Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Destructive Legacies of the One Time Pad.
17 views
Skip to first unread message
adacrypt
Feb 13, 2012, 3:12:53 AM2/13/12
to
The benefit of the OTP is that it guarantees unbreakable crytpo
strength when the ciphertext has been generated using a random key
that is equal in length to the message length but that only caters for
one form of attack in a modern number- theoretic computer driven
cipher i.e. a statistical attack on the ciphertext.
Ciphertext only and numerical analysis attacks are not addressed in
the historic OTP because it only used the 26 letters of the English
alphabet. The drawback that necessitated the one-time usage relates
to keysets that were comprised of either simple alphabetic data at the
time (1920’s) or alphanumeric data today (from 1963 onwards.)
The reason for this is the detectable foot prints that arise in the
ciphertext immediately a key set is reused that enable some
statistical deductions to be made that weaken the cipher.
It can be shown that when the keyset is a set of moderately sized
positive integers and the ciphertext is made random as I am advocating
in my algorithm then this problem of footprints disappears – there is
no giveaway evidence in the ciphertext that denotes where the key was
reused - point 1 made.
The caveat that key length must equal message length is in theory at
least, redundant now and not required any more. I hasten to add that
this is not being done in my vector ciphers but the way is clear
should it ever be decided to do that.
It should be noted I think that if a modern cipher still uses a fresh
key for each encryption of a fresh plaintext then this is a
convenience and not an essential requirement that deleteriously harks
back to the OTP – the message length is equal to the key length as a
happy convenience that may be changed any time in the future without
any bad side effects – it is a choice not an essential - point 2
made.
I am a great admirer of Joseph Mauborgne and the original OTP but the
time has come to rationalise its place in modern cryptography – it is
giving a bad name to good ciphers that even remotely resemble it
because of the entrenched defects of the OTP that contagiously are
passed on to any modern cipher that uses a keyset just once out of
choice. The name OTP has become an unfortunate misnomer that should
be dropped now because of the doubt it sows in the minds of people.
I think it is quite likely that future ciphers will optionally use
keysets that are equal to the message-length but may reuse the same
keyset many times if they can demonstrate that this does not surface
as foot prints in the ciphertext.
A passing resemblance to the OTP must not be allowed to become a
damning millstone in the future – the party ‘s over for the OTP and
its time to move on.
I want to labour the point here that constructing ciphertext that is
demonstrably random as I am doing is a severe body blow to statistical
cryptanalysis. This ploy uses several keysets in series that need not
be random themselves but ensure that the ensuing ciphertext string is
definitively random. It enables a rethink about one time usage of
keys however that I think is a great advantage and very well
worthwhile.
As an experiment I have constructed many message lengths that are
several times greater than the key length in each case without any
detectable effect in the ciphertext. This puts the lie to the one-
time caveat. I think it has becoming a hugely anachronistic untruth
that should be dropped completely from modern crypto terminology
altogether. It is doing harm now in that it is still being used as
the platform of outdated logic and irrelevant theory.
- adacrypt
strength when the ciphertext has been generated using a random key
that is equal in length to the message length but that only caters for
one form of attack in a modern number- theoretic computer driven
cipher i.e. a statistical attack on the ciphertext.
Ciphertext only and numerical analysis attacks are not addressed in
the historic OTP because it only used the 26 letters of the English
alphabet. The drawback that necessitated the one-time usage relates
to keysets that were comprised of either simple alphabetic data at the
time (1920’s) or alphanumeric data today (from 1963 onwards.)
The reason for this is the detectable foot prints that arise in the
ciphertext immediately a key set is reused that enable some
statistical deductions to be made that weaken the cipher.
It can be shown that when the keyset is a set of moderately sized
positive integers and the ciphertext is made random as I am advocating
in my algorithm then this problem of footprints disappears – there is
no giveaway evidence in the ciphertext that denotes where the key was
reused - point 1 made.
The caveat that key length must equal message length is in theory at
least, redundant now and not required any more. I hasten to add that
this is not being done in my vector ciphers but the way is clear
should it ever be decided to do that.
It should be noted I think that if a modern cipher still uses a fresh
key for each encryption of a fresh plaintext then this is a
convenience and not an essential requirement that deleteriously harks
back to the OTP – the message length is equal to the key length as a
happy convenience that may be changed any time in the future without
any bad side effects – it is a choice not an essential - point 2
made.
