I am not sure if we are talking past each other. Using terms from your example, I have one input (trying to map to what you say) that is message A. I have another input, call it key B. The output of the "secure algorithm" is C. C will be known by adversary M.
The question is whether B is sufficiently random that C cannot guess it. Also, that M cannot easily discover A knowing C. The strength of the algorithm is part of the assurance. The strength of the key is the other part. Weak key B does not adequately protect message A. Now, being random does not guarantee that the key B is not weak, just not easily deduced by M. But, if B is generated from inputs B1 and B2 in such a way that it tends to reduce the randomness (worse case results in very small subset of keys B), then M can brute force B to reveal A. One of the papers cited earlier pointed out how a complex algorithm actually ended up converging on a small number of values. I would hope to avoid repeating that mistake. Michael Hammer Principal Engineer [email protected] Mobile: +1 408-202-9291 500 Yosemite Drive Suite 120 Milpitas, CA 95035 USA -----Original Message----- From: Paul Hoffman [mailto:[email protected]] Sent: Saturday, January 25, 2014 11:35 AM To: Michael Hammer Cc: [email protected] Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here? On Jan 25, 2014, at 8:16 AM, Michael Hammer <[email protected]> wrote: > So, if you mix a non-random input with a random input, using a > deterministic algorithm, the output will be more random? > That doesn't seem right to me. That's because it is not right for many reasons. To start, you haven't defined "non-random" and "more random". A better description: Value A has X bits that cannot be known to adversary M. Value B has Y bits that cannot be known to M. Securely mixing A and B into a value C whose length is greater than or equal to (X + Y) will result in C having (X + Y) bits that cannot be known by M. If C's length is less than (A + B), every bit in C cannot be known by M. In your question above, the fact that B might be 0 is irrelevant to the calculation. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
