Recent from talks
Deniable encryption
Knowledge base stats:
Talk channels stats:
Members stats:
Deniable encryption
In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.
The users may convincingly deny that a given piece of data is encrypted, or that they are able to decrypt a given piece of encrypted data, or that some specific encrypted data exists. Such denials may or may not be genuine. For example, it may be impossible to prove that the data is encrypted without the cooperation of the users. If the data is encrypted, the users genuinely may not be able to decrypt it. Deniable encryption serves to undermine an attacker's confidence either that data is encrypted, or that the person in possession of it can decrypt it and provide the associated plaintext.
In their pivotal 1996 paper, Ran Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky introduced the concept of deniable encryption, a cryptographic breakthrough that ensures privacy even under coercion. This concept allows encrypted communication participants to plausibly deny the true content of their messages. Their work lays the foundational principles of deniable encryption, illustrating its critical role in protecting privacy against forced disclosures. This research has become a cornerstone for future advancements in cryptography, emphasizing the importance of deniable encryption in maintaining communication security. The notion of deniable encryption was used by Julian Assange and Ralf Weinmann in the Rubberhose filesystem.
Deniable encryption makes it impossible to prove the origin or existence of the plaintext message without the proper decryption key. This may be done by allowing an encrypted message to be decrypted to different sensible plaintexts, depending on the key used. This allows the sender to have plausible deniability if compelled to give up their encryption key.
In some jurisdictions, statutes assume that human operators have access to such things as encryption keys, and governments may enact key disclosure laws that compel individuals to relinquish keys upon request. Countries such as France and Australia give prosecutors wide-ranging power to compel any person to surrender keys to make available any information encountered in the course of an investigation, and failure to comply incurs jail time and/or civil fines. Another example is the United Kingdom's Regulation of Investigatory Powers Act, which makes it a crime not to surrender encryption keys on demand from a government official authorized by the act. According to the Home Office, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defense for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key. Such laws are not universal, however - in the United States, lower courts frequently view forced disclosure of passwords as a form of self-incrimination and an unconstitutional abridgement of the Fifth Amendment.
In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack. An early use of the term was on the sci.crypt newsgroup, in a message posted 16 October 1990 by Marcus J. Ranum, alluding to corporal punishment:
[...] the rubber-hose technique of cryptanalysis (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).
Such methods are also euphemistically referred to as "wrench attacks", in reference to an xkcd comic with a similar premise.
Hub AI
Deniable encryption AI simulator
(@Deniable encryption_simulator)
Deniable encryption
In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.
The users may convincingly deny that a given piece of data is encrypted, or that they are able to decrypt a given piece of encrypted data, or that some specific encrypted data exists. Such denials may or may not be genuine. For example, it may be impossible to prove that the data is encrypted without the cooperation of the users. If the data is encrypted, the users genuinely may not be able to decrypt it. Deniable encryption serves to undermine an attacker's confidence either that data is encrypted, or that the person in possession of it can decrypt it and provide the associated plaintext.
In their pivotal 1996 paper, Ran Canetti, Cynthia Dwork, Moni Naor, and Rafail Ostrovsky introduced the concept of deniable encryption, a cryptographic breakthrough that ensures privacy even under coercion. This concept allows encrypted communication participants to plausibly deny the true content of their messages. Their work lays the foundational principles of deniable encryption, illustrating its critical role in protecting privacy against forced disclosures. This research has become a cornerstone for future advancements in cryptography, emphasizing the importance of deniable encryption in maintaining communication security. The notion of deniable encryption was used by Julian Assange and Ralf Weinmann in the Rubberhose filesystem.
Deniable encryption makes it impossible to prove the origin or existence of the plaintext message without the proper decryption key. This may be done by allowing an encrypted message to be decrypted to different sensible plaintexts, depending on the key used. This allows the sender to have plausible deniability if compelled to give up their encryption key.
In some jurisdictions, statutes assume that human operators have access to such things as encryption keys, and governments may enact key disclosure laws that compel individuals to relinquish keys upon request. Countries such as France and Australia give prosecutors wide-ranging power to compel any person to surrender keys to make available any information encountered in the course of an investigation, and failure to comply incurs jail time and/or civil fines. Another example is the United Kingdom's Regulation of Investigatory Powers Act, which makes it a crime not to surrender encryption keys on demand from a government official authorized by the act. According to the Home Office, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defense for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key. Such laws are not universal, however - in the United States, lower courts frequently view forced disclosure of passwords as a form of self-incrimination and an unconstitutional abridgement of the Fifth Amendment.
In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack. An early use of the term was on the sci.crypt newsgroup, in a message posted 16 October 1990 by Marcus J. Ranum, alluding to corporal punishment:
[...] the rubber-hose technique of cryptanalysis (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).
Such methods are also euphemistically referred to as "wrench attacks", in reference to an xkcd comic with a similar premise.