Re: mental cryptography

[Nathan Loofbourrow <loofbour@cis.ohio-state.edu>]

hfinney@shell.portal.com writes:
 > I have read one paper which attempts to solve this problem, called "Human
 > Identification through Insecure Channel".  Unfortunately my papers are in
 > a mess right now so I don't have the reference handy.  It was by some
 > Japnese researchers, published in one of the proceedings books.  I
 > believe a follow-on paper was published within the last year or two which
 > had some improvements or corrections to their algorithm.  Sorry to be so
 > vague, I'll try to dig out more info over the weekend.

The article, by T. Matsumoto and H. Imai, was in Eurocrypt '91, which
is published as vol. 547 of "Lecture notes in computer science".

The only followup article I could find was:
C.-H. Wang, T. Hwang, and J.-J. Tsai, "On the Matsumoto and Imai's
[sic] human identification scheme." (LNCS 921, 1995)

 > >I am sure better algorithms can be found for this purpose if mental 
 > >cryptography is made explicit as a design goal.  Perhaps it should be?
 > 
 > It's a hard problem to solve in general because you have only a human
 > mind to do the identification algorithm but you have computers to try to
 > break it.  But I would like to see the problem get more attention.

It may be that the approach is off anyway. Credit cards have only
signature verification -- if the salesperson bothers -- because stolen
cards are reported. You don't need a strong authentication technique
if a stolen card is easy to cancel.

Of course, perhaps this encourages someone to steal your card and
incapacitate you before you can report it. That's why we have
PINs... so that someone can steal your card, threaten you until you
reveal your PIN, and then incapacitate you... Hmm...

Even with a weak PIN system for authentication, you can always provide
a "duress" PIN, right?

nathan