[2363] in cryptography@c2.net mail archive
RE: Chaffing and winnowing - efficiency improvements
daemon@ATHENA.MIT.EDU (William Whyte)
Wed Mar 25 14:46:20 1998
From: William Whyte <wwhyte@baltimore.ie>
To: "cryptography@c2.net" <cryptography@c2.net>,
"'Bill Stewart'"
<bill.stewart@pobox.com>
Date: Wed, 25 Mar 1998 15:16:38 -0000
>An interesting approach is to MAC the chaff bits using
>a different session key. (This doubles the work for the
>sender, but the chaff already doubles the work for the receiver.)
Just a small point, but I don't think it does. You check the MAC given for
the current bit == 0 and that returns true or false. If the return value
is true the bit is 0, if it's false the bit is one.
Here's an adaptation of the algorithm that's considerably faster and just
about maintains the illusion that we're MACing, not encrypting:
* To start with: start two random number generators. Seed one with your
"MAC" key. Seed the other with some other data.
* For every bit of the message:
* Get one byte of output from the good random number generator. XOR it
with the message bit to get byte 1, B1.
* Get one byte of output from the other random number generator. Call
this B2. If B2 is the same as B1 (disregarding the final bit), discard
it and get another random byte from the second random number generator.
* If the bit of the real message is 0, send {0, B1, 1, B2}. Otherwise, send
{0, B2, 1, B1}
The recipient does this:
* Starts a random number generator seeded with the correct key.
* For every four-byte packet {0, b1, 1, b2} received:
* get one byte B from the random number generator
* If B = b1, the appropriate bit of the message = 0. Otherwise the bit = 1.
The idea is that the random byte serves here as an authenticator on the
received data, rather than simply providing a crude XOR cipher.
Cheers,
William
