’s iCloud backups. Around this time (though not widely reported until 2020), Apple had been developing a plan to offer end-to-end encryption for iCloud backups, meaning even Apple wouldn’t hold the keys to decrypt the data (what today we know as Advanced Data Protection). The FBI privately objected, arguing that this would severely limit their ability to access evidence in investigations. According to later reports, Apple quietly dropped this plan after these discussions, though officially the exact reasons remained unclear.
EU chat control (2022 - 2025)
The EU's "Chat Control" initiative aims to address the serious issue of child sexual abuse material (CSAM) circulating online. In particular its primary goal is to protect children by requiring digital communication platforms, messaging apps, email services, and social media with direct messaging features, to detect, report, and remove CSAM.
While the stated intent is widely supported, the approach has sparked intense controversy due to its implications for user privacy. See this tweet by professor Green or his blog post (He also spoke to the EU on the matter, so he is pretty informed).
Moreover: Nowadays nobody actually thinks these proposals are about the children anymore, see the Four Horsemen of the Infocalypse concept.
Too sum up some of the problems with CSAM scanning:
It undermines End-to-End Encryption (what Apple calls Advanced Data Protection): Chat Control targets encrypted platforms, which rely on end-to-end encryption to ensure that only the sender and recipient can access message content. To scan for CSAM, providers would need to analyze content before it’s encrypted (client-side scanning) or weaken encryption altogether.
Mass Surveillance by Default: The proposal requires broad, automated scanning of all communications, not just those of suspects under investigation. This shifts from targeted, judicially overseen surveillance to a blanket monitoring regime affecting every EU citizen, regardless of suspicion.
UK Pressures Apple to Create iCloud Backdoor (Feb 2025)
The UK government has reportedly demanded that Apple create a "back door" for British security officials to access all content uploaded to iCloud by any Apple user worldwide.
More technically, the UK government has issued a secret legal demand to Apple, known as a Technical Capability Notice (TCN), requiring the company to provide access to encrypted iCloud accounts. The demand seeks unrestricted access to all encrypted user data, not just specific accounts.
You already know why backdoors are bad.
Apple removes Advanced Data Protection for new UK iCloud users (Feb 2025)
Probably as a consequence, Apple has decided to to remove Advanced Data Protection for new UK iCloud users .
Story is very much new, so it has to unfold still. Yet the message is clear: You shall not encrypt.
Methods to defend
We cryptographers do not just watch. I started this post highlighting the subversive nature of cryptography. Now I show you how the community already has some ideas on how to beat govs
Encryption
Symmetric aka private-key cryptography, Asymmetric aka public-key cryptography and all that. I won’t insult your intelligence, you can get the idea anywhere:
symmetric encryption: one key encrypts and decrypts
asymmetric encryption: public key encrypts a message for a *specific person only* who will decrypt with his private key
What’s interesting (and nobody writes it) is that they both assume that the sender can freely choose his message and that the key remain private. What if those are not reasonable assumptions anymore? Recent cases of mass scanning for CSAM will deter people from exchanging images, removing freedom of choosing messages. And backdoors on end-to-end encryption means UK gov wants Apple to gather and disclose your decryption keys
How we beat it? Below we look at Anamorphic Encryption (AE) and Deniable Encryption (DE). Those two encryption systems serve distinct purposes in protecting user secrecy under coercion. After presenting them, we compare them.
Anamorphic Encryption (AE)
Unlike traditional encryption, which relies entirely on key secrecy and computational hardness assumptions for security, AE allows covert communication to persist even if keys and messages are exposed. AE uses one implementation of dual interpretation of secrets. Given an encrypted message:
Normal Interpretation: When decrypted using a standard decryption key, the ciphertext reveals an innocent-looking message.
Anamorphic Interpretation: When decrypted with a special "anamorphic key," the ciphertext reveals a hidden covert message.
Conceptually, it is easy to achieve this: you generate a covert key beside the one you gave to the dictator. Then you, as the sender, encrypt both an innocent message and a covert message. The latter embedded in the former. Finally the unwanted receiver (i.e. the dictator) using the normal decryption key retrieves the innocent message. The intended receiver, using the anamorphic key, retrieves the covert message.
Deniable Encryption (DE)
You know every encryption scheme requires a key. But you may not know it also needs some randomness to encrypt. The reason is simple. Imagine you start many messages with a greeting like “Buongiorno” and encrypt all your messages with the same key. Without randomness, people will see the same start of message over and over and over.
What’s always similar and generally at the beginning of a message? a greeting. How many greetings are there? A handful. Good! Now I have some info about your message.
This is key to our quest (no pun intended). If the dictator has the key, then you can manipulate the randomness. In other words, unlike traditional encryption, deniable encryption allows users to produce fake randomness that makes the ciphertext appear as an encryption of a different message. This provides **plausible deniability**, meaning that even under coercion, a user can deny sending or receiving certain messages.
How Anamorphic Encryption (AE) Differs from Deniable Encryption (DE)
The key difference lies in the timing and nature of adversarial threats. Deniable Encryption (DE) is designed to protect users after transmission, allowing them to generate fake randomness retroactively if coerced into revealing their encryption keys. It relies on the plausible faking of encryption randomness and fake decryption randomness to mislead adversaries.
In contrast, Anamorphic Encryption (AE) remains secure even when an adversary has control over the encryption process before transmission. Instead of relying on fake randomness, AE embeds a covert message within a standard encryption scheme and uses dual decryption keys to access different message layers.
In practice:
AE is more powerful than DE in settings where adversaries (e.g., authoritarian regimes) can compel users to reveal their decryption keys. Meaning you already are in an authoritarian regime.
DE is effective in situations where coercion occurs only after transmission, providing users the ability to fabricate plausible encryption randomness at a later stage. Meaning: you were not in an authoritarian regime when you sent a message, but now you are.
In other words: AE is useful if you can not have end to end encryption but you need it. DE is useful if you had end to end encryption, but then the company rugged and now your data will be decrypted and you need deniability for some sensitive document.
News!
I have been quoted in DeFi Education newsletter. Post is paid, but it’s worth it.
Conclusions
If you thought the government were ok with the fact that you have a private life, I’m sorry for you. Crypto wars never ended.
Here I presented ways to circumvent their overreach. In the next post we will look at other ways and the practicality of what I presented here