Cryptography Reference
In-Depth Information
In the first scenario, if that hidden coin is heads then Diner #2 is lying
and sending a message. If that hidden coin is tails, then Diner #3 is
lying and sending the message. The message sender for each line is
shown in
italics.
As long as you don't know the third coin, you can't determine
which of the other two table members is sending the message. If this
coin flip is perfectly fair, then you'll never know. The same holds true
for anyone outside the systemwho is eavesdropping. If they don't see
the coins themselves, then they can't determine who is sending the
message.
There are ways for several members of a dining cryptographers
network to destroy the communications. If several people conspire,
they can compare notes about adjacent coins and identify senders.
If the members of the table announce their information in turn, the
members at the end of the list can easily change the message by
changing their answer. The last guy to speak, for instance, can always
determine what the answer will be. This is why it is a good idea to
force people to reveal their answers at the same time.
The Dining Cryptographers system offers everyone the chance
to broadcast messages to a group without revealing anyone's iden-
tity. It's like sophisticated anonymous remailers that can't be com-
promised by simply tracing the path of the messages. Unfortunately,
there is no easy way to use system available on the Internet. Perhaps
this will become more common if the need emerges.
11.3 Creating a DC Net
The Dining Cryptographers (DC) solution is easy to describe because
many of the difficulties of implementing the solution on a computer
network are left out of the picture. At a table, everyone can reveal
their choices simultaneously. It is easy for participants to flip coins
and reveal their choices to their neighbors using menus to shield the
results. Both of these solutions are not trivial to resolve for a practical
implementation.
The first problem is flipping a coin over a computer network. Ob-
viously, one person can flip a coin and lie about it. The simplest so-
lution is to use a one-way hash function like MD5 or Sneferu.
Manuel Blum described
how to flip coins over a
network in [Blu82]. This
is a good way to build
up a one-time pad or a
key.
The phone book is a good, practical one-way function but it is not
too secure. It is easy to convert a name into a telephone number, but
it is hard to use the average phone book to convert that number back
into a name. The function is not secure because there are other ways
around the problem. You could, for instance, simply dial the number
and ask the identity of the person who answers. Or you could gain
