fsebugoutzone.org:9999

       Post ASwsM4KyXRxTEzKn0C by Rucknium@pleroma.rucknium.me
 (DIR) More posts by Rucknium@pleroma.rucknium.me
 (DIR) Post #ASwsM4KyXRxTEzKn0C by Rucknium@pleroma.rucknium.me
       2023-02-22T20:23:53.013051Z
       
       0 likes, 0 repeats
       
       Is there any way to show (probabalistically) that a given byte sequence is encrypted instead of plaintext when the keys are not available to the verifier? Other than diehard-style statistical tests? #Monero is considering ways to restrict the use of the tx_extra field in its transactions.@matthew_d_green @socrates1024 @str4d or @filippo may know.
       
 (DIR) Post #ASxKkpwnySL6ZFcxe4 by str4d@abyssdomain.expert
       2023-02-23T01:30:13Z
       
       1 likes, 0 repeats
       
       @Rucknium @filippo @matthew_d_green @socrates1024 As I said in the #Zcash Discord, it would be possible to concretely prove this with a ZKP, as the transaction creator knows the encryption keys. The cost is implementing the encryption scheme inside a circuit (as well as the general-purpose ZKP cost if you don&#39;t already have it).Otherwise you&#39;re generally limited to looking for known plaintext structure (e.g. check if it&#39;s valid UTF-8), as the ciphertext usually has no visible structure.
       
 (DIR) Post #ASxKktwF8UGawfOZKC by str4d@abyssdomain.expert
       2023-02-23T01:33:10Z
       
       1 likes, 0 repeats
       
       @Rucknium @filippo @matthew_d_green @socrates1024 However, it&#39;s not necessarily impossible to detect ciphertexts directly, because the usual security definitions for encryption (e.g. IND-CPA or IND-CCA2) are about distinguishing the plaintext that was encrypted, and do not hide _that_ encryption occurred. https://crypto.stackexchange.com/a/74440 gives a nice overview of this (and shows how ciphertext-indistinguishability-from-random implies some more usual security definitions).
       
 (DIR) Post #ASxKkxfNH99MVVX9aS by str4d@abyssdomain.expert
       2023-02-23T01:33:22Z
       
       1 likes, 0 repeats
       
       @Rucknium @filippo @matthew_d_green @socrates1024 The relevant literature here would be on DPI systems and detection avoidance. See also this Noise mailing list thread: https://moderncrypto.org/mail-archive/noise/2018/001456.htmlBut it&#39;s still going to be much easier to detect plaintext structure, if you know the options are &quot;it&#39;s encrypted, or it&#39;s not, but there is still going to be data present&quot;.