Camouflage that message !

George Foot georgefoot at oxted.demon.co.uk
Mon, 24 Sep 2001 23:32:04 +0100 

September 23rd.  2001

To ukcrypto mailing list.

The proposition that facilities must be provided for continuous
monitoring by law enforcement agencies of all electronic
transmissions including encrypted messages is contentious but will
have attracted additional support following recent events in the USA.     

It is timely to re-examine the use of encryption as performed
conventionally by extensive mathematical transformations of  the
numbers representing characters in a message.  In practice these are
complex operations which become practicable only with the
assistance of advanced computers.  A very negative aspect of
methods of this kind is that they induce unending rivalry between
mathematicians and cryptoanalysts  in which success by an analyst
may not be  publicised so that inevitably some doubt concerning
security always remains.

The alternative of hiding the message using  steganography is
subject to the same criticism because it employs mathematical
algorithms, because it is equally complex and because success in
analysis may be concealed.

The use of a book of codes in place of conventional words has
advantages but is only suitable for communications between a
restricted number of persons and is valueless if a code book is lost or
stolen.

A further method of achieving security is Camouflage.  A string of
characters comprising a message can be disguised completely by
camouflaging that string with another string composed of random
characters.  Subsequently the message can be revealed easily if
sender and receiver have possession in advance of the same
camouflaging string.   This is the principle of the One-Time-Pad.

The question may be asked whether a camouflage system can be
devised which provides high security but is also suitable for everyday
use under practical conditions.  An approach to a solution of this type
is described in my Web Pages  which you are invited to download.

The first step is to prepare a very large file containing a billion or more
random bytes.  Identical copies of this file can be made available  to
anybody interested at little cost -- for example by  distributing the file
on a CD or a DVD disc.  Call this large file a PAD.

It is a simple matter to select Pointers to indicate a number, for
example thirteen, different locations in the Pad and from each of these
locations to derive a string of random bytes which can then  be
EORed together to form a new string.  This new string becomes the
camouflage string for a particular message and is unique to that
message.

In deriving the camouflage string from the Pad there is no constraint
whatever on the selection of locations in the Pad for Pointers.  The
choice of Pointers is wholly independent of any other consideration. 

The camouflage string must be reproduced precisely for successful
decryption using exactly the same Pointers as were used for
camouflage.  With a billion bytes from which to choose, even an
incorrect selection by a single byte in respect of the location of only
one of the Pointers will produce a totally meaningless result instead of
revealing the plaintext of the message.  

The term Camouflage is chosen for this method to emphasise that a
simple camouflaging operation is all that is necessary to conceal the
meaning of a message.  This is in contrast to the complex
mathematical transformations which are more generally employed.
The total computational effort is not only much reduced but
particularly for short messages becomes very small indeed and the
simplest of computers is adequate for the task.

The camouflaging method may be considered advantageous for the
encryption of messages when commercial security is required.   The
effective Key Space is very large indeed.  Depending on the
application, there may be no need to retain knowledge of the Key after
a message is transmitted.

No principles are involved which are fundamentally new.   If indeed
the method should already be in use elsewhere I should be pleased to
have information on experience which has been gained.   If there are
drawbacks I should be glad to hear of them.

George
-- 
George Foot
georgefoot@oxted.demon.co.uk
http://www.oxted.demon.co.uk/
http://www.oxted.demon.co.uk/index.html