Deniable data storage
I want to store information deniably. So there would be a fixed sized block of data, say one megabyte, increasing by multiples of 8 as needed. This would contain various items of information that one could extract by supplyin a secret, symmetric, key. A random key would extract a block of gibberish of random length There would be no indication as to how many bits of meaningful data were stored in the block, though obviously they would have to add up to less than the size of the block. So one could store one's password list under one key, and the location of the dead bodies under another key, and absent that key, there would be no evidence that they key, or information hidden under that key, existed. What is a good algorithm for this?
hi, Keep K =Original Key P =Original Plain Text C =Original cipher text D=Dummy plain text C'=Dummy cipher text K'=Dummy key use a symmetric key encryption algorithm with a secret key 'k' over plain text 'P' to obtain cipher text 'C' Then we find k'= C (xor) D Preferably D is atleast as long as C. Now we can claim we used k' as one time pad to encrypt. When the police decrypts they obtain D= C (xor) k', the dummy plain text. This is not an efficient algorithm but even if you did have one, this is not a very good idea because the secret police will first get the dummy key and when they see there is nothing of significance in the plain text, they will beat the original key out of us and I dont suppose any democracy in the world prevents this from happening :-) Regards Sarath. --- "James A. Donald" <jamesd@echeque.com> wrote:
I want to store information deniably.
So there would be a fixed sized block of data, say one megabyte, increasing by multiples of 8 as needed.
This would contain various items of information that one could extract by supplyin a secret, symmetric, key. A random key would extract a block of gibberish of random length There would be no indication as to how many bits of meaningful data were stored in the block, though obviously they would have to add up to less than the size of the block.
So one could store one's password list under one key, and the location of the dead bodies under another key, and absent that key, there would be no evidence that they key, or information hidden under that key, existed.
What is a good algorithm for this?
__________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
At 06:58 PM 11/5/03 -0800, James A. Donald wrote:
I want to store information deniably. ... This would contain various items of information that one could extract by supplyin a secret, symmetric, key. A random key would extract a block of gibberish of random length There would be no indication as to how many bits of meaningful data were stored in the block, though obviously they would have to add up to less than the size of the block.
I believe one of Ross Anderson's students did something like this a few years ago, basically using error-correcting codes with a lot of redundancy. The basic idea is that you use some kind of massive error correction and use a different sequence of bits with each key, so that you're very unlikely to have enough of your message bits clobbered by another message to make it impossible to decode correctly. (It seems like there'd be a problem with information leakage about number of channels here, if you had a message encoded in that block of bits, because you would know when you decoded it how often you'd had bits flipped, but maybe they resolved that somehow.) --John Kelsey, kelsey.j@ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
participants (3)
-
James A. Donald -
John Kelsey -
Sarad AV