0

If it were possible to alter an ASCII character without detection--that could only be "seen" by the intended receiver of a message--it would be ciphertext heaven.

Consider Bacon's Bilateral Cipher (example taken from here):

ITS A BEAUTIFUL DAY IN THE NEIGHBORHOOD

then the message (RHODES) is hidden as:

.....R.....H.......O........D......E.......S

baaaa aabbb abbab aaabb aabaa baaab

ITSAB EAUTI FULDA YINTH ENEIG HBORH

Hidden according to this preshared table:

A aaaaa B aaaab C aaaba D aaabb E aabaa F aabab G aabba H aabbb I abaaa K abaab L ababa M ababb N abbaa O abbab P abbba Q abbbbR baaaa S baaab T baaba V baabb W babaa X babab Y babba Z babbb

When the proper spacing is put back in:

ITS A BEAUTIFUL DAY IN THE NEIGHBORHOOD.

So, is it possible to alter an ASCII character so that the receiver would know that it had been changed, but no one else?

Patriot
  • 297
  • 3
  • 15
  • I'm not aware of any such possibility outside of quantum. – user10216038 Jul 31 '19 at 21:40
  • @user10216038 What exactly does "outside of quantum" mean? – forest Jul 31 '19 at 22:11
  • 1
    @Patriot Have you looked into the various MAC protocols (EtM, MtE, etc?). – forest Jul 31 '19 at 22:14
  • @forest No, I have not, but I certainly will today. – Patriot Jul 31 '19 at 23:10
  • Have you looked at the ASCII table? Each character is different. You can't change an "A" into a different "A" because there is only one "A". However, Unicode has more than one "A" that looks the same. – user253751 Aug 01 '19 at 05:24
  • @forest I did not know that EtM stood for Encrypt-then-MAC... etc. Do you have an idea? What were you getting at? If Bob can tell a character was altered, then Eve surely can too. This effort is the old "security by obscurity" ploy, which is skating on thin ice. – Patriot Aug 01 '19 at 17:02
  • @forest I do not see how EtM and MtE bear upon what I am trying to do. I guess I would have to flip bits or alter pixels, but that can be detected quickly. Unless? – Patriot Aug 01 '19 at 17:06
  • 1
    @Patriot Quickly? You can't do that. If you want to verify data integrity, you'll need to verify it all. And security through obscurity is not the right way to go around doing that. – forest Aug 02 '19 at 04:46
  • @forest Yes, I know that, I know you are right--but I am still trying to find a way even though it looks impossible. – Patriot Aug 02 '19 at 05:20
  • 1
    @Patriot Then you may need to give a much more detailed threat model if you're going to be making such extreme security tradeoffs. Include details on what your adversary knows, what the maximum acceptable for forgeability risk is, what kinds of plaintext will be dealt with, etc. – forest Aug 02 '19 at 05:21
  • @forest Thanks. That's hitting the nail on the head. – Patriot Aug 02 '19 at 05:22
  • https://security.stackexchange.com/questions/187912/what-does-it-mean-to-burn-a-zero-day – Malyan Orestev Aug 29 '23 at 23:44

0 Answers0