Some of you have sardonically written to say "Nihil Est Demonstrandum," N.E.D. because an OTP must be derived from a hardware source, that is, it must be a pure random sequence of limitless entropy. Accordingly, they unbashfully assert that an OTP generated by a computer program is not possible. How do they know that? Does the Bible tell them so, or the Koran, or do they get it from the Torah? Why not cite the source of their certainty instead of advancing an unsupported proposition. I do not mean to be rude, but excuse me, what scientific proof can they offer for that immovable avowal? There is no scientific proof whatsoever, none at all, except for the words and their steadfast, and maybe self serving, postulate. Accordingly, obviously it is they, not us, who are the ones that have "Nihil Est Demonstrandum," in this matter. There is not one scintilla of sustainable evidence to support such a doctrine. While the vast majority of people knowledgeable about cryptography have not heretofore believed that it is possible for software to produce an OTP, that does not make it a scientific fact, but merely means it is the consensus of scientific opinion that it is not possible. With all due respect to Bruce, and his exceptional work, Paul, Roy and many others who obviously know the subject matter of which we speak, I offer that history is replete with scientists supplying proof of the seemingly impossible. In support of their position, some have pointed out that John von Neumann, to paraphrase, stated that ARITHMETIC cannot produce random numbers, a thesis which I agree with; but where is that, in any way inconsistent with IPG's position on EUREKA? IPG has produced a system to generate software OTPs, albeit it within limited but but more than ample entropy, not software random numbers. We stipulate the obvious fact that the encryptor stream generated by EUREKA is a PRNG stream, though we do consider it gross denigration to castigate it as ONLY a PRNG stream. It is a PRNG issue that also happens to be an extremely well behaved OTP sequence, with limited but ample entropy, as well. It meets each and every criteria rationally established for an OTP in all reasonable aspects. Subjected to any and all statistical analyses, the EUREKA PRNG stream manifests itself as being random, though we know, as a scientific fact, that it is not. To substantiate that posit, and unlike the consensus of scientific opinion, obviously N.E.D., that believes that software cannot produce an OTP, IPG offers "Quod Erat Demonstrandum," Q.E.D. scientific proof that we can produce a humungous number of software OTPs sufficient to meet any and all current or future requirements. You do not need to be an Einstein, a Hawking, or a von Neumann, to understand the fundamental basis of the IPG EUREKA algorithm. Succinctly as I can , that is, given a truly random key of entropy N, and possibly truly random look up tables of combined entropy M, it is possible to generate up to N streams of characters of a length in this case of approximately 10^223, that manifest themselves as true OTPs. Think about that simple supposition for a moment. What do we mean by an OTP? We mean that an OTP is a stream of characters, or numbers, that cannot be derived in the absence of the key that was used to generate them, or alternately by trying all possibilities of that said key. Thus, when using the resultant as an encryptor stream, the only information derivable from the ciphertext is the determination of the maximum possible length. Furthermore, by using the exclusionary proof, you cannot preclude any possible message of that said length. If you think through that hypothesis, it becomes clear that such is not precluded by von Neumann's proffer, or by fundamental mathematical principles. The question then, is how can you go about doing that? That is all that IPG has done. We have figured out a mathematical certain way, ( Q.E.D.), of generating N number, or rather a number very close to N, of OTPs from a given key of entropy N, and we can prove it. Not only that, but you can prove it to yourself, Q.E.D. We maintain that it is discernible to any knowledgeable person who probes the algorithm, that the only analytical tack that can be mounted against EUREKA is brute force and that is patently impossible.. One of your Cpunk colleagues says he uses Triple DES, 168 bits, and he does not believe that it can be brute forced - I agree, 3-DES, 10^50+ possibilities, cannot be brute forced now, or in the foreseeable future - then what about the EUREKA's 10^34322 possibilities, 10^34271+ greater than 3-DES? No way, not now, not ever. Furthermore, EUREKA is an order, or more, magnitude faster than triple DES, easier to use, much more secure, etal. Another has suggested that if the key, and all the variables are hacked, then the system can be compromised. That is true, but again excuse me, does not that apply to any system, whether it be RSA, PGP, IDEA, and yes also a hardware sourced OTP. EUREKA's only edge in that regard is that built in means that facilitate safeguards which minimize such risks. EUREKA is not a panacea for all your encryption needs. RSA, PGP, ENTRUST, and other systems fill very important exigencies. Where EUREKA shines brightest is in two important strategic user applications: 1. To set up a permanent line of Internet/intranet communication privacy between two, or a group of, individuals. As a result, pass phrases, session encryption keys, and other work impediments of that genre can be largely eliminated. While applicable to everyone, this is especially true of newbies, computer novices, technophobes, and other non-techies. It is much faster, easier to use, and more flexible than other systems for this application. As such, it is ideal for intranets, or mixed Internet/intranet systems. 2. To protect your private hard disk files, programs or data, from compromise by hackers and interlopers. In this application it is unsurpassed because differential analysis of changing files is rendered impossible and it is extremely fast. See for yourself. Prove it to yourself, Q.E.D. The IPG algorithm is available at: http://netprivacy.com/algo.html or a condensed version at: http://netprivacy.com/condalgo.html P.S. My resume can also be found there http://www.netprivacy.com/resume.html
