Hiding Information Hiding

In this paper we introduce a new tool that hides whether or not an "encryption" algorithm actually performs encryption or not. We call this a computational questionable encryption scheme and show how it can be used to devise mobile agents that conceal whether they encrypt or delete data prior to data transmission. Such agents may be useful in the honest-but-curious setting in which the author of the agent wishes to keep confidential whether or not the agent collects and transmits data while in transit. Informally, a questionable encryption scheme adds a "fake" key generation algorithm to a PKCS. The key generation algorithms of a computational questionable encryption scheme produce a "public key" y and a poly-sized witness x. Depending on which of the two key generation algorithms the user decides to use, y is real or fake. When the cipher is supplied with a real y then it produces decipherable ciphertexts and x proves this. When the cipher is supplied with a fake y then it produces computationally indecipherable ciphertexts (with respect to everyone) and x proves this. We call the former a witness of encryption and the latter a witness of non-encryption. We formally define the notion of a computational questionable encryption scheme and present a construction for it based on the ElGamal cryptosystem. We prove the security based on the Decision Diffie-Hellman problem and a reasonable new intractability assumption in the random oracle model. Finally, we show how a computational questionable encryption scheme is related yet different from all-or-nothing disclosure of secrets and related notions.