The Key Vanishes: Scientist Outlines Unbreakable Code
By GINA KOLATA http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all A computer science professor at Harvard says he has found a way to send coded messages that cannot be deciphered, even by an all-powerful adversary with unlimited computing power. And, he says, he can prove it. If he is right, and he does have some supporters, his code may be the first that is both practical and provably secure. While there are commercially available coding systems that seem very hard to break, no one can prove that they cannot be cracked, mathematicians say. In essence, the researcher, Dr. Michael Rabin and his Ph.D. student Yan Zong Bing, have discovered a way to make a code based on a key that vanishes even as it is used. While they are not the first to have thought of such an idea, Dr. Rabin says that never before has anyone been able to make it both workable and to prove mathematically that the code cannot be broken. "This is the first provably unbreakable code that is really efficient," Dr. Rabin said. "We have proved that the adversary is helpless." Dr. Richard Lipton, a computer science professor at Princeton, who is visiting this year at the Georgia Institute of Technology, said, "It's like in the old `Mission Impossible,' where the message blows up and disappears." Someone who uses one of today's commercially available coding systems, Dr. Lipton explained, uses the same key Q mathematical formulas for encoding and decoding Q over and over. Eventually, they may be forced, perhaps by a court order, to give up the key. Or the key may be stolen. But with Dr. Rabin's system, the message stays secret forever because the code uses a stream of random numbers that are plugged into the key for encoding and decoding. The numbers are never stored in a computer's memory, so they essentially vanish as the message is being encrypted and decrypted. "If someone walks into my office with a court order or if they put a gun to my head they still could not read my conversations," Dr. Lipton said. In a sense, say some mathematicians and computer scientists, Dr. Rabin may have solved the ultimate problem in cryptography, one that has driven research for centuries: finding a provably unbreakable code that is also practical. But, they say, the paradox is that the discovery has come at a time of vigorous debate over whether such a code will make much difference in keeping communications private. Some say that a provably unbreakable code could have profound effects, keeping secret messages secret forever. But others say that codes today are already so good that there is little to be gained by making them provably, rather than just probably, unbreakable. For now, Dr. Rabin's idea is simply a scheme backed up by a mathematical proof that he has been presenting to scientists at seminars. No company is lurking in the background to sell it, and Dr. Rabin says he has no commercial interests in it. "I never commercialize anything," Dr. Rabin said. "I am not in that business." Instead, he said, he did the work because it was a challenge. Dr. Rabin's idea is simplicity itself, at least in the world of encryption. Previous coding methods rely for their security on the limitations of computing power. They assume that if breaking a code requires enough calculations, even the best computers will not be able to do it. But, Dr. Rabin said, there is no proof that such codes are secure. Their security hinges on the belief that no one will find a shortcut to doing the calculations. It is always possible that such a shortcut exists, waiting to be discovered by a clever mathematician. Dr. Rabin relies instead on the limits of memory banks in computers. No matter how powerful a computer is, no computer can store an unlimited amount of data. And yet that is what is required for an eavesdropper to break his code. The coding starts with a continuously generated string of random numbers, say from a satellite put up to broadcast them or from some other source. The numbers can be coming by at an enormous speed Q 10 million million per second, for example. The sender of a message and its recipient agree to start plucking a sequence of numbers from that string. They may agree, for example, to send a message, encoded with any of today's publicly available encryption systems saying "start" and giving instructions on capturing certain of the random numbers. As they capture the numbers, the sender uses them to encode a message, and the recipient uses the numbers to decode it. An eavesdropper can know the mathematical formula used to encode and decode, but without knowing the exact sequence of random numbers that were used in the formula to send a particular message, the eavesdropper cannot decode the message. And the only way to have that sequence is to just happen to be storing numbers from the unending stream at exactly the right moment. If the eavesdropper, for example, had a secret way to decode the message saying "start" and it took a minute