The system is vulnerable to a simple chosen plaintext attack as soon as you extract a workable scheme from the vague description in the paper (see appendix A for the closest thing to an actual specification of an encryption scheme).
It should be an embarrassment to both Phys Rev X and the University of Lancaster (which does have a serious cyber security research group, who surely were not consulted by the university's press office). I'll write up the attack and post it on IACR eprint. Best, Kenny > On 10 Apr 2014, at 05:59, "Jeffrey Goldberg" <jeff...@goldmark.org> wrote: > >> On 2014-04-09, at 7:17 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: >> >> http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284 >> >> This is nonsense, right? > > Yep. > >> Unbounded in the sense of relying on secrecy of the unbounded number of >> algorithms? > > The distinction between algorithm and parameter (along with other things) > seem muddled. > > I commented on it is a few posts in sci.crypt. Here are trimmed highlights. > > Jeffrey Goldberg wrote in Message-ID: <bqe4cnft6k...@mid.individual.net>: > >> […]the 60 item bibliography of their paper cites only one source in >> cryptography (and that is on quantum key exchange). >> >> Somehow the first sentence of the paper doesn't inspire confidence either: >> >> "It is often the case that great scientific and technological discoveries >> are …" >> >> […] >> What I see as I glance over this paper is that people who have been caught >> up in the fadish understanding of "chaos theory" see that they get PRNGs out >> of their dynamical systems (true enough). >> >> But quite emphatically, the PRNGs that you get from most of this non-linear >> dynamical systems are not cryptographically appropriate. Indeed, there are >> tests that can distinguish whether the random sequences is likely to be from >> such a system. If I understand correctly, even their noise filtering >> component depends on exactly that technology. > > > Cheers, > > -j > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
