Interesting new cipher patent

ian at veryfresh.com ian at veryfresh.com
Sat Mar 2 02:39:59 EST 2002


On Thu, Feb 28, 2002 at 08:54:18AM +0100, Eugene Leitl wrote:
> 
> A question: assuming, you have a class of random number generators with
> lots of internal state. (Lots: like >>10^6 bits). Let's say the evolution
> through state space of that generator is provably reversible (or nearly
> reversible), and that the Hamiltonian of the system is stochastic (system
> evolution is a randomwalk in state space). The result is a pseudorandom
> number generator with a ridiculously long periode, and good randomness of
> output, obviously. A simple cypher based on it would exchange the
> pseudorandom generator state (the key) through a secure channel,
> similiarly to a one time pad.

How is this different than a standard stream cipher?

Except for the key length, of 2^20 bits (compared to 2^6 to 2^8 in
conventional stream ciphers), and the mention of reversibility, I
can't see the difference.

Of course, having such a large key means that you have 128KB of key
material to generate and securely distribute (I hope there would not
have to be a new key for every message,) as you suggest, in the same
cumbersome manner as a one time pad.

I don't see where your requirement for reversibility comes in. My
understanding of stream ciphers is that you would not want a reversible
PRNG, since compromise of the PRNG state would mean that all past
communications can now be decrypted.

With regards to the period of this cipher, it would be ridiculously
long, as you say, but so are much smaller ciphers.. A 2^8-bit PRNG
already has a period of length 2^2^8, or 10^77, which is a lot of data
to send using a single key.

I would be interested to know if this conjectured RNG has different
properties than a conventional PRNG, or if I have misread your
description, and a stream cipher is not actually what you were
describing.


Regards,

Ian Clelland
<ian at veryfresh.com>

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list