The subliminal channel and digital signatures
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
A Secure Subliminal Channel (?)
CRYPTO '85 Advances in Cryptology
Cryptanalysis and protocol failures
Communications of the ACM
Fair Cryptosystems, Revisited: A Rigorous Approach to Key-Escrow (Extended Abstract)
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Towards Signature-Only Signature Schemes
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Difficulty of Key Recovery Systems
ISW '99 Proceedings of the Second International Workshop on Information Security
Bandwidth-Optimal Kleptographic Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Simmons' protocol is not free of subliminal channels
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Pripayd: privacy friendly pay-as-you-drive insurance
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Covert channels in privacy-preserving identification systems
Proceedings of the 14th ACM conference on Computer and communications security
Disappearing Cryptography: Information Hiding: Steganography & Watermarking
Disappearing Cryptography: Information Hiding: Steganography & Watermarking
Subliminal channels in the identity-based threshold ring signature
International Journal of Computer Mathematics
Approach to designing bribery-free and coercion-free electronic voting scheme
Journal of Systems and Software
A traceable E-cash transfer system against blackmail via subliminal channel
Electronic Commerce Research and Applications
A subliminal-free variant of ECDSA
IH'06 Proceedings of the 8th international conference on Information hiding
A digital signature with multiple subliminal channels and its applications
Computers & Mathematics with Applications
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
A fair online payment system for digital content via subliminal channel
Electronic Commerce Research and Applications
A subliminal channel in secret block ciphers
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Two extensions of the ring signature scheme of Rivest-Shamir-Taumann
Information Sciences: an International Journal
On subliminal channels in deterministic signature schemes
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Provably secure and subliminal-free variant of schnorr signature
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
| Hi-index | 0.02 |
In I985, Simmons showed how to embed a subliminal channel in digital signatures created using the El Gamal signature scheme. This channel, though, had several shortcomings. In order for the subliminal receiver to be able to recover the subliminal message, it was necessary Tor him to know the transmitter's secret key. This meant that the subliminal receiver had the capability to utter undetectable forgeries of the transmitter's signature. Also, only a fraction of the number of messages that the channel could accommodate in principal could actually be communicated subliminally (驴(p-1) messages instead of p-1) and some of those that could be transmitted were computationally infeasible for the subliminal receiver to recover.In August 1991, the U.S. National Institute of Standards and Technology proposed as a standard a digital signature algorithm (DSA) derived from the El Gamal scheme. The DSA accommodates a number of subliminal channels that avoid all of the shortcomings encountered in the El Gamal scheme. In fairness, it should be mentioned that not all are avoided at the same time. The channel in the DSA analogous to the one Simmons demonstrated in the El Gamal scheme can use all of the bits contained in the signature that are not used to provide for the security of the signature against forgery, alteration or transplantation, and is hence said to be broadband. All messages can be easily encoded for communication through this channel and are easily decoded by the subliminal receiver. However, this broadband channel still requires that the subliminal receiver know the transmitter's secret key. There are two narrowband subliminal channels in the DSA, though, that do not give the subliminal receiver any better chance of forging the transmitter's signature than an outsider has. The price one pays to secure this integrity for the transmitter's signature is a greatly reduced bandwidth for the subliminal channel and a large, but feasible--dependent on the bandwidth actually used--amount of computation needed to use the channel. In one realization of a narrowband subliminal channel, the computational burden is almost entirely on the transmitter while in the other it is almost entirely on the subliminal receiver.In this paper we discuss only the broadband channel. The narrowband channels have been described by Simmons in a paper presented at the 3rd Symposium on State and Progress of Research in Cryptography, Rome, Italy, February 15-16, 1993. Space does not permit them to be described here. The reader who wishes to see just how easy it is to communicate subliminally using the DSA is referred to that paper as well. The inescapable conclusion, though, is that the DSA provides the most hospitable setting for subliminal communications discovered to date.