A Secure Subliminal Channel (?)

  • Gustavus J. Simmons
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 218)


At Crypto’83, the present author showed that a transmitter and chosen receiver(s) -- by secretly exchanging some side information -- could pervert an authentication without secrecy channel to allow them to convert a portion of the authentication information to a hidden (covert) communications channel [1]. It was also shown that under quite reasonable conditions even the detecticn of the existence of this Covert channel could be made as difficult as the underlying authentication algorithm was “cryptosecure”. In view of this open -- but indetectable -- existence, such a covert channel was called a “sublininal” channel. The examples constructed in [1] were more in the nature of existence proofs than of practical subliminal communications channels. At Eurocrypt’84 [2], however, it was shown how to use digital signature schemes as a way of realizing practical subliminal channels and, in particular, subliminal channels were devised using Ong and Schnorr’s quadratic approximation scheme [3], Ong, Schnorr and Shamir’s quadratic representation schemes [4] and Ong. Schnorr and Shamir’s cubic signature scheme [5] as Well as Carnal’s discrete logarithm-based digital signature scheme [6]. Unfortunately, from the standpoint of providing a secure (and feasible) subliminal channel, all Of these digital signature schemes were cryptanalyzed [7],[8] shortly after being proposed. At Crypto’84, a fourth variant to the earlier digital signature schemes of Ong, Schnorr and Shamir was presented by Schnorr [9] which was also quickly cryptanalyzed [10]. At the 1985 IEEE Symposium on Security and Privacy, Okamoto and Shiraishi proposed yet another digital signature scheme based on quadratic inequalities [11] which had been designed to avoid the cryptanalytic weaknesses that hed flawed the schemes of Schnorr, et al. The cryptanalysis of this scheme by Erickell and DeLaurentis is reported elsewhere in these Proceedings [12]. In view of the short-lived nature Of all of these schemes, it has become a high risk venture to propose subliminal channels based on digital signatures. The motivation for going so is that digital Signatures can be much easier to calculate and verify tnan full-fledged two-key ciphers. As a result, the benefits (of a successful implementation) far outweigh the risks of perhaps having an insecure digital sianature (or subliminal) channel slip by undetected. Based on the cumulative experience gained in cryptanalyzing the six digital signature schemes mentioned above, Brickell and DeLaurentis propose a new scheme in their paper that appears to avoid the weaknesses exploited in the earlier cryptanalyses.


  1. 1.
    G. J. Simmons, “The Prisoners’ Problem and the Subliminal Channel,” Proceedings of Crypto’83, Santa Barbara, CA, Aug. 21–24, 1983, in Advances in Cryptology, Ed. by D. Chaum, Plenum Press, New York (1984), pp. 51–67.Google Scholar
  2. 2.
    G. J. Simmons, “The Subliminal Channel and Digital Signatures,” Proceedings of Eurocrypt’84, to appear.Google Scholar
  3. 3.
    H. Ong and C. P. Schnorr, “Signatures through Approximate Representations by Quadratic Forms,” Proceedings of Crypto’83, Santa Barbara, CA, August 21–24, 1983, to be published by Plenum Press.Google Scholar
  4. 4.
    H. Ong, C. P. Schnorr and A. Shamir, “An Efficient Signature Scheme Based on Quadratic Equations,” Proceedings of 16th Symposium on Theory of computing, Washington D.C., April 1984, to appear.Google Scholar
  5. 5.
    C. P. Schnorr, “A Cubic OSS-Signature Scheme,” private communication, May 1984.Google Scholar
  6. 6.
    T. El Gamal, “A New Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, to appear.Google Scholar
  7. 7.
    J. M. Pollard, “Solution of x2-KY2 ≡ m (mod n),” Letter to Schnorr, 29/6/84.Google Scholar
  8. 8.
    J. Shallit, “An Exposition of Pollard’s Algorithm for Quadratic Congruences,” Technical Report 84-006, Department of Computer Science, University of Chicago, Dec. 1984.Google Scholar
  9. 9.
    H. Ong, C. P. Schnorr, and A. Shamir, “Efficient Signature Schemes Based on Polynomial Equations,” to appear in Crypto’84, Lecture Notes in Computer Science, Springer-Verlag, NY (1984).Google Scholar
  10. 10.
    D. Estes, L. Adleman, K. Kompella, K. McCurley, G. Miller, “Breaking the Ong-Schnorr-Shamir Signature Scheme for Quadratic Number Fields,” to appear.Google Scholar
  11. 11.
    T. Okamoto, A. Shiraishi, “A Fast Signature Scheme Based on Quadratic Inequalities,” Proc. of the 1985 Symposium on Security and Privacy, April 1985, Oakland, CA.Google Scholar
  12. 12.
    E. Brickell and J. DeLaurentis, “An Attack on a Signature Scheme Proposed by Okamoto and Shiraishi,” these Proceedings.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1986

Authors and Affiliations

  • Gustavus J. Simmons
    • 1
  1. 1.Applied Mathematics DepartmentSandia National LaboratoriesAlbuquerque

Personalised recommendations