Use of simple schemes
in [Cryptography]
|
Prev: Merry Christmas 10
Next: test
From: Mok-Kong Shen on 14 Nov 2009 04:27 Maaartin wrote: > But having a fast perfectly secure PRNG you could simply xor it's > output with the plaintext. Using an unsecure PRNG makes the Hill's > scheme vulnarable again. And again, you need an expensive analysis of > the cipher what is just what you wanted to avoid. I don't yet understand your last sentence. If an n*n matrix is used to process less than n^2 units (characters or computer words) of text, there simply isn't possible to recover that matrix, if the analyst has the plaintext and ciphertext available. Thus, inferring the parameters of the PRNG would not be feasible in my view. M. K. Shen
From: Mok-Kong Shen on 14 Nov 2009 04:35 biject wrote: > A realitively easy scheme would be to use the XOR > program I wrote years ago where the two files do not > have to be the same length. One of the files could > be the first part of a long key. > > When you XOR the two files then do some sort > of bijective binary BWT on the result file. > then do another XOR with a second different > key file. > > Some day I will but a binary bijective BWT type of > program on web since it is the fist stage of a simple > bijective binary BWT type of compression program. I am not intending to be negative, but you have been persuing your 'bijective' project for a very very long time, if I don't err, and I wonder that today you still write 'some day' above. Since your program centers on compression, it would be fine to first have it be carefully discussed by the compression people in my view. M. K. Shen
From: Mok-Kong Shen on 15 Nov 2009 06:51 Mok-Kong Shen wrote: > ...... as an alternative to applying sophisticated algorithms that > require deep analysis in their design and much care in implementation, > employ certain simple primitive procedures, using a much higher number > of steps of operations to compensate for their inherent weakness with > respect to the complex procedures underlying the sophisticated > algorithms. This includes also employing larger (than hitherto) block lengths for the simple procedures and concatenations of them. (Concatenation of a number of linear ones is obviously futile, since they are equivalent to a single one. But I suppose one could profitably sandwich a linear one of large block width between two layers of nonlinear ones that consist of units of small block widths, if the linear one well contributes to avalanche.) M. K. Shen
From: Maaartin on 15 Nov 2009 15:00 On Nov 14, 10:27 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Maaartin wrote: > > But having a fast perfectly secure PRNG you could simply xor it's > > output with the plaintext. Using an unsecure PRNG makes the Hill's > > scheme vulnarable again. And again, you need an expensive analysis of > > the cipher what is just what you wanted to avoid. > > I don't yet understand your last sentence. If an n*n matrix is > used to process less than n^2 units (characters or computer words) > of text, there simply isn't possible to recover that matrix, if > the analyst has the plaintext and ciphertext available. Thus, > inferring the parameters of the PRNG would not be feasible in > my view. Maybe you can't recover the matrix, but surely you can learn a lot of about it. Using this information you can break the scheme if the PRNG is insecure. Take as an example a totaly stupid PRNG generating the sequence seed, seed+1, seed+2, ... and try yourself.
From: Mok-Kong Shen on 15 Nov 2009 15:39
Maaartin wrote: > Mok-Kong Shen wrote: >> Maaartin wrote: >>> But having a fast perfectly secure PRNG you could simply xor it's >>> output with the plaintext. Using an unsecure PRNG makes the Hill's >>> scheme vulnarable again. And again, you need an expensive analysis of >>> the cipher what is just what you wanted to avoid. >> I don't yet understand your last sentence. If an n*n matrix is >> used to process less than n^2 units (characters or computer words) >> of text, there simply isn't possible to recover that matrix, if >> the analyst has the plaintext and ciphertext available. Thus, >> inferring the parameters of the PRNG would not be feasible in >> my view. > > Maybe you can't recover the matrix, but surely you can learn a lot of > about it. Using this information you can break the scheme if the PRNG > is insecure. Take as an example a totaly stupid PRNG generating the > sequence > seed, seed+1, seed+2, ... > and try yourself. Why should we make such an assumption? (One doesn't walk on the street with a helmet just because some bolt possibly might fall down from a helicopter flying over one's head, right?) We have nowadays, in constrast to the time of classical crypto, good PRNGs like the recent one by Marsaglia. M. K. Shen |