chaffing and winnowing
Does anyone know of any serious work being done on developing the concepts of winnowing and chaffing, as outlined in Ronald L. Rivest's 1998 paper 'Confidentiality without Encryption'? (Or any other similar creative uses of MACs and authentication keys, for that matter? This line of thought certainly seems to have some interesting policy implications, particularly re. making the idea of forced key recovery obsolete. Any references to further papers or applications would be most welcome...thanks! ~Faustine. **** 'We live in a century in which obscurity protects better than the law--and reassures more than innocence can.' Antoine Rivarol (1753-1801).
On Sun, 15 Apr 2001, Faustine wrote:
certainly seems to have some interesting policy implications, particularly re. making the idea of forced key recovery obsolete. Any references to further papers or applications would be most welcome...thanks!
There was a cypherpunks discussion on "chaffing and winnowing without overhead" archived at http://www.inet-one.com/cypherpunks/dir.98.05.11-98.05.17/msg00087.html You can also find a paper by Bellare and Boldyreva "On The Security of Chaffing and Winnowing" http://www-cse.ucsd.edu/users/mihir/papers/cw.ps and the "Chaffinch" system which extends the idea to deal with forced disclosure of keys (RIP act): http://www.cl.cam.ac.uk/~rnc1/Chaffinch.html I seem to recall a paper with a title along the lines of "A Comment on Chaffing and Winnowing" in either Financial Cryptography or maybe Selected Areas in Cryptography, but I can't find it right now. -David
At 07:40 PM 04/15/2001 -0400, Faustine wrote:
Does anyone know of any serious work being done on developing the concepts of winnowing and chaffing, as outlined in Ronald L. Rivest's 1998 paper 'Confidentiality without Encryption'?
Other than the initial flurry of activity around the announcement, there isn't much in chaffing and winnowing that's really useful in most real-world environments that would encourage development of new variations. The fundamental point was that if *any* kind of digital signature system is permitted, it can be used to implement encryption, so bans on encryption technology are inherently bogus. That doesn't mean that various governments won't try it, or won't make laws requiring users of digital signature systems to give up their signature keys when ordered by a court or sometimes by police, but it doesn't really affect the forced disclosure of encryption keys problem.
participants (3)
-
Bill Stewart -
dmolnar -
Faustine