Re: IPG Algorith Broken!
At 2:16 PM 11/24/96 +0000, The Deviant wrote:
On Sat, 23 Nov 1996, Bill Frantz wrote:
I thought Shannon proved one-time-pads to be unbreakable using information theory.
Different ball game. OTP isn't "unbreakable" . OTPs are secure because no matter what key you use, it _will_ decrypt, so your plaintext is still hidden simply because it could decrypt to whatever the person trying to decrypt it wants it to. Its not that its unbreakable, its that its breakable in _so many ways_.
I think we differ on the definition of "unbreakable". A quick stab at my (admittedly very vague) definition includes the inability of the analyst to determine (by the structure of the plaintext) that he has a correct decryption. When I look in AC2, Schneier uses "break" in many ways. Let me evaluate OTP against his taxonomy of attacks: Ciphertext-only: Unbreakable Known-plaintext: Unbreakable, since the pad is never reused Chosen-plaintext: Unbreakable, ditto Adaptive-chosen-plaintext: Unbreakable, ditto Chosen-ciphertext: This attack doesn't seem to apply Chosen-key: This attack requires that the OTP doesn't have 1-bit-of-entropy/bit which implies it isn't an OTP. Rubber-hose: Since any decryption is equally plausable, OTPs are resistant to this attack. OTOH, it means they may keep beating you even after you've given them the correct decryption. Purchase-key: This attack seems the only way to break an OTP. If you accept Purchase-key as a valid attack, and it certainly has worked in many real-life situations, then no system is "unbreakable" and there is not any point in using the term. If you leave it out of the valid forms of attack, because all systems are vulnerable to it so it doesn't help in selecting a cryptosystem, then the OTP is "unbreakable". How do you want to define "unbreakable"? ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz@netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA
-----BEGIN PGP SIGNED MESSAGE----- On Sun, 24 Nov 1996, Bill Frantz wrote:
At 2:16 PM 11/24/96 +0000, The Deviant wrote:
On Sat, 23 Nov 1996, Bill Frantz wrote:
I thought Shannon proved one-time-pads to be unbreakable using information theory.
Different ball game. OTP isn't "unbreakable" . OTPs are secure because no matter what key you use, it _will_ decrypt, so your plaintext is still hidden simply because it could decrypt to whatever the person trying to decrypt it wants it to. Its not that its unbreakable, its that its breakable in _so many ways_.
I think we differ on the definition of "unbreakable". A quick stab at my (admittedly very vague) definition includes the inability of the analyst to determine (by the structure of the plaintext) that he has a correct decryption.
Well, I was speaking mathematicly (sortof). When I say "unbreakable", I mean that you can't figure out the plaintext given only the cyphertext. In this sence, you can't prove an algorithm "unbreakable", for the reasons stated *so many times* on this list, and OTP is very very breakable, but the information you get after breaking it isn't usefull to you. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "It's kind of fun to do the impossible." -- Walt Disney -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMpkiizCdEh3oIPAVAQGRsQf8DzuJ46pHR23KXgMmcjioqgpBaOTCxXRq MkiGkY7F8GJo8qNhmYmBlpPDPET/mIXsxjdedD4ye6Er47WLKi/7P8ZLBoJcuVPR N+Jg3H6Umfhb+Pm6zAVmM9PRJ7JXYMGRkvezGWij7gYaB9COs9df7cjsTtEOIo6J +1RGkud4bBFw05k94Mv9bNpB4Ns51IinPmiSNEU3AT36y/O22gIlkxmrHsRf+rOQ UHxL/uQS+m1awq9ArtwqEcI4RQeQoDnFZraAJ6QkNE+VexZ8uzLcSr/pV+WzQYD3 5MGz/fc5aXL1jZnwIkXhmwRb4fjk76DqQTc9t1mGzBIUVTgR6OFbiw== =/b+e -----END PGP SIGNATURE-----
participants (2)
-
frantz@netcom.com -
The Deviant