From: cyphrpunk <cyphrpunk@gmail.com> Sent: Oct 27, 2005 9:15 PM To: "James A. Donald" <jamesd@echeque.com> Cc: cryptography@metzdowd.com, cypherpunks@jfet.org Subject: Re: On Digital Cash-like Payment Systems
On 10/26/05, James A. Donald <jamesd@echeque.com> wrote:
How does one inflate a key?
Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a kilobyte of meaningful data. Current trojans can steal files and log passwords, but they're not smart enough to decrypt and decompress before uploading. They'll take hours to snatch the keyfile through the net, and maybe they'll get caught in the act.
Note that there are crypto schemes that use huge keys, and it's possible to produce simple variants of existing schemes that use multiple keys. That would mean that the whole 8GB string was necessary to do whatever crypto thing you wanted to do. A simple example is to redefine CBC-mode encryption as C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}]) where S is the huge shared string, and we're using AES. Without access to the shared string, you could neither encrypt nor decrypt.
CP
--John