to do the calculation needed to decode it, it would be too late by the time the eavesdropper got going. The sender and recipient would already have their string of numbers and that string of numbers, once broadcast, could never be retrieved. It would be infeasible to store the endless string of numbers in any computer and so they are essentially gone forever. Often, Dr. Rabin said, eavesdroppers will capture and store encoded messages hoping to decode them at later, either when computers have improved Q making it easier to do the calculations to break a code Q or when the method for encoding and decoding is known, perhaps because it has been stolen. But, he said, messages encoded with his system can never be broken by these means because the random numbers used in encoding and decoding are used once and are never stored. "That is why I call it `everlasting security,' " he said. Dr. Richard DeMillo, chief technology officer at Hewlett-Packard, said that what interested him about the scheme was that it "reshuffles the policy deck." "Normally," he explained, "agencies put the burden of wiretapping on the carrier." A telephone company, for example, would have to allow an agency like the Federal Bureau of Investigation to listen in on coded material. But with this system, the agency would still have the burden of trying to capture the appropriate stream of random numbers, a task that would be technologically infeasible. Dr. Lipton also said the scheme could thwart law enforcement agencies. "If I'm saying to you, `Buy 1,000 shares of I.B.M., I'm sure it's going to go up,' " he said, "and if that was an insider trading situation, five years from now the F.B.I. could go after you." If the agency had the encrypted message in hand, it could demand the key to read it, he said. But, Dr. Lipton said, if the random numbers used to encode were used once and never stored, the agency would be hamstrung. "It changes the ground rules," he said. Dr. Lipton added that, as a computer scientist, he appreciated the proof that the code could not be broken. "Michael's big contribution has been the proof that the system actually works," he said. "It's one of those things that sounds obvious but the mathematics is quite hard." Of course, what is good for those who want privacy may not be good for law enforcement. Even the cryptography systems sold today are a problem for the F.B.I. "Uncrackable encryption allows drug lords, terrorists and even violent gangs to communicate about their criminal intentions without fear of outside intrusion," the F.B.I. director, Louis J. Freeh, told the Senate in 1998, according to a transcript from the Federal Document Clearing House. "This type of encryption also allows these same people to maintain electronically stored evidence of their crimes beyond the reach of law enforcement." Still, some computer experts said that while it might be interesting in theory to have a provably unbreakable code, the practical importance of Dr. Rabin's code may be minimal. Some, like Dr. Dorothy Denning, a computer science professor at Georgetown, and Dr. Cipher Deavours, a professor of computer science and mathematics at Kean University in Union, N.J., said the code was simply impractical for large messages. The larger the message, the longer the string of random numbers needed to encode it, and the more difficult it would be to send. "It's a cute idea, but it's simply unmanageable," Dr. Deavours said. Others, like Dr. Lipton, disagreed. "I think it is quite practical," he said. And Dr. Rabin insisted that computers would have no problem with the encryption scheme, even with long messages that were sent among a large group of people. Beyond the question of whether the system would work in practice, some question it because, they say, the role of cryptography in protecting privacy has been overblown. "If you think cryptography is the answer to your problem, then you don't know what your problem is," said Dr. Peter G. Neumann, a computer scientist at SRI International in Menlo Park, Calif. Dr. Neumann explained that there are always ways to get around cryptography barriers and that these methods have nothing to do with breaking codes. "It's like the voting machines," he said. "You'd like to have some integrity in the electoral process and now folks are coming out of the woodwork saying, `We have this perfect algorithm for privacy and security.' " But, he said, while the systems may use cryptography to make sure that when someone touches a screen to vote, that vote is transmitted with perfect security, who's to ensure the integrity of the person who programs the computer? "There is no guarantee that your vote actually goes into the computer the way it looks on the touch screen," Dr. Neumann said. "What does it take to buy a computer programmer? A couple of years' salary and a house in the Cayman Islands?" Bruce Schneier, who is founder and chief technical officer for Counterpane Internet Security in San Jose, said that, as a scientist, he liked the idea of