Cryptography-Digest Digest #538, Volume #14 Wed, 6 Jun 01 18:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Factoring via BBS cycle length ("Tom St Denis")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
("Tom St Denis")
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 6 Jun 2001 20:45:49 GMT
To illustrate my point, here's a system that does better at concealing
information about the plaintext from an attacker with cyphertext and
full knowledge of the algorithm employed than a conventional
One Time Pad manages.
Convert the plaintext from a 8-bit granular file to a 64-bit granular
file using one of David's bijections between these sets.
Then encrypt with a conventional OTP.
The result is much the same - except that many plaintexts that were
previously distinguishable on length grounds are now effectively
indistinguishable.
Given a cyphertext representing a particular plaintext, the attacker's
uncertainty about the possible plaintexts increases, as the file length
will (typically) increase, and thus so will the length of the key.
Would anyone still refer to a One Time Pad as offering
"perfect" protection of one's secrets after reading this?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 06 Jun 2001 22:54:41 +0200
Tim Tyler wrote:
>
> ...but why only consider the possible messages of size 2^n?
> This is a tiny subset of the messages that could have been transmitted.
>
> The obvious answer is that we can eliminate most messages on a-priori
> grounds, since we have the cyphertext and we know that it is an OTP
> encryption. However, this is highly undesirable - based on a simple
> examination of the cyphertext, we can reject loads of possible messages.
I don't understand. A given ciphertext has a certain size,
say n bits. The number of all possible (different)
informations that could be transmitted from the sender
to the receiver with that is limited by 2^n. And with an
OTP one can in fact securely transmit any one of these
possible messages. Or am I missing something?
>
> : Hence these are equal. Thus the opponent gains no information.
>
> The opponent has gained the information that the plaintext is
> of length n. Just by looking at the cyphertext, this was not
> known. As soon as the cryptomechanism is revealed as well,
> huge numbers of possible plaintexts can be rejected.
What is that information that he can gain from the fact
that the plaintext is of length n in the general case
(excepting contrived ones)? Can he know a single bit of
the plaintext from that?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 6 Jun 2001 20:44:48 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>
>I looked up what Bruce Schneier has to say about perfect secrecy in
>A.C.
>
>He says this:
>
>``There is such a thing as a cryptosystem that achives perfect secrecy:
> a cryptosystem in which the cyphertext tields no possible information
> about the plaintext (except possibly its length).''
>
>He goes on to give Shannon's theory that perfect secrecy is only
>possible if the number of possible keys in the cryptosystem is equal to
>the number of possible messages.
>
>IMO, Shannon has it right - while Bruce seems a bit uncertain about
>whether the length is included or not.
>
No wonder people are confused. Shannon was an expert and then
Mr BS comes along and do to his lack of knowledge. At least to
the level of Shannon he types it wrong and then others get messed
up. No wonder he does not understand the concept of bijective
compression encryption. He appears to lack an understanding of
what perfect security is when one encrypts. At least if thats
what he wrote in the book.
>I suppose if Bruce isn't clear about the issue, that probably explains
>why other folk are not clear about it either.
>
>Certainly if you see a 1-byte cyphertext, you know that most possible
>plaintexts have a probability of zero.
>
>This means that an OTP that preserves length information does not
>conceal plaintext information as well as is possible to do. If anyone
>has been calling this is perfect secrecy, they really ought to consider
>the fact that systems which better hide the identity of the plaintext
>are available.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 06 Jun 2001 23:03:19 +0200
Tim Tyler wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : If it is xored with a perfect random source, then each
> : of the possible 2^n sequences could result as ciphertext.
> : Hence the a-posteriori probabability of (the content)
> : of the message is the same as its a-priori probability.
>
> In an OTP if you are given a cyphertext of length n there
> are only 2^n possible plaintexts.
>
> However this is not true of cypher-systems in general -
> in some cyphersystems a message might represent any
> possible plaintext.
>
> If the plaintext is not restricted to be the same
> length as the cyphertext then there may be far more
> than 2^n possible plaintexts - and consequently a
> key of greater size than 2^n would be necessary to
> properly obscure them.
Since each ciphertext has to be uniquely decipherable
to a plaintext, it is not possible to have n bits
of ciphertext to map to more than 2^n different
plaintexts. On the contrary, if one uses homophones
or the like, then the number of possible plaintexts
would be less than that amount.
> : Now this is general for 'any' n. It certainly has no
> : implication to the effact that, after sending a message
> : of a certain length, the next following message should
> : have the same n.
>
> I certainly never meant to imply anything like that.
Scott said in another post that sending some shorter
messages would leak information.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Factoring via BBS cycle length
Date: Wed, 06 Jun 2001 21:07:25 GMT
"Anton Stiglic" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> How many such elements exist?
