Analysis of Neural Cryptography

Bram Cohen bram at
Sat May 25 14:12:12 EDT 2002

John Young wrote:

> Analysis of Neural Cryptography

In short, neural cryptography is broken (hardly a surprise). 

I think, however, that it's possible to get the same level of security as
merkle puzzles using a similar scheme - Alice and Bob agree that their
sharked secret will be based on a number less than, say 10^18, they both
compute 5*10^9 hashes of numbers selected at random in that range, and
send them to each other. The shared secret is the smallest hash which they
happen to both have selected at random.

This algorithm can be made significantly more efficient and secure by
using bloom filters instead of lists of hashes.

This is an okay (although currently impractical) shared secret exchange
algorithm. It can be used for public key encryption, but not signing. It's
main problems are that once in a while it fails (if there's no shared
secret) and that it's security level is a mere n vs. n^2, and the n is a
measure of bandwidth used at that, so it's currently impractical.

Notably, computers are getting fast enough that merkle-style cryptography
looks to become practical for some applications in the forseeable future.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
                                        -- John Maynard Keynes

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list