I am a great admirer of Joseph Mauborgne and the original OTP but the
time has come to rationalise its place in modern cryptography – it is
giving a bad name to good ciphers that even remotely resemble it
because of the entrenched defects of the OTP that contagiously are
passed on to any modern cipher that uses a keyset just once out of
choice. The name OTP has become an unfortunate misnomer that should
be dropped now because of the doubt it sows in the minds of people.
I think it is quite likely that future ciphers will optionally use
keysets that are equal to the message-length but may reuse the same
keyset many times if they can demonstrate that this does not surface
as foot prints in the ciphertext.
A passing resemblance to the OTP must not be allowed to become a
damning millstone in the future – the party ‘s over for the OTP and
its time to move on.
I want to labour the point here that constructing ciphertext that is
demonstrably random as I am doing is a severe body blow to statistical
cryptanalysis. This ploy uses several keysets in series that need not
be random themselves but ensure that the ensuing ciphertext string is
definitively random. It enables a rethink about one time usage of
keys however that I think is a great advantage and very well
worthwhile.
As an experiment I have constructed many message lengths that are
several times greater than the key length in each case without any
detectable effect in the ciphertext. This puts the lie to the one-
time caveat. I think it has becoming a hugely anachronistic untruth
that should be dropped completely from modern crypto terminology
altogether. It is doing harm now in that it is still being used as
the platform of outdated logic and irrelevant theory.
- adacrypt
Mark Murray
Feb 13, 2012, 3:51:48 AM2/13/12
to
On 13/02/2012 08:12, adacrypt wrote yet another fingers-in-ears
"lalalalalalalala" posting:
> The benefit of the OTP is that it guarantees unbreakable crytpo
> strength when the ciphertext has been generated using a random key
> that is equal in length to the message length but that only caters for
> one form of attack in a modern number- theoretic computer driven
> cipher i.e. a statistical attack on the ciphertext.
You got off to such a good start and then blew it!
From " ... but that only caters for ..." you are talking crap again.
> Ciphertext only and numerical analysis attacks are not addressed in
> the historic OTP because it only used the 26 letters of the English
> alphabet. The drawback that necessitated the one-time usage relates
> to keysets that were comprised of either simple alphabetic data at the
> time (1920’s) or alphanumeric data today (from 1963 onwards.)
The above is nonsense on so many levels. 26 letters is irrelevant,
except insofar as it was usable with the available teleprinter codes
(5-bit binary, by the way).
> The reason for this is the detectable foot prints that arise in the
> ciphertext immediately a key set is reused that enable some
> statistical deductions to be made that weaken the cipher.
Not on an OTP, where key reuse is forbidden.
> It can be shown that when the keyset is a set of moderately sized
> positive integers and the ciphertext is made random as I am advocating
> in my algorithm then this problem of footprints disappears – there is
> no giveaway evidence in the ciphertext that denotes where the key was
> reused - point 1 made.
Bullshit. "it can be shown that ... "
SHOW IT!!
Point 1 NOT, repeat, NOT made, simply asserted. Dogma.
> The caveat that key length must equal message length is in theory at
> least, redundant now and not required any more. I hasten to add that
> this is not being done in my vector ciphers but the way is clear
> should it ever be decided to do that.
Bullshit. Wishful thinking at best.
> It should be noted I think that if a modern cipher still uses a fresh
> key for each encryption of a fresh plaintext then this is a
> convenience and not an essential requirement that deleteriously harks
> back to the OTP – the message length is equal to the key length as a
> happy convenience that may be changed any time in the future without
> any bad side effects – it is a choice not an essential - point 2
> made.
Bullshit. Gross misunderstanding at best.
Point 2 NOT made, simply asserted. More dogma.
> I am a great admirer of Joseph Mauborgne and the original OTP but the
> time has come to rationalise its place in modern cryptography – it is
> giving a bad name to good ciphers that even remotely resemble it
> because of the entrenched defects of the OTP that contagiously are
> passed on to any modern cipher that uses a keyset just once out of
> choice. The name OTP has become an unfortunate misnomer that should
> be dropped now because of the doubt it sows in the minds of people.
Wishful thinking and oft-repeated dogma.
> I think it is quite likely that future ciphers will optionally use
> keysets that are equal to the message-length but may reuse the same
> keyset many times if they can demonstrate that this does not surface
> as foot prints in the ciphertext.
