IPG OTM expansion

Perry E. Metzger perry at piermont.com
Thu Feb 22 04:01:39 PST 1996



SINCLAIR DOUGLAS N writes:
> I have a guess as to IPG's "OTP" expansion algorithm.  The clue is the
> prime wheels.  It reminded me of something I read in Kahn that was originally
> done with paper tape.
> 
> Take two random streams, A and B.  Their lengths are relatively prime.  Let's
> use 1000 and 999.  An expanded stream C is computed thus:
> 
> C[i] = A[i % 1000] ^ B[i % 999]
> 
> C thus does not repeat until 999000 values have gone past.  Using more than
> two relatively prime wheels will produce very large streams.  The key,
> of course, is that *the entropy does not increase*.  I am sure that this
> sort of expansion is vulnerable to attack.

Indeed it is. It is fairly straightforward to crack this. If you read
the same chapter of "The Codebreakers" you will note that, in fact,
this same method was tried and broken way, way back.

> Am I close, Ralph?







More information about the cypherpunks-legacy mailing list