> Hint, write it this way:
> A^2 = A*A = B,
> B^2 = (A*A)*(A*A),
> B^2 = A => A*A*A*A = A,
> so A^3 = 1, (if A is inversible)
> so this means that A has order <= 3.
> How many elements in your group have order <= 3?
> How many elements are not inversible, so that the above
> doesn't apply to them? What can you do with those?
It turns out you can't factor with this, but it is an identity though (some
of squares = some of roots) when you complete a cycle.
This can't even be used to find a cycle though.... it's just a neat math
thing
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: Wed, 06 Jun 2001 21:09:15 GMT
"Bob Silverman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:<XRcT6.38998$[EMAIL PROTECTED]>...
> > "sisi jojo" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> > news:<ebvtZ6S7AHA.201@cpmsnbbsa09>..
> > >
> > > I don't have much time to write long messages today. But here's my
answer
> > >
> > > Maybe the approach is wrong. That's why nobody can solve it.
> > >
> > > You go through years of education to learn the wrong approach, which
is
> > > proven to be not useful. That's something funny about our education
> > system.
> > >
> > > If you want a problem to be solved, show it to a kid and let him
develop
> > > an answer fresh from the beginning.
>
> Replying to "sisijojo":
>
> You need a certain minimal background and mathematical maturity before
> tackling hard problems. You need experience in knowing what works and
> what doesn't work. The idea that some naiive "kid" will pop out of nowhere
> and solve a hard problem "BECAUSE HE HAS NOT LEARNED THE WRONG APPROACH"
> is ludicrous.
I don't see a big argument for this. Most "great" mathmetiticans were teens
when they invented stuff. The prime number theorem was written by a 15 yr
old.
Thus I disproved your notion.
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 6 Jun 2001 20:25:33 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] wrote:
>> And the idea doesn't even ``seem'' obvious, because of one fact you
>> keep ignoring: even if BICOM gives a bijection of binary files to
>> itself, almost all preimages under BICOM are not in fact plausible
>> messages. There is no a priori reason to believe that potential
>> decrypts will be rich in plausible messages; indeed it seems rather
>> unlikely.
>
>It *is* unlikely. To fix this, one has to use a reasonable source-
>model based encoding/compression. General-purpose compressors don't
>"prefer" one possible plaintext over another.
>
>However, a BiCom feature is that while most preimages may be
>implausible, at least there are no *impossible* preimages.
>That is a step forward, albeit a modest one
>
True the compressor as it stands may not by tuned to English
text for example. So most message decrypted will not make sense.
But since It appears all english texts of more than a few words
would compress. It likely that that in the search of 2**256 you
would find a couple of plausable messages. Since the Unicity
distance does go up. Matt has stated his next version would have
training sequences. This should make the Unicity distance even
longer.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 6 Jun 2001 20:51:33 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in
<[EMAIL PROTECTED]>:
>
>
>Tim Tyler wrote:
>>
>[snip]
>> There's no mention of the plaintexts and cyphertexts necessarily being
>> the same length there.
>
>One normally considers OTP being used simply with xor, so
>the length of plaintext and ciphertext are the same. But
>this isn't the point we were arguing. We were arguing
>whether all 'successive' messages sent (the sequence of
>messages sent from the sender to the receiver) are to be
>of the 'same' length.
>
>M. K. Shen
>
Actaully what we are aruging is what is an "OTP with perfect security"
We are not arguing about an OTP. Most will admit that an OTP that
matches the length of messages. Is most likely secure. Meaning for
most uses there would be more than one possible valid message it
could decrypt too. But "perfect security" requires no information
so the OTP would have to be at least the length of longest message.
Where all messages padded to same length. That this is obvious is
a fact. What I think is confusing for many is they wrongly think that
just because there can be more than one possible solution they are
confusing "security" with "perfect security".
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 6 Jun 2001 20:29:38 GMT
[EMAIL PROTECTED] wrote in <[EMAIL PROTECTED]>:
>"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>>
>> However, a BiCom feature is that while most preimages may be
>> implausible, at least there are no *impossible* preimages. That is
>> a step forward, albeit a modest one
>
>Granted. I think we're agreed here; I've said ``all it does is add work,''
>and you're saying ``adding work is good.'' Fair enough.
>
I don't think you agree here. It sounds to me he is saying
far different than you. Since you seem to be unaware of the
meaning of Unicity distance. Meaning for some sequnces after all
your work you may end up with several possible message as oppoesed
to one. Doug realizes you may not gain maany possible messages.
