Re: Use of Pseudo Random Generators for One Time Pad?

From: Paul Pires (diodude_at_got.net)
Date: 03/07/04 

Date: Sun, 07 Mar 2004 22:49:42 GMT

RPK <webmaster@hypercypher.zzn.com> wrote in message news:4202f8d0.0403070907.294db3f2@posting.google.com...
> Though I have posted the following link in one of my posts in the
> thread titled "A Secure WinXP compatible....", I am giving it again in
> this new thread to bring it to notice of other experts in this group.
>
> I want to know that considering PGP's high-quality Pseudo Random
> Generator, can it be used to create One Time Pad.

It can produce a one time pad but anybody can do that
with varying degrees of succcess. Is it secure? I don't
think you have done anything to prove that. Calling a
keystream a one time pad doesn't change anything.
>
> The following link demonstrates the use of YARROW for OTPs.
>
> http://www.aspheute.com/english/20010924.asp
>
> Kindly submit your views.

I don't know why you insist on calling this OTP. It's
just a poorly implemented stream cipher.

Key = K, k = keystream made from that key.
Stream Cipher: Encrypt(P,k)=C
Where encrypt is Pi^ki
Send C an K (secretly) to intended receiver.
Receiver does C^k=P

You are sending k (secretly) and C and
allowing the receiver to do the C^k to get P.
(which he would do with a stream cipher anyway)
You are putting the deterministic algorithm (Yarrow)
to work on making k and calling it a pad instead
of a keystream. Is there a security advantage to
sending k versus K secretly? It looks the other way
around to me since k is so much bigger than K.

The only reason to call it OTP is to absorb some
odor of perfect secrecy due to proximity.
That doesn't work. The only reason OTP
is interesting has been excised from your
process. OTP stinks as a practical method.
If you can guess the contents of a ciphertext,
you can change it intelligently in a way that
the recipient cannot detect. This is called
bit-flipping.

All of your security resides in the entropy
of the input to your k maker (yarrow) and
the sound operation of that k maker.

The entropy of the input to yarrow sets the
upper bound for security. It could be much
worse.

How do you get from there to:
"A Secure WinXP compatible....",

A perfectly implemented OTP would be a
poor choice for, "A Secure WinXP compatible...."
Your approach is obviously less than that
poor choice since you share all of the
weaknesses and none of the proof.

Paul

Relevant Pages

  • Re: Continue Work on the One-Time Pad? - adacrypt
    ... Major Joseph Mauborgne's work on the one time pad so as to get this up ... the secure generation of large quantities of true random data. ... OTP data be erased from all memory, swap files, system backups, ...
    (sci.crypt)
  • Re: A twist on OTP for an outstandingly secure channel?
    ... I would have a tendency to agree for standard OTP, ... unbreakability is probably incorrectly used in this ... I really think you need to read up on the unicity distance, ... You have 2 sources of random bits; 1 stream cipher, ...
    (sci.crypt)
  • Re: Erasing an OTP file on a SD card.
    ... I implemented One Time Pad under AES 256 bits CBC ... In our system you can't use OTP alone. ... secure than other systems, but in the worst case it has no advantage ...
    (sci.crypt)
  • Re: Hardware True Random Number Generator design / concept
    ... >>That is not one time pad. ... >>with unlimited computing power that OTP offers. ... Nobody can crack a properly used one-time pad, even with infinite ... resources and infinite time. ...
    (sci.electronics.design)
  • Re: Encryption key longer than text to encrypt
    ... In such a context, the OTP key and the keystream share the same idea, ... clearly understand that the bottleneck for a stream cipher is the key ... bits would be (assuming 8 bit characters. ...
    (sci.crypt)
Quantcast