[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

maximizing cryptographic return

the question of the cost-effectiveness of  phone encryption was raised by 
my other message. I would like to question how cheaply good encryption
could be done on phones, with a poor quality microprocessor. most on
this list are aware of the idea that good encryption is often used
to send a low-bandwidth session key, which is then used to encrypt
that session using a less sophisticated but less computationally-demanding
algorithm. hence you seem to have good security at a computational
price that is less than encrypting everything with the secure protocol.

I was wondering how secure the following algorithm would be for phone
calls: suppose that at the beginning of each session, the random
key is traded using RSA or some other very secure approach. the
key is a *random bit width*, say 100-6000 bits. now, my question is,
I wonder if some very cheap algorithms, in terms of computation time,
could be used for the "on the fly" encryption of the voice using those
bit. would XOR with the pad be totally out of line? 

the situation is such that trivial algorithms such as XOR with  *unlimited
cyphertext* can be broken quite trivially. but it seems to me this
dogma that "XOR is WEAK" is based on the premise that you have a huge
amount of cyphertext to play with. take away this premise, that you
have a session key that is guaranteed to really give you very little
cyphertext, do these supposedly "weak" algorithms then become pretty

what I am getting at is that it seems there is this frequent assumption
that "good cryptography for on-the-fly encryption means you need huge
computational bandwidth". I wonder how true this really is. can you have
a situation where you spend a lot of time computationally negotiating
the *random one time pad*, but then have a fairly weak algorithm doing
the on-the-fly encryption with the random pad?

IMHO this would be the holy grail for phone hardware. as I wrote, you
are already going to have something approximating the power of a low-
bandwidth microprocessor in a phone. now imagine it took a long time
to send the key at the beginning, but that once traded it was no 
big deal-- real time communication using even "weak" algorithms.

what I am suggesting here is that we can get encryption for almost *no
additional cost* over existing phone hardware. and I am suggesting that
the main hurdles to encryption are political, not technical.

again, I wonder if "weak" encryption schemes are really that weak if they
are only used on short cyphertexts and if you have a good, secure
OTP (one time pad). I think it may be a delusion that you must have
a huge amount of computational bandwidth or have to encrypt every bit
using state-of-the-art, computationally-demanding algorithms to have 
extremely secure on-the-fly communications.

p.s. can someone give a brief summary of the Nautilus and PGP session
key / code frameworks?


a few footnotes in regard to the previous article. widespread,
seamless phone encryption is the NSA's absolute worse nightmare. everything
they are doing to prevent cryptography can be thought of as trying to
avoid this particular reality configuration. pay special attention how
they approach the issue and it will tell you what they fear the most,
and what they are trying to do to prevent it. 

also, Bob Morris said in his talk, acc. to Gillogly, that Europeans
*were* willing to pay for encryption in their phones, but those in the
US weren't. please expand on that little nugget!! how did you come
to that conclusion? why are americans fundamentally different than
europeans in regard to the value of encryption? if humans want the
same thing in most markets (as the situation of international product
marketing generally seems to suggest) does it make you think
that something besides the desirability of crypto is at stake here
in the localities, such as *politics*?

--Vlad Nuri