eWeek: Cryptography Guru Paul Kocher Speaks Out
Peter Wayner
pcw2 at flyzone.com
Fri May 2 13:14:53 EDT 2003
At 11:24 AM -0400 5/2/03, Derek Atkins wrote:
>Peter Wayner <pcw2 at flyzone.com> writes:
>
>> Let's say four people get together to steal a document by "averaging"
>> their documents. Since you can't have half a bit, they flip a coin for
>> the four bits, "i,j,k$ and $l$ that are different in the four
>
>But wait. Based on your assumption, each user's data will differ from
>an unmarked version by 1 bit and that one bit is different for each
>person. Sure, you can't have partial bits, but you CAN have bit
>probabilities! So you find that all but those four marked bits match
>with probability 1, but each of these four marked bits matches a
>distribution of .25/.75. That means you now know with certainty 75%
>what the proper bit setting is to make it an unmarked copy.
Good point. They had some workaround for this. I don't have time to
reread the paper right now for a zillion reasons. I think they were
using some coding scheme that effectively put $n$ vectors in an
n-dimensional vector space. That's not exactly the same as flipping
$n$ bits. I guess I was looking at one canonical form in my brain.
Plus they had several levels and modifications that increased
security in different ways. It's been some time. If I remember
correctly, they included a rich theoretical framework which makes it
a bit harder to digest.
Perhaps someone else has the time to explain this in a better way. My
apologies for dealing from memory, but it's all I can offer at this
time.
-Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list