You think it only a question of time which it may not be.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 6 Jun 2001 21:09:45 GMT
[EMAIL PROTECTED] wrote:
: Tim Tyler <[EMAIL PROTECTED]> writes:
:> ...but why only consider the possible messages of size 2^n? This is
:> a tiny subset of the messages that could have been transmitted.
: Right! That's why ``perfect secrecy'' is only attainable if the ciphertext
: is longer than *any* possible plaintext. All messages must have infinite
: length.
: That's why in fact perfect secrecy has been proven impossible, and there
: is no such thing as a OTP.
I take it your reply is sarcastic :-|
Perfect secrecy (by which I mean the case where the cyphertext conveys no
information about the plaintext) is /not/ impossible.
It is *not* necessary that the cyphertext be longer than any possible
plaintext.
Nor is it necessary for any of the messages to be infinite.
Consider the case where there are only four possible messages that one
might want to transmit - and they occur with equal frequency.
Then randomly numbering them 0-3 would be sufficient to produce
perfect secrecy.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 06 Jun 2001 23:17:55 +0200
Tim Tyler wrote:
>
> To illustrate my point, here's a system that does better at concealing
> information about the plaintext from an attacker with cyphertext and
> full knowledge of the algorithm employed than a conventional
> One Time Pad manages.
>
> Convert the plaintext from a 8-bit granular file to a 64-bit granular
> file using one of David's bijections between these sets.
>
> Then encrypt with a conventional OTP.
>
> The result is much the same - except that many plaintexts that were
> previously distinguishable on length grounds are now effectively
> indistinguishable.
>
> Given a cyphertext representing a particular plaintext, the attacker's
> uncertainty about the possible plaintexts increases, as the file length
> will (typically) increase, and thus so will the length of the key.
>
> Would anyone still refer to a One Time Pad as offering
> "perfect" protection of one's secrets after reading this?
The OTP, in the literature that I am familiar with, is
always considered in the context of being used with
xor. Scott's 'bijection' is a new 'invention'. That may
be a genious one. On the other hand, lacking concrete
knowledge of proof materials, I am not in a positition
to related the security of a system using his 'bijection'
to the known argument of security of (the hithertofore
known) usage of OTP (i.e. the perfectly random source)
and doubt anyway that such use is terminologically
justified to be called an OPT encryption system.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 6 Jun 2001 21:18:53 GMT
[EMAIL PROTECTED] wrote in <[EMAIL PROTECTED]>:
>Sigh. If no compression is performed, then the likelihood of false
>positive decryptions is for most practical purposes zero. Since a
>likelihood is a non-negative number, *everything* is at least as
>likely as that. In particular, the likelihood of false positive
>decrypts is at least as high when compression is performed. But so is
>the likelihood of anything. So is the likelihood of monkeys flying out
>of my butt.
Would those monkeys flying out your but have wings or would they
be in there own tiny airplane or rocket.
>
>However, you haven't actually exhibited any interested circumstances
>where the likelihood of false positives *is provably* larger than
>zero. Until you do that, you are not justified in saying BICOM
>helps. You are only justified in saying it doesn't hurt.
Actaully he has your just appear to not be able to grasp it.
>
>> ...the messages are what we're interested in. If *they* get smaller,
>> that's all that's needed. It doesn't matter what else gets smaller
>> as well.
>
>To prove that false decrypts are more likely when BICOM is used, you
>must prove that preimages of smallish files are more likely to be real
>(or real-looking) messages. Since lots of non-messages also get smaller,
>there is no reason to suppose that *plausible* preimages are strictly more
>likely with BICOM than without it.
Really. All he has to do is talk about the change in Unicity distance.
He showed for example that was brought up. A poor CTR mod version of
Rijndeal could only have come from 256 messages. While the BICOM would
have been any one of 2**128 messages. You may not realuze but
2**128 is considered much larger than 265.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 06 Jun 2001 23:24:38 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
>
> Actaully what we are aruging is what is an "OTP with perfect security"
> We are not arguing about an OTP. Most will admit that an OTP that
> matches the length of messages. Is most likely secure. Meaning for
> most uses there would be more than one possible valid message it
> could decrypt too. But "perfect security" requires no information
> so the OTP would have to be at least the length of longest message.
> Where all messages padded to same length. That this is obvious is
> a fact. What I think is confusing for many is they wrongly think that
> just because there can be more than one possible solution they are
> confusing "security" with "perfect security".
Nobody 'pads' anything on using OTP, as far as I understand
the literature. The OTP sequence is used just like, say,
a Scotch tape. If the next message is n bits, you cut
out n bits from that, no more no less, do an xor and
send the stuff. If the following message is m bits,
do the similar thing. Or am I missing something?