==================================================================
Donald R. Wood ipgsales@cyberstation.net ====================================================================
Some p[eople are more certain of their own opinions than they are of facts presented by those they disagree with - Aristotle
---------------------- Quod Erat Demonstrandum ----------------------
hardware source, that is, it must be a pure random sequence of limitless entropy. Accordingly, they unbashfully assert that an OTP generated by a computer program is not possible. How do they know that? Does the Bible tell them so, or the Koran, or do they get it from the Torah? Why not cite the
No, not the Bible, or the Koran, or the Torah. Try information theory.
We stipulate the obvious fact that the encryptor stream generated by EUREKA is a PRNG stream, though we do consider it gross denigration to castigate it as ONLY a PRNG stream. It is a PRNG issue that also happens to be an extremely well behaved OTP sequence, with limited but ample entropy, as well. It meets each and every criteria rationally established for an OTP in all reasonable aspects. Subjected to any and all statistical analyses, the EUREKA PRNG stream manifests itself as being random, though we know, as a scientific fact, that it is not.
A PRNG is not a OTP. A PRNG, like all cryptography (except the OTP) can be broken. Some cryptography can be broken by cryptanalytic "shortcuts". _All_ ciphers can be broken by brute force. If it is a strong cipher, there are no known shortcuts, and the keysize is great enough that brute force is infeasable. A stream cipher operating in OFB mode _seems_ a lot like a one-time pad. With the stream cipher, you XOR the output of the PRNG with the plaintext, which produces the ciphertext. With a OTP, it's the same, except you use a true RNG instead of a PRNG. Implementation-wise, they seem almost identical, the only real difference being that key management with the stream cipher is a lot easier. Cryptanalysis-wise there is a _very_ big difference.
Think about that simple supposition for a moment. What do we mean by an OTP? We mean that an OTP is a stream of characters, or numbers, that cannot be derived in the absence of the key that was used to generate them, or alternately by trying all possibilities of that said key. [snip] Another has suggested that if the key, and all the variables are hacked, then the system can be compromised. That is true, but again excuse me, does not that apply to any system, whether it be RSA, PGP, IDEA, and yes also a hardware sourced OTP.
No. Here we get to the difference between a OTP and a regular cipher: A OTP doesn't have a key, just a truely random stream. A OTP is very difficult to use, because of the size of the random stream. A OTP can't be broken AT ALL, not even by brute force. A OTP is information theoritically secure. A cipher has a key that produces a pseudo-random stream. A cipher is not hard to use, because the key is relatively short. A good cipher can be broken by brute force, but the attack isn't practical. A good cipher is cryptographically secure. Here's an example of a OTP... ----- From Applied Cryptography 2nd edition, pages 15-16 ---- If the message is ONETIMEPAD and the key sequence from the pad is TBFRGFARFM then the ciphertext is IPKLPSFHGO because O + T mod 26 = I N + B mod 26 = P E + F mod 26 = K etc. Assuming an evesdropper can't get access to the one-time pad used to encrypt the message, this scheme is perfectly secure. A given ciphertext message is equally likely to correspond to any possible plaintext message of equal size. Since every key sequence is equally likely (remember, the key letters are generated randomly), an adversary has no information with which to cryptanalyze the ciphertext. The key sequence could just as likely be: POYYAEAAZX which would decrypt to: SALMONEGGS or BXFGBMTMXM which would decrypt to: GREENFLUID This point bears repeating: Since every plaintext message is equally possible, there is no way for the cryptanalyst to determine which plaintext message is the correct one. A random key sequence added to a nonrandom plaintext message produced a completely random ciphertext message and no amount of computing power can challenge that. ----- End of excerpt ----- With a PRNG there are a limited number of outputs, so there might not be any key to produce POYYAEAAZX or BXFGBMTMXM, and so by brute-force an attacker may determine that the plaintext is not SALMONEGGS or GREENFLUID or whatever else. With enough PRNG-encrypted ciphertext, it is possible to rule out all but one possible plaintext. This is how a brute-force attack works. With a OTP, brute-force won't work, because no plaintexts can be ruled out. I took a quick look at the algorithm on your web page, and it is definately a PRNG.
