A Modern Reappraisal of the One-Time Pad Cipher.
in [Cryptography]
|
Prev: A Randomness Hypothesis.
Next: How cool is this?
From: Tom St Denis on 2 May 2010 21:48 On May 2, 9:44 pm, Maaartin <grajc...(a)seznam.cz> wrote: > On May 3, 2:38 am, Tom St Denis <t...(a)iahu.ca> wrote: > > > Once they address that pesky key distribution problem.... > > It depends. I send to a customer quite a lot of encrypted emails, but > altogether they make maybe one GB per year. I could have gone there > five years ago and have personally brought them a DVD, and we could be > using OTP for the whole time. > > But we're using PGP and I know it's far more secure than my workplace > or their computers, etc. That's fine and good, except that 99.999% of most crypto transactions that occur over IP [over the net] involve at some level a PK key agreement. The thing to keep in mind is to NOT reply to adacrypt, or MKS, or wtshaw, or ... because they're USELESS people. They contribute absolutely nothing but noise and engaging them in conversation is a waste of time. Tom
From: Andrew Swallow on 2 May 2010 23:25 On 03/05/2010 01:38, Tom St Denis wrote: > On May 2, 7:38 pm, Andrew Swallow<am.swal...(a)btopenworld.com> wrote: >> On 02/05/2010 18:08, Bruce Stephens wrote: >> {snip} >> >> >> >>> When all's said and done, you're still talking about a symmetric cipher. >>> (Critical readers (which seems to be everybody) would argue that it's a >>> more or less useless symmetric cipher.) >> >> Computer disks with lots of storage and flash disks mean that the OTP >> is probably now viable for email, telegraph and digital voice messages. >> Video files may be too big. >> >> Andrew Swallow > > Once they address that pesky key distribution problem.... > > Tom In the case of the military, every month fly a new KV memory to each base and ship under armed guard. Similar to the current distribution system. Andrew Swallow
From: Bryan on 3 May 2010 00:19 Andrew Swallow wrote: > Computer disks with lots of storage and flash disks mean that the OTP > is probably now viable for email, telegraph and digital voice messages. I think a well-engineered OTP system would be, at the very least, a great student project. In many realistic cases the OTP should be practical given a competent implementation. Sci.crypt has suffered countless threads based on misunderstanding the long-ago-proven theory of the OTP. The idiocy has drowned out the interesting problems. Interesting problems include authentication, synchronization, and automatically ensuring that pad data gets used only once. Eve, the evil attacker, might introduce her own fake ciphertext, in the hope that the user, Bob, will go around asking what the random decryption means. If Eve can see what Bob got when he attempted to decrypt her fake ciphertext, she can determine the part of the OTP Bob used. Then when legitimate user Alice encrypts a secret message for Bob with that same part of the pad, Eve spies the ciphertext and, knowing that section of the pad, recovers plaintext. That's one example of what an attacker might try, and we can thwart it with good crypto engineering. We do not want to get bogged down with nonsense. How can we enjoy the provable perfect secrecy of the OTP, for a large volume of data, without pre-sharing a large random key-stream? We cannot. It's a theorem. Heck, even more space here has been spent on worrying about the chance of truly random generators producing kilobytes of all zeros. Realizing a practical-as-possible OTP is an interesting and worthwhile project. The 'adacrypt' context here is obviously worse than useless. Somewhat ironic that after all the effort sci.crypt has put into explaining to the math-deniers the limits of the OTP, we still don't have an OTP implementation anywhere near as practical as we know how to build. -- --Bryan
From: unruh on 3 May 2010 03:22 On 2010-05-03, Andrew Swallow <am.swallow(a)btopenworld.com> wrote: > On 03/05/2010 01:38, Tom St Denis wrote: >> On May 2, 7:38 pm, Andrew Swallow<am.swal...(a)btopenworld.com> wrote: >>> On 02/05/2010 18:08, Bruce Stephens wrote: >>> {snip} >>> >>> >>> >>>> When all's said and done, you're still talking about a symmetric cipher. >>>> (Critical readers (which seems to be everybody) would argue that it's a >>>> more or less useless symmetric cipher.) >>> >>> Computer disks with lots of storage and flash disks mean that the OTP >>> is probably now viable for email, telegraph and digital voice messages. >>> Video files may be too big. >>> >>> Andrew Swallow >> >> Once they address that pesky key distribution problem.... >> >> Tom > > In the case of the military, every month fly a new KV memory to each > base and ship under armed guard. Similar to the current distribution > system. Nice if you have a few planes to spare. And then you discover 5 years from now that the courier was making copies of all the cds and selling them. > > Andrew Swallow
From: adacrypt on 3 May 2010 03:31
On May 2, 6:08 pm, Bruce Stephens <bruce+use...(a)cenderis.demon.co.uk> wrote: > adacrypt <austin.oby...(a)hotmail.com> writes: > > [...] and will not accept that cryptography has moved on from there > > and is on the verge now of vast changes. This is a damaging cult in > > cryptography. It needs to stop now. - adacrypt > > When all's said and done, you're still talking about a symmetric cipher. > (Critical readers (which seems to be everybody) would argue that it's a > more or less useless symmetric cipher.) > > The *real* revolution surely started in 1976 (a little earlier in secret > in GCHQ). See "New Directions in Cryptography", W. Diffie and > M. E. Hellman, IEEE Transactions on Information Theory, vol. IT-22, > Nov. 1976, pp: 644654, and "The First Ten Years of Public-Key > Cryptography Whitfield Diffie", Proceedings of the IEEE, vol. 76, no. 5, > May 1988, pp: 560577. Ji, >When all's said and done, you're still talking about a symmetric cipher. >(Critical readers (which seems to be everybody) would argue that it's a >more or less useless symmetric cipher.) I see nothing wrong with the OTP being a symmetric cipher - I would be more worried if it was a (failed one-way mathematical function) asymmetric cipher such as the RSA cipher really is - The point being made by me is that the principles enshrined in the OTP i.e randomness as a foil to the Kasiski/Babbage linguistic attack on the erstwhile very strong Vigenere being used in conjunction with modern computer science, plus one-time usage and equal key length with message length enables a revival of this potentially very , very useful cipher today. This has passed unnoticed by modern designers and instead the OTP is still being lampooned as being a kind of rueful paradox of something that has only ironic curio value, rather like a perpetual motion side show from the past. Considering the mutual database technology that I am propounding (this requires a once-in-a-lifetime secure delivery, by whatever means - in the life of the loop that is !) secure delivery, this cipher type i.e. using the Vigenere square algorithm, has great potential - I can demonstrate two unbreakable ciphers to hand - these are downloadable from my website for the doubtful reader. It appears to me that it is more the politics of winning argumets than being honest researchers that counts judging from the reply postings. The OTP is dead in the water in its present form - the point being made is that it is the launching point for other more succesful adaptations of the same cipher from whence it came first day in the hands of Joseph Mauborgne i.e.an adaptation of the Vigenere Cipher. There's a lot of filibustering and bluff going in some sensitive quarters that leads me to think "Is it a case of 'there are none as blind as those who do not want to see'" ? There are valuable principles in the OTP still to be taken up for those who have the brains to see this " - Cheers - adacrypt |