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 6 Jun 2001 21:19:08 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
:>I looked up what Bruce Schneier has to say about perfect secrecy in
:>A.C.
:>
:>He says this:
:>
:>``There is such a thing as a cryptosystem that achives perfect secrecy:
:> a cryptosystem in which the cyphertext tields no possible information
:> about the plaintext (except possibly its length).''
:>
:>He goes on to give Shannon's theory that perfect secrecy is only
:>possible if the number of possible keys in the cryptosystem is equal to
:>the number of possible messages.
:>
:>IMO, Shannon has it right - while Bruce seems a bit uncertain about
:>whether the length is included or not.
: No wonder people are confused. Shannon was an expert and then
: Mr BS comes along and do to his lack of knowledge. At least to
: the level of Shannon he types it wrong and then others get messed
: up. [...]
>From the information I have available to me on the topic it still seems
/possible/ that Shannon himself may have originated this terminological
issue.
While he /apparently/ stated the perfect secrecy condition articulately
and in a manner that makes sense I will probably have to look at *exactly*
what he wrote in "Mathematical Theory of Communication" before laying any
blame at Schneier's door.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 06 Jun 2001 21:28:13 GMT
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> Joe I see why your having a problem. Most use the short
>version of an OTP but for perfect security you need the
>correct version. Since by defination no information can be
>leaked about plain text. Most definations start by assuming
>a given message length then stat you need a key that length
>so they don't really cover the case of many messages of
>varing length. Here is a typical URL that my help you get
>the correct defination in your mind
>
>
>http://whatis.techtarget.com/definition/0,289893,sid9_gci213673,00.html
I looked at that URL. I think you misunderstand this part:
"Typically, a one-time pad is created by generating a string of characters or
numbers that will be at least as long as the longest message that may be
sent."
This is telling you that your pad must be at least as long as the longest
message you intend to send. That is, if the pad is shorter than your longest
message,
part of the message won't be encrypted because the key taken from the pad
won't be long enough.
It does not say that the key must be as long as your longest message even if
the message is short. ( I take it you want to pad short messages with random
data.)
Note importantly that "Typically, a pad may be issued as a
collection of keys, one for each day in a month, for example, with one key
expiring at the end of each day or as soon as it has been used once."
I think you are confusing the pad itself with the keys taken from the pad.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Wed, 06 Jun 2001 23:35:32 +0200
JPeschel wrote:
>
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>
> > Joe I see why your having a problem. Most use the short
> >version of an OTP but for perfect security you need the
> >correct version. Since by defination no information can be
> >leaked about plain text. Most definations start by assuming
> >a given message length then stat you need a key that length
> >so they don't really cover the case of many messages of
> >varing length. Here is a typical URL that my help you get
> >the correct defination in your mind
> >
> >
> >http://whatis.techtarget.com/definition/0,289893,sid9_gci213673,00.html
>
> I looked at that URL. I think you misunderstand this part:
>
> "Typically, a one-time pad is created by generating a string of characters or
> numbers that will be at least as long as the longest message that may be
> sent."
>
> This is telling you that your pad must be at least as long as the longest
> message you intend to send. That is, if the pad is shorter than your longest
> message,
> part of the message won't be encrypted because the key taken from the pad
> won't be long enough.
>
> It does not say that the key must be as long as your longest message even if
> the message is short. ( I take it you want to pad short messages with random
> data.)
>
> Note importantly that "Typically, a pad may be issued as a
> collection of keys, one for each day in a month, for example, with one key
> expiring at the end of each day or as soon as it has been used once."
>
> I think you are confusing the pad itself with the keys taken from the pad.
That's exactly what happened, I am convinced. English
is afterall not a formal language and inherently
ambigious (lawyers earn their living thanks to that).
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 6 Jun 2001 21:05:46 GMT
[EMAIL PROTECTED] wrote in <[EMAIL PROTECTED]>:
>Tim Tyler <[EMAIL PROTECTED]> writes:
>>
>> ...but why only consider the possible messages of size 2^n? This is
>> a tiny subset of the messages that could have been transmitted.
>
>Right! That's why ``perfect secrecy'' is only attainable if the ciphertext
>is longer than *any* possible plaintext. All messages must have infinite
>length.
>
>That's why in fact perfect secrecy has been proven impossible, and there
>is no such thing as a OTP.
>
Actaully it has not been proven impossible. Here is a simple example
You have a system where you want to send fixed size images. YOU could
use one size OTP for all the messages. Since there will be a max length.
All that is required as stated by Shannon is to have at least
the same number of keys as messages. That means if you are limited
so a finite number of messages you need only a finite number of keys.
If you allow every possible variation of a text message with
no limit on length. In that case you can't have "perfect security".
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
