In a recent blog post, which you cannot read because it was censored by a DMCA takedown notice from Texas Instruments, I used the term "Angry Mob Cryptanalysis" to refer to a situation in which a distributed key cracking effort is targeted at a public key that is widely known and widely resented. This term has an origin in the annals of computer security research and my use of it might be misunderstood so I felt that I should elaborate.
Matt Blaze originally coined the term "Angry Mob Cryptanalysis" in a paper he wrote back in 1996 about government key escrow. The term and its origin are burned into my brain because I recall being excited at the prospect - a democratic check upon communications security!
In Blaze's paper a person would broadly distribute shards of his private key. If that person was later accused of a crime the police might issue a public call for shards. If a large number of people were sympathetic to the call they might reveal their shards, allowing the police to proceed with monitoring that person. Its sort of like replacing judicial warrants with a grand jury system, enforced with hard mathematical constraints that cannot be subverted. If the police want to intrude upon someone's privacy they'd have to convince a large enough group of people in the community in order to do so. A very interesting and brilliant idea with numerous variations.
But if you think about it, every key faces a threat to its security from the general public in a world where distributed key cracking efforts can be organized, regardless of whether the creator of that key intentionally escrowed it with the public in the first place. I think the term "Angry Mob Cryptanalysis" is fitting in any situation where there is a public effort to crack a key. Its a risk that designers of crypto systems need to consider - how widely distributed is your public key, what is the key strength, and how much public resentment might exist about it? If the key is weak enough and the resentment high enough, you might fall victim to a public cracking effort.
A perfect example of a place where this might be useful is the context of a computer worm like Conficker. Conficker.B currently controls about 5 million hosts on the Internet, and the security experts who monitor it are concerned that those infected nodes represent a collective threat to Internet security. For example, they could be used to launch denial of service attacks if the Conficker bot master was able to update them. Fortunately, the bot master is blocked through a daily effort by members of the Conficker Working Group to control the domains Conficker accesses to download updates - but this effort is laborious and expensive, and it must be maintained for as long as the Conficker botnet exists.
Wouldn't it be wonderful if the good guys could send their own update to Conficker infected nodes, turning them off so that they can't threaten the Internet any more? It would be, but unfortunately Conficker checks to make sure that updates it receives have been digitally signed by a 4096 bit key. Thats a really big key. No one has the resources to crack it. No one has ever successfully factored a key that large. But then again - no one has tried. Why would anyone try to do something that is impossible?
Simply put, its not impossible - its just really really unlikely to work. People try to do things that are unlikely to work all the time. Consider lottery tickets. Its possible that a distributed cracking effort designed to factor the Conficker signing key could win the lottery and happen upon the set of numbers that would take the Conficker network down. The more people who participated, the more likely the effort would be to get lucky. As the Conficker botnet has been around for over 9 months now and shows no sign of going away, there is lots of time to organize and promote this effort.
Its unlikely that anyone will ever do this, because the chances of success are so remote that the time and effort spent are probably better off being devoted to more important projects that have a better chance of success. Nevertheless, this is an example of a type of situation which many come up again. Some day in the future, weaker keys, stronger computers, and different circumstances will bring "Angry Mob Cryptanalysis" into the headlines.