There are plenty of 'thought experiment' crypto systems which are utterly infeasible in practice. Rabin's is one.
It does have perfect forward secrecy in that if Eve doesn't know ahead of transmission time what part of the keystream to grab, she can't later decrypt the message. But, as Nicholas points out, it doesn't solve the key distribution problem, merely shifts it. Alice and Bob still have find some way to securely coordinate beforehand what part of the 'random' bitstream they will use as their OTP. There are many other problems: * The HW needed to generate cryptographically sound random data at the required rate is extremely expensive, if it exists at all. * The HW needed to recieve data at that rate is very expensive. * Since accuracy is required, error correcting codes will have to be included, increasing the data rate still further. *putting up a constellation of satellites is also very expensive - where's the revenue to do all this coming from? ...and the big one: Could you *trust* the 'randomness' of a bitstream handed you from a source you cannot check? Sorry, folks, this one is a non-starter. Peter Trei > ---------- > From: Nicholas Brawn[SMTP:[EMAIL PROTECTED]] > Sent: Monday, February 04, 2002 1:47 AM > To: Sean McGrath > Cc: [EMAIL PROTECTED] > Subject: Re: Unbreakable? (fwd) > > Correct me if I'm wrong, but isn't such a system feasible by: > > 1. Having the network infrastructure available to support the continuous > traffic loads. > 2. Having a suitable RNG source that can cope with the reseeding/etc > requirements of encrypting bulk data. > 3. Having a mechanism to insert genuine information into these massive > streams of data. > > I suppose the issue is communicating to the third party which part of > the data contains the interesting stuff. From what Rabin is saying, it > appears that the increased security is achieved by the third party not > knowing what is important and what isn't. How you communicate this with > your trusted third party is the problem. You can't simply send a > transmission when a new section of interesting stuff is coming through, > because then the evil folk can simply watch for the notification, then > capture that section of the traffic. > > Perhaps you could send a transmission that says "in x bytes time for the > next x bytes, is the next message". That would include some latency that > the evil third party can't reliably interperet. But does that work for > frequent transmissions? > > Seems interesting nevertheless. > > Nick > > -- > Real friends help you move bodies. > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