a provably secure system. "Research like this should be encouraged," he said. "But research is different from engineering." But in the real world, a burglar confronted by an impenetrable lock on the front door may well go round to the back and just smash a window. "I'm a cryptographer by trade," Mr. Schneier said. "And a provably secure cryptosystem doesn't do me any good. We're putting a stake in the ground and hoping the enemy runs into it and now we're arguing about whether it should be one mile tall or two miles tall. It doesn't matter. The enemy will walk around it," he added. Dr. Robert Morris, a retired cryptographer who was chief scientist for the National Security Agency, the nation's code-making and code- breaking agency, also questioned the primacy of cryptography. "As far as I can see, he seems to be correct Q it's a provably secure method," Dr. Morris said. "But does that mean no one can read it? Nah." He explained: "You can still get the message, but maybe not by cryptanalysis. If you're in this business, you go after a reasonably cheap, reliable method. It may be one of the three B's: burglary, bribery or blackmail. Those are right up there along with cryptanalysis in their importance." Dr. Rabin said that just because there are other weaknesses in communications systems, that did not mean that secure encryption was not important. It is as though medical researchers started arguing that there is no need to find a cure for AIDS, Dr. Rabin said. After all, many more people die of heart disease, and if you cure people of AIDS, heart disease can still strike them. "This is not a reason not to work on H.I.V.," Dr. Rabin said. "The problem of H.I.V. is still important." Dr. Morris said that even though the actual breaking of codes might not be necessary to read encrypted messages, Dr. Rabin's method could have an effect. "In a sense, what it does is shift the emphasis from cryptanalysis to some other sort of attack," he said.
An Metet wrote:
By GINA KOLATA
http://www.nytimes.com/2001/02/20/science/20CODE.html?pagewanted=all
essentially, a one-time-pad with a central source of randomness, the key being the point in the random-number-stream that you start with.
"It's a cute idea, but it's simply unmanageable," Dr. Deavours said.
I agree completely on that, but for very different reasons. a) ok, it *is* unbreakable, since it's a one-time-pad. however, that only refers to mathematics/cryptoanalysis, not to the wide variety of other attacks. b)
He explained: "You can still get the message, but maybe not by cryptanalysis. If you're in this business, you go after a reasonably cheap, reliable method. It may be one of the three B's: burglary, bribery or blackmail. Those are right up there along with cryptanalysis in their importance."
of course, that's the first thing coming to mind. however, I have other reservations: c) the system's security rests entirely on the fact that the data volume is so "enormous" (10 mio. mio bits per second). or is it? high-energy research (CERN, etc.) today generates terrabytes of data everytime they hit the "on" switch. the computer centres there are equipped to handle two-digit terrabyte volumes in very short times. the problem is that the security of your message increases linear with the time you wait before sending it, because said time determines the likeliness that eve has run out of storage space and has started to overwrite old data. d) that, however, isn't even the worst problem. since bob also has to record the stream in order to decrypt the message, alice has to say "start" at a time X. all eve has to do is also hit the "record" button.(*) what this system does protect against is eve finding the message and her desire to decrypt it AFTER the fact. but it doesn't offer any advantage over existing systems in this area. the main danger of them is that either alice or bob store the one-time-pad or plaintext somewhere. that's a danger entirely outside the cryptosystem and not dealt with in this one, either. (*) one might think that no explicit "start" is required, since bob can just start grabbing the stream "live" while receiving the message. however, that requires perfect syncrocity(sp?) between alice and bob, something that is quite impractical at the requested flow rate. a solution here would be to have the random numbers broadcasted over the very medium which is used to transport the messages, much like the cycling in your PC. practical problems of a wide-area useage of this aside, it would only make it even easier for eve to decrypt the message, since she receives the key right alongside it. in other words: the whole encryption business would be a trivial waste of computing power. if that's not enough: e) the central source of randomness is sure to be a major target of any attacker. just by replacing the randomness with a seemingly-random function that you can easily recreate, eve would save tremendous amounts of storage space while lulling everyone in the impression of having an "unbreakable" cipher.
