How are spoof decryptions prevented?
Brian Gladman
gladman at seven77.demon.co.uk
Tue, 3 Aug 1999 10:55:48 +0100
From: <Denis.Russell@ncl.ac.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 03 August 1999 10:19 AM
Subject: Re: How are spoof decryptions prevented?
> At 5:35 pm +0100 2/8/99, Tom.A.Parker@icl.com wrote:
> >This may seem unduly simple minded, but in a situation where enforcement
to
> >provide clear text is imposed upon me, how would the LEA know that I did
the
> >decryption truly, rather than substitute some censored alternative?
> >...
> >Or is this a reason (not the only one, clearly!) why there is the option
to
> >get the decryption key itself?
> ...
>
> Well, since for any arbitrary bag of bits C you can produce *any* second
> arbitrary set of bits P by "xoring" it with a third set of bits K (where
> all of these sets of bits are of the same length, and K is trivial to
> derive from C and P) it is trivial to "comply" with any request for both
> the supposed plaintext and key corresponding to a suspect message. All you
> do is decide whatever plaintext P that you wish to produce, and then
> generate the corresponding key K, call it "a one time pad" and hand it
over.
>
> I suspect this may not suffice. :-)
>
> Denis.
Actually whoever drafted the proposals doesn't understand this because they
believe that the hidden information resides in the encrypted text and not in
the key :-)
Brian