OTP dual decryption

Phil Karn karn at qualcomm.com
Wed Jun 23 18:39:57 PDT 1993


At , nobody at eli-remailer.toad.com wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Using a one-time pad for dual decryption might work like this.
>
>I have a file, D (for Dangerous), which I want to conceal.  I construct
>a random file of the same length, K (for Key), which will be my "encryption
>key".  I xor K and D to produce E (for Encrypted), the encrypted file.  I
>delete D and hide K somewhere.

I have a better idea. You generate your D (dangerous) file and encrypt
it with IDEA or DES and a secret key K that you commit to memory. You then
destroy D. If (encrypt(D,K)) is seized and you are ordered to decrypt it,
then you produce a file F such that (F XOR encrypt(D,K)) produces whatever
bogus plaintext you desire and hand F over to the cops claiming that it's
your one-time pad.

Much simpler, and no chance of them discovering your plaintext, although
there's no guarantee that they won't suspect that you're still hiding
something (especially if they read cypherpunks).

Phil







More information about the cypherpunks-legacy mailing list