[2329] in cryptography@c2.net mail archive
Re: Rivest's Wheat & Chaff - A crypto alternative
daemon@ATHENA.MIT.EDU (Eli Brandt)
Mon Mar 23 17:05:13 1998
To: crypto list <cryptography@c2.net>
Date: Mon, 23 Mar 1998 14:50:34 -0500 (EST)
From: Eli Brandt <eli@gs160.sp.cs.cmu.edu>
In-Reply-To: <199803222113.NAA18821@m3.sprynet.com> from "William Hugh Murray" at Mar 22, 98 04:06:12 pm
William Hugh Murray wrote:
> While I think that this technique is interesting and useful, and while I
> am opposed to the government's clear intent, I think that this position
> is naive. It is the act of hiding that offends rather than the
> mechanism that we use. It is what we do rather than what we call it.
Yeah, if I were in the government's shoes, I would consider bitwise
chaffing a secret-key cipher derived from a MAC. Previous ways of
getting secrecy from authentication result in familiar-looking stream
or block ciphers, while Rivest's doesn't; and it maintains a closer
conceptual link to authentication. But secrecy is its intent and its
effect, and it's secrecy that the surveillance state fears.
Rivest says that:
"Since [adding chaff] can be performed by anyone..., and since the first
step (adding authentication) may be performed for other good reasons,
we see something novel, where strong confidentiality can even be
obtained without the knowledge and permission of the original sender."
This is indeed clever, but I don't see what it buys you politically.
To provide confidentiality, chaff must be added with a little care
(always complementing bits, for example). At this point there's
criminal intent to encrypt, and the crypto cops come through the
ceiling. Any evidence that the sender colluded -- RICO conspiracy --
seize the whole city block.
--
Eli Brandt | eli+@cs.cmu.edu | http://www.cs.cmu.edu/~eli/
