Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:20
Incoming Mail (incomingmail@usa.net)
2 Apr 99 06:55:13 MST
| [...]
| >It occurs to me that you and I are saying the same thing, but disagreeing
| >about the definition of what a "Vernam cipher" means. So let me precisely
| >define what I mean when I say it. To me the core enciphering operation of
| >one is the following:
| >
| > X[i] + Y[i] = Z[i]
| >
| >Where X[i] is a random byte, Y[i] is the cleartext byte, and Z[i] is
| >the cipher text byte. And i goes from 0 to n-1 bytes (n = message length).
| >In practice the "+" is ones complement addition, i.e. an exclusive OR
| >operation.
| >
| >For each byte i then you have a simple algebraic equation with two
| >unknowns, X and Y. The essence of a Vernam cipher is constructing
| >the random sequence of X[i] bytes properly in order to compute the
| >equation, i.e. encipher the Y[i] into the Z[i] bytes.
| >
| >Since RC4 is constructing X[i] byte by byte from a randomly shuffled 256
| >byte array of numbers (which is reshuffled over time), I consider it to be
| >a type of Vernam cipher. RKS uses a different technique to construct
| >the sequence of random X[i] bytes. So it too, I consider to be a type
| >of Vernam cipher.
|
|
| Gilbert Vernam would disagree. When, in 1917/18, he defined the One Time
| Pad, he made it clear that, in order to achieve unbreakability, X[i] must be
| *truly* random, and must be discarded after being used once. If N is length
| of the sequence, you may choose among 2 ** N pads. But if you produce a
| pseudo-random stream starting from a key L bit long, you can't get more than
| 2 ** L pads, and if L < N you just can't generate all the possible N-bit
| pads - opening the door to a possibly successful cryptanalysis. That's why
| the OTP's required by Vernam enciphering cannot be produced by keyed PRNG's,
| no matter if based on RC4, on secure hashes like SHA-1 or whatever. Shannon,
| about thirty year later, would have noted that the entropy of a PRNG can't
| be higher than the number of bits defining its internal state.
|
| Of course, using a Vernam cipher presents nightmarish problems of key
| management, which is why the Germans in WW2 decide to use, instead, the pads
| produced by the Lorenz SZ42 machines: thinking that, with an estimated
| complexity of 10^19, they were good enough. Well, they weren't :-)
Is this really so? According to The Codebreakers (page 398 in the first
edition), it was Joseph Mauborgne who took Vernam's automatic key stream
cipher and implemented the idea of a non-repeating key tape. (I believe,
he learned about non-repeating key streams from an Army cryptography
course.)
____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:20