W e consider a communications scenario i n which a transmitter attempts t o inform a remote r e c e i v e r of t h e s t a t e of a source by sending messages through an imperfect communications channel. There are two fundamentally d i f f e r e n t ways i n which t h e receiver can end up being misinformed. The channel may b e noisy so t h a t symbols i n t h e transmitted message can be received in e r r o r , or the channel may be under t h e control of an opponent who can e i t h e r d e l i b e r a t e l y modify l e g i t i m a t e messages or e l s e introduce f r a u d u l e n t ones t o deceive the r e c e i v e r , i . e . , what Uyner has c a l l e d an " a c t i v e wiretapper" [l]. Of d e t e c t i n g e r r o r ( d e c e p t i o n ) is t h e same i n e i t h e r case: the d e l i b e r a t e i n t r oduction of redundant information i n t o the transmitted message. The way i n which t h i s redundant information is introduced and used, though, is d i a m e t r i c a l l y o p p o s i t e i n t h e two cases. The device by which t h e receiver improves h i s chancesFor a s t a t i s t i c a l l y described noisy channel, coding theory is concerned with schemes (codes) t h a t i n t r o d u c e redundancy i n such a way t h a t t h e most l i k e l y altera t i o n s t o t h e encoded messages a r e i n some sense c l o s e t o t h e code they d e r i v e from.The r e c e i v e r can then use a maximum likelihood detector t o decide which ( a c c e p t a b l e ) message he should i n f e r as having been transmitted from the (possibly a l t e r e d ) code t h a t was received. most l i k e l y a l t e r a t i o n s of an acceptable code as closely a s possible ( i n an approp r i a t e m e t r i c ) t o the code i t s e l f , and d i s j o i n t from t h e corresponding C l u s t e r s about o t h e r a c c e p t a b l e codes. I n o t h e r words, t h e object i n coding theory is t o c l u s t e r t h e
JntroductionIn information based systems, the integrity of the information (from unauthorized scrutiny or disclosure, manipulation or alteration, forgery, false dating, etc.) is commonly provided for by requiring operation(s) on the information that one or more of the participants, who know some private piece(s) of information not known to all of the other participants, can carry out but which (probably) can't be carried out by anyone who doesn't know the private information. Encryption/decryption in a single key cryptoalgorithm is a paradigm of such an operation, with the key being the private (secret) piece of information. Although it is implicit, it is almost never stated explicitly that in a single-key cryptographic communications link, the transmitter and the receiver must unconditionally trust each other since either can do anything that the other can. a system are trustworthy, so long as there exists at least one identified unconditionally trustworthy element (individual or device), it is generally possible to devise protocols to transfer trust from this element to other elements of Unknown trustworthiness to make it possible for users to trust the integrity of the information in the system even though they may not trust all of the elements. A paradigm for such a protocol is the cryptographic key distribution system described in ANSI X9.17 which makes it possible for Even if it can't be assumed that all of the elements in S. Goldwasser (Ed.): Advances in Cryptology
All cryptosystems currently m use are symmetrm m the sense that they require the transmitter and receiver to share, m secret, either the same pmce of reformation (key) or one of a paLr of related keys easdy computed from each other, the key is used m the encryption process to introduce uncertainty to an unauthorized receiver. Not only is an asymmetric encryption system one in whmh the transmitter and receiver keys are different, but in addition it Is computatmnally mfeaslble to compute at least one from the other. Asymmetric systems make it possible to authent2cate messages whose contents must be revealed to an opponent or allow a transmitter whose key has been compromised to communmate m privacy to a receiver whose key has been kept secret-neither of which is possible using a symmetric cryptosystem. This paper opens with a brmf dmcussion of encryptmn principles and then proceeds to a comprehensive discussion of the asymmetric encryptmn/decryption channel and its application m secure communmations.
In 1985, Simmons showed how to embed a subliminal channel in digital signatures created using the El Gamal signature scheme. This channel, though, had several shortcomings. In order for the subliminal receiver to be able to recover the subliminal message, it was necessary for him to know the transmitter's secret key. This meant that the subliminal receiver had the capability to utter undetectable forgeries of the transmitter's signature. Also, only a fraction of the number of messages that the channel could accommodate in principal could octually be communicated subliminally (d p-1) messages instead of p-I) and some of those that could be transmitted were computationally infeasible for the subliminal receiver to recover. In August 1991, the U.S. National Institute of Standards and Technology proposed as a standard a digital signature algorithm (DSA) derived from the El Gamal scheme. The DSA accommodates a number of subliminal channels that avoid all of the shortcomings encountered in the El Gamal scheme. In fairness, it should be mentioned that not all are avoided at the same time. The channel in the DSA analogous to the one Simmons demonstrated in the El Gamal scheme can use all of the bits contained. in the signature that are not used to provide for the security of the signature against forgery, alteration or transplantation, and is hence said to be broadband. All messages can be easily encoded for communication through this channel and are easily decoded by the subliminal receiver. However, this broadband channel still requires that the subliminal receiver know the transmitter's secret key. There are two narrowband subliminal channels in the LXA, though, that d o not give the subliminal receiver any better chance of forging the transmitter's signature than an outsider has. The price one pays to secure this integrity for the transmitter's signature is a greatly reduced bandwidth for the subliminal channel and a large. but feasibledependent on the bandwidth actually used-amount of computation needed to use the channel. In one realization of a narrowband subliminal channel. the computational burden is almost entirely on the transmitter while in the other it is almost entirely on the subliminal receiver. In this paper we discuss only the broadband channel. The narrowband channels have been described by Simmons in a paper presented at the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy, February 15-16, 1993. Space does not permit them to be described here. The reader who wishes to see just how easy it is to communicate subliminally using the M A is referred to that paper as well. The inescapable conclusion, though, is that the DSA provides the most hospitable setting for subliminal communications discovered 10 date. Prologuo One of t h e i n e v i t a b l e consequences o f t h e development of d i g i t a l s i g n a t u r e s t a n d a r d s such a s the d i g i t a l s i g n a t u r e a l g o r i t h m (DSA) proposed by t h e U.S. National I n s t i t u t e o f S t a n d a r d s o f ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.