John Young wrote: > Analysis of Neural Cryptography
In short, neural cryptography is broken (hardly a surprise). I think, however, that it's possible to get the same level of security as merkle puzzles using a similar scheme - Alice and Bob agree that their sharked secret will be based on a number less than, say 10^18, they both compute 5*10^9 hashes of numbers selected at random in that range, and send them to each other. The shared secret is the smallest hash which they happen to both have selected at random. This algorithm can be made significantly more efficient and secure by using bloom filters instead of lists of hashes. This is an okay (although currently impractical) shared secret exchange algorithm. It can be used for public key encryption, but not signing. It's main problems are that once in a while it fails (if there's no shared secret) and that it's security level is a mere n vs. n^2, and the n is a measure of bandwidth used at that, so it's currently impractical. Notably, computers are getting fast enough that merkle-style cryptography looks to become practical for some applications in the forseeable future. -Bram Cohen "Markets can remain irrational longer than you can remain solvent" -- John Maynard Keynes --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]