Russell Nelson writes:
> Nobody's mentioned the possibility of an encryption system which
> always encrypts two documents simultaneously, with two different keys:
> one to retrieves the first (real) document, and the second one which
> retrieves to the second (innocuous) document.
This idea has been discussed in the literature in various forms. See
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=520237545 for a critique of
one method and some discussion of alternatives.
In practice though such a system would be hard to use. In particular,
coming up with plausible cover traffic for each sensitive message would
be time consuming and tedious. No one would want to use such a method
except specifically for the purpose of being able to reveal false traffic.
Since the method has no independent justification, it is likely that
a regime which requires people to give up their keys would outlaw this
method if people started to use it.
