The Key Vanishes: Scientist Outlines Unbreakable Code
Ray Dillinger
bear at sonic.net
Tue Feb 20 14:31:05 PST 2001
On Tue, 20 Feb 2001, Tom wrote:
>essentially, a one-time-pad with a central source of randomness, the key
>being the point in the random-number-stream that you start with.
Not quite. The point which you start with in the random number
stream is one of the keys, but the system he describes also includes
another, which is used to encrypt the random number stream prior
to the OTP's XOR operation.
The rest of your post, I agree with.
First, your orbital
random number server can only be put there by someone with
enough bucks to launch a rocket -- whom you have to trust
implicitly. None of the twenty or thirty people whom I
trust implicitly has that much money. Heck, I don't even
think I personally *know* anyone who has that much money.
What if it was just a few dozen Blum-Blum-Shub generators
up there spewing all those bits? We'd never see the
difference, but a data thief who was "in the know" about
how they were keyed could recreate any sequence at any time.
The basic problem is the problem you always get with systems
that have a "trusted server" sitting in the middle -- can you
really trust that server? Can you inspect it, and inspect
the code it's running, personally? Can you verify that the
thing you were allowed to inspect is the same as the thing
that you're trusting?
I don't see any government, or for that matter any criminal
organization, with a significant investment in SigInt allowing
such a launch to go up untampered if they could possibly
prevent it.
And we already have systems with barriers of ridiculous levels
of computer hardware - proofs of the security of a cipher which
rest on the assumption that the opponent has storage capacity
limited to less than some finite value are no more nor less
valid than proofs of the security of a cipher which rest on
the assumption that the opponent has CPU capacity limited to
less than some finite value. The only value of this system,
assuming you get random numbers you can trust, is that the
opponent has to have the large storage capacity NOW - when we
know how hard it would be to have it - rather than at some
vague point in the future, where moore's law has had time to
work its wonders.
Finally, this system doesn't protect storage. It protects
communications, and communications only. Think about it. If
you protect storage, you have to have the bits from the OTP
around somewhere to decrypt it. If you have the bits from the
OTP around somewhere, you no longer have an unbreakable cipher.
Bear
More information about the cypherpunks-legacy
mailing list