Question: OTP
jim bell
jimbell at pacifier.com
Mon Oct 21 15:46:36 PDT 1996
At 03:06 PM 10/21/96 +0000, paul at fatmans.demon.co.uk wrote:
>
>> This whole thing seems crazier each time I think about it.
>> basically my question is: given that he picks his key securly does he have
>> an OTP if the plaintext is shorter than the key?
>> Bob
>
>Yes, if he were just to modular add the key to the plaintext (or XOR
>them) he would have an OTP if AND ONLY IF the key were real random,
>however, he doesn`t do this, he uses the key to seed an array or
>linear congruential generators, which have been cryptanalysed to hell
>and back.
I think that there may be at least one potential application for a sorta-OTP
system to be overlaid on a reasonably-secure public-key system: I think
there might be an use for a system that allows the recipient of a message to
prove to his own satisfaction that the sender of the message is who he says
he is, but does NOT allow him to prove this to anyone else's satisfaction.
The goal would be to prevent one party to the commucation from being
strongarmed into not only revealing the data, but also providing trustworthy
evidence against the other person. I haven't thought about this in enough
detail to know if this is practical.
Jim Bell
jimbell at pacifier.com
More information about the cypherpunks-legacy
mailing list