1998-03-28 - Re: Deniable Cryptography [was winnowing, chaffing etc]

Header Data

From: mgraffam@mhv.net
To: Julian Assange <proff@iq.org>
Message Hash: 8c59b09dd0ee3f27560cb0c6408386569f217bed12b0d8c629d153f8ac7661b2
Message ID: <Pine.LNX.3.96.980328173343.23115B-100000@localhost>
Reply To: <wxu38jfgiy.fsf@polysynaptic.iq.org>
UTC Datetime: 1998-03-28 23:05:15 UTC
Raw Date: Sat, 28 Mar 1998 15:05:15 -0800 (PST)

Raw message

From: mgraffam@mhv.net
Date: Sat, 28 Mar 1998 15:05:15 -0800 (PST)
To: Julian Assange <proff@iq.org>
Subject: Re: Deniable Cryptography [was winnowing, chaffing etc]
In-Reply-To: <wxu38jfgiy.fsf@polysynaptic.iq.org>
Message-ID: <Pine.LNX.3.96.980328173343.23115B-100000@localhost>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 28 Mar 1998, Julian Assange wrote:
> Rubber-hose-squad: We will never be able to show that Alice has
> 		   revealed the last of her keys. Further, even if
> 		   Alice has co-operated fully and has revealed all of
> 		   her keys, she will not be able to prove it.
> 		   Therefor, we must assume that at every stage that
> 		   Alice has kept secret information from us, and
> 		   continue to beat her, even though she may have
> 		   revealed the last of her keys. But the whole time
> 		   we will feel uneasy about this because Alice may
> 		   have co-operated fully.

I've never really fully understood this assumption. It seems to me
that any person or group that would beat a person isn't going to
care much if Alice cooperated or not. 

All things considered, a group with enough power to grab Alice and
beat her probably has ways to escape punishment from the law, or
doesn't care about the law in the first place. 

In this case, I figure that their best option is to beat Alice everyday
forever or until she dies. Whichever comes first.

The longer they beat her, the better chance there is that she broke
down and gave them her most important secrets. Even if she can't prove
it.. so what? The rubber-hose group isn't exactly the boy scouts. They
beat her the next day too, this time a little harder.

Alice may hold up, she may not.. I don't really see the cryptosystem
helping here. You can't win a game when the other player doesn't use
your rules. You have to use the same set of rules. We know that
the rubber-hose wielding guys aren't going to play by Alice's rules.
So, the only way for Alice to win is to do the impossible (because this
is reality, not TV) and that is to grab the rubber hose and beat them
with it.

I don't think that any crypto can defend this sort of attack, because
it has nothing to do with crypto. Consider even a one-time pad. Alice
could calculate the needed pads that would turn her ciphertext into
other meaningful plaintext messages. So they beat her. She gives them
a pad.. and they beat her again. It won't end. They can never know
if they got the "right" pad. But it doesn't really matter, does it?

In my opinion deniable encryption is only valuable against a more or
less civil entity. 

Now, what might be useful is some sort of biometric info that is part
of the key material. Heart rate, brain wave patterns, maybe biochemical
information. As Alice gets beat the fluctuations in her body could make
it impossible for her to reveal the information. A sensitive enough
system might even stand up against stuff like intimidation and
nervousness.. a polygraph test can supposedly detect this.

If such a system were implemented, then this could render rubber-hose
cryptanalysis useless, or at least much harder to put into effect.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
Let your life be a counter-friction to stop the machine.
				Henry David Thoreau "Civil Disobedience"


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNR1/dgKEiLNUxnAfAQF5vwP+Mfykp2hNTgItZpgq5GXPoPwQl0enJv40
C+q43NSvaOzO3t+DAjfJj2IJuqDKXRy5FZikkCvOvr1cadJMbhqliKIrOHC1fkeB
ElDnx+7LxzlGsgieAxGFI8JvEB685VY8qsprYFzfI2hQitvztPccpQE/Xvr0ftZi
3meDBzVLq8A=
=0bdE
-----END PGP SIGNATURE-----






Thread