Given: an online Steganographic Filing System database based on the second construction of Anderson, Needham and Shamir*, with many users. Users write email to the data base, with random cover writes. They read from the database to collect their mail, reads are covered by random cover reads, and random reads/writes when they have no mail. Assumptions include: Messages are encrypted. Users would prefer to lose their mail than have it compromised. All communications and alterations to the database are intercepted, and the database itself is compromised. Shared secret keys between users are allowed. Stored hashes of the database state are allowed, to ensure that it has changed enough. The database/userbase can be split into groupwrite/anyread and anywrite/groupread segments (group membership is random and not secret). The point is to foil traffic analysis without a distributed network or trusted third party. Any ideas/insuperable objections? (Could datarates be optimised to implement untraceable internet telephony as well as email on a DSL/cable-type connection?) Comments? -- Peter * http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/sfs3.ps.gz --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]