Dr. Dobb's Journal June 1998
I'm not a conspiracy buff. Really I'm not. Of course, it didn't surprise me one bit when a former FBI agent broke 30 years of silence to produce two pieces of paper he took from James Earl Ray's car -- papers that allude to the mysterious "Raoul" whom Ray has long claimed was involved with him in the assassination of Martin Luther King. Papers that support Ray's claims of a conspiracy. Nor did it surprise me, given J. Edgar Hoover's well-known hatred of King, when the ex-agent said that he didn't trust his FBI superiors with the information.
Okay, I was a little surprised when a newspaper reported that one of the pieces of paper contained Jack Ruby's telephone number. It was Jack Ruby, you may recall, who killed Lee Harvey Oswald on national television before Oswald could expose the conspiracy behind the JFK assassination. As a result of which we may never know the role of the CIA, the FBI, the Mafia, and Peter Lawford in the assassination. Unless I'm able to prove my theory, that is...
But I'm not a conspiracy buff. I'm just paranoid.
And like any good paranoid, I don't want the FBI reading my mail, even with a court order.
Enter Ron Rivest, MIT professor, winner of Dr. Dobb's Excellence in Programming award, and the white knight of privacy advocates. Rivest has come up with a clever new way of protecting the confidentiality of messages, one that he claims eliminates the two thorny legal hassles of encryption in the U.S. -- export restrictions and the FBI's insistence on having access to the plaintext of the messages. Not only that, but Rivest claims that his scheme is proof against future laws regarding export or key access.
This miraculous scheme is called "Chaffing and Winnowing," and it is remarkably simple: The sender breaks the message up into packets, possibly as small as a single bit, but not necessarily. A serial number is appended to each packet to keep them straight.
The sender then appends to each packet an authentication code computed as a function of the packet contents and a secret authentication key. The secret key is created and shared by the sender and receiver using existing, tested technology, and there are well-known methods for creating the authentication code, too.
The sender then generates bogus packets, containing duplicate serial numbers, plausible but different message contents, and erroneous authentication keys, and sends off the whole mess of valid and bogus packets.
Now, without the authentication key, it is impossible to reconstruct the message. But with the authentication key, it's automatic: The bogus packages are rejected and only the valid ones come through, producing the original message.
Rivest calls the adding of noise (the bogus packets) "chaffing" and the elimination of the noise "winnowing."
Things to note: The Chaffing and Winnowing process is based on authentication technology, which is not regarded by the U.S. Government as encryption and is legal for export.
The Chaffing and Winnowing process is neither encryption nor steganography, the two main ways of achieving confidentiality today, but a totally new method of privacy protection.
Chaffing and Winnowing appears to be entirely legal, with no existing provision for governmental access to the plaintext messages. Bruce Schneier shares his thoughts on the subject at http://www.ddj.com/oped/1998/schneier.htm. And Ron Rivest details at http://theory.lcs.mit.edu/~rivest/chaffing.txt his reasons for thinking that it would be difficult, if not impossible to draft any kind of reasonable law restricting this technology. For example, he argues, any law that required broad government access to authentication keys would create unintended security holes that would be utterly unacceptable by any reasonable standard.
Rivest claims that, due to Chaffing and Winnowing, attempts by law enforcement to regulate confidentiality by regulating encryption are doomed. Wow.
You can contact Rivest at rivest@mit.edu. I think you can assume that any communication with Ron will be monitored, but that's just me.
Paranoid.
--Michael Swaine