[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internet Privacy Guaranteed ad (POTP Jr.)
- To: [email protected]
- Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
- From: [email protected]
- Date: Wed, 21 Feb 1996 09:28:39 -0800
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
- Sender: [email protected]
> Unlike Mr. Silvernail, we have a much simplier definition of what we mean
> by a one time pad - given a message/file of length N, where N is a finite
> practical number say less than 10 to the 1000th power, that the encrypted
> ciphertext can be any of the N to the 256th power possibile clear/plain
> text messages/files. To prove that the IPG system does not work, all you
> have to do is to prove that is not the case - that our system, without
> artifically imposed boundary conditions will generate a subset of those
> possibilities - that is simple and strsight forward - not
> hyperbole but action - everyone stated how simple it was to break the system,
> now everyone is back paddling aa fast as they can, like Mr. Metzger and some of the other big bad cyphermouths.
We can be generous and characterize this as a typo. If N is the length
in bytes, then the number of possible such messages is of course 256 to
the Nth power, not N to the 256th power as the message says. For N=1,
for example, 256 to the Nth is 256, while N to the 256th is 1, and of
course there are 256 possible one-byte messages, not 1.
The wording is a little unclear, so let me offer this proposed
clarification, and see if IPG would agree. It is a slight rewording of
what they wrote but I think means the same as what they said:
> Given a ciphertext of length N bytes, where N is less than 10 to the
> 1000th power, the corresponding plaintext can be any of the 256 to the
> Nth power possible plaintext messages of length N bytes.
I haven't followed the IPG discussion, but if their cipher actually does
satisfy this criterion it would be at least pretty close to a one-time
pad.
One definition of a OTP is that the output tells you nothing about the
input (except its length). For any given output, all possible input
messages of that length are equally possible.
The definition proposed by IPG is similar to this; they say that for a
given output, the input could be any message of that length (at least, I
think that is what they are saying). To be really as strong as a OTP
they should further have it that all these possible inputs are equally
probable. However I suspect that if they can actually arrange that all
inputs are possible, then they will actually be equiprobable.
It follows from their definition that for a given plaintext message,
all possible cyphertexts of that length might result. (Because if there
was some ciphertext that didn't result from a given plaintext, then for
that ciphertet message it would not be the case that the plaintext might
be any of the 256 to the Nth possibilities; it could not be that one.)
One thing I don't quite understand is whether keys are in fact reused
from message to message. If the system is capable of encrypting, say, a
2K byte message such that all possible 2K byte cyphertexts might result,
then it should be capable of encrypting two 1K byte messages such that
the outputs are unrelated even if the inputs are the same. So I don't
see why a system capable of satisfying the definition above would reuse
keys.
Can we agree that if the IPG system meets the definition they offered
(as clarified here) it would be as good as a OTP?