Re-dividing Complexity between Algorithms and Keys

(Key Scripts)
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2247)


For decades cryptography strived for its goals by packing complexity into the exposed program, all the while pressing down the size of the secret key. Alas, modern technology (1) makes small keys a secondary requirement, (2) allows for layering of program logic, and (3) offers privacy and security offenders clever eavesdropping tools; altogether warranting a re-examination of the relative roles of the “passive” key and the “active” algorithm. We describe a working system where the nominal key is merged with some JavaScript code to become the “effective key,” thereby conferring upon the JavaScript interpreter (standard part in modern browsers), the role of the exposed cryptographic algorithm. We show that such Key-Script offers equivocation, (deniability), and we provide a secure key-distribution scheme that is not based on one-way functions, rather on the attribute of equivocation. We examine this new setting, and argue that it formally defeats cryptanalysis, where in practice such robustness is somewhat qualified.


Fast Software Encryption Modern Browser Security Risk Assessment United States General Account Browser Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rolf Oppliger, Security Technologies for the World Wide Web, ISBN 1-58053-045-1, 2000, 444 pp.Google Scholar
  2. 2.
    Vesna Hassler, Security Fundamentals for E-Commerce, ISBN 1-58053-108-3, 2001, 416 pp.Google Scholar
  3. 3.
    Rolf Oppliger, Secure Messaging with PGP and S/MIME, ISBN 1-58053-161-X, 2001, 332 pp.Google Scholar
  4. 4.
    United States General Accounting Office Accounting and Information Management Division Information: Security Risk Assessment GAO Practices of Leading Organizations; November 1999Google Scholar
  5. 5.
    Sheila Frankel, Demystifying the IPsec Puzzle, ISBN 1-58053-079-6, 2001, 296 pp.Google Scholar
  6. 6.
    James P. Anderson, Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA 01731 (Oct. 1972) [NTIS AD-758 206]Google Scholar
  7. 7.
    Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DoD 5200.28-STD (1983, 1985)Google Scholar
  8. 8.
    Philip Myers, Subversion: The Neglected Aspect of Computer Security, Master Thesis. Naval Postgraduate School, Monterey, CA93940 (June 1980)Google Scholar
  9. 9.
    Peter G. Neumann, L. Robinson, Karl N. Levitt, R. S. Boyer, and A. R. Saxena, A Provably Secure Operating System, M79-225, Stanford Research Institute, Menlo Park, CA94025 (June 1975)Google Scholar
  10. 10.
    Grace H. Nibaldi, Proposed Technical Evaluation Criteria for Trusted Computer Systems, M79-225, The Mitre Corporation, Bedford, MA01730 (Oct. 1979)Google Scholar
  11. 11.
    G. Vernam, “The Vernam Cipher” US Patent No 1,310,719Google Scholar
  12. 12.
    C. E. Shannon “A Mathematical Theory of Cryptography” Technical Report 45-110-92, Bell Laboratories, 1945.Google Scholar
  13. 13.
    C. E. Shannon “Communication Theory of Secrecy Systems”, Bell Systems Tech. Jr. Vol 28, pages 656–715, 1949MathSciNetGoogle Scholar
  14. 14.
    R. Canetti, U. Feige, O. Goldreich and M. Naor “Adaptively Secure Computation”, 28th STOC, 1996Google Scholar
  15. 15.
    R. Canetti, R. Gennaro, “Incoercible Multiparty Computation”, FOCS’96Google Scholar
  16. 16.
    D. Beaver: “Plausible Deniability (extended abstract)”; Pragocrypt’ 96 Proceedings, 1996Google Scholar
  17. 17.
    G. Davida “Ciphertext Transformations and Deniability” 1997 Information Security Workshop Ishikawa High-Tech Conference Center Japan Advanced Institute of Science and TechnologyGoogle Scholar
  18. 18.
    M Roe “Cryptography and Evidence” Doctoral Dissertation, Univ of Cambridge, UK, 1997Google Scholar
  19. 19.
    Ran Canetti, Cynthia Dwork, Moni Naor, Rafail Ostrovsky “Deniable Encryption” Crypto’97Google Scholar
  20. 20.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone “Handbook of Applied Cryptography” CRC Press 1997Google Scholar
  21. 21.
    J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Cryptanalytic attacks on pseudorandom number generators”, Fast Software Encryption, Fifth International Proceedings, pp. 168–188, Springer-Verlag, 1988.Google Scholar
  22. 22.
    D. Hoover, B. Kausik “Software Smart Cards via Cryptographic Camouflage” Proceedings of the 1999 IEEE Symposium on Security and PrivacyGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  1. 1.Technion - Israel Institute of TechnologyHaifaIsrael

Personalised recommendations