Prev: My attempt to break Rijndael (SAT-attack)
Next: RSA-1024 verilog
From: vedaal on 9 Mar 2007 15:08
On Mar 9, 12:08 pm, Peter Pearson <ppear...(a)nowhere.invalid> wrote:

> > is there a way to have two different plaintexts encrypt to the same
> > ciphertext,
>
> It's useful to stipulate that the decryption process takes
> as input (1) a key, and (2) some ciphertext, and produces
> plaintext. Introducing categories beyond key and ciphertext
> only impedes thought.
>
> If the additional information you propose (IV or whatever)
> is considered part of the ciphertext, then a given ciphertext
> decrypts to only one plaintext. On the other hand, if the
> additional information is considered part of the key, then
> you're just exchanging messages over the key-distribution
> channel.

ok,
quite logical

let's start then with 2 plaintexts; 1 decoy, 1 real
the length of the decoy plaintext can be varied if necessary by adding/
subtracting
from the plaintext

is there a feasible way to create two keys so that E(k1, m1) = E(k2,
m2)
while :

(1) still keeping it computationally infeasible to decrypt without
knowledge of the keys

and

(2) having it infeasible to recover k2, if only k1, and m1, (but not
m2), are known ?

it is understood that k2 would have to be transmitted/stored in a
separate secure process,
and also understood that one of the keys might not be as random as a
that of a conventional single key, single message encryption,
but could it be done so that it still would have enough complexity to
make it infeasible to decrypt ?

(i.e. still as secure as a seven word diceware passphrase,

if, as commonly accepted, the passphrase is the weakest link of the
cryptographic chain,
then, might it not sometimes be desirable to lessen the strength of
the other links,
[while still keeping them stronger than currently acceptably 'secure'
passphrases],
if they could provide a steganographic, plausibly deniable, encryption
channel ?)

tia,

vedaal

From: David Eather on 10 Mar 2007 06:19
Dane Smith wrote:
> Just out of my own curiosity, how do people feel about a block cipher
> which encrypts the same message using the same key to any one of many
> possible ciphertexts. I'm not entirely sure this has ever been done to
> any great length, though, it is quite possible I have missed something.
> Does anyone believe that it is even necessarily possible?
>
> Thanks for the input,
> Dane Smith

If different cipher text out of the same plain text is important then
use a different key and implement a KEA.
From: Bryan Olson on 10 Mar 2007 14:38
Dane Smith wrote:
> Just out of my own curiosity, how do people feel about a block cipher
> which encrypts the same message using the same key to any one of many
> possible ciphertexts. I'm not entirely sure this has ever been done to
> any great length, though, it is quite possible I have missed something.
> Does anyone believe that it is even necessarily possible?

Check out any of the respectable standards for RSA encryption;
they all use random padding. For symmetric ciphers, non-determinism
is not usually added at the block-cipher level, but there have been
a number of suggestions for it; see for example Rivest and
Sherman's "Randomized encryption techniques", in the Crypto 82
proceedings.


--
--Bryan
From: Bryan Olson on 10 Mar 2007 14:53
Dane Smith wrote:
> JR wrote:
>> One could insert a random byte every n bytes. So it is possible. Is it
>> useful?

One clever idea from Rivest and Sherman's Crypto 82 paper is to add
an error-correction code that corrects up to k bit errors to the
plaintext, then flip k randomly-chosen bits before encrypting.

> That is quite similar to my own idea, but I have the same question, is
> it useful?

Ciphers need some kind of non-determinism, but things like IV's,
salts and random session keys seem adequate for symmetric schemes.


--
--Bryan
From: Mike Amling on 10 Mar 2007 09:09
vedaal wrote:
>
> is there a way to have two different plaintexts encrypt to the same
> ciphertext, by using different IV's and storing/sending them

Trivially. Make up one or two keys. Make up two IVs. Make up some
ciphertext. Decrypt it first using one key and one of the IVs in CTR
mode. Then decrypt the ciphertext again using the same or a different
key and a different IV to get the other plaintext. Now you have two
plaintexts that encrypt to the same ciphertext using different IVs.

--Mike Amling
First  |  Prev  | 
Pages: 1 2 3 4 5
Prev: My attempt to break Rijndael (SAT-attack)
Next: RSA-1024 verilog