Josh Stone, Blog

Josh’s projects and security nerdery

Chaffing & Winnowing

I saw an article by Ron Rivest on Reddit today. It’s a cool idea — confidentiality without encryption. The idea is that a message is broken into pieces, and each piece is paired with a digest calculated with some key. This produces a list of message “packets”. These are then “chaffed” with “bogus” packets, that are not properly authenticated with the key.

Thus, all the plaintext components of the message are in the transmission without encryption. If you structure everything right, it becomes mathematically infeasible for an attacker to sort through the chaff and pull out the “wheat” (e.g. if you make your “packets” the individual bits of the message).

I put together a little code that does this, if you want to play with it:

chaff.lisp (this was written for SBCL, but it should be quite portable)

For example, the message “rosebud” turned into authenticated packets becomes:

((46 1 #(191 90 86 108 183)) (4 1 #(100 246 74 227 225))
 (16 1 #(157 1 162 124 228)) (53 1 #(101 112 23 175 108))
 (12 0 #(212 207 12 58 134)) (37 1 #(113 228 141 71 227))
 (38 1 #(119 196 168 128 165)) (13 1 #(179 22 10 94 26))
 ...
 (52 0 #(178 11 194 126 207)) (19 0 #(94 64 209 85 127))
 (35 0 #(16 66 124 112 33)))

There’s a lot of data explosion, but the text of this post, when encoded and zipped (regular .bz2 file) becomes 487k.

-Josh Stone-