theory: unconditional security

Arnold G. Reinhold reinhold at world.std.com
Wed Feb 27 21:22:47 EST 2002 

At 12:50 AM -0800 2/27/02, Lucky Green wrote:
>Carl wrote:
>> I suspect you find little written about OTP work because people have
>> always assumed the keys were impractical to distribute, store and
>> use.
>
>While distribution of OTP's has become feasible amongst tightly-knit groups
>of non-governmental actors, the rate at which OTP's can be generated has
>fallen behind the rate at which data needs to be communicated between the
>nodes. To give an example, creating  OTP's  to encrypt messages along the
>lines of "the attack will take place at dawn on Thursday" was easy with WWII
>technology and is even easier now. However, the sheer volume of data
>transmitted between even small nodes today requires vastly larger OTP's than
>was required for military or diplomatic communications in the past.
>
>I am not aware of any RNG design in the open literature that would even come
>close to generating the sheer volume of random numbers required by current
>civilian communication patterns. I trust that I don't need to elucidate on
>this list as to why a "solution" that would require the sender to limit the
>use of OTPs to sending critical data while other data would be encrypted
>using a different system will invariably lead to COMSEC failures.
>

I don't think that's quite fair. Pretty much any organization that 
wishes to protect sensitive information needs to be able to segregate 
it from other data that is not protected or enjoys a lower level of 
protection. Most PGP users only encrypt critical data.  And given the 
best security system imaginable, there will be COMSEC failures due to 
human error (q.v. the John Deutch case).

Generating enough random information to fill a CD should take a few 
hours using a sound card and a hardware noise generator, running 
FIPS-140 tests along the way and whitening so as to assume only 3 or 
4 bits of entropy per digitization. That CD would be enough to 
protect all the text e-mail I'lI ever want to exchange with another 
person.  An unconditionally secure text link between two people could 
be considered useful.

I suspect a video input device connected to a TV set tuned to an 
empty channel would be copious enough for most uses, but some real 
world testing should be done. Unconditional security is sounding a 
lot better in the post-Bernstein era.


Arnold Reinhold





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list