Quality Time, Sweetheart: Some Principles on Dangerous Crypto

Zenaan Harkness zen at freedbms.net
Sat Dec 14 15:13:45 PST 2019


Funky naming :)

On Sat, Dec 14, 2019 at 11:34:53AM -0000, Spirit of Nikopol wrote:
> - Underkill or overkill: which is more secure? Quality time, sweetheart.
> 
> - Cryptographic security rests on time. This is why the strength of a
> cipher is measured in "polynomial time" or "exponential time." Quality
> time, sweetheart.
> 
> - Quantum time is a theory at this point. It is a lame conjecture. Do not
> trust theories and conjectures. Trust quality time.
> 
> - Obscurity is a time buffer. Until the obscure is unobscured, time is
> working effortlessly against the effort of attack. (!blasphemy!)

Why is this logic "blesphemy"?


> - Ciphertext, keys, and digests are like toothpase: whiten, whiten,
> whiten. Use separate whitening vectors for all.

That's useful.


> - Industry standard crypto is always insufficient for dangerous messages.
> There must be a time-to-generate bottleneck.

Or brute force shall decrypt in not useful time.


> - One-time pad injects a time bottleneck approaching functional infinity.

Sort of true.

One-time pads are very simple (XOR), and since it's an XOR function,
the one-time pad cyphertext can be "decrypted" into every possible
plain text combination (for the given input size).

Because of this, the above sentence can be clarified as

 - One-time pad injects a time bottleneck approaching functional
   infinity, where every possible output text is, at the limit,
   produced, rendering the brute force decryption functionally
   useless.

I think it's for this reason that one time pads are described as "the
only provably secure encryption algorithm".



> - Industry standard crypto gets bugged and broken regularly. Using it can
> produce a secure, self-signed death warrant.
> 
> - The longer a decipherment key takes to generate the more secure the
> ciphertext will be. (time-to-generate delay)
> 
> - The longer the bottleneck the longer it takes for your adversary to
> drink your beer.
> 
> - The longer the bottleneck the less of your bit-booze the enemy can drink.
> 
> - The hassle of exchanging one-time pads is much less than the hassle of
> digitally signing your own death warrant.

Depending on your need of course. If you have some helicopter gunship
expose, more than great crypto is advised, including top of the class
op-sec.


> - With random one-time pads you run zero risk of secretly borked crypto
> algorithms.

Indeed.

And suffer the time cost of pre exchange, as well as possible op-sec
super fails such as discussing the key exchange protocol on a
telephone. ("Oh no, the telephone's fine, I discuss all my drug
dealer deals on the phone - the only reason the cops nabbed me was
because, just as they said to me when they arrested me, a neighbour
dobbed me in" - true story of ignorance par excellence.)


> - If doubt is bad, use the one-time pad. Otherwise, bottleneck,
> bottleneck, whiten, whiten, obscure, obscure.

What a great way to distill important crypto rules of thumb!

Thank you for sharing.


> - If it has not been 100% proven secure, why would you assume it is secure?

OTP, muffas!

That said, Bernstein is a sufficiently stubborn, apparently diligent
and socially acerbic nutter, that his black boxes have a shade of
black which is quite new (I think they call it "new black") and
somewhat appealing...


> - The prophetess of Delphi is not your human shield.

Shit! Seriously?

(Runs off to berate his prophetess.)


> Standard assumptions
> in the oracle don't stop bullets.

She decieved me! I swear!


> - When borked 'standard crypto assumptions' buy you a ticket to the
> gangplank will the academic researchers be there to sell you shark
> repellant?
> 
> - Just because you don't know that anyone has broken a cryptography
> scheme, does not mean it hasn't been broken.
> 
> - Why would your adversary publish the fact that he has broken your
> cryptography?
> 
> - Rather it may mean your adversary is practicing security through
> obscurity, which has won many battles. (!blasphemy!)

