Chaffing and Winnowing

Ronald Rivest, of RSA fame, described a scheme known as Chaffing and Winnowing as a way of sending confidential data without using encryption, and thus without falling foul of anti-encryption regulations. It’s really clever. Essentially, you break up your message into packets, and sign each packet by adding to the packet a MAC (Message Authentication Code), computed from the packet contents and a secret key. Then (this is the clever bit), you add a load of other packets which look like legitimate data but have an invalid MAC. The important point here is that each packet is not encrypted; instead, it’s just plain data, with a MAC that is either valid (for packets that are part of your message (the “wheat”)) or invalid (for extra added packets (the “chaff”)). The recipient, who knows the secret key, then takes every packet and checks if the MAC is right (by recalculating the MAC using the packet contents and the secret key), and discards all packets with invalid MACs. And that leaves them with the original message! No encryption required! I reckon that that’s really rather clever. Apart from the fact that it makes message transmissions considerably longer (and all the problems associated with shared-secret-key methods), it’s really neat, and can’t be illegal. I wish I could think of a way of using it, now.


More in the discussion (powered by webmentions)

  • (no mentions, yet.)