In a message dated 96-03-07 23:02:48 EST, vznuri@netcom.com writes:
imagine an application where you freely admit that you have your cryptographic tools, and that you are even willing to tell the "feds" the key for your data. they run the crypto program, and indeed the file decrypts. however, unknown to them, you have given them a key that decrypts the file into something meaningful yet benign, such as a cookie recipe, not your plans for the overthrow of the state. in other words, "interlaced" or "coincident" within the same file is your secret data. given one key, it decrypts into one set of data, and given another key, it decrypts into another set of data.
The only computationally feasible way to accomplish this would be to use a variation of the one time pad (OTP) cipher, and use two keys: the genuine key, which is made by the random number generator of your choice, and a specially cooked key generated by XORing the encrypted message with an innocuous message. Decrypting with the random key will yield the real message, and decrypting with the cooked key will yield the innocuous message. The disadvantage to this system is that each key will be the same length as the message. The method you propose (using multiple RSA keys) is not workable. Finding 2 RSA keys that will decrypt a given ciphertext block to any 2 meaningful plaintexts is at least as difficult as breaking RSA, and expanding this concept to messages longer than 1 block moves it into the realm of impossibility. Jonathan Wienke