Proper ciphers use secure algorithms and keys that are MUCH shorter
than the message. OTPs are not in everyday practical use.
> A passing resemblance to the OTP must not be allowed to become a
> damning millstone in the future – the party ‘s over for the OTP and
> its time to move on.
Catch up with reality. Nobody uses OTPs (except Soviet spies) due to
expensive key sharing problems. OTPs are useful in the study of crypto
because of the simplicity. Government spies may use them (perhaps only
in the past), but they are NOT used for general daily civilian crypto.
> I want to labour the point here that constructing ciphertext that is
> demonstrably random as I am doing is a severe body blow to statistical
> cryptanalysis. This ploy uses several keysets in series that need not
> be random themselves but ensure that the ensuing ciphertext string is
> definitively random. It enables a rethink about one time usage of
> keys however that I think is a great advantage and very well
> worthwhile.
Bullshit. You are using a weird definition of "random" to start with.
> As an experiment I have constructed many message lengths that are
> several times greater than the key length in each case without any
> detectable effect in the ciphertext. This puts the lie to the one-
> time caveat. I think it has becoming a hugely anachronistic untruth
> that should be dropped completely from modern crypto terminology
> altogether. It is doing harm now in that it is still being used as
> the platform of outdated logic and irrelevant theory.
Bullshit. You constructed a rigged, self-serving test that is only
useful for suppoerting your weird definition of "random".
M
--
Mark "No Nickname" Murray
Notable nebbish, extreme generalist.
"lalalalalalalala" posting:
> The benefit of the OTP is that it guarantees unbreakable crytpo
> strength when the ciphertext has been generated using a random key
> that is equal in length to the message length but that only caters for
> one form of attack in a modern number- theoretic computer driven
> cipher i.e. a statistical attack on the ciphertext.
From " ... but that only caters for ..." you are talking crap again.
> Ciphertext only and numerical analysis attacks are not addressed in
> the historic OTP because it only used the 26 letters of the English
> alphabet. The drawback that necessitated the one-time usage relates
> to keysets that were comprised of either simple alphabetic data at the
> time (1920’s) or alphanumeric data today (from 1963 onwards.)
except insofar as it was usable with the available teleprinter codes
(5-bit binary, by the way).
> The reason for this is the detectable foot prints that arise in the
> ciphertext immediately a key set is reused that enable some
> statistical deductions to be made that weaken the cipher.
> It can be shown that when the keyset is a set of moderately sized
> positive integers and the ciphertext is made random as I am advocating
> in my algorithm then this problem of footprints disappears – there is
> no giveaway evidence in the ciphertext that denotes where the key was
> reused - point 1 made.
SHOW IT!!
Point 1 NOT, repeat, NOT made, simply asserted. Dogma.
> The caveat that key length must equal message length is in theory at
> least, redundant now and not required any more. I hasten to add that
> this is not being done in my vector ciphers but the way is clear
> should it ever be decided to do that.
> It should be noted I think that if a modern cipher still uses a fresh
> key for each encryption of a fresh plaintext then this is a
> convenience and not an essential requirement that deleteriously harks
> back to the OTP – the message length is equal to the key length as a
> happy convenience that may be changed any time in the future without
> any bad side effects – it is a choice not an essential - point 2
> made.
Point 2 NOT made, simply asserted. More dogma.
> I am a great admirer of Joseph Mauborgne and the original OTP but the
> time has come to rationalise its place in modern cryptography – it is
> giving a bad name to good ciphers that even remotely resemble it
> because of the entrenched defects of the OTP that contagiously are
> passed on to any modern cipher that uses a keyset just once out of
> choice. The name OTP has become an unfortunate misnomer that should
> be dropped now because of the doubt it sows in the minds of people.
> I think it is quite likely that future ciphers will optionally use
> keysets that are equal to the message-length but may reuse the same
> keyset many times if they can demonstrate that this does not surface
> as foot prints in the ciphertext.
than the message. OTPs are not in everyday practical use.
> A passing resemblance to the OTP must not be allowed to become a
> damning millstone in the future – the party ‘s over for the OTP and
> its time to move on.
expensive key sharing problems. OTPs are useful in the study of crypto
because of the simplicity. Government spies may use them (perhaps only
in the past), but they are NOT used for general daily civilian crypto.
