[2322] in cryptography@c2.net mail archive
Re: Encryption without encryption - from Ron Rivest (fwd)
daemon@ATHENA.MIT.EDU (Bill Stewart)
Mon Mar 23 15:30:14 1998
Date: Sun, 22 Mar 1998 15:28:39 -0800
To: cryptography@c2.net,
cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <199803222137.PAA19487@einstein.ssz.com>
At 03:37 PM 3/22/98 -0600, Jim Choate <ravage@ssz.com> wrote:
>> Rivest has discovered that they can easily be used for secrecy as well.
>> The result is secret communication "without encryption".
>This isn't secrecy, it's obfuscation at best and annoying at worst. Take the
>packets ignoring the signatures and simply arrange them according to the
>lexical rules of the subject language. Unless you're using some sort of code
>you will have a valid copy of *the* message as well as all other
>combinations of those packets. By understanding the environment they are
>sent in it should be a reasonable no brainer to figure out the *real*
>messages.
The key is the word "simply" - because it's not simple.
If you use big packets, say 8 or 1024 bytes, yes, it's simple.
If you follow Rivest's example and use 1 bit per packet,
and send pairs of packets, one real, one fake, random order per pair,
and the fake bits are always the opposite of the real bits,
then each packets gives you a 1 and a 0 to choose between,
so it's not only a no-brainer to pick the right message,
it's also a no-brainer to pick any other message of the same length.
If you ignore all the checksums, that's a one-time pad, though of course
you can't ignore the checksums so it's not a one-time pad.
Collisions are still an issue; if you're just mixing your two data streams
and using an n-bit checksum, then about every 2**n packets,
both checksums will be valid, so you'll need to package it in
a protocol that does something appropriate after each collision
(depending on your checksum algorithm, this may be just to send it again
until you get a non-colliding packet). On the other hand,
if you're mixing your traffic with other people's traffic,
you can't detect the collision until after the fact,
and don't have control over the data stream, so it's tougher.
Longer checksums help, but you'll still get occasional hits,
so you may want to do some sort of Hamming Code recovery.
If you're doing more than one bit per packet, e.g. a byte,
then you've no longer got the perfection of the one-bit version,
but it may still be close enough for government work if you're
mixing enough traffic together. Or it may just be obscurity at that point.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
