The New York Times reports, “In less than two months after a group of University of Washington computer researchers proposed a novel system for making electronic messages “disappear” after a certain period of time, a rival group of researchers based at the University of Texas at Austin, Princeton, and the University of Michigan, has claimed to have undermined the scheme.”
The researchers detailed Vanish’s technology in a paper, “Vanish: Increasing Data Privacy with Self-Destructing Data.” In a July press release, they explained:
The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.
The New York Times reports that UT-Austin, Princeton and Michigan “have created a demonstration system they call ‘Unvanish’ and they said they had undone the Vanish model for gradually eroding encryption keys by subverting the peer-to-peer file sharing system.”
Their insight was to use a single computer to masquerade as a large number of members of a file sharing network. That rogue machine would simply need to capture and store anything that looked like a Vanish key fragment. The researchers said that this was simple, as the Vanish fragments are identifiable because of their size. Later it would be possible to reconstruct a Vanish message by simply consulting the Unvanish archive. […]
On Monday, the Vanish researchers responded that they had now modified their initial prototype to use multiple file sharing networks, complicating the task of an attacker.