Language Modeling and Encryption on Packet Switched Networks

Kevin McCurley

This paper was presented at Eurocrypt 2006 in St. Petersburg, Russia. The Powerpoint presentation is available.

There are a number of loose ends left open by this paper, which can be regarded as an opportunity or a curse, depending on your point of view. The main point of the paper (and the presentation) is that all current models of security fail to incorporate good models of communication. In particular this is true for information-theoretic security, complexity-theoretic security, and quantum-theoretic security. Shannon's original papers from the 1940s present a simplistic but convenient model of communication, but this approach fails to model the process of segmentation that is inherent in most communication. Until we incorporate this into our models, we are going to continue to see breaks against "provably secure" cryptosystems.

On a related note, perhaps we should stop using the misleading terminology of "provable security" and instead use the term "evident security".

The original paper is copyright IACR. Proc. Eurocrypt 2006, LNCS vol. 4004, pp 359--372. The Springer copy is here.

Update: A paper on this subject appeared in 2008: "Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations", Charles V. Wright, Lucas Ballard, Scott E. Coull, Fabian Monrose, and Gerald M. Masson, from Johns Hopkins University, IEEE Symposium on Security and Privacy, 2008. Their experiments demonstrate the kinds of attacks on VoIP.