On Tue, 20 Feb 2001, Tom wrote:
essentially, a one-time-pad with a central source of randomness, the key being the point in the random-number-stream that you start with.
Not quite. The point which you start with in the random number stream is one of the keys, but the system he describes also includes another, which is used to encrypt the random number stream prior to the OTP's XOR operation. The rest of your post, I agree with. First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money. What if it was just a few dozen Blum-Blum-Shub generators up there spewing all those bits? We'd never see the difference, but a data thief who was "in the know" about how they were keyed could recreate any sequence at any time. The basic problem is the problem you always get with systems that have a "trusted server" sitting in the middle -- can you really trust that server? Can you inspect it, and inspect the code it's running, personally? Can you verify that the thing you were allowed to inspect is the same as the thing that you're trusting? I don't see any government, or for that matter any criminal organization, with a significant investment in SigInt allowing such a launch to go up untampered if they could possibly prevent it. And we already have systems with barriers of ridiculous levels of computer hardware - proofs of the security of a cipher which rest on the assumption that the opponent has storage capacity limited to less than some finite value are no more nor less valid than proofs of the security of a cipher which rest on the assumption that the opponent has CPU capacity limited to less than some finite value. The only value of this system, assuming you get random numbers you can trust, is that the opponent has to have the large storage capacity NOW - when we know how hard it would be to have it - rather than at some vague point in the future, where moore's law has had time to work its wonders. Finally, this system doesn't protect storage. It protects communications, and communications only. Think about it. If you protect storage, you have to have the bits from the OTP around somewhere to decrypt it. If you have the bits from the OTP around somewhere, you no longer have an unbreakable cipher. Bear
On Tue, 20 Feb 2001, Ray Dillinger wrote:
The rest of your post, I agree with.
First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money.
Look into experimental rocketry and 'can satellites' (there's a link on /. about the later). The cost to put a bird in space is probably around $100k right now. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
if this is true ($100K to launch) I'd help defray some of this cost just as a mechanism to distribute/manage my own keys. but i suspect the satellite itself is pretty expensive. when I looked into this a few years back the annual management of a satellite was about $250K. I assume it's less expensive now? also key management can be handled from the ground pretty well. i wouldn't use the satellite as the source of the key, i'd use it as a kind of reflector instead. instead of launching a dedicated satellite why not rent time on several existing satellites and use them as reflectors? it's a lot less expensive and key management can be handled from the ground. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Jim Choate Sent: Tuesday, February 20, 2001 5:46 PM To: cypherpunks@einstein.ssz.com Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code On Tue, 20 Feb 2001, Ray Dillinger wrote:
The rest of your post, I agree with.
First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money.
Look into experimental rocketry and 'can satellites' (there's a link on /. about the later). The cost to put a bird in space is probably around $100k right now. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Tue, 20 Feb 2001, Phillip H. Zakas wrote:
if this is true ($100K to launch) I'd help defray some of this cost just as a mechanism to distribute/manage my own keys. but i suspect the satellite itself is pretty expensive. when I looked into this a few years back the annual management of a satellite was about $250K. I assume it's less
The $100K is predicated upon access to surplus NASA and aerospace parts and having in hand the necessary testing facilities. This last one is the killer. You are aware that the failure last year of the amateur race to orbit was one of funding in all three cases? You should definitely look into the cost analysis of those projects. I'd suggest you contact Reaction Research Society as well, http://www.rrs.org $250K? Look into 'OSCAR' and 'can-sat', there's a link on /. about can-sat currently . A cell phone repeater with a 100W linear is sufficient. Surplus cell transceivers are under $100. A PC-104 controller running Plan 9 (or Linux if you're a conservative). Packet is much cheaper and it's reliable. The project I've been working on is spun mirror telescope primaries, the weight savings is incredible over glass. My goal is to put up a PC-104 running packet radio broadcasting one-way a view of the ground directly 'down'. I'm working up up to a larger effort. If you ever get around to acting upon this please consider me for your project. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Could the randomization inserted into the GPS system be used for a global random number server? I think it was in the form of time jitter, so you would have to use the difference between successive readings. -----Original Message----- From: owner-cypherpunks@minder.net [mailto:owner-cypherpunks@minder.net]On Behalf Of Phillip H. Zakas Sent: Tuesday, February 20, 2001 7:06 PM To: cypherpunks@EINSTEIN.ssz.com Subject: RE: The Key Vanishes: Scientist Outlines Unbreakable Code if this is true ($100K to launch) I'd help defray some of this cost just as a mechanism to distribute/manage my own keys. but i suspect the satellite itself is pretty expensive. when I looked into this a few years back the annual management of a satellite was about $250K. I assume it's less expensive now? also key management can be handled from the ground pretty well. i wouldn't use the satellite as the source of the key, i'd use it as a kind of reflector instead. instead of launching a dedicated satellite why not rent time on several existing satellites and use them as reflectors? it's a lot less expensive and key management can be handled from the ground. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Jim Choate Sent: Tuesday, February 20, 2001 5:46 PM To: cypherpunks@einstein.ssz.com Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code On Tue, 20 Feb 2001, Ray Dillinger wrote:
The rest of your post, I agree with.
