Talk:Deniable encryption

From Wikipedia, the free encyclopedia

Contents

[edit] Bruce Schener's 'Deniable File System' link

Recently a link "Deniable File System" was recently added to the 'see also' section, but I believe it's rather loosely related to the topic and not very informative and reverted it for now. In any case, if anyone wants to re-add it, make sure you add it under the 'External links' section. -- intgr 13:10, 9 June 2006 (UTC)

[edit] Deniability not feasible

"In practice, deniable encryption is very difficult to execute. ... It is nearly impossible to construct keys and ciphertexts for modern block ciphers such that one ciphertext will decrypt to two comprehensible plaintexts."

That's not true. The idea is not to take an existing encryption scheme and make it deniable, but to use new algorithms that incorporate deniablility. In this sense deniable encryption is decidedly possible and practially feasible. [1] Arvindn 02:34, 11 Oct 2004 (UTC)
OK, I'm removing that last paragraph until I get a chance to rework it. Decrypt3 15:29, Oct 11, 2004 (UTC)

[edit] questions

Hello, could someone add some other (than one-time pad) simple example of construction of such cipher? Also, I also don't understand, can this also be used as protection from brute-force cryptanalysis, because you don't know which message is the right one? Samohyl Jan 07:35, 28 Feb 2005 (UTC)

[edit] CDMA as deniable encryption?

CDMA mobile phones essentially combine several different messages (from the tower to the handsets or vice versa) in the air, and the decoding process allows each phone to use its unique code to pick out a message intended for it, or to detect that it isn't being addressed, from a shared bitstream. Could this be considered a form of deniable encryption (since the same bitstream can be decoded to produce different messages), and if so, perhaps it should be referenced in this article? Mr2001 3 July 2005 06:44 (UTC)

Doesn't sound like it's a particularly good example, IMHO... H8gaR 17:34, 26 July 2007 (UTC)

[edit] Example

Do we have to use negative examples of why someone would want deniable encryption? Why can't we use positive examples like free-speech advocates in China instead? —The preceding unsigned comment was added by 192.43.65.245 (talkcontribs) 19:18, 18 May 2006 (UTC)

I don't know about a better example, but it would be problematic, from the NPOV, to use a specific political example (And I do abhor China's free-speech problems, by the way!) — Matt Crypto 21:02, 18 May 2006 (UTC)
I'm not a wikipedian, but from a layman's perspective, the current example seems VERY point-of-view. Probably a military example would be the best NPOV, without identifying the military organization. -Bluenail

[edit] "Significance" and "essence" sections

The recently added "significance" and "essence" sections, in my opinion, read too much like an essay. Besides that, they also widen the already problematic gap between traditional "one ciphertext decrypts into multiple plaintexts" kind of deniability, and deniability offered by upper layers (as in TrueCrypt, PhoneBookFS or StegFS; or OTR where it has an entirely different meaning). Notice how earlier sections seem to imply that OTP-kind of deniability is the only kind of deniability.

Another problem I have with this is the apparent promotion of YouDeny.com and a new patent, calling it a "novel technique." I am not implying that this edit was made in a bad faith, but I believe it's not appropriate for Wikipedia without significant media coverage (WP:V, WP:RS).

I am therefore reverting these edits for now. Does anyone else have a second opinion on this? -- intgr [talk] 15:56, 27 May 2008 (UTC)

The deleted contribution eliminates the clarity they added to a description that otherwise reads very thick and mysterious. It must be stressed that One-Time Pad provides total deniability, owing to its key size, and therefore any ciphersystem that allows for keys as large as desired may provide classical deniability. It's not intellectually honest to remove this point from the discussion. For reference see the quoted patent as well as:

http://eprint.iacr.org/2008/222 "Encryption on Demand"

Samid, G. 2001 "Re-Dividing Complexity Between Algorithms and Keys (Key Scripts)" The Second International Conference on Cryptology in India, Indian Institute of Technology, Madras, Chennai, India. December 2001. "

Samid, G. 2002 " At-Will Intractability Up to Plaintext Equivocation Achieved via a Cryptographic Key Made As Small, or As Large As Desired - Without Computational Penalty " 2002 International Workshop on CRYPTOLOGY AND NETWORK SECURITY San Francisco, California, USA September 26 -- 28, 2002

Samid, G. 2001 "Anonymity Management: A Blue Print For Newfound Privacy" The Second International Workshop on Information Security Applications (WISA 2001), Seoul, Korea, September 13-14, 2001 (Best Paper Award).

Samid, G. 2005 "The Myth of Invincible Encryption" Digital Transactions May-June 2005 —Preceding unsigned comment added by Ignorexxia (talkcontribs) 20:26, 27 May 2008 (UTC)

No, the added contribution adds to the confusion because it suggests that the "long key encryption" approach is the only way to achieve deniability; yet some practical end-user applications that offer a level of deniability (listed above), do not use this method. There is a very good reason for this: if your data is encrypted with a long secret key, then managing this key itself becomes a problem, as it cannot be memorized. What do you do with a long secret key -- do you encrypt it?
I do agree that the article is unclear, but I believe this addition is a step backwards. Not only because it misrepresents the practical approaches of deniable encryption; phrases like "Freedom without privacy is not. Privacy without deniability is not." might belong to an essay or a sales brochure, but it's not something that an encyclopedia would say.
I'm not particularly impressed by your excessive citing of Gideon Samid, either, because it is naturally in his interests to promote his product and patent. It doesn't add to his integrity that his papers never cite other authors' research, and that reputable cryptography researchers like Bruce Schneier [2] and Peter Gutmann [3] have publicly criticized the claims of "AGS Encryptions Ltd.", which is the company that sells Gideon Samid's product. -- intgr [talk] 13:55, 28 May 2008 (UTC)