> I want to labour the point here that constructing ciphertext that is
> demonstrably random as I am doing is a severe body blow to statistical
> cryptanalysis. This ploy uses several keysets in series that need not
> be random themselves but ensure that the ensuing ciphertext string is
> definitively random. It enables a rethink about one time usage of
> keys however that I think is a great advantage and very well
> worthwhile.
> As an experiment I have constructed many message lengths that are
> several times greater than the key length in each case without any
> detectable effect in the ciphertext. This puts the lie to the one-
> time caveat. I think it has becoming a hugely anachronistic untruth
> that should be dropped completely from modern crypto terminology
> altogether. It is doing harm now in that it is still being used as
> the platform of outdated logic and irrelevant theory.
useful for suppoerting your weird definition of "random".
M
--
Mark "No Nickname" Murray
Notable nebbish, extreme generalist.
adacrypt
Feb 13, 2012, 11:33:58 AM2/13/12
to
This was a test designed to deliberately use the same keyset
(comprised of 14250 random keys) several times and to study the
effects on the overall state of randomness of the ensuing ciphertext
comprised of 50065 alphanumeric characters.
50065 characters (as it happened, were encrypted in 1 second).
The test was done on the 50065 members of the (j) coefficient only of
the ciphertext file.
Results
39072 => 39072 <= 39072 not repeated => 78.04%
4420 => 8840 <= repeated once
588 => 1764 <= repeated twice
94 => 336 <= repeated three times
7 => 35 <= repeated four times.
----------------------------------------------
50047
Bearing in mind that the corresponding coefficients ( i, k) of each
vector in a repeated pair (not checked) must also tick for an
apparent repeat in the (i) coefficients of the same pair to be
verified as a de facto repeat, I have no hesitation in saying that
this ciphertext is sufficiently random (pseudo random that is) to
thwart all attempts at cryptanalysis by statistical mapping by a
cryptanalyst.
There are no ill effects from using the same key over and over again
in this cipher.
- adacrypt
Gene and Debbie Styer
Feb 13, 2012, 1:02:19 PM2/13/12
to
On Feb 13, 11:33 am, adacrypt <austin.oby...@hotmail.com> wrote:
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
It's nice to see things moving faster - when you get it fast enough to
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
use on a WiFi link (> 1,000,000 char/sec for 802.11b) let us know.
>
> There are no ill effects from using the same key over and over again
> in this cipher.
>
> - adacrypt
as secure. But that simply isn't true.
Going back to the Soviet (not-so) One Time Pad. Let ciphertext1 =
message1 XOR key (assuming a key as random as anyone can make it), and
ciphertext1 will be very random. If you take another message and
calculate ciphertext2 = message2 XOR key, it will also appear very
random. But if you take ciphertext1 XOR ciphertext2, you get
something that is definitely NOT random.
If you want to do your own calculations, find an Enigma emulator
(there are several on the web). Take a message and encrypt it using
Enigma. The output will appear very random, yet we know Enigma was
broken.
biject
Feb 13, 2012, 1:34:16 PM2/13/12
to
On Feb 13, 11:02 am, Gene and Debbie Styer <Eugene.St...@eku.edu>
wrote:
Enigma was weak in that it had very short unicity distance a concept
that I don't think adacrypt truly understands. But you can preprocess
a file so that even weak methods such as enigma become extremely hard
to break by spreading the data spread spectrum through the file.
One simply way to do this is run arb255 take the result and reverse
output file by reading from back toward the front and then run arb255
again. At this point you have a mixed file of up to 256 symbols. You
could
bijectively convert this to 26 symbols and then use Enigma. It will
be much
harder to break.
The above protects from cipher only text attacks and partial plain
text
attacks. But it would not protest against full plain text attacks.
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
wrote:
that I don't think adacrypt truly understands. But you can preprocess
a file so that even weak methods such as enigma become extremely hard
to break by spreading the data spread spectrum through the file.
One simply way to do this is run arb255 take the result and reverse
output file by reading from back toward the front and then run arb255
again. At this point you have a mixed file of up to 256 symbols. You
could
bijectively convert this to 26 symbols and then use Enigma. It will
be much
harder to break.
The above protects from cipher only text attacks and partial plain
text
attacks. But it would not protest against full plain text attacks.
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
Mark Murray
Feb 13, 2012, 1:49:38 PM2/13/12
to
On 13/02/2012 16:33, adacrypt wrote:
> Supplement.
