Cryptography-Digest Digest #540, Volume #14 Wed, 6 Jun 01 19:13:01 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 07 Jun 2001 00:43:54 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> Well it can leak information. I thought I gve the
> example that you never anwsered. Suppose someone asks
> you a question of the type where you are "known" to
> anwser "yes" or "no". ( Its a made up example you
> reall can't anwser yes or no to anything just go with
> it for a minute). You could encrypt with a TOMMY style
> OTP and send "QW" but if you did I would know its a "NO"
> or you sould send a "TRU" in wish case I would know its a
> "YES". SO you have zero secruity.
>
> Or you could use a longer pad like 4 letters. And
> send "WSHS" for no and "JSKS" for yes in which case
> I would not know what you sent.
>
> Or you could compress it and send 1 bit.
>
> If you actaully want more securoty since you may on
> rare occastions not give a yes or no. IN that case you
> real need a very long pad. But the length of all messages
> should be the same if you want "perfect security" It can
> be less and still secure if you use a different size. But
> it won't be "perfectly secure" unless it is as long as your
> longest message.
Oh, in some cases whether one sends a messages at all
could leak information, isn't it? If a message goes
out e.g. from my home, that means some person is there.
Are we considering such stuffs? I already mentioned
in a previous post that, unless there is something
that links the length to the content of the message,
the argument holds. Note that Shannon's perfect
security implies that the efficiency of the transforming
a 'given' bit sequence of n bits is so good that from the
ciphertext the opponent cannot get more information than
he 'already' knows otherwise (e.g. from the length or
from the time of sending, or from the particular station
that sends it, etc.). If he already knows that a message
of two bytes means 'NO', then any system of encryption is
as bad as any other, in fact useless. But is that any
argument against OTP as such? If a 'bijective' system
transforms 'NO' to 4 bits and 'YES' to 5 bits, doesn't
the same thing happen?
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Wed, 6 Jun 2001 22:28:58 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
:> : But if you have an OTP (a perfect one), you 'need' not
:> : pad anything, for you already have perfect security
:> : for the secret you want to communicate.
:>
:> The attacker can tell how long the plaintext is just byy looking at the
:> cyphertext. He can eliminate vast numbers of possible plaintexts
:> by a cursory examination. How is this "perfect".
: So you are refuting Shannon, aren't you??
I would have to read what Shannon wrote in more detail to say how what
this thread is about relates to what he wrote.
My main concern is with the definition and usage of the term
"perfect secrecy" - I'd like to see what Shannon wrote,
whether his proof relates to what he wrote, and whether others
have followed his usage properly.
That OTP's leak length information - and thus fail to conceal plaintexts
properly is rather well known - indeed most other cyphers do this as well.
Tom (and other posters) seem to have got the idea that the ordinary OTP
is actually perfect at concealing information about the plaintext, given
the cyphertext.
That does /seem/ to be what Shannon said:
``The first definition of information-theoretic secrecy was given by
Shannon, the founder of information theory. It is called perfect secrecy
and means by definition that the plaintext is statistically independent
of the encrypted data. This is equivalent to saying that the enemy
cryptanalyst can do no better than guessing the plaintext without
knowledge of the encrypted data, no matter how much time and computing
power is used.''
- http://www.inf.ethz.ch/department/TI/um/research/keydemo/Background.html
...but he is also supposed to have proved that the (conventional?) OTP
has this property, which it does not. I'll resolve the apparent friction
between these ideas by reading his actual words and proof.
I'm curious to learn the historical roots of the (clearly mistaken) idea
that conventional OTPs are perfect in this way. Is Shannon responsible?
...or those who came after him?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
