Re: Chaffing and Winnowing

New Message Reply About this list Date view Thread view Subject view Author view

lcs Mixmaster Remailer (mix@anon.lcs.mit.edu)
3 Feb 1999 20:00:02 -0000


Jim Gillogly writes:

> Take an N-bit message and use an all-or-nothing transform on it (another
> Rivest invention -- see his web site). This transform is unkeyed, and
> therefore in itself is not crypto-controlled. Send N-k bits of this
> as a normal message. The remaining k bits are sent in individually
> authenticated chaff/data pairs of 1-bit messages. In the limit for
> large messages this gives virtually no bandwidth overhead and provides
> 2^k protection (OK, it has a constant overhead of k * (1 + hash-size +
> packet-overhead) independent of length).

Very interesting idea!

Would the same thing work for RSA encryption without any symmetric keys?
Send N-k bits of the transformed message in the clear, and the remaining
k bits RSA encrypted.

For systems which express export controls in terms of symmetric key sizes
this could be a reasonable alternative.

Even if you're allowed only 512 bit RSA keys, it still seems like you'd
need a bigger machine to crack them than 56 bit DES keys. Technically the
work factor may be comparable, but the 512 bit keys would seem to require
more complex algorithms. Could there be a silicon RSA key cracker out
there analogous to Deep Crack?


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:25