A stab at the sealer in E

hal@finney.org hal@finney.org
Mon, 8 Nov 1999 21:53:00 -0800

MarkM writes, quoting me:
> >One problem I still see is that the PassByCopy version could leak
> >information about how big the sealed data is.
> You are absolutely correct, and I confess I had not thought about this
> issue. (Thereby revealing that I'm not really a cryptographer.)  How
> important is it? Mustn't this be true of any public key system? Shannon
> says the cyphertext obviously cannot be smaller than the compressed
> plaintext. It would seem the only way to avoid revealing the size of
> the plaintext is to pad to the largest possible cyphertext.  Of course,
> there is no largest. I'm confused.

I don't think this leak is very important, given what you are trying
to do.  Mostly you want to protect your capabilities, keeping bad guys
from getting hold of them, and letting good guys know that they came
from an authorized (trusted) source.  Leaking the size of the hidden
data does not threaten either of these elements.

Also, your Vat to Vat protocol does not try to camouflage traffic
patterns; although the data is encrypted, an eavesdropper can determine
when communications occur, and how much data is sent.  So this is already
an element which your security relations don't depend on.