Encryption provably free of trapdoors

From: "Paul Tomkins" <tomkinsp@xxxxxxxxxxxx>
Date: Sat, 11 Mar 2006 08:19:46 +1100

The ultimate cipher is one where the only attack open to an opponent is a
brute force attack. Designers of ciphers design their ciphers with this goal
in mind and attackers search for other easier ways to crack the cipher.

Can a cipher be devised such that the only possible means of attack is a
brute force attack? Can a cipher be mathematically proven to have such
security? i.e. Can a cipher be devised that is provably free of trapdoors?

Here is my attempt...

M=XOR(f(R,k1),g(P,k2))

M: ciphertext
P: plaintext
R: true random stream that is as long as P
k1 and k2: keys
f: a one to one transformation function
g: a one to one transformation function
XOR: xor function

Case 1: If R is unknown to the attacker, the algorithm is the equivalent of
the OTP and is secure against even a brute force attack.
Case 2: If R is known but P is unknown to the attacker, his only option is
to perform a brute force attack on k1 and k2.
Case 3: If R and P are known to the attacker, his only option is to perform
a brute force attack on k1 and k2.

A lot has been written on the difficulty of implementing the OTP, so it
would probably not be desirable to attempt to operate under case 1.

The use of R, a true random stream, means that there are no patterns in M so
analysing M by itself would be futile.

The algorithm would potentially be vulnerable to a chosen plaintext attack
(i.e. chosen P or chosen P and R).

Excluding a chosen plaintext attack, the only viable attack would seem to be
a brute force attack.

.

Follow-Ups:
- First Attempt at a Proof of Provably Trapdoor-free Encryption
  - From: Paul Tomkins
- Re: Encryption provably free of trapdoors
  - From: me
- Re: Encryption provably free of trapdoors
  - From: me
- Re: Encryption provably free of trapdoors
  - From: Unruh
- Re: Encryption provably free of trapdoors
  - From: Unruh
- Re: Encryption provably free of trapdoors
  - From: Paul Tomkins
- First Attempt at a Proof of Provably Trapdoor-free Encryption
  - From: Paul Tomkins
- Answering some of the points made in reply to my post
  - From: Paul Tomkins
- Re: Encryption provably free of trapdoors
  - From: Paul Rubin
- Re: Encryption provably free of trapdoors
  - From: Dave Turner
- Re: Encryption provably free of trapdoors
  - From: Unruh

Prev by Date: Re: Algorithm that can build Hierarchic Key Establishment
Next by Date: Re: Encryption provably free of trapdoors
Previous by thread: encrypt filenames program
Next by thread: Re: Encryption provably free of trapdoors
Index(es):
- Date
- Thread

Relevant Pages

Re: Encryption provably free of trapdoors
... Can a cipher be mathematically proven to have such ... beginners and wannabe crypto tycoons obsess about it. ... I say use a 64 bit "unbreakable" RSA encryption to encrypt your one time pad ...
(sci.crypt)
Re: Please help - academic question...
... >>The actual subsitution rule is governed by a key. ... >>1) Based on the above cipher system, ... WHat is the average time that he can decrypt the ... >>this brute force attack? ...
(microsoft.public.cert.exam.mcse)
Re: Encryption provably free of trapdoors
... Can a cipher be mathematically proven to have such ... perfect secrecy but which is almost useless in practical terms, ... beginners and wannabe crypto tycoons obsess about it. ...
(sci.crypt)
Re: real cryptographers - how safe would you be?
... mean "brute force attack" in the precise meaning it has here ... Regardless of the cipher. ... Expressed in this posting are my opinions. ... to opinions held by my employer, Sun Microsystems. ...
(sci.crypt)
Re: Encryption provably free of trapdoors
... brute force attack. ... Designers of ciphers design their ciphers with this goal ... in mind and attackers search for other easier ways to crack the cipher. ... This is just a OTP. ...
(sci.crypt)