From: sil...@orfeo.Eng.Sun.COM (Eric Silber)
Subject: A new encryption problem?
Date: 6 Nov 1992 02:38:10 GMT
Organization: Sun Microsystems, Mt. View, Ca.
create a secure encryption algorithm which has the following
Let 'p' be the plain text.
Let 'E' be the encryption transformation.
Let 'c' be the cipher text.
Require: (for-all p)( (c=E(p)) is a text which appears to be
That is, the ciphertext does not appear to be a cipher text.
Also, there are no auxillary indices or auxillary data of any kind.
(not being a cryptologist, i'm sure this is not a new problem,
i just haven't heard of such a tool as the 'E' i'm speculating
From: al...@elevia.uniforum.qc.ca (W.A.Simon)
Subject: A new encryption problem?
Date: 10 Nov 92 04:20:53 GMT
sil...@orfeo.Eng.Sun.COM (Eric Silber)
gives us a problem to solve:
> create a secure encryption algorithm which has the following
> Let 'p' be the plain text.
> Let 'E' be the encryption transformation.
> Let 'c' be the cipher text.
> Require that for-all p
> (c=E(p)) is a text which appears to be a plaintext)
This has been answered, in a way,
by Peter Wayner (way...@cs.cornell.edu).
Ask him about Mimic. It is a dry read, but intellectually well
worth the effort (Peter, this one will cost you).
There may be others, but I am not aware of them.
However, there are easier ways, if one doesn't mind wasting
bandwidth, and if one accepts to step out of the constraints you
have placed on the resolution of the problem. What you ask for
is hard to do; but if your intent is practical rather than
academic, then you will have to count the ways to skin a cat.
So far, steganography's best ally is digitized material. There
is room for dithering and noising. As demonstrated by other
writers in this forum, borrowing a less significant bit within a
digitized product, although slightly less than efficient, is a
very secure way to hide information. This can be done without
giving yourself away.
The danger here is that once we know this, so do "they". So we
have to encrypt this borrowed one-bit wide channel in some
manner. We are back to square one.
On the other hand, if the "borrowed" bits are taken at random
(the random source being the key to a spectrum spreading
algorithm) among the bits of the digitizing word size, our
message is not only safely encrypted, but there is no way to a)
say where it is, b) say what it contains, c) know for sure that
it is indeed there.
On the down side, we will get the equivalent of white noise in
the digitized piece. If your hiding place is a digitized
picture, it will look like a case small-pox and if it is music
you'll think we are back in the age of cheap vinyl. This is
enough to weaken points a) and c), above. So why not bias the
random key so it tends to favor low order bits? The picture will
just gain a bit of romantic haze, and the music will pick up a
touch of tape hiss, elegantly disposed off with a Dolby NR machine...
If you are interested, I suggest you consider [trumpet triumphal]
The Braid [drum roll] yes, my own baby! Look it up for details on
how it is done (just add low bias).
The Braid (donated to PD (yet another drum roll)) will distribute
hidden information in such a way that even a known plaintext
attack will fail, first because any plaintext at all can be found
in the final product if one looks hard enough, second because it
is not possible to prove that a message is indeed hidden there,
third because even if you know that it is there you can't find it
without the key. And the Braid, if you so wish, borrows another
bit to manage key distribution.
Can you imagine the outlawing of digitized material?
[ ... usual disclaimer... ]
Subject: Re: A new encryption problem?
From: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Date: 11 Nov 92 11:01:00 GMT
Reply-To: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Organization: The GrapeVine BBS *** N. Little Rock, AR *** (501) 753-8121
I have been reading this newsgroup for several weeks with keen
interest. And for one am in favor of the privacy that it permits.
However, recently (yesterday) I had the opportunity to speak with a
law enforcement official who had quite a different view.
He was calling from California in order to pick up the pgp program
from us. Seems that they are on the case of a molestor who encrypted
his information using PGP. If they can't crack it the molestor will
more than likely walk due to lack of evidence. This has caused me
some concern because we have agreed (volunteered) to be a
distribution site for PGP (logon as PGP USER pw: PGP). Yet, I for
one would hate to think that there is anyway we could help such scum
in receiveing PGP or similar encryption technology.
At this point I am curious as to what others think. Both about
distribution and about it's use by the underworld. I have read
'Dennings' report and though I disagree with it on several points
this particular case does raise some real-life issues pertinent to
the discussion. If a law was to be passed (and you can bet that if
cases like this one in particular continue one will be) how would
you like it to read?
* Jim Wenzel, SysOp, The GrapeVine BBS, (501) 753-8121 5.6 gigs *
* RIME, Use-Net, ForthNet, SmartNet, MetroLink, Intelec , RecoverNet *
* ThrobNet and MediaNet message echos. Large IBM, Amiga, Adult and *
* Programming file areas. PGP 2.0 public key available upon request *
* SM 1.06 A0059 * Gentlemen: Start your debuggers...