waxwing on Nostr: Steganographic broadcast? Adversarial model: the adversary controls the communication ...
Steganographic broadcast?
Adversarial model: the adversary controls the communication channel and only allows communications it approves.
Ideas: broadcast "normal" message M1 that passes through the censor wall.
Then broadcast secret key material M2 that decrypts M1 to M3 which is your intended broadcast. Call f(a,b)=c the function that decrypts two messages into the third.
For a typical f, like xor, this idea is dumb because M2 cannot be broadcast; it's random.
But posit a certain amount of computational power. Might it be possible to find pairs (M4, M5), which have two properties: *both M4 and M5* are inoffensive to the censor, *and* M6=f(M4, M5) gives your intended message?
The problem is more or less that of finding hash collisions or cycles. If f is xor, or mod add, it's reversible, so it seems like you could pad M6 (the output) with random bytes, instead of the input, and then grind, which in this application is a critical difference. But no: xor doesn't "diffuse" like a hash and so you can't grind like that. Does any such f exist?
Might Wagner's attack help? I think you could do it with hundreds of messages but that's a stretch.
(Another angle is using data in messages that *has* to be random in encrypted traffic; see tlstweet).
This is just some thoughts about avoiding severe censorship; I doubt it's actually viable, but, maybe there's a direction there.
#cryptography #censorship
Adversarial model: the adversary controls the communication channel and only allows communications it approves.
Ideas: broadcast "normal" message M1 that passes through the censor wall.
Then broadcast secret key material M2 that decrypts M1 to M3 which is your intended broadcast. Call f(a,b)=c the function that decrypts two messages into the third.
For a typical f, like xor, this idea is dumb because M2 cannot be broadcast; it's random.
But posit a certain amount of computational power. Might it be possible to find pairs (M4, M5), which have two properties: *both M4 and M5* are inoffensive to the censor, *and* M6=f(M4, M5) gives your intended message?
The problem is more or less that of finding hash collisions or cycles. If f is xor, or mod add, it's reversible, so it seems like you could pad M6 (the output) with random bytes, instead of the input, and then grind, which in this application is a critical difference. But no: xor doesn't "diffuse" like a hash and so you can't grind like that. Does any such f exist?
Might Wagner's attack help? I think you could do it with hundreds of messages but that's a stretch.
(Another angle is using data in messages that *has* to be random in encrypted traffic; see tlstweet).
This is just some thoughts about avoiding severe censorship; I doubt it's actually viable, but, maybe there's a direction there.
#cryptography #censorship