>
> This was a test designed to deliberately use the same keyset
> (comprised of 14250 random keys) several times and to study the
> effects on the overall state of randomness of the ensuing ciphertext
> comprised of 50065 alphanumeric characters.
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
> The test was done on the 50065 members of the (j) coefficient only of
> the ciphertext file.
>
> Results
>
> 39072 => 39072<= 39072 not repeated => 78.04%
> 4420 => 8840<= repeated once
> 588 => 1764<= repeated twice
> 94 => 336<= repeated three times
> 7 => 35<= repeated four times.
> ----------------------------------------------
> 50047
Meaningless bullshit. Learn to construct an experiment properly.
> Supplement.
>
> This was a test designed to deliberately use the same keyset
> (comprised of 14250 random keys) several times and to study the
> effects on the overall state of randomness of the ensuing ciphertext
> comprised of 50065 alphanumeric characters.
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
> The test was done on the 50065 members of the (j) coefficient only of
> the ciphertext file.
>
> Results
>
> 39072 => 39072<= 39072 not repeated => 78.04%
> 4420 => 8840<= repeated once
> 588 => 1764<= repeated twice
> 94 => 336<= repeated three times
> 7 => 35<= repeated four times.
> ----------------------------------------------
> 50047
> Bearing in mind that the corresponding coefficients ( i, k) of each
> vector in a repeated pair (not checked) must also tick for an
> apparent repeat in the (i) coefficients of the same pair to be
> verified as a de facto repeat, I have no hesitation in saying that
> this ciphertext is sufficiently random (pseudo random that is) to
> thwart all attempts at cryptanalysis by statistical mapping by a
> cryptanalyst.
> There are no ill effects from using the same key over and over again
> in this cipher.
Did you do this at school; repeat "1 + 1 = 3" until your teacher gave
up in disgust at your pig-headedness?
Karl-Uwe Frank
Feb 13, 2012, 3:36:26 PM2/13/12
to
On 13.02.12 16:33, adacrypt wrote:
> This was a test designed to deliberately use the same keyset
> (comprised of 14250 random keys) several times and to study the
> effects on the overall state of randomness of the ensuing ciphertext
> comprised of 50065 alphanumeric characters.
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
> The test was done on the 50065 members of the (j) coefficient only of
> the ciphertext file.
>
> Results
>
> 39072 => 39072<= 39072 not repeated => 78.04%
> 4420 => 8840<= repeated once
> 588 => 1764<= repeated twice
> 94 => 336<= repeated three times
> 7 => 35<= repeated four times.
> ----------------------------------------------
> 50047
Please allow me (as a novice in cryptography and cipher design as I am)
> This was a test designed to deliberately use the same keyset
> (comprised of 14250 random keys) several times and to study the
> effects on the overall state of randomness of the ensuing ciphertext
> comprised of 50065 alphanumeric characters.
>
> 50065 characters (as it happened, were encrypted in 1 second).
>
> The test was done on the 50065 members of the (j) coefficient only of
> the ciphertext file.
>
> Results
>
> 39072 => 39072<= 39072 not repeated => 78.04%
> 4420 => 8840<= repeated once
> 588 => 1764<= repeated twice
> 94 => 336<= repeated three times
> 7 => 35<= repeated four times.
> ----------------------------------------------
> 50047
to ask if you could be so kind and explain what you mean by the term
"14250 random keys"?
What do the random keys consist of?
Are they 14250 different 32-bit unsigned integer or just a bunch of
14250 randomly lined up characters (0..255, i.e. byte)?
Cheers,
Karl-Uwe
rossum
Feb 13, 2012, 3:58:25 PM2/13/12
to
On Mon, 13 Feb 2012 08:33:58 -0800 (PST), adacrypt
<austin...@hotmail.com> wrote:
>There are no ill effects from using the same key over and over again
>in this cipher.
Then you do not have a One Time Pad, you have a Many Times Pad.
<austin...@hotmail.com> wrote:
>There are no ill effects from using the same key over and over again
>in this cipher.
There are extreme ill-effects from using the same key over and over
again in the One Time Pad, google "Venona" for an example.
If you reuse the key, then is isn't a *One* Time Pad, it is a *Many*
Times Pad.
You would do well not to claim that your cypher is something that it
isn't.
rossum
0 new messages