theory: unconditional security
Greg Rose
ggr at qualcomm.com
Sun Feb 17 19:38:26 EST 2002
At 10:15 PM 2/16/2002 +0000, Zefram wrote:
>I've not been able to find any paper that describes the use of this
>algorithm to give unconditional secrecy and integrity at once.
>Nor have I found any paper describing doing this (as MAC or as
>secrecy-plus-integrity) in GF(2^n), which makes it convenient to operate
>on bit strings. This seems so stunningly useful that I'm surprised it's
>not mentioned in AC.
Like One-Time Pads, it seems stunningly useful only until you consider the
practicalities. You still need key material as long as (in fact, twice as
long as) the message, and you still cannot ever reuse the key material.
>Can anyone point me at references that I'm missing?
The sci.crypt FAQ has some material about why OTPs are useless in practice,
and might have some references.
Greg.
Greg Rose INTERNET: ggr at qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list