Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length

On 8 Feb, 15:06, "John Hadstate" <jh113...@xxxxxxxxxxx> wrote:
On Feb 8, 7:57 am, j...@xxxxxxxx wrote:



I claimed there is more (entropy) in the ways to create a specific
output (PRNG block) from the internal states. Then there is entropy in
the key (making cryptanalysis futile), bold statement i know, but i
think that is the fact and why cryptographers refuse plain facts.

Your claim is, as one previous respondent said, patently absurd. Look
at the following example.

I have a two-bit key, which can take on values 00, 01, 10, or 11. I
establish a mapping to a key-stream (your "permutations") as follows:

Key Key-stream
00 00100001000111100010111
01 10101000001101110001101
10 01111100001010100001110
11 10101010000010101000011

Now I encrypt with the key-stream. The recipient (and the attacker)
both know how to map the keys into key-streams, and to brute-force
this cipher, the attacker only has to choose one of four key-streams.
It doesn't matter how long the key-stream is (which determines how
many permutations there are), these key-streams have only TWO BITS of
entropy and nothing will change that.

I never claimed there was more keystreams than entropy, i claimed a
2048 bit block within the keystream could be created in more than ways
then the key have entropy, it is a totally different issue. There can
only be one stream for any key just as you say, but given a chosen
plaintext attack i do not beleive you can assert that you have the
first block in the keystream can you?

If you can there certainly is a ONE to ONE relation entropy wise
between that specific block and the key. Later on it is not because
many internal states could actually created that PRNG OUTPUT (block of
2048 bit) that was XOR with your chosen plaintext.

Do you agree?

Can we agree on that there will be many ways one specific PRNG OUTPUT
block 2048 bit can be created from the internal states within ONE
STREAM based on ONE KEY?

Can we agree on that the ways to create one block of 2048 bits PRNG
OUTPUT from the internal states can be done in more ways then the KEY
have entropy?

Jonas Thörnvall

Now, you say, "But those key-streams (permutations) are not the only
set of four that are possible." That is true. You could define
another set of 4 permutations, but how would the sender and the
recipient know which set of 4 to choose? You must add one more key
bit to choose between the two sets of four. Now how many bits of
entropy are in the chosen key-stream? THREE BITS, and the attacker now
has to choose from among 8 permutations.

The only way you can get more entropy into the key-stream is to add
more unpredictable bits to the key upon which the key-stream depends.
If you try any other way of adding entropy (such as randomly re-
mapping the permutations themselves), the legitimate recipient will
not be able to decipher the message (using the key alone).

The game you are playing is to pretend that the attacker doesn't know
how to map key bits into key-streams. That violates one of the basic
rules of modern crypto.


.

Relevant Pages