SFS2000

Padgett 0sirius padgett at gdi.net
Fri, 24 Mar 2000 20:37:31 -0500 

>It is infeasible, with the kinds of symetric keys typically used as
>Session keys, to produce a ciphertext that decodes into two different
>plausible plaintexts with two different symetric keys. 

True, however I did not put the qualification on it. We are not talking
about what is in common use today (though with a short message and a block
cipher...) but rather what could be done.

Consider that a symmetric cipher was not used at all, but instead a OTP.
Consider if the message consisted of a data dictionary and what was
encrypted were the pointers ? (Essentially what LZ compression does). Of
course then you could transmit the dictionary out of channel and just send
the pointers (aka a book code). and then there are "unwitting key
providers"...

Point that I am trying to make is that the code mechanisms in use today
were developed in a climate where the possibility of demand of keys by an
outside party did not exist. If you add in that factor than other mechanism
will arise which take that into account. Overall, they may not be as
efficient as those used today but that does not mean that alternatives do
not exist.

Today, virtually every symmetric cipher in use is based on rotors (matrix
transforms) and boolean logic. The first electro-mechanical one dates to
1918 and can be traced back to Ceasar Cyphers (a "Little Orphan Annie"
fixed at "A=D"). These are easy to express logicaly and in computer
programs (fast). The are not the only constructs available.

The criteria for strength is just that the easiest way to break is to try
every key and the key is made long enough that this is considered impractical.

That is it so far as design criteria goes - strong and fast. Thus modern
ciphers are commonly multiples of register sizes - 16/32/64/128/... (even
DES used 64 bits but in such a way as to make the strength only 56).

Point I am making is that there never has been a need before for a "duress
key" but the concept is not new.

Now for long, multi-block messages, creation of such a code to have an
intelligble output might be difficult. To create a "duress output" of a
single block, not so, particularly is the algoritm were designed to make it
simple.

So the next step would the to restrict the number of approved symmetric
algorithms ?


      	A. Padgett Peterson, P.E., CISSP: Cybernetic Psychophysicist
 Anti-Virus, Cryptographics, & Antique Radio Researcher
http://www.freivald.org/~padgett/index.html
 mailto:padgett@gdi.net     PGP 6.5 Key on request