[I'm not on cypherpunks, so I won't see replies sent only to there. I have bcc'ed coderpunks to prevent replies from being sent there accidently.] IPG Sales writes:
Some of you have sardonically written to say "Nihil Est Demonstrandum," N.E.D. because an OTP must be derived from a hardware source, that is, it must be a pure random sequence of limitless entropy. Accordingly, they unbashfully assert that an OTP generated by a computer program is not possible.
How do they know that? Does the Bible tell them so, or the Koran, or do they get it from the Torah? Why not cite the source of their certainty instead of advancing an unsupported proposition.
See Claude Shannon's papers on information theory. [Available as: C.E. Shannon, Collected Papers: Claude Elmwood Shannon, N.J.A. Sloane and A.D. Wyner, eds., New York: IEEE Press, 1993.] Shannon invented information theory in 1948 and 1949. Part of his papers discuss the information theory of cryptosystems. He mathematically proved that only a O.T.P. using non-reused physically random numbers could provide what he termed "perfect secrecy". I accept mathematical proofs above the Koran or the Bible. (The Torah is a subset of the Bible.)
I do not mean to be rude,
You are anyway.
but excuse me, what scientific proof can they offer for that immovable avowal?
See above.
There is no scientific proof whatsoever, none at all,
See above.
except for the words and their steadfast, and maybe self serving, postulate.
See avove.
Accordingly, obviously it is they, not us, who are the ones that have "Nihil Est Demonstrandum," in this matter.
See above.
There is not one scintilla of sustainable evidence to support such a doctrine.
See above.
While the vast majority of people knowledgeable about cryptography have not heretofore believed that it is possible for software to produce an OTP,
It is not possible. The information content, or entropy, of the key stream is necessarily no larger than its keyspace. That is, if you have a software pseudo-random number generator using an N bit seed, the entropy of the keyspace is necessarily never greater than N. This is mathematically certain -- no amount of prayer on your part can change that.
that does not make it a scientific fact,
Sorry, its even better -- a MATHEMATICAL fact.
In support of their position, some have pointed out that John von Neumann, to paraphrase, stated that ARITHMETIC cannot produce random numbers,
von Neumann meant any deterministic algorithm, actually.
We stipulate the obvious fact that the encryptor stream generated by EUREKA is a PRNG stream, though we do consider it gross denigration to castigate it as ONLY a PRNG stream.
If it is a PRNG, you do not have a One Time Pad, period. What you have is a stream cipher. Furthermore, past examination has shown you have a POOR stream cipher.
It is a PRNG issue that also happens to be an extremely well behaved OTP sequence, with limited but ample entropy, as well.
If the entropy is limited, you do not have a One Time Pad, period, end of discussion, its over.
It meets each and every criteria rationally established for an OTP in all reasonable aspects.
Set by WHOM? By you? Your criteria bear no resemblance to those accepted in general. Are you one of those people who sells someone a loaf of bread and says "this is an automobile, by every criterion I have set for automobiles"?
Think about that simple supposition for a moment. What do we mean by an OTP?
Something different from what everyone else means, so it makes no difference.
Not only that, but you can prove it to yourself, Q.E.D. We maintain that it is discernible to any knowledgeable person who probes the algorithm, that the only analytical tack that can be mounted against EUREKA is brute force and that is patently impossible.. One of your Cpunk colleagues says he uses Triple DES, 168 bits, and he does not believe that it can be brute forced - I agree, 3-DES, 10^50+ possibilities, cannot be brute forced now, or in the foreseeable future - then what about the EUREKA's 10^34322 possibilities, 10^34271+ greater than 3-DES? No way, not now, not ever. Furthermore, EUREKA is an order, or more, magnitude faster than triple DES, easier to use, much more secure, etal.
