[Cryptography] Unbreakable crypto

John Denker jsd at av8n.com
Wed Dec 30 12:38:24 EST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/30/2015 04:50 AM, Jeremy French asked:

> In none of these cases is proof of innocence possible, but when a
> paranoid government department has 'reasonable suspicion' what can
> you do?

Answer:  Cover traffic.

I'm serious.  Send lots of cover traffic.  This point was also 
made in the message by Henry Baker on 12/30/2015 06:14 AM.  That
message was sarcastic as to tone, yet correct as to principle.

In particular, here is a not-very-laborious way of sending some
cover traffic:
  *) Configure your mailer to include a little bit of cover traffic
   in every email you send.  I've been doing this for a year or so.
   Look at the Quilt: header in this message.

Here is a more elaborate way.  This is not as sarcastic as it
might seem on first reading:
  1) Choose some prominent recipients in your jurisdiction.  For
   example, you might choose Richard Cheney, Donald Rumsfeld, and
   Jay Bybee.
  2) Cut some PGP keypairs, one for each recipient, and immediately
   throw away the private keys.
  3) Obtain a couple kbytes from the best RNG you have.  Encrypt
   it with the aforementioned keys.
  4) Email the encrypted data to the chosen recipients.
  5) Repeat steps 3 and 4 every so often.
  6) When asked by your "paranoid government department" you can
   say there is a conspiracy to commit war crimes, torture, murder,
   perjury, illegal wiretapping, and seditious overthrow of the 
   US constitution.  By way of corroboration, Cheney has admitted
   as much during TV interviews ... but emphasize that the proof
   is in those encrypted emails.  Tell them that they should arrest
   those guys and torture them until they divulge the keys.

HB sent cover traffic to this list, which is better than nothing,
but maybe not sufficient if you think the aforementioned paranoid
government department would just round up everybody on this list.
The technique of saying "I AM SPARTACUS" has a mixed track record.
So choose a wider distribution.

While we're on the subject, each person on this list is invited
to send some modest amount of email (up to 1 MB per day) to
<null at av8n.com>.  PGP key 1449C7F7 should be available on all
the usual keyservers.  All mail received at that address is 
immediately discarded, whether encrypted or not.  All data
encrypted with that key is unreadable, because the private
key was destroyed as soon as it was created.

More generally, *all* network protocols should be redesigned to
include a goodly amount of cover traffic.  It will take some
time to implement this, but in the meantime we should not let
the perfect be the enemy of the good.

Bottom line:  Cover traffic.  Send a bunch of cover traffic already.
If we get to a point where enough people send enough cover traffic,
the bad guys will face a much harder problem, namely searching for
a particular needle in a stack of needles.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVoQWkPO9SFghczXtAQL0ig/+JwVYc0RpX0/NFNgYUxwCy6oquxG9BrwA
JKWh7eGuu4Xz+4ZV06iCQmJjVZsZPU0taLIyVXkldtDTRgDT4HgqmsumZTIg9QHL
2hltWmgwJ7wOy7L3h/89k4zlyL0k52CkBo+mupFju0ZzOO90cxULAZJRyTx+sW4L
icEmCTCjPCNfq12hkKxX3vOxlh/6xeukHMZQJVPcDjMtjLlJHGzu6NyKTBjerRSC
69jmwqhYZkSJWsRcbYsJ8IhhV1txNZMIzpJZ8pLmFOdB6qz6VqJ5TgWeo5tM5vjK
cRY9INOpMIfP91ZmCqfB+mhkmtfJdcFdS6mhJIGl6lVNqNTqPyM0IK0hNPM77/fZ
sLhcDQESf0Net2d0jCAUowFnheWkPHOZD95XbnsWstrR//c8bjezo0kHJoJrU3aa
LGTSBZ+f+PRTCSPm0bGkGW9rMo7BukAnEQnv2TXUF8x2X+a3ZVmCp8EoQi25q/KD
27gA4ez0va9ANWDb/+bGEajzlIMvB5VvHkdf0+7D+hjQtFQ8ZbZQBM6zrYEzIwy4
diYKDAeq886I819eeOzJNCWu1yup055n6b02GJ6fyu+zovmRe9zjfL3FZBpDbu69
PC+vYI9YIyADdQwCw0kbblvcgPbWw3Y8RKUAOJQVaVfa2Kje4GYCRn/+ZH/DSdwJ
HBSbIDNHV9s=
=sz1j
-----END PGP SIGNATURE-----

More information about the cryptography mailing list