[Cryptography] Unbreakable crypto

John Denker jsd at av8n.com
Wed Dec 30 12:38:24 EST 2015

Hash: SHA1

On 12/30/2015 04:50 AM, Jeremy French asked:

> In none of these cases is proof of innocence possible, but when a
> paranoid government department has 'reasonable suspicion' what can
> you do?

Answer:  Cover traffic.

I'm serious.  Send lots of cover traffic.  This point was also 
made in the message by Henry Baker on 12/30/2015 06:14 AM.  That
message was sarcastic as to tone, yet correct as to principle.

In particular, here is a not-very-laborious way of sending some
cover traffic:
  *) Configure your mailer to include a little bit of cover traffic
   in every email you send.  I've been doing this for a year or so.
   Look at the Quilt: header in this message.

Here is a more elaborate way.  This is not as sarcastic as it
might seem on first reading:
  1) Choose some prominent recipients in your jurisdiction.  For
   example, you might choose Richard Cheney, Donald Rumsfeld, and
   Jay Bybee.
  2) Cut some PGP keypairs, one for each recipient, and immediately
   throw away the private keys.
  3) Obtain a couple kbytes from the best RNG you have.  Encrypt
   it with the aforementioned keys.
  4) Email the encrypted data to the chosen recipients.
  5) Repeat steps 3 and 4 every so often.
  6) When asked by your "paranoid government department" you can
   say there is a conspiracy to commit war crimes, torture, murder,
   perjury, illegal wiretapping, and seditious overthrow of the 
   US constitution.  By way of corroboration, Cheney has admitted
   as much during TV interviews ... but emphasize that the proof
   is in those encrypted emails.  Tell them that they should arrest
   those guys and torture them until they divulge the keys.

HB sent cover traffic to this list, which is better than nothing,
but maybe not sufficient if you think the aforementioned paranoid
government department would just round up everybody on this list.
The technique of saying "I AM SPARTACUS" has a mixed track record.
So choose a wider distribution.

While we're on the subject, each person on this list is invited
to send some modest amount of email (up to 1 MB per day) to
<null at av8n.com>.  PGP key 1449C7F7 should be available on all
the usual keyservers.  All mail received at that address is 
immediately discarded, whether encrypted or not.  All data
encrypted with that key is unreadable, because the private
key was destroyed as soon as it was created.

More generally, *all* network protocols should be redesigned to
include a goodly amount of cover traffic.  It will take some
time to implement this, but in the meantime we should not let
the perfect be the enemy of the good.

Bottom line:  Cover traffic.  Send a bunch of cover traffic already.
If we get to a point where enough people send enough cover traffic,
the bad guys will face a much harder problem, namely searching for
a particular needle in a stack of needles.
Version: GnuPG v1


More information about the cryptography mailing list