Roedy Green said:
If you are a diplomat you can get around that by locking the CD case
is such a way that if it is opened you can tell, perhaps it self
destructs if not opened at the correct time. Ordinary folk though
have trouble passing sealed cases over international boundaries. You
could ship them by ordinary Fedex and if they are ever opened and
examined, just do it over till you get a shipment through unmolested.
Okay, that might work in practice, so let me just give out a disclaimer
now that most of my protests will be of the fun, theoretical, "let's imagine
wild conspiracy theories" nature. (I think we entered that realm as soon as
someone said "But what about quantum computers?")
The problem with the above is that you now have to trust FedEx (which
implies trusting everybody that FedEx trust; e.g. each individual courier,
and trusting that the couriers won't ask their friends to make a delivery
for them or otherwise that those friends are trustworthy, etc.)
But even if you assume FedEx is trustworthy, there's the problem of
authentification. If you walk into a building with a big "FedEx" logo over
it, and hand your CD to a clerk behind the counter wearing a uniform that
says "FedEx" on it... are you really sure that you're giving your CD to
FedEx, and not a man-in-the-middle in disguise?
They appear to anyone to be just CDs of highly compressed data.
You also could send 10 sets of cds all by independent methods and use
all ten XORed together. Even if one if them were not compromised, you
are still safe.
There's the problem of detecting compromises as mentioned above (perhaps
all 10 have been compromised, but because of the various transmission
methods, you only detect 2 compromisations, and figured it would be safe to
continue using the pads).
Some encryptions methods get by this by being secure even if all
messages have been compromised (e.g. public-key exchange). The problem is
that public-key exchange is "vulnerable" to brute force, while one-time-pads
are not vulnerable to brute force.
Another possibility I could imagine is for the attacker to bombard your
recipient with a ton of CDs with random contents. The recipient would be
unable to tell which of the CDs are from you, and which are from the
attackers. The recipient would then have to contact you, and perhaps send a
hash of all the CDs he has (or you send him a hash) to determine which CDs
are valid or not.
But if the attacker sends a sufficiently high number of CDs, the the
hash will eventually have to be so long as to be equal to the entire
contents of the CDs themselves, thus forcing you to publicly broadcast your
private keys.
Shannon's theorem says you can get create a trustworthy system out of
untrustworthy components if you use sufficient redundancy.
I think Shannon's "trustworthy vs untrustworthy" has to do with
reliability of the medium (e.g. dropped packets, noise, etc.), and not
"trustworthy" in the cryptographical sense.
As a cover, you could run a CD of the month club, and ship special CDs
to certain customers and also to randomly selected perfectly innocent
people who will complain and get a replacement. Your conspirators can
behave the same way. No great harm is done sending a CD of random
numbers to anyone but it could keep those trying to intercept very
busy.
If one particular customer ALWAYS gets a bad CD, that might raise
suspicion, so you occasionally need to send out bad CDs to random innocent
customers without sending to your target.
Depending on how often you needed to communicate with your target, you
might be sending out a lot of bad CDs, and then get fewer and fewer
subscribers, also thus raising the suspicion around the one client (your
target) who maintains the subscription despite the bad service.
If you wanted to go this route, I recommend hiding the data within the
CDs so as not to alert the casual user at all. I'm assuming these are normal
audio CDs that can be played in standard CD players. These CDs have a lot of
error correction facility so that if you have bad sectors, the CD is still
playable.
Just put your one time pad in those bad sectors, and the innocent
clients will still have playable CDs, and won't complain or ask for returns
or anything like that.
A standard CD encodes the information as pits and grooves; i.e. in
binary. If you have the sophisticated equipment, you could encode your CDs
in trinary, perhaps with 2 kinds of pits, of slightly differing depth, but
within the engineering tolerance of the standards for CDs, so they seem to
play perfectly normally.
Your target has specialized equipment to be able to distinguish between
the 2 kinds of pits to pick up the extra hidden data.
- Oliver