Yes, fundamentally important blasphemy. For all who missed the memo.


> - When you are using anything besides OTP then time is your only friend.
> Your scheme must tack on the time.
> 
> - Security through obscurity worked for dozens of historical military
> commanders (who were not sitting in ivory towers.)
> 
> - If security through obscurity is always bad then why do trade secrets
> generate billions in profits?

Ha!


> - If security through obscurity is always bad then why do armies and
> governments use it every day?
> 
> - What was said about casting pearls before pigs?

What was said about the world being uplifted only by those who
give unconditionally?


> - The more obscure your means of communication, the more time your
> adversary must invest to uncover it.
> 
> - An exponential increase in required key attack time is often an
> exponential increase in safety, if your scheme is secure.
> 
> - University cryptographers are smart. But who signs their paychecks? Is
> it the same Sam who signs NSA paychecks?
> 
> - Does the academic who pumps a certain unobscure cryptosystem have a life
> insurance policy on you? Is your cryptography advisor invested in noose
> stocks?
> 
> - Will the pumpers of a certain cryptosystem support your family when you
> are doxed or dead or disappeared?
> 
> - Provable security of a dangerous cryptosystem does not make it safe or
> secure. It must also be deeply obscured from view.

If you are smart enough to create such a thing, and keep it obscured,
may you have a worthy cause to put it to - your small pond ultimately
shifting the waters of the ocean, some butterfly effect or something.

For the rest of us, we must use what we have and trust what we choose.


> - Web site crypto keys are vouched for by state-licensed actors. Need we
> say more? Dangerous crypto should also be obscured by quality time.
> 
> - Generally the more time you take to secure your communications the more
> time your adversary needs to attack.

Evidently we must distinguish types of communications, the lettuce
and carrots from the rib eye and rump.

OTP sharing implies meat space connections.

Make your meat space real, embrace the rib eye.


> - Why settle for 2 ^ 256 when 2 ^ 256 million is a clear winner?
> 
> - Why settle for one algorithm when you can cascade many?
> 
> - Envelope Superencryption of many algorithms is not necessarily limited
> to strength of its weakest algorithm. (!blasphemy!)

Ahh, someone is so bold as to share the blasphemous. Like "we only
provide SHA, since MD5 is cracked" with no thought that if SHA is
cracked, cracking the combo of MD5 -and- SHA (effectively chained,
for the purpose of blob authentication), is an order(s) of magnitude
more difficult again...

The proud often parrot the "obvious", oblivious to official
obfuscation. Your treatise is generous indeed...


> - Basket encryption and stacking pancakes: If 16 superencryptions are used
> with 16 different algorithms then the attacker must spend time to
> correctly guess each algorithm in the correct order with the correct keys
> or breaks. 16 pow 16 = 18446744073709551616 combinations, before we've
> even addressed possible keys. If your basket of available algorithms is
> larger than 16, this time injection can get unwieldy for attackers, even
> if the attacker has a quantum 'flux capacitor.'

Making meat space "OTP" or "super key" sharing, a much more
profitable endeavour.


> - When your life or liberty is at stake, to hell with efficiency. Churn,
> baby, churn!

Meat space baby, meat space!


> - Peer review and public availability of a cryptosystem are not magic
> guarantees that weaknesses or flaws will be found. Remember, if a
> cryptosystem is broken, bad actors who borked it are not going to tell
> you. That obscurity is their advantage. The counter to this advantage is
> polymorphism, chains of superencryptions, and using as much obscurity as
> you can to inject all the time delay you reasonably can.
> 
>  -------------------------------------------------
>  S P I R I T    O F    N I K O P O L
> 
>  Don't swap synthetic brains for your real brains.
>  broadcast on BitMessage (https://bitmessage.org)
>  subscribe: BM-NBEz3C1WktcyMZwVRWgDNGpU5gMRZ2iT
> 


More information about the cypherpunks mailing list