I believe that we have already established that your cipher is easy to crack, so your claims that it is hard to crack really don't matter. Perry
On Wed, 16 Oct 1996, IPG Sales wrote:
Some of you have sardonically written to say "Nihil Est Demonstrandum," N.E.D. because an OTP must be derived from a hardware source, that is, it must be a pure random sequence of limitless entropy. Accordingly, they unbashfully assert that an OTP generated by a computer program is not possible.
How do they know that? Does the Bible tell them so, or the Koran, or do they get it from the Torah? Why not cite the source of their certainty instead of advancing an unsupported proposition. I do not mean to be rude, but excuse me, what scientific proof can they offer for that immovable avowal?
Show me the scientific proof that a monkey cannot write a bestselling novel in 100 minutes. Of course you can't. This is called "proving a negative." The fact that this little nuance has escaped you does not bode well for your software generated OTP scheme or, indeed, your general intelligence.
There is no scientific proof whatsoever, none at all, except for the words and their steadfast, and maybe self serving, postulate. Accordingly, obviously it is they, not us, who are the ones that have "Nihil Est Demonstrandum," in this matter. There is not one scintilla of sustainable evidence to support such a doctrine.
Ok, what scientific proof exists that a truely random number generator can be software based? There is not one scintilla of sustainable evidence to support this concept either.
While the vast majority of people knowledgeable about cryptography have not heretofore believed that it is possible for software to produce an OTP, that does not make it a scientific fact, but merely means it is the consensus of scientific opinion that it is not possible. With all due respect to Bruce, and his exceptional work, Paul, Roy and many others who obviously know the subject matter of which we speak, I offer that history is replete with scientists supplying proof of the seemingly impossible.
Ok, here comes the part where you tell us that you are the Einstein of cryptography and will prove all the experts wrong? "They laughed at me at the institute, but I will show them!" (In this case they laughed at you because you are an idiot, not because they were shallow minded.
In support of their position, some have pointed out that John von Neumann, to paraphrase, stated that ARITHMETIC cannot produce random numbers, a thesis which I agree with; but where is that, in any way inconsistent with IPG's position on EUREKA? IPG has produced a system to generate software OTPs, albeit it within limited but but more than ample entropy, not software random numbers.
Yadda, yadda, yadda. Does your software not use arithmetic?
We stipulate the obvious fact that the encryptor stream generated by EUREKA is a PRNG stream, though we do consider it gross denigration to castigate it as ONLY a PRNG stream. It is a PRNG issue that also happens to be an extremely well behaved OTP sequence, with limited but ample entropy, as well. It meets each and every criteria rationally established for an OTP in all reasonable aspects. Subjected to any and all statistical analyses, the EUREKA PRNG stream manifests itself as being random, though we know, as a scientific fact, that it is not.
All of the above is substanceless hype. Why, exactly, are you telling us? Clearly none of us are going to buy your product. I suggest trying to get the FTC procurments section to purchase EUREKA in bulk for their own use.
To substantiate that posit, and unlike the consensus of scientific opinion, obviously N.E.D., that believes that software cannot produce an OTP, IPG offers "Quod Erat Demonstrandum," Q.E.D. scientific proof that we can produce a humungous number of software OTPs sufficient to meet any and all current or future requirements.
"Captain, the phase dampener has overrided the antimatter flux capicator. I think I can pin it down with a phased neutreno pulse if I isolate the presence of diocrastic radiation." -- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li
On Wed, 16 Oct 1996, IPG Sales wrote:
Some of you have sardonically written to say "Nihil Est Demonstrandum," N.E.D. because an OTP must be derived from a hardware source, that is, it must be a pure random sequence of limitless entropy. Accordingly, they unbashfully assert that an OTP generated by a computer program is not possible.
How do they know that? Does the Bible tell them so, or the Koran, or do they get it from the Torah? Why not cite the source of their certainty instead of advancing an unsupported proposition. I do not mean to be rude, but excuse me, what scientific proof can they offer for that immovable avowal? There is no scientific proof whatsoever, none at all, except for the words and their steadfast, and maybe self serving, postulate. Accordingly, obviously it is they, not us, who are the ones that have "Nihil Est Demonstrandum," in this matter. There is not one scintilla of sustainable evidence to support such a doctrine.
Any algorithmic generation (which all software is) is predictable given the algorithm. If its not hardware based, it can be guessed. This is altogether obvious. tough luck. --Deviant Blood flows down one leg and up the other.
participants (5)
-
Black Unicorn -
IPG Sales -
Perry E. Metzger -
Steve Reid -
The Deviant