New UK crypto law and an idea on how to defeat it

Raman Boucher
Wed, 1 Dec 1999 09:07:50 -0800 (PST)

Message from a new crypto junkie:

Unfortunately, I don't think this fully solves the problem.

Bob still has to 'lie' (at least that is how the cops will
feel about it). Ultimately Bob still has a way to get to
the meaningful plaintext...and given only a small sampling of
cyphertexts the cops will eventually get figure that out
(meaningless faketexts, incorrect file sizes...).

It may be possible for Bob to put them off temporarily by using 
"meaningful" faketexts. But I suspect that won't last...cops
(at least in movies) see to be tenacious creatures.

This scheme seems to be an elaboration of Bob saying to
the cops "I lost that key". Because Bob can still get to the
meat, but the cops cannot...and only if Bob is caught
'with his hand in the cookie jar' can he legitimately be

Better is for Bob to encrypt his message with Alice's key
as in the two-key system. He doesn't know the key, but
can get it. Bob can't coerce Alice to give up her key
(though the cops may be able to). Of course Bob must trust
Alice to cough up the key when necessary. 

Perhaps for this purpose, Alice can be a bot. When tickled
in just the right way, Alice will give up her key...not a 'key'
perse, but still some way to keep the key safe.

Just my $0.02. 

Raman Boucher                  Zero G Software, Inc.
415 512 7771 x310              514 Bryant Street           San Francisco CA 94107
InstallAnywhere:               Installer Construction Kit for Java
No Spectators.

On Wed, 1 Dec 1999, Adam Lock wrote:

> I understand that it will (or might) soon be necessary in the UK to hand
> over crypto keys to the police if they so demand them. The penalty for
> not doing so is a term in prison.
> So here's an idea on how to defeat it.
> Imagine Bob is having an affair with the police chief's wife and has all
> their encrypted love letters in his possession. The police chief
> suspects the affair and is prepared to abuse his powers to obtain the
> letters for a divorce proceeding in his favour. He knows he can force
> Bob to give him the decryption key by threatening him with prison term
> for not doing so. Bob doesn't want to go to prison so he "reluctantly"
> hands over the key. The chief gleefully decrypts the message hoping at
> last for evidence of his wife's infidelity but all he sees is a cooking
> recipe! Curse that Bob!
> How is this done?
> Simple. Write a tool that encrypts two or more plaintexts each with a
> separate key and concatenates them into a single ciphertext.
> But there's a problem. The police chief finds out that there are
> multiple plaintexts in the ciphertext. He goes back to Bob and demands
> the proper key or he'll definitely go to prison. How can Bob claim that
> he has "truthfully" given up the correct key the first time and has no
> idea what the other key is?
> Again simple. Make the tool capable of encrypting one or more plaintexts
> and zero or more *random* plaintexts (with random keys) into a single
> ciphertext.
> Bob can't be sent to jail because he can validly claim that the other
> plaintexts in the cipher were randomly generated and so he couldn't
> possibly know what the other key was let alone hand it over. The police
> chief might *suspect* Bob was lying, but there's no way he could prove
> it short of Bob's admission. Effectively, Bob has defeated the
> requirement to hand over his key, but has still kept his secrets secret.
> Does this sound like a feasible idea?
> --
> Adam Lock