We present the design and rationale of a practical system for passing confidential messages. The mechanism is an adaptation of Rivest’s “chaffing and winnowing”, which has the legal advantage of using authentication keys to provide privacy.We identify a weakness in Rivest’s particular choice of his “package transform” as an “all-or-nothing” element within his scheme. We extend the basic system to allow the passing of several messages concurrently. Only some of these messages need be divulged under legal duress, the other messages will be plausibly deniable. We show how this system may have some resilience to the type of legal attack inherent in the UK’s Regulation of Investigatory Powers (RIP) Act.
- Authentication Scheme
- Block Cipher
- Stream Cipher
- Authentication Data
- Brute Force Attack
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Unable to display preview. Download preview PDF.
R. Anderson and E. Biham: Two practical and provably secure block ciphers: BEAR and LION. In Fast Software Encryption (proceedings Third International Workshop), 1996, Springer. 76
W. Annis: Chaffe. http://www.biostat.wisc.edu/~annis/creations/Chaffe.html. 71
Lord Bassam: Hansard, 13 July 2000, column 434. 78
D. Beaver: Plausible deniability. In Advances in Cryptology-PraguoCrypt’ 96 Proceedings, Prague, Czech Republic, 1996. pp. 272–288, GC UCMP, ISBN 80-01-01502-5. 83
M. Bellare and A. Boldyreva: The security of chaffing and winnowing. ASIACRYPT 2000, LNCS 1976, Springer-Verlag 2000, pp. 517–530. 72, 74
M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson and M. Wiener: Minimal key lengths for symmetric ciphers to provide adequate commercial security. A report by an ad hoc group of cryptographers and computer scientists. 1996http://www.crypto.com/papers/keylength.txt. 79
A. Desai: The security of all-or-nothing encryption: Protecting against exhaustive key search. CRYPTO 2000, LNCS 1880, Springer-Verlag 2000, pp. 359–375. 72
A. McDonald and M.G. Kuhn: StegFS: A Steganographic File System for Linux. In A. Pfitzmann (Ed.) Information Hiding, Third InternationalWorkshop, IH’99, Dresden 1999, LNCS 1768, Springer Verlag 2000, pp. 463–477. 84
J. McHugh: Chaffing at the Bit: Thoughts on a Note by Ronald Rivest. In A. Pfitzmann (Ed.) Information Hiding, Third International Workshop, IH’99, Dresden 1999, LNCS 1768, Springer Verlag 2000, pp. 395–404. 77
R. L. Rivest: Chaffing and winnowing: Confidentiality without encryption. RSA Laboratories CryptoBytes 4(1) 1998. 70, 71
R.L. Rivest: All-or-nothing encryption and the package transform. Fast Software Encryption 1997, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp210–218. 71, 72
B. Sussman and K. Fogel: Chaffwin. ftp://ftp.red-bean.com/pub/chaffwin/chaffwin.tar.gz. 71
UK Stationery Office Ltd: Regulation of Investigatory Powers Act 2000. ISBN 0-10-542300-9. 70, 73
Editors and Affiliations
Rights and permissions
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clayton, R., Danezis, G. (2003). Chaffinch: Confidentiality in the Face of Legal Threats. In: Petitcolas, F.A.P. (eds) Information Hiding. IH 2002. Lecture Notes in Computer Science, vol 2578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36415-3_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00421-9
Online ISBN: 978-3-540-36415-3
eBook Packages: Springer Book Archive