Simmons' protocol is not free of subliminal channels

At the VIth Computer Security Foundations Workshop Simmons presented a protocol to make the Digital Signature Standard free of any subliminal channels. As Simmons has pointed out at several occasions the design of protocols is very difficult and one has claimed protocols to have certain properties, they turned out not to have. In this paper we demonstrate that Simmons' protocol is not free of any subliminal channels, by presenting a subliminal channel with a small capacity. We also discuss generalizations which imply that several already presented protocols claimed to be "subliminal-free" are not.

[1]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[2]  Gustavus J. Simmons,et al.  Subliminal Communication is Easy Using the DSA , 1994, EUROCRYPT.

[3]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[4]  Yvo Desmedt,et al.  All languages in NP have divertible zero-knowledge proofs and arguments under cryptographic assumptions (extended abstract) , 1991 .

[5]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[6]  Moti Yung,et al.  Minimal cryptosystems and defining subliminal-freeness , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[7]  Gustavus J. Simmons,et al.  How to insure that data acquired to verify treaty compliance are trustworthy , 1988, Proc. IEEE.

[8]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[9]  Gustavus J. Simmons,et al.  Cryptanalysis and protocol failures , 1994, CACM.

[10]  Kouichi Sakurai,et al.  Any Language in IP Has a Divertable ZKIP , 1991, ASIACRYPT.

[11]  Mike Burmester,et al.  Yvo Desmedt: All Languages in NP Have Divertible Zero-Knowledge Proofs and Arguments Under Cryptographic Assumptions , 1990, EUROCRYPT.

[12]  Yvo Desmedt,et al.  Abuses in Cryptography and How to Fight Them , 1988, CRYPTO.

[13]  Moti Yung,et al.  A Progress Report on Subliminal-Free Channels , 1996, Information Hiding.

[14]  Gustavus J. Simmons,et al.  Verification of Treaty Compliance -- Revisited , 1983, 1983 IEEE Symposium on Security and Privacy.

[15]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[16]  M. Yung,et al.  Unconditional Subliminal-freeness In Unconditional Authentication Systems , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.

[17]  G. J. Simmons An introduction to the mathematics of trust in security protocols , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[18]  Yvo Desmedt Subliminal-Free Authentication and Signature (Extended Abstract) , 1988, EUROCRYPT.

[19]  Yvo Desmedt Protecting against Abuses of Cryptosystems in Particular in the Context of Verification of Peace Treaties (Extended Abstract) , 1990 .

[20]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[21]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[22]  R. Gallager Information Theory and Reliable Communication , 1968 .

[23]  Claude E. Shannon,et al.  A Mathematical Theory of Communications , 1948 .

[24]  Moti Yung,et al.  Minimum-Knowledge Interactive Proofs for Decision Problems , 1989, SIAM J. Comput..

[25]  Yvo Desmedt,et al.  Making Conditionally Secure Cryptosystems Unconditionally Abuse-Free in a General Context , 1989, CRYPTO.

[26]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[27]  Gustavus J. Simmons,et al.  Subliminal channels; past and present , 2010, Eur. Trans. Telecommun..

[28]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.