First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money.
Look into experimental rocketry and 'can satellites' (there's a link on /. about the later). The cost to put a bird in space is probably around $100k right now. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
that's a pretty interesting proposal...check out: http://www.phys.washington.edu/~berns/RT99/ ...this describes how gps satellites are synched to a universal time clock at one of the labs. also check out: http://www.epm.ornl.gov/~dunigan/atmgps/ ...this describes using the gps timing cycles to test latency of atm networks. as far as how random these bits are, i don't know if the entropy is very good, and i don't know if the # of bits is enough to encrypt a message. if the jitter is identical for all 27 gps satellites at the same moment, those bits could be used to define a starting point of a series of random bits in an otp (like a cd-based otp, etc. but hopefully something better than that.) for example two machines could be set to agree in advance to use the bits received from gps jitter at a particular moment in time to compute the starting sequence of an otp i suppose. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Carol Braddock Sent: Tuesday, February 20, 2001 9:35 PM To: cypherpunks@Algebra.COM Subject: RE: The Key Vanishes: Scientist Outlines Unbreakable Code Could the randomization inserted into the GPS system be used for a global random number server? I think it was in the form of time jitter, so you would have to use the difference between successive readings. -----Original Message----- From: owner-cypherpunks@minder.net [mailto:owner-cypherpunks@minder.net]On Behalf Of Phillip H. Zakas Sent: Tuesday, February 20, 2001 7:06 PM To: cypherpunks@EINSTEIN.ssz.com Subject: RE: The Key Vanishes: Scientist Outlines Unbreakable Code if this is true ($100K to launch) I'd help defray some of this cost just as a mechanism to distribute/manage my own keys. but i suspect the satellite itself is pretty expensive. when I looked into this a few years back the annual management of a satellite was about $250K. I assume it's less expensive now? also key management can be handled from the ground pretty well. i wouldn't use the satellite as the source of the key, i'd use it as a kind of reflector instead. instead of launching a dedicated satellite why not rent time on several existing satellites and use them as reflectors? it's a lot less expensive and key management can be handled from the ground. phillip -----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Jim Choate Sent: Tuesday, February 20, 2001 5:46 PM To: cypherpunks@einstein.ssz.com Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code On Tue, 20 Feb 2001, Ray Dillinger wrote:
The rest of your post, I agree with.
First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money.
Look into experimental rocketry and 'can satellites' (there's a link on /. about the later). The cost to put a bird in space is probably around $100k right now. ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Wed, 21 Feb 2001, Phillip H. Zakas wrote: [Snip on GPS randomization]
as far as how random these bits are, i don't know if the entropy is very good, and i don't know if the # of bits is enough to encrypt a message.
