Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
chaffing and winnowing + gpg?
sen_ml at eccosys
Jun 25, 1998, 10:01 PM
Post #1 of 3 (520 views)
Permalink
hi-

have you read the following rivest paper:

http://theory.lcs.mit.edu/~rivest/chaffing.txt

i think it would be very interesting to have a way of doing this in
gnu pg -- it's seems pretty easy conceptually.

0) start w/ a message that A wants to send to B
1) create a session key as usual (perhaps size might need to be different?)
2) perform the transformation mentioned in the paper on the message
3) split the message up into 1024 (or other size) bytes
4) 'authenticate' each of the pieces made in step 3) using the session key
5) create an appropriate amount of 'chaff'
6) assemble a single resulting message from the 'authenticated' pieces
and 'chaff'

someone has done an implementation of chaffing and winnowing, which can
be found at:

ftp://ftp.red-bean.com/pub/chaffwin/chaffwin.tar.gz

one of the great things about the chaffing and winnowing method is that
there is no encyrption/decryption involved (note: for the specific idea
mentioned above there would be because the session key must be encrypted
using B's public key).

the paper is really very interesting -- it was worth losing sleep over.
there are a number of other exciting points, but i won't spoil that fun by
mentioning them here :-)

-sen
Re: chaffing and winnowing + gpg? [ In reply to ]
wk at isil
Jun 26, 1998, 12:41 AM
Post #2 of 3 (507 views)
Permalink
Sen Nagata <sen_ml@eccosys.com> writes:

> have you read the following rivest paper:
>
> http://theory.lcs.mit.edu/~rivest/chaffing.txt

I know about this.

> i think it would be very interesting to have a way of doing this in
> gnu pg -- it's seems pretty easy conceptually.

- It does not fit very well into the structure of gnupg.
- It increases the message size
- Ron Rivest proposed this scheme for political reasons: to show that
all these export restrictions are nonsense.


Werner
Re: chaffing and winnowing + gpg? [ In reply to ]
kfogel at guanabana
Jun 26, 1998, 7:20 AM
Post #3 of 3 (509 views)
Permalink
I feel obligated to point out that the implementation referred to
below is essentially a toy, a "demo" implementation we made because we
were thought Rivest's idea was very cute. It would need to be
substantially rewritten to be secure, however. The other co-author
and I are considering re-writing it in C, using a better hash (MD5),
and smaller chunk sizes.

Best,
Karl Fogel

Sen Nagata wrote:
>hi-
>
> have you read the following rivest paper:
>
> http://theory.lcs.mit.edu/~rivest/chaffing.txt
>
> i think it would be very interesting to have a way of doing this in
>gnu pg -- it's seems pretty easy conceptually.
>
> 0) start w/ a message that A wants to send to B
> 1) create a session key as usual (perhaps size might need to be different?)
> 2) perform the transformation mentioned in the paper on the message
> 3) split the message up into 1024 (or other size) bytes
> 4) 'authenticate' each of the pieces made in step 3) using the session key
> 5) create an appropriate amount of 'chaff'
> 6) assemble a single resulting message from the 'authenticated' pieces
> and 'chaff'
>
> someone has done an implementation of chaffing and winnowing, which can
>be found at:
>
> ftp://ftp.red-bean.com/pub/chaffwin/chaffwin.tar.gz
>
> one of the great things about the chaffing and winnowing method is that
>there is no encyrption/decryption involved (note: for the specific idea
>mentioned above there would be because the session key must be encrypted
>using B's public key).
>
> the paper is really very interesting -- it was worth losing sleep over.
>there are a number of other exciting points, but i won't spoil that fun by
>mentioning them here :-)
>
>-sen
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal