In my previous post I presented some modes of operation of block ciphers to provide forward secrecy. Today I will let my imagination fly over Hollywood with this use case:
Suppose Alice, a US secret agent working in China, has managed to break into a computer from a top-secret Chinese government agency and she has installed a spy-ware that gathers confidential information about China’s cyberwarfare operations. This spy-ware autonomously looks for sensitive data, encrypts it, and sends it back to an intermediate server somewhere in the Internet. She knows that the Chinese government will be monitoring and recording any Internet connection originating from the China agencies to the outside world, and she knows that, sooner or later, the spy-ware will be detected, disassembled and analyzed. So the spy-ware is programmed to send back huge amounts of data, as fast as possible, to maximize the chances of collecting top-quality information.
How can she protect the communication so, after the spy-ware is analyzed, still the Chinese government does not have a clue about which documents have leaked?
One solution is by using public key encryption, but that would be slow. If hybrid-encryption is used, then that means the spy-ware should provide a secure random pool for ephemeral keys, and it also means slowing down the information delivery. An ideal solution (both in complexity and in security) is by using an block cipher in one of the HC modes of operation.
This same argument also applies to miniature hardware spy devices, where power consumption generally limits the speed of CPUs and the number of gates that can be included in a die, so PK operations tend to be too costly to be done fast.