[Cryptography] deniable symmetric ciphers?
Jon Callas
jon at callas.org
Sat Dec 28 11:48:49 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Dec 27, 2013, at 8:18 PM, Paul Elliott <pelliott at blackpatchpanel.com> wrote:
> * PGP Signed by an unknown key
>
>
> Call a symmetric ciphers deniable if it is computationaly
> difficult to distinguish it's output from random data
> even if it's plaintext is highly ordered or even known.
>
> Are there any strong published deniable ciphers?
Under your definition, pretty much they all are. If ciphertext is distinguishable from random, then that's a flaw in the cipher. It may not be one worth worrying about, but ideally, ciphertext should be indistinguishable from random.
Known plaintext happens all the time. For example, the known plaintext '<?xml version="1.0" encoding="utf-8"?>' or '\n<!DOCTYPE HTML>\n<html lang="' are very common. If a cipher leaks an that XML header is an XML header, then it's just not a very good cipher.
I have to ask why you'd call this property "deniable." There are lots of things that produce data indistinguishable from random, but most of them carry metadata along with it. For example, compression functions ideally are indistinguishable from random, too, but they have metadata hints about that data. Compression functions *want* to be decoded.
If an adversary sees bare-ass nekkid "deniable" data, the first hypothesis about it is that it's ciphertext. A denial of that has to have a reasonable counter-hypothesis. If the naïve attacker just assumes that more-or-less random data is cipher text, they win against this model. Yes, they get false positives, too, but they may not care.
If you want to have a model of deniability, that model has to create or encourage counter-hypotheses. Those counter-hypotheses are more important than the raw output because it's hard to hide data that's indistinguishable from random.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1
wj8DBQFSvwD4sTedWZOD3gYRAqDVAKDtpA5h0WnS5GACRhEQ1JedK1WB8gCfb7yJ
44TAY1Oifum2cfY3soSiwkY=
=VLDa
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list