Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: "John Hadstate" <jh113355@xxxxxxxxxxx>
- Date: 8 Feb 2007 06:06:13 -0800
On Feb 8, 7:57 am, j...@xxxxxxxx wrote:
I claimed there is more (entropy) in the ways to create a specific
output (PRNG block) from the internal states. Then there is entropy in
the key (making cryptanalysis futile), bold statement i know, but i
think that is the fact and why cryptographers refuse plain facts.
Your claim is, as one previous respondent said, patently absurd. Look
at the following example.
I have a two-bit key, which can take on values 00, 01, 10, or 11. I
establish a mapping to a key-stream (your "permutations") as follows:
Key Key-stream
00 00100001000111100010111
01 10101000001101110001101
10 01111100001010100001110
11 10101010000010101000011
Now I encrypt with the key-stream. The recipient (and the attacker)
both know how to map the keys into key-streams, and to brute-force
this cipher, the attacker only has to choose one of four key-streams.
It doesn't matter how long the key-stream is (which determines how
many permutations there are), these key-streams have only TWO BITS of
entropy and nothing will change that.
Now, you say, "But those key-streams (permutations) are not the only
set of four that are possible." That is true. You could define
another set of 4 permutations, but how would the sender and the
recipient know which set of 4 to choose? You must add one more key
bit to choose between the two sets of four. Now how many bits of
entropy are in the chosen key-stream? THREE BITS, and the attacker now
has to choose from among 8 permutations.
The only way you can get more entropy into the key-stream is to add
more unpredictable bits to the key upon which the key-stream depends.
If you try any other way of adding entropy (such as randomly re-
mapping the permutations themselves), the legitimate recipient will
not be able to decipher the message (using the key alone).
The game you are playing is to pretend that the attacker doesn't know
how to map key bits into key-streams. That violates one of the basic
rules of modern crypto.
.
- Follow-Ups:
- References:
- Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: jt64
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: rossum
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: jt64
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: David Taylor
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: jt64
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: David Taylor
- Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- From: jt64
- Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- Prev by Date: Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- Next by Date: Re: working on an encrypted disk on my USB pen without admin rights: a problem without solution?
- Previous by thread: Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- Next by thread: Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
- Index(es):
Relevant Pages
|