Are you sure they are still adding jitter to GPS? Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university
Actually, I don't know if they are still adding jitter. The original thread was started by someone else who proposed using jitter. I believe the commercial GPS systems are currently limited to 30ft resolutions (the resolution can be improved futher by processing the output of several gps receivers). phillip -----Original Message----- From: ssyreeni@cc.helsinki.fi [mailto:ssyreeni@cc.helsinki.fi]On Behalf Of Sampo Syreeni Sent: Thursday, February 22, 2001 10:13 AM To: Phillip H. Zakas Cc: cypherpunks@Algebra.COM Subject: RE: The Key Vanishes: Scientist Outlines Unbreakable Code On Wed, 21 Feb 2001, Phillip H. Zakas wrote: [Snip on GPS randomization]
as far as how random these bits are, i don't know if the entropy is very good, and i don't know if the # of bits is enough to encrypt a message.
Are you sure they are still adding jitter to GPS? Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university
Jim Choate wrote:
First, your orbital random number server can only be put there by someone with enough bucks to launch a rocket -- whom you have to trust implicitly. None of the twenty or thirty people whom I trust implicitly has that much money. Heck, I don't even think I personally *know* anyone who has that much money.
Look into experimental rocketry and 'can satellites' (there's a link on /. about the later). The cost to put a bird in space is probably around $100k right now.
but what is the cost for EVE (hm, three letters - how fitting) to shoot it down?
Ray Dillinger wrote:
essentially, a one-time-pad with a central source of randomness, the key being the point in the random-number-stream that you start with.
Not quite. The point which you start with in the random number stream is one of the keys, but the system he describes also includes another, which is used to encrypt the random number stream prior to the OTP's XOR operation.
good point, but IMHO it actually makes the system WEAKER yet, because it gives more feeling of security to alice and bob, which may be highly betraying because it also adds key-exchange trouble and we all know that is the real weakness of many systems.
What if it was just a few dozen Blum-Blum-Shub generators up there spewing all those bits? We'd never see the difference, but a data thief who was "in the know" about how they were keyed could recreate any sequence at any time.
my point exactly. one way or the other you can't TRUST the stream, therefore it is worthless.
The basic problem is the problem you always get with systems that have a "trusted server" sitting in the middle -- can you really trust that server? Can you inspect it, and inspect the code it's running, personally? Can you verify that the thing you were allowed to inspect is the same as the thing that you're trusting?
especially when it's sitting in orbit, where even if you wanted to and were allowed to you simply CAN'T get at it. and it's pretty obvious that examining it while it's still down on earth does nothing. any stage magician worth his money can switch things right under your nose, and any of the major TLAs would surely be capable to switch a satellite even with dozens of people believing they've been watching it continuously.
I don't see any government, or for that matter any criminal organization, with a significant investment in SigInt allowing such a launch to go up untampered if they could possibly prevent it.
s/prevent/subvert/
Finally, this system doesn't protect storage. It protects communications, and communications only. Think about it. If you protect storage, you have to have the bits from the OTP around somewhere to decrypt it. If you have the bits from the OTP around somewhere, you no longer have an unbreakable cipher.
didn't think of that. yet another nail in the coffin. so, what do we have? a scientist (or is he? anyone checked the credentials?) who is much better at generating media hype than at cryptography. :)
On Wed, 21 Feb 2001, Tom wrote:
Ray Dillinger wrote:
What if it was just a few dozen Blum-Blum-Shub generators up there spewing all those bits? We'd never see the difference, but a data thief who was "in the know" about how they were keyed could recreate any sequence at any time.
my point exactly. one way or the other you can't TRUST the stream, therefore it is worthless.
Here's an interesting thought, though. There are all kinds of number generators already hanging in the sky, and some of them are fairly random, so this thing might actually have a prayer of working. Take a good telescope, and focus on, eg, Jupiter's Red Spot. (ignoring for a moment the problems of focus and synchronization). That's turbulence - a pretty damn good source of randomness. If Bob and Alice can see the same image, and derive the same stream of random numbers from it, this scheme might be salvaged yet. The bandwidth wouldn't be quite as high, especially allowing for enough "roughness" to keep it likely that the number streams Alice and Bob get have enough correlation to work with - but it might serve. Ray
Ray Dillinger wrote:
my point exactly. one way or the other you can't TRUST the stream, therefore it is worthless.
