1998-03-30 - Re: Deniable Cryptography [was winnowing, chaffing etc]

Header Data

From: Michael Graffam <phundie@mhv.net>
To: Nimrod Zimerman <zimerman@earthling.net>
Message Hash: 4096e1a6fc61330003f922b5409ac5972f1281406b30b00fea03c43aee4ceeab
Message ID: <Pine.LNX.3.96.980330162021.12013A-100000@localhost>
Reply To: <19980330220847.28943@hexagon>
UTC Datetime: 1998-03-30 21:38:31 UTC
Raw Date: Mon, 30 Mar 1998 13:38:31 -0800 (PST)

Raw message

From: Michael Graffam <phundie@mhv.net>
Date: Mon, 30 Mar 1998 13:38:31 -0800 (PST)
To: Nimrod Zimerman <zimerman@earthling.net>
Subject: Re: Deniable Cryptography [was winnowing, chaffing etc]
In-Reply-To: <19980330220847.28943@hexagon>
Message-ID: <Pine.LNX.3.96.980330162021.12013A-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 30 Mar 1998, Nimrod Zimerman wrote:
> Generally speaking, you bind attackers with constants (or else, most of the
> cryptography we are using is pretty much useless). Why won't you bind
> physical attackers with constants just as well?

True, we impose limits on our hypothetical attackers. Eve can listen, but
not modify.. but we assume Mallory has the ability to do both. 
Systems that are safe against Eve are exploitable by Mallory. I see
no reason why we can not also assume more powerful physical attackers.

I do not deny the use of deniable crypto :) .. it is useful against
certain attackers. Certainly it is useful against the majority of
attackers we are likely to encounter, for the dexact reasons that you
site.

However, my point is that just as public key exchange is attackable
by Mallory in some circumstances, deniable crypto is useless against
certain physical attackers.. namely O'Brian and room 101.

This is not to say that public key crypto or deniable crypto is useless.

> True, if you are kidnaped by a very large organization, like a country, you
> don't stand a chance - you will either give up your secrets, and/or die 
> (history generally tells us that people can't stand torture. The exceptions
> are remarkable, and probably indicate a certain level of mental illness,
> before or after the act <g>). Smaller organizations are bound by constants
> that might eventually be in your benefit.

This is exactly my point. For the average guy in America, deniable crypto
is probably irrelevent (unless he happens to be an average criminal too).
But in a state where the law is wrong (we never heard of anything like
that,  have we?) there is probably a use.

> That's why I consider dynamic secret sharing a better approach.
> Make certain the attackers need to catch a group of people in order
> to gain the secret, and change the partial secrets every short period of time.
> This isn't always practical, of course.

Yeah, I agree. For some secrets it might be the best approach, say for
the codes to launch a nuclear weapon.. but for others it probably does
not work.

> (Alice can always fascinate her attackers with a new and exciting
> cryptosystem, and while they are busy studying it, sneak behind and hit
> them on the heads with a selected cryptography oriented book).
> 
>                                                    Nimrod

Hehe.. :) I like that.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Act only according to that maxim by which you can at the same time will that
it should become a universal law.." - Immanuel Kant "Metaphysics of Morals"






Thread