Re: Non-Scalar Cryptography - The Emporor is stark naked.

On May 14, 4:43 pm, rossum <rossu...@xxxxxxxxxxxx> wrote:
On Wed, 14 May 2008 05:58:17 -0700 (PDT), austin.oby...@xxxxxxxxxxxxxx
wrote:

I agree that this cipher does not look very much like a traditional
OTP but consider what would happen if a plaintext string and a
corresponding ciphertext string were captured - then it would reveal
the key that was used on that occasion and unless the key was used
only once it would be broken again and again.  The key must be a one-
off and this is achieved by scarmbling the same pad to a different
configuration for each message while keeping Alice's original master
key in safe wraps.

Using a permutation of the known character database cannot be an OTP.
If I know the first 13999 characters of the particular scrambling and
I know the original list of 14000 characters then I know with 100%
certainty the last character of the scrambling.  With a true OTP I
would not have that information.

Similarly, if there are 200 'a's in the 14000 characters then once I
have seen all 200 'a's then I know with 100% certainty that none of
the remaining characters in the scrambling can be 'a'.  With a true
OTP I would not have that information.

Whatever you have, it cannot be an OTP and hence you cannot rely on
the security proofs for an OTP.  You will have to provide your own
security proofs for your cypher.

You did not say how large the "scrambling parameters" are.  It is the
size of those parameters that will give the level of security of your
cypher.  I strongly suspect that your "scrambling parameters" are not
as large as the number possible arrangements of your 14000 characters,
in which case there are fewer permutations that will actually be seen.
By my estimate, see below, your scrambling parameters would need to be
about 2800 bits (10**830) to avoid reducing the number of permutations
below the maximum possible.  Even without this reduction, your
available permutations will be far short of the number of possible OTP
keystreams.  

For example, assuming your 14000 characters are picked from an
alphabet of 70 characters.  That gives 200 copies of each character.
Calculation the binomial distribution for this gives me:

  2.8e830 possible permutations.

With the same 70 character alphabet you would have 70**14000 possible
OTP keystreams:

  70**14000 = 2.5e25831

With these figures your proposal falls short of the ideal OTP by about
25000 orders of magnitude.

I suggest that you drop all reference to the OTP and let your cypher
stand on its own.  Writing a cypher is difficult; implementing the
ideal OTP in a practical way can be even more difficult.

rossum



I have named this cipher "ASCII - modulated
Vigenere Cipher" in the past but with the very salient OTP
characteristic it is in truth more OTP than Vigenere.  The knockers of
the OTP will have nothing to be triumphant now. - your criticism was
helpful - adacrypt- Hide quoted text -

- Show quoted text -

The algorithm is:

(Plaintext +key) Mod 95 = Ciphertext Mod 95

Analysing the key probability as you have done will not affect the
uncertainty of the ciphertext => the ciphertext still has equal
probability between elements = > the ciphertext string is random by
definition surely => this is the backbone of this cipher - whether it
is an OTP or not is not important ?? - I am taking on board your
suggestion regarding a standalone cipher - Thanks for your help
.

Relevant Pages

  • Re: A twist on OTP for an outstandingly secure channel?
    ... Imagine an OTP. ... bits would be (assuming 8 bit characters. ... Now imagine that through some miracle the ... compensating to the looser encryption strenght of stream ciphers. ...
    (sci.crypt)
  • Re: A twist on OTP for an outstandingly secure channel?
    ... Imagine an OTP. ... bits would be (assuming 8 bit characters. ... sequential plaintext data). ... Your scheme has a far higher ratio of padding than ...
    (sci.crypt)
  • Re: A twist on OTP for an outstandingly secure channel?
    ... bits would be (assuming 8 bit characters. ... randomly punctured 'holes' in blocks of 8 bits". ... the key and the ['padding data' + 3 characters] can be XORed against ... Brute force doesn't work in an OTP scenario. ...
    (sci.crypt)
  • Re: One-Time_Pad
    ... >>You are talking about a different sort of OTP than I use. ... I'm referring to the kind with mathematically provable ... > Then your key is 100 characters long. ... I've described my little system thoroughly on other posts. ...
    (sci.crypt)
  • Re: Non-Scalar Cryptography - The Emporor is stark naked.
    ... Using a permutation of the known character database cannot be an OTP. ... I know the original list of 14000 characters then I know with 100% ... You did not say how large the "scrambling parameters" are. ... in which case there are fewer permutations that will actually be seen. ...
    (sci.crypt)