theory: unconditional security
Carl Ellison
cme at acm.org
Tue Feb 19 12:18:41 EST 2002
At 11:38 AM 2/18/2002 +1100, Greg Rose wrote:
>At 10:15 PM 2/16/2002 +0000, Zefram wrote:
>>I've not been able to find any paper that describes the use of this
>>algorithm to give unconditional secrecy and integrity at once.
>>Nor have I found any paper describing doing this (as MAC or as
>>secrecy-plus-integrity) in GF(2^n), which makes it convenient to
>>operate on bit strings. This seems so stunningly useful that I'm
>>surprised it's not mentioned in AC.
>
>Like One-Time Pads, it seems stunningly useful only until you
>consider the practicalities. You still need key material as long as
>(in fact, twice as long as) the message, and you still cannot ever
>reuse the key material.
>
>>Can anyone point me at references that I'm missing?
>
>The sci.crypt FAQ has some material about why OTPs are useless in
>practice, and might have some references.
Greg,
OTPs were useless once. Modern tapes can hold quite a few bits. So
can a DVD-RAM disk, at 9.4GB. You can secure quite a few messages
with bits from one disk.
Zefram,
I suspect you find little written about OTP work because people have
always assumed the keys were impractical to distribute, store and
use.
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list