The Subliminal Channel and Digital Signatures

  • Gustavus J. Simmons
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 209)


In a paper entitled “The Prisoners’ Problem and the Subliminal Channel” [1], the present author showed that a message authentication without secrecy channel providing m bits of overt communication and r bits of message authentication could be perverted to allow an l < r bit covert channel between the transmitter and a designated receiver at the expense of reducing the message authentication capability to r-l bits, without affecting the overt channel. It was also shown that under quite reasonable conditions the detection of even the existence of this covert channel could be made as difficult as the underlying cryptoalgorithm was difficult to “break.” In view of this open -- but indetectable -- existence, the covert channel was called the “subliminal” channel. The examples constructed in [1], although adequate to prove the existence of such channels, did not appear to be feasible to extend to interesting communications systems. Fortunately, two digital signature schemes have been proposed since Crypto 83 -- one by Ong-Schnorr-Shamir [2] based on the difficulty of factoring sufficiently large composite numbers and one by Gamal [3] based on the difficulty of taking discrete logarithms with respect to a primitive element in a finite field -- that provide ideal bases for implementing practical subliminal channels. This paper reviews briefly the essential features of the subliminal channel and then discusses implementations in both the Ong-Schnorr-Shamir and Gamal digital signature channels.


Signature Scheme Discrete Logarithm Signed Message Message Authentication Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    G. J. Simmons, “The Prisoners’ Problem and the Subliminal Channel,” Proceedings of Crypto 83, Santa Barbara, CA, August 21–24, 1983, to be published by Plenum Press.Google Scholar
  2. 2.
    H. Ong, C. P. Schnorr and A. Shamir, “An Efficient Signature Scheme Based on Quadratic Equations,” to appear Proceedings of 16th Symposium on Theory of Computing, Washington D.C., April 1984.Google Scholar
  3. 3.
    T. El Gamal, “A New Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms,” to appear IEEE Transactions on Information Theory.Google Scholar
  4. 4.
    G. J. Simmons, “Message Authentication Without Secrecy,” in Secure Communications and Asymmetric Cryptosystems, ed. by G. J. Simmons, AAAS Selected Symposia Series, Westview Press, Boulder, CO (1982), pp. 105–139.Google Scholar
  5. 5.
    G. J. Simmons, “Verification of Treaty Compliance — Revisited,” Proceedings of the 1982 Symposium on Security and Privacy, Oakland, CA, April 25–27, 1983, pp. 61–66.Google Scholar
  6. 6.
    H. Ong and C. P. Schnorr, “Signatures through Approximate Representations by Quadratic Forms,” Proceedings of Crypto 83, Santa Barbara, CA, August 21–24, 1983, to be published by Plenum Press.Google Scholar
  7. 7.
    C. P. Schnorr, “A Cubic OSS-Signature Scheme,” private communication, May 1984.Google Scholar
  8. 8.
    J. Pollard, “Solution of x2 + ky2 = m (mod n),” private communication, April 1984Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1985

Authors and Affiliations

  • Gustavus J. Simmons
    • 1
  1. 1.Sandia National LaboratoriesAlbuquerque

Personalised recommendations