-----BEGIN PGP SIGNED MESSAGE----- On 28 Mar 1998, Julian Assange wrote:
Rubber-hose-squad: We will never be able to show that Alice has revealed the last of her keys. Further, even if Alice has co-operated fully and has revealed all of her keys, she will not be able to prove it. Therefor, we must assume that at every stage that Alice has kept secret information from us, and continue to beat her, even though she may have revealed the last of her keys. But the whole time we will feel uneasy about this because Alice may have co-operated fully.
I've never really fully understood this assumption. It seems to me that any person or group that would beat a person isn't going to care much if Alice cooperated or not. All things considered, a group with enough power to grab Alice and beat her probably has ways to escape punishment from the law, or doesn't care about the law in the first place. In this case, I figure that their best option is to beat Alice everyday forever or until she dies. Whichever comes first. The longer they beat her, the better chance there is that she broke down and gave them her most important secrets. Even if she can't prove it.. so what? The rubber-hose group isn't exactly the boy scouts. They beat her the next day too, this time a little harder. Alice may hold up, she may not.. I don't really see the cryptosystem helping here. You can't win a game when the other player doesn't use your rules. You have to use the same set of rules. We know that the rubber-hose wielding guys aren't going to play by Alice's rules. So, the only way for Alice to win is to do the impossible (because this is reality, not TV) and that is to grab the rubber hose and beat them with it. I don't think that any crypto can defend this sort of attack, because it has nothing to do with crypto. Consider even a one-time pad. Alice could calculate the needed pads that would turn her ciphertext into other meaningful plaintext messages. So they beat her. She gives them a pad.. and they beat her again. It won't end. They can never know if they got the "right" pad. But it doesn't really matter, does it? In my opinion deniable encryption is only valuable against a more or less civil entity. Now, what might be useful is some sort of biometric info that is part of the key material. Heart rate, brain wave patterns, maybe biochemical information. As Alice gets beat the fluctuations in her body could make it impossible for her to reveal the information. A sensitive enough system might even stand up against stuff like intimidation and nervousness.. a polygraph test can supposedly detect this. If such a system were implemented, then this could render rubber-hose cryptanalysis useless, or at least much harder to put into effect. Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc Let your life be a counter-friction to stop the machine. Henry David Thoreau "Civil Disobedience" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBNR1/dgKEiLNUxnAfAQF5vwP+Mfykp2hNTgItZpgq5GXPoPwQl0enJv40 C+q43NSvaOzO3t+DAjfJj2IJuqDKXRy5FZikkCvOvr1cadJMbhqliKIrOHC1fkeB ElDnx+7LxzlGsgieAxGFI8JvEB685VY8qsprYFzfI2hQitvztPccpQE/Xvr0ftZi 3meDBzVLq8A= =0bdE -----END PGP SIGNATURE-----