A progress report on subliminal-free channels

  • Mike Burmester
  • Yvo G. Desmedt
  • Toshiya Itoh
  • Kouichi Sakurai
  • Hiroki Shizuya
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1174)


Subliminal channels axe closely related to covert channels and are used to hide secret information. They abuse the communications resource. Subliminal channels can be introduced in many cryptographic systems, and exploit the inherent randomness of the systems. For example, secret information can be hidden in the randomness of the authenticators of an authentication system. Similarly secret information can be hidden in the randomness (of the prover or verifier) of both zero-knowledge proof systems and signature systems.

To establish a subliminal channel the cryptosystem is abused, that is, used in a different way and for a different purpose than intended by its designer. A particularly obnoxious type of subliminal channel may be activated by abortive halting.

For state-of-the-art security, it may be desirable to detect, and if possible prevent, subliminal channels. In this paper we address the problem of whether it is possible to develop (and if so, how) appropriate techniques for detecting or preventing the use of such channels. Several such techniques have already been proposed in the literature, and are suitable for many systems. We review these. We also consider recent developments, in particular with regards to the formal security requirements and their impact on research.

Key Words

Subliminal-freeness authentication identification zero-knowledge proofs secret sharing untraceability divertibility 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In Advances in Cryptology — Crypto '92, Proceedings (Lecture Notes in Computer Science 740) (1993) E. F. Brickell, Ed. Springer-Verlag pp. 390–420.Google Scholar
  2. 2.
    Bengio, S., Brassard, G., Desmedt, Y. G., Goutier, C., Quisquater, J.-J.: Secure implementations of identification systems. Journal of Cryptology 4 (1991) 175–183.Google Scholar
  3. 3.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge Journal of Computer and System Sciences, vol. 37 (2), 1988, pp. 156–189.CrossRefGoogle Scholar
  4. 4.
    Blum, M.: Coin flipping by telephone — A protocol for solving impossible problems. Digest of papers COMPCON82, IEEE Computer Society, 1982, pp. 133–137Google Scholar
  5. 5.
    Burmester, M., Desmedt, Y., Yung, M.: Subliminal-free channels: a solution towards covert-free channels. In Symposium on Computer Security, Threats and Countermeasures (1991) pp. 188–197.Google Scholar
  6. 6.
    Burmester, M. V. D., Desmedt, Y.: All languages in NP have divertible zero-knowledge proofs and arguments under cryptographic assumptions. In Advances in Cryptology, Proc. of Eurocrypt '90 (Lecture Notes in Computer Science 473) (1991) I. Damgård, Ed. Springer-Verlag pp. 1–10.Google Scholar
  7. 7.
    Burmester, M., Desmedt, Y., Itoh, T., Sakurai, K., and Shizuya, H.: Divertible and subliminal-free zero-knowledge proofs of languages. Submitted 1993, under revision.Google Scholar
  8. 8.
    Cleve R.: Limits on the security of coin flips when half the processors are fault. Proceedings of the eighteenth annual ACM Symp. Theory of Computing, STOC, 1986, pp. 364–369.Google Scholar
  9. 9.
    Desmedt Y.: Protecting against Abuses of Cryptosystems in Particular in the Context of Verification of Peace Treaties. Sequences (Combinatorics, Compression. Security, and Transmission), R. M. Capocelli, Ed, Springer-Verlag, 1990, pp. 394–405.Google Scholar
  10. 10.
    Desmedt, Y.: Subliminal-free authentication and signature. In Advances in Cryptology, Proc. of Eurocrypt '88 (Lecture Notes in Computer Science 330) (May 1988) C. G. Günther, Ed. Springer-Verlag pp. 23–33.Google Scholar
  11. 11.
    Desmedt, Y.: Abuses in cryptography and how to fight them. In Advances in Cryptology — Crypto '88, Proceedings (Lecture Notes in Computer Science 403) (1990) S. Goldwasser, Ed. Springer-Verlag pp. 375–389.Google Scholar
  12. 12.
    Desmedt, Y.: Making conditionally secure cryptosystems unconditionally abuse-free in a general context. In Advances in Cryptology — Crypto '89, Proceedings (Lecture Notes in Computer Science 435) (1990) G. Brassard, Ed. Springer-Verlag pp. 6–16.Google Scholar
  13. 13.
    Desmedt, Y.: Subliminal-free sharing schemes. Proceedings 1994 IEEE International Symposium on Information Theory, Trondheim, Norway, 1994, p. 490.Google Scholar
  14. 14.
    Desmedt, Y.: Simmons' Protocol is not free of subliminal channels. To be presented at the 9th IEEE Computer Security Foundations Workshop, County Kerry, Ireland, June 10–12, 1996, to appear in the proceedings.Google Scholar
  15. 15.
    Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol. In Advances in Cryptology, Proc. of Crypto '87 (Lecture Notes in Computer Science 293) (1988) C. Pomerance, Ed. Springer-Verlag pp. 21–39.Google Scholar
  16. 16.
    Desmedt, Y., Yung, M.: Unconditional subliminal-freeness in unconditional authentication systems. In Proceedings 1991 IEEE International Symposium on Information Theory (Budapest, Hungary, June 24–28, 1991) p. 176. Full paper in preparation.Google Scholar
  17. 17.
    Desmedt, Y., Yung, M.: Minimal cryptosystems and defining subliminal-freeness. In Proceedings 1994 IEEE International Symposium on Information Theory (Trondheim, Norway, June 27–July 1, 1994) p. 347.Google Scholar
  18. 18.
    Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. Journal of Cryptology 1 (1988) 77–94.Google Scholar
  19. 19.
    Diffie, W., Hellman, M. E.: New directions in cryptography. IEEE Trans. Inform. Theory, vol. IT-22 (6), pp. 644–654 1976.CrossRefGoogle Scholar
  20. 20.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology, Proc. of Crypto '86 (Lecture Notes in Computer Science 263) (1987) A. Odlyzko, Ed. Springer-Verlag pp. 186–194.Google Scholar
  21. 21.
    Galil, S., Haber, S., Yung, M.: Minimum-knowledge interactive proofs for decision problems. Siam J. Comput., vol. 18, pp. 711–739, August 1989.Google Scholar
  22. 22.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Sciences, vol. 28 (2), pp. 270–299, 1984.Google Scholar
  23. 23.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. Siam J. Comput., vol. 18, pp. 186–208, February 1989.CrossRefGoogle Scholar
  24. 24.
    Itoh, T., Sakurai, K., Shizuya, H.: Any language in IP has a divertible ZKIP. In Advances in Cryptology — Asiacrypt '91, Proceedings (Lecture Notes in Computer Science 739) (1993) H. Imai, R. L. Rivest, and T. Matsumoto, Eds. Springer-Verlag pp. 382–396.Google Scholar
  25. 25.
    Jones, T. C., Seberry, J.: Authentication without secrecy. ARS Combinatoria 21 (1986) 115–121.Google Scholar
  26. 26.
    Lampson, B. W.: A note on the confinement problem. Comm. ACM, vol. 16 (10), pp. 613–615, 1973.Google Scholar
  27. 27.
    Okamoto, T., Ohta, K.: Divertible zero knowledge interactive proofs and commutative random self-reducibility. In Advances in Cryptology, Proc. of Eurocrypt '89 (Lecture Notes in Computer Science 434) (1990) J.-J. Quisquater and J. Vandewalle, Eds. Springer-Verlag pp. 134–149.Google Scholar
  28. 28.
    Shannon, C. E.: A Mathematical Theory of Communications. Bell System Techn. Jour., vol. 27, pp. 623–656 1948.Google Scholar
  29. 29.
    Simmons, G. J.: The prisoners' problem and the subliminal channel. In Advances in Cryptology. Proc. of Crypto 83 (1984) D. Chaum, Ed. Plenum Press N.Y. pp. 51–67.Google Scholar
  30. 30.
    Simmons, G. J.: Verification of Treaty Compliance-Revisited. Proc. of the 1983 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Oakland, 1983, pp. 61–66.Google Scholar
  31. 31.
    Simmons, G. J.: The subliminal channel and digital signatures. In Advances in Cryptology. Proc. of Eurocrypt 84 (Lecture Notes in Computer Science 209) (1985) T. Beth, N. Cot, and I. Ingemarsson, Eds. Springer-Verlag, Berlin pp. 364–378.Google Scholar
  32. 32.
    Simmons, G. J.: The secure subliminal channel (?). In Advances in Cryptology: Crypto '85, Proceedings (Lecture Notes in Computer Science 218) (1986) H. C. Williams, Ed. Springer-Verlag pp. 33–41.Google Scholar
  33. 33.
    Simmons, G. J.: An introduction to the mathematics of trust in security protocols. In Proceedings: Computer Security Foundations Workshop VI (1993) IEEE Computer Society Press. pp. 121–127.Google Scholar
  34. 34.
    Simmons, G. J.: The subliminal channels in the U.S. digital signature algorithm (DSA). In Proceedings of the 3rd Symposium on: State and Progress of Research in Cryptography (February 15–16, 1993) W. Wolfowicz, Ed. pp. 35–54.Google Scholar
  35. 35.
    Simmons, G. J.: Cryptanalysis and protocol failures. Commun. ACM 37 (1994) 56–65.Google Scholar
  36. 36.
    Simmons, G. J.: Subliminal channels; past and present. European Trans. on Telecommunications 5 (1994) 459–473.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Mike Burmester
    • 1
  • Yvo G. Desmedt
    • 2
  • Toshiya Itoh
    • 3
  • Kouichi Sakurai
    • 4
  • Hiroki Shizuya
    • 5
  • Moti Yung
    • 6
  1. 1.Department of MathematicsRoyal Holloway - University of LondonEghamUK
  2. 2.Department of EE & CSUniversity of Wisconsin, MilwaukeeMilwaukeeUSA
  3. 3.Department of Information Processing, Interdisciplinary Graduate School of Science and EngineeringTokyo Institute of TechnologyYokohamaJapan
  4. 4.Department of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan
  5. 5.Education Centre for Information ProcessingTohoku UniversitySendaiJapan
  6. 6.T.J. Watson Research CentreIBMYorktown HightsUSA

Personalised recommendations