Unformatted text preview: d subliminal channel [1459], described in [1407,1473], is based on the ElGamal signature scheme (see Section 19.6). Key generation is the same as the basic ElGamal signature scheme. First choose a prime, p, and two random numbers, g and r, such that both g and r are less than p. Then calculate K = gr mod p The public key is K, g, and p. The private key is r. Besides Alice, Bob also knows r; it is the key that is used to send and read the subliminal message in addition to being the key used to sign the innocuous message. To send a subliminal message M using the innocuous message M', M and p must be all relatively prime to each other, and M and p 1 must be relatively prime. Alice calculates X = gM mod p and solves the following equation for Y (using the extended Euclidean algorithm): M' = rX + MY mod (p  1) As in the basic ElGamal scheme, the signature is the pair: X and Y. Walter can verify the ElGamal signature. He confirms that KXXY a gM' (mod p) Bob can recover the subliminal message. First he confirms that (gr)X XY a gM' (mod p) If it does, he accepts the message as genuine (not from Walter). Then, to recover M, he computes M = (Y–1 (M'  rX)) mod (p  1) For example, let p =11 and g =2. The private key, r, is chosen to be 8. This means the public key, which Walter can use to verify the signature, is gr mod p =28 mod 11 =3. To send the subliminal message M =9, using innocuous message M'= 5, Alice confirms that 9 and 11 are relatively prime and that 5 and 11 are relatively prime. She also confirms that 9 and 11 1 =10 are relatively prime. They are, so she calculates X = gM mod p = 29 mod 11 = 6 Then, she solves the following equation for Y: 5 = 8 * 6 + 9 * Y mod 10 Y = 3, so the signature is the pair, X and Y: 6 and 3. Bob confirms that (gr)X XY a gM' (mod p) (28)663 a 25 (mod 11) It does (do the math yourself if you don’t trust me), so he then recovers the subliminal message by calculating M = (Y–1 (M'  rX)) mod (p  1) = 31(5  8 * 6) mod 10 = 7(7) mod 10 = 49 mod 10 = 9 ESIGN
A subliminal channel can be...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details