Provably "Secure" Crypto

Adam Back aba at dcs.ex.ac.uk
Tue Nov 26 15:21:06 PST 1996



deGriz wrote:
> At 4:18 AM 11/26/1996, Peter M Allan wrote:
> >That is a bound on a _reliable_ algorithm.  A faster one is to shuffle
> >the elements and present it as sorted.  Lightning fast, but only with
> >low probability of correctness.  That is what we are up against in a key
> >search attack.  The other guy just might guess my 100 bit key first time,
> >millionth time or whatever - early enough anyway.
> 
> >So to get a lower bound you have to show that a lucky guess cannot be
> >distinguished from an unlucky one - and if you do that without a one
> >time pad I take my hat off.
> 
> If the chance of a successful guess is absurdly low, the algorithm can
> be considered to be secure.  It is quite unlikely that you will guess
> a random 128-bit key.  

Agreed.  However you _can_ instantly verify once you have guessed.
This makes the algorithm cryptographically secure, but _not_ perfectly
secure as is the case with a OTP with a truly random pad.

I think we agree, it is just a distinction in definitions of terms.

Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






More information about the cypherpunks-legacy mailing list