Digital Transactions Authoritative, insightful and timely information for payments professionals
“Tell me what you are buying and how much you are paying, and I will tell you what you are thinking of, what you wish for, what your plans are.”
Our payment profiles, chewed on by artificial intelligence, serve as an open window to our most intimate whims and desires, whether we are payment card-using individuals or a large multi-component organization. Even our financial meta data (financial data without the amounts being revealed) are a rich source of intelligence. Much of it is collectible from public sources, which makes their analysis perfectly legal.
Indeed, we are witnessing a blossoming industry where “gray hackers” offer their clients critical intelligence regarding their competition. The original allure of Bitcoin was its hailed privacy, yet now the battle over our private data involves digital money and advanced cryptography.
The cause of privacy has recently been augmented through content-discriminating ciphers. A normal cipher transforms a plaintext message (payload) into its encrypted version and then reverses the process at the receiving end. A content-discriminating cipher also encrypts the payload, but then arms (combines) the resultant ciphertext with “fakeload,” turning it into an “armed load.” The recipient of the armed load will readily discriminate between the payload and the fakeload, but an eavesdropper will face the full range of possibilities from zero fakeload to zero payload.
Two financial institutions engaged in a pattern of mutual payments will carry out these payments through such content-discriminating ciphers. They will establish a fixed flow rate of data in both directions. If no payments are made, the flow will be consistent with a fake data flow and will be so identified by its recipient. Should a payment occur, it will manifest itself as a proper payload that fits into the ongoing data stream, and will be identified as such at the receiving end. Eavesdroppers will see no change, only the same data rate going back and forth.
Content discrimination may be further applied to pack a ciphertext stream with decoy messages designed to deter an attacker from even attempting to cryptanalyze the flow. The fakeload component of a ciphertext is subject to one attribute—being recognized as data that is not to be decrypted, but rather discarded. Alas, by using a different cryptographic key, the roles may be reversed. The original payload turns into a fakeload, and the original fakeload into a payload.
This recalls the story of the seven blind men, each touching a different part of an elephant, each forming a different conclusion as to what the creature is. The same ciphertext stream will be interpreted as two or more distinct—perhaps opposing—messages, dependent on which key is used to read the incoming cryptogram. And since the cryptogram does not reveal which key the recipient is using to read it, there is also no risk that a smart hacker will extract from the cryptogram the right message in the range of all the packed messages, even if the super-smart hacker identifies all the messages that were packed into the ciphertext stream.
Another big boost to the cause of cyberspace privacy comes from “Hidden in Plain Sight” (HIPS) technology. Secret messages are packed into innocent text, which creates the gold standard in cyber privacy. Not only is the content of one’s communication protected, but
also the very fact that communication took place remains unknown to hackers.
While we all celebrate new tools for advanced financial privacy, we must note that these very tools are serving the dark elements of society, too. The challenge—to achieve balance between lawful conduct and privacy needs—is ever more present.
—Gideon Samid gideon@bitmint.com
