Re: More efficient chaffing technique

proff@iq.org
Fri, 27 Mar 1998 10:31:44 +1100 (EST)

• Next message: staym@accessdata.com: "rivest's server"
• Previous message: Svend Olaf Mikkelsen: "DES subkey setup time"
• In reply to: Eric Young: "Re: RC5 Patent Awarded"
• Next in thread: Paul H. Merrill: "Re: More efficient chaffing technique"
• Reply: Paul H. Merrill: "Re: More efficient chaffing technique"
• Reply: Chuck McManis: "Re: More efficient chaffing technique"
• Reply: James Nicolson: "Re: More efficient chaffing technique"

> Wouldn't winnowing and chaffing be worthless if your adversary had
> access to the entire message stream.
>
> Postulate: Given that Charles has access to all message traffic
> between Bob and Alice, by recombination of packets with unique
> serial numbers, and the ability to recognize the full message (which
> would be easier with a packaged message) the problem reduces to finding
> the combinatorial set of packets and testing each resulting 'message.'
>
> Given the abilities of an even moderately powerful machine, it would
> seem that unless the total chaff and wheat exceeded something on the
> order of 100mbytes the message could be recovered in a relatively short
> time.
>
> What am I missing?
> --Chuck

Suppose the wheat/chaff bits are equal, that is there is as much wheat
as chaff. To ensure secure operation, the chaff bits should be chosen
to be the inverse of the wheat bits, and 0 bits should always come first
in the packet stream - that is it should not be possible to predict
wheat or chaff based on packet order (the compression schemes I and
other people outlined do away with this issue altogether, because
wheat and chaff are effectively "in" the same packet/mac).

Imagine the wheat/chaff bits are actually green/red beads and you
are threading a necklace. The goal for both attacker and legitmate
receiver is to end up with a necklace of only Green beads (although,
because of the parameters of this example, an entirely Red necklace
will server you just as well, being the xor of the Green necklace).
At each step there are two choises. Red or Green. The legitimate
receiver can tell Red from Green, because they have a pair of
special filters for their sun-glasses - the MAC key. The attacker
has no such aid (trapdoor) and is effectively colour-blind. The
attacker will end up with a necklace of randomly mixed Red and
Green beads, because they were unable to distinguist one from the
other.

Cheers,
Julian.

• Next message: staym@accessdata.com: "rivest's server"
• Previous message: Svend Olaf Mikkelsen: "DES subkey setup time"
• In reply to: Eric Young: "Re: RC5 Patent Awarded"
• Next in thread: Paul H. Merrill: "Re: More efficient chaffing technique"
• Reply: Paul H. Merrill: "Re: More efficient chaffing technique"
• Reply: Chuck McManis: "Re: More efficient chaffing technique"
• Reply: James Nicolson: "Re: More efficient chaffing technique"