Cryptography Reference
In-Depth Information
missing, the secret can only be recovered by testing all potential
m
bits of the missing part— and only if there's a way to check these
2
m
possibilities and verify the correct one.
If
bits are too unwieldy for some reason, another quick solution
is to encrypt
m
X
with some function and split the result into
n
parts.
)
and distribute
n
bits to each part
That is, take the
m
bits from
f
(
X
holder.
Hugo Krawczyk offers a
scheme that provides
more computational
assurances that the
secret can't be
reconstructed without
all parts. [Kra94]
This approach sacrifices security for efficiency. Replacing a lost
part just requires testing all possible combinations of
n
bits instead
of
bits- a solution that only works if there's a way to test the secret.
But if this proposition is difficult enough, then the approach may be
useful.
It should be noted that such a function
m
must be designed so
that any change to one bit in the input has the potential to change
any output bit. This feature is common if
f
is smaller than the block
of a modern, well-designed algorithm like DES or Rijndael. If
m
m
is
larger,
f
f(X)
r
)
should arrange for every every bit to affect every other
r
stands for the bits in
if
arranged in reverse order.
If more strength is desirable, the parts can encrypted in a round
robin. Let
X
X
parts with
n
bits in each piece.
{p
1
,p
2
,...,p
n
}
be the
n
Instead of giving
p
i
to person
i
,wecangive
f
(
h
(
p
i
−
1
)
,p
i
)
to person
i
.
This means that we can't recover part
i
without part
i −
1
.Allparts
must be present.
4.2.4 Providing Deniability
Each of the secret-sharing schemes described in this chapter offer
some mindboggling chances to hide data in the Net. There is no rea-
son why one particular file alone should be enough to reveal the in-
formation to anyone who discovers it. Splitting a file into multiple
The error-correcting
codes described in
Chapter 3 can also be
used to add some
deniability.
pieces is an ideal way to add complete deniability. Imagine, for in-
stance, that the important data is stored in the least significant bits
of some image using the techniques from Chapter 9. You could put
the important data in the GIF file you use for your home page back-
ground and then place this up on the Web. But this is your home
page; and the connection is obvious. Another solution is to find, say,
three other GIF images on the Web. Maybe one of them is from the
Disney World home page, another is from the White House home
page, and the third is from some shady hacker site in Europe. Extract
the least significant bits from each of these files. You have no control
over these bits, but you can use them to hide ownership of the data
by using the first secret-sharing scheme described here. If you add
up the values recovered from all four sites, then the final information
