NEWS: New Code May Foil Prying Police

Science  03 Apr 1998:
Vol. 280, Issue 5360, pp. 7b
DOI: 10.1126/science.280.5360.7b

Bankers, spies, and others who want a little electronic privacy can now disguise their messages with a clever alternative to encryption, the usual technique. The method, dubbed “chaffing and winnowing,” is delighting computer scientists and privacy advocates, as it could make moot federal attempts to give law enforcement agencies copies of encryption “keys.”

Encryption encodes messages by altering each bit of information—changes that a message's recipient undoes with a key. But Massachusetts Institute of Technology cryptographer Ronald Rivest's new technique doesn't alter message bits. Instead, it tags each bit with a “message authentication code” (MAC)—normally a few characters within a message used to verify the sender's identity. The program then buries the bits in a haystack full of random bits with incorrect MACs, called “chaff.” A spy can't distinguish genuine bits from phony data. The intended recipient, however, can use a secret code shared with the sender to “winnow” out the fake bits.

Rivest's idea, posted at∼rivest/chaffing.txt on 17 March, has drawn a stream of inquiries. One reason: There are no federal curbs on using authentication, so the method could foil the Justice Department's push to require access to keys, as well as U.S. restrictions on exporting encryption codes. AT&T cryptographer Andrew Odlyzko says Rivest has shown that “if you have an authentication method, you can use it for encryption.”

Other cryptographers say Rivest's method is unlikely to find wide commercial use, as more efficient encryption recently became available abroad on the Internet, despite export curbs ( But “chaff and winnow” may be quite a hit with the program-it-yourself crowd.

Navigate This Article