Is it possible to determine if some given data is not encrypted?

Question

Let's say I'm running a BitMessage node. One possible attack against me would be to upload illegal content to my node, and once someone knows it's there, to tip off the authorities, who would then search my computer and discover illegal content.

However, all the content is supposed to be encrypted, and unless you have the private key because the message was addressed to you (or you want to try all possible combinations of all public keys to look for broadcast messages) then you can't actually read the content.

That being said, an attacker could send a message to other nodes that had an unencrypted payload. Receiving nodes assume all messages are encrypted, and they try to decrypt every message with all of its private keys (or public keys of broadcast senders you want to subscribe to). In order to defend against such an attack, the receiving node has to be able to reject messages that have an unencrypted payload.

Is this possible? Will a test for randomness work? What if the data was zipped, would that still work?

Edit

@Gilles - it's true that they could upload any message, even encrypted, and give the cops the key. However, then you have plausible deniability.

However, there are ways to undermine plausible deniability. First, an attacker can do what I described above and find some way to transmit lots of unencrypted content. They could perhaps even release a customized BitMessage client that lets you read the messages easily. Second, I can just send encrypted broadcast messages on the network and publicize the heck out of my BitMessage address, so everyone who wants to subscribe will find it easy to do so. In both cases all you need to "read" the illegal content off my hard drive is a free and easily available piece of software.

The only way to fight that is with a BitMessage address blacklist, which isn't feasible because in order to check if a message should be blacklisted, I have to attempt decryption using every known blacklisted public key. That would bring the network to a crawl.

Now let me ask you, if you had gigabytes of CP images on your hard drive, but you didn't have any software installed that could view them, even though you knew about the existence of said software if you wanted to view it, do you think any judge would not find you guilty of possession?

I don't see how this isn't a fundamental flaw in the BitMessage protocol. (Technically it's a flaw in our laws, I realize that, but such protocols exist and are necessary because of such law.)

Answer 1

This is an interesting issue. You are correct that in theory, unencrypted content can be inserted as an object into the Bitmessage network, and if it fulfills certain criteria (valid object type, sufficient PoW, ...), the nodes will store and distribute such an object until it expires.

Whether this means that the node operators broke the law with respect to child pornography is a good question. hg.org writes this (emphasis added):

Obviously, producing child pornography is illegal. However, it is also illegal to knowingly possess, distribute, receive, or possess with intent to distribute, any form of child pornography. Each act may receive a different criminal penalty. Inadvertent access is usually not illegal, such as accidentally clicking on a link that directs one's web browser to such a depiction. However, repeated visits may demonstrate a pattern of behavior sufficient for a conviction.

. . .

It is both a federal and a state crime to knowingly possess, manufacture, distribute, or "access with intent to view" child pornography.

In other words, the node operators aren't necessarily breaking the law (I guess from practical point of view it would depend on the judge). The attacker on the other hand probably is.

With respect to whether it is possible to filter such messages, I don't know. But I personally wouldn't support such an approach because it violates the anti-censorship properties of Bitmessage.

Answer 2

There are a few problems with the assumption that Bitmessage could be used as a kind of "Trojan horse" to introduce illicit content to your machine:

• Individual nodes contain a mix of content from other users on the network. Therefore it is unlikely that an arbitrary node will have all of the necessary pieces to reassemble illicit content.

• Content is only cached for two days, after this time the pieces of
  content are removed from all nodes.

• Bitmessage uses public key cryptography, such that only a recipient of a message is capable of decrypting it. Law enforcement should not be able to decipher the content on your machine unless you are the recipient.

Answer 3

I think it is a non-issue. But to answer the actual question first:

No, it is not possible, but it is possible with reasonable certitude.

Data that is compressed has low entropy, but it is identifiable as being compressed, if by no other means then by either looking at magic constants or by running it through a decompression program. If it successfully decompresses, it is compressed (well, duh!), and non-encrypted. If it doesn't decompress, it is either not compressed, or compressed and encrypted.

Data that is encrypted (with any type of not-totally-suck algorithm) is virtually indistinguishable from random data. Random data does not compress. Therefore, try to compress the data. If the resulting size is considerably smaller (by more than, say, 3-4%) it is not "virtually indistinguishable from random data". Which means it is not encrypted.
Otherwise, it is either random garbage (which takes up storage but is otherwise harmless) or encrypted.

Now, why do I think it is a non-issue?

I don't need BitMessage for the kind of attack that you describe, I can as well send you loads of illegal stuff by email (well, I can't, since I don't own any, at least none that I know of... but let's assume I could).
What will happen when the police seizes your computer? Probably not much. It's not your responsibility if someone else sends you email, and you really have no way of preventing that from happening. So, what would be the base for punishing you? If anyone, the sender is to be held responsible (if they can find him).

BitMessage is not much different from email. Your public key is... well... public. So, everybody can trivially encode a message so it decrypts with your private key (that's the point of public key cryptography). You cannot control who uses your public key, so you can hardly be responsible for someone using it.
Of course, as soon as you discover you have been sent illegal content, due diligence demands that you delete it, seeing how possession is against the law (in the strictest sense, you might also be required to press charges against "unknown" since you have knowledge of a criminal act, but you'll have to ask a lawyer to be sure -- in any case reporting the incident will be a strong indicator of you being innocent).

Take a parallel from real life. A robber is chased by the police and throws a suitcase full of stolen goods into your garden so they don't have evidence against him -- running per se is not illegal after all (this actually happened to my parents when I was 4-5 years old!).
So, from one moment to another, you are now in possession of stolen goods, which is a felony. If you keep them, sell them, and you're caught, you will indeed be in trouble. But do you really expect to get sentenced if you report this to the police? Or if the police spots the suitcase as they walk past, and rings your door bell asking if they can have a look at that suitcase in your garden, and sure enough you let them in because you just saw that suitcase for the first time in your life? That would put us deep into Bizarro World.

Let's say someone manages to somehow (via broadcast or whatever) get random data onto your computer which you cannot read without a special program and/or the correct key (that you obviously and demonstrably don't have).

You don't have much of an incentive to keep that data around for very long. As soon as you discover that it's just unreadable garbage, you'll delete it anyway (it's just taking up space on your harddrive, and it's of no use).

But more importantly, why would you fear being punished for having random data on your computer which you cannot decrypt, but for which someone else magically pulls a key from the sleeve, which happens to decrypt that random data into something illegal?
It is not credible that a key that some other person gave to the police is yours or related to you in any way, or that you ever used it at all to decrypt a message if the key is demonstrably not to be found on your computer and there is no log or audit trail showing that you downloaded it, or such.

But even if the key is found on your computer or it can be shown that you downloaded it (because you were curious about the contents of the broadcast message), that still doesn't mean a lot.
Not only does possession of the key not prove that you indeed decrypted a message, or even a particular message (admittedly it doesn't rule it out either, but in criminal law you have the benefit of doubt). But even if you did decrypt it... you had hardly a way of knowing that the contents were illegal prior to decrypting the message. So, as long as you behave "correctly" afterwards, you should be OK.

Assume someone sends you Nazi propaganda or a member pass for the Communist Party, or plans to murder a high official or to bring down an airplane by mail (physical mail, as in: letter). How are you supposed to know about it before you tear the envelope open? How many people go to jail every year because they've opened an envelope addressed to them in good faith?

So unless you have a history of running an international child porn ring, or a very long police record involving computer crime, or you are well-known as being a leading officer of IS, or police has compelling evidence that you explicitly searched for an illegal broadcast, and you knowingly downloaded and decrypted illegal content, I don't see how you would reasonably need to fear getting in trouble.