Here's an interesting thought, though. There are all kinds of number generators already hanging in the sky, and some of them are fairly random, so this thing might actually have a prayer of working.
that, of course, requires that you trust THOSE. now it is highly unlikely (though not impossible) that the NSA thought of this, say, 10 years ago, and it would be an extremely costly operation to secretly modify those birds, but that only gives confidence, not trust. in addition, all the other problems remain, especially those of storage and synchronisation.
On Thu, 22 Feb 2001, Tom wrote:
Ray Dillinger wrote:
Here's an interesting thought, though. There are all kinds of number generators already hanging in the sky, and some of them are fairly random, so this thing might actually have a prayer of working.
that, of course, requires that you trust THOSE. now it is highly unlikely (though not impossible) that the NSA thought of this, say, 10 years ago, and it would be an extremely costly operation to secretly modify those birds, but that only gives confidence, not trust.
I was not talking about artificial satellites. I was talking about chaotic processes observable with telescopes. Bear
On Thu, 22 Feb 2001, Ray Dillinger wrote:
On Thu, 22 Feb 2001, Tom wrote:
that, of course, requires that you trust THOSE. now it is highly unlikely (though not impossible) that the NSA thought of this, say, 10 years ago, and it would be an extremely costly operation to secretly modify those birds, but that only gives confidence, not trust.
I was not talking about artificial satellites. I was talking about chaotic processes observable with telescopes.
Whose telescope? Who built the hardware? Who built the software? ____________________________________________________________________ Before a larger group can see the virtue of an idea, a smaller group must first understand it. "Stranger Suns" George Zebrowski The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Jim Choate wrote:
I was not talking about artificial satellites. I was talking about chaotic processes observable with telescopes.
Whose telescope? Who built the hardware? Who built the software?
Any mutually agreed upon source will do. i.e. Pick a web cam. Any web cam. Hell, one pointed at a bowl of swimming goldfish should at least give you enough randomness to start with. -- ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------
Really? So let me get this straight. You're so worried about taps and interceptions that you are willing to potentially spend thousands of dollars on the hardware to detect the sorts of events under question (ie astronomical RNG's). So normal old terrestrial sources aren't good enogh because they might be tampered with. But you're ok with going out and buying a webcam from who knows where? On Thu, 22 Feb 2001, Sunder wrote:
Any mutually agreed upon source will do. i.e. Pick a web cam. Any web cam. Hell, one pointed at a bowl of swimming goldfish should at least give you enough randomness to start with.
Jim Choate wrote:
Really?
So let me get this straight. You're so worried about taps and interceptions that you are willing to potentially spend thousands of dollars on the hardware to detect the sorts of events under question (ie astronomical RNG's).
Actually I am not.
So normal old terrestrial sources aren't good enogh because they might be tampered with.
If that is your threat model. Again, go back and read this guy's paper. The random source is available to anyone in his scheme.
But you're ok with going out and buying a webcam from who knows where?
If that's my threat model, yes. If it's not, I may be willing to build my own set of web cams, etc. -- ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------
Ray Dillinger wrote:
Here's an interesting thought, though. There are all kinds of number generators already hanging in the sky, and some of them are fairly random, so this thing might actually have a prayer of working.
that, of course, requires that you trust THOSE. now it is highly unlikely (though not impossible) that the NSA thought of this, say, 10 years ago, and it would be an extremely costly operation to secretly modify those birds, but that only gives confidence, not trust.
I was not talking about artificial satellites. I was talking about chaotic processes observable with telescopes.
I was talking about the satellites used to observe these processes. I didn't get that you were going for earth-bound telescopes.
participants (10)
-
An Metet -
Carol Braddock -
Jim Choate -
Jim Choate
-
Jim Choate -
Phillip H. Zakas -
Ray Dillinger -
Sampo Syreeni -
Sunder -
Tom