Chaffinch: Confidentiality in the Face of Legal Threats
We present the design and rationale of a practical system for passing confidential messages. The mechanism is an adaptation of Rivest’s “chaffing and winnowing”, which has the legal advantage of using authentication keys to provide privacy.We identify a weakness in Rivest’s particular choice of his “package transform” as an “all-or-nothing” element within his scheme. We extend the basic system to allow the passing of several messages concurrently. Only some of these messages need be divulged under legal duress, the other messages will be plausibly deniable. We show how this system may have some resilience to the type of legal attack inherent in the UK’s Regulation of Investigatory Powers (RIP) Act.
KeywordsAuthentication Scheme Block Cipher Stream Cipher Authentication Data Brute Force Attack
Unable to display preview. Download preview PDF.
- R. Anderson and E. Biham: Two practical and provably secure block ciphers: BEAR and LION. In Fast Software Encryption (proceedings Third International Workshop), 1996, Springer. 76Google Scholar
- W. Annis: Chaffe. http://www.biostat.wisc.edu/~annis/creations/Chaffe.html. 71
- Lord Bassam: Hansard, 13 July 2000, column 434. 78Google Scholar
- D. Beaver: Plausible deniability. In Advances in Cryptology-PraguoCrypt’ 96 Proceedings, Prague, Czech Republic, 1996. pp. 272–288, GC UCMP, ISBN 80-01-01502-5. 83Google Scholar
- M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson and M. Wiener: Minimal key lengths for symmetric ciphers to provide adequate commercial security. A report by an ad hoc group of cryptographers and computer scientists. 1996http://www.crypto.com/papers/keylength.txt. 79
- J. McHugh: Chaffing at the Bit: Thoughts on a Note by Ronald Rivest. In A. Pfitzmann (Ed.) Information Hiding, Third International Workshop, IH’99, Dresden 1999, LNCS 1768, Springer Verlag 2000, pp. 395–404. 77Google Scholar
- R. L. Rivest: Chaffing and winnowing: Confidentiality without encryption. RSA Laboratories CryptoBytes 4(1) 1998. 70, 71Google Scholar
- B. Sussman and K. Fogel: Chaffwin. ftp://ftp.red-bean.com/pub/chaffwin/chaffwin.tar.gz. 71
- UK Stationery Office Ltd: Regulation of Investigatory Powers Act 2000. ISBN 0-10-542300-9. 70, 73Google Scholar