Can you help develop crypto anti-spoofing/phishing tool ?

[Ed Gerck]

Jerrold Leichter wrote:
> "N-version programming" - which is what you are proposing here - can increase
> your level of trust against random errors[2], but its of no use at all against
> a deliberate attack. 

I heartly disagree. If the N-outputs are continuously verified for coherence,
any difference readily stands out. The number N and the cost of always using those
N-outputs should, of course, be outweighed against the cost of failure to
detect an attack. Theoretically, however, there is always a finite number N
that can make the probability of such an attack _ as small as you please_.

The mathematical basis for this result was proven by Shannon more than 50 years
ago; the practical intuition for this result was demonstrated during the Mogul
period in India (more than 500 years ago), who are known to have used at least three
parallel reporting channels to survey their provinces with some degree of reliability,
notwithstanding the additional efforts to do so.

> (Recall the conversation here a couple of months ago
> about how difficult - to the point of impossibility - it would be to use
> external testing to determine if a crypto-chip had been "spiked".)

Aren't we talking about different things? A covert channel, looking at
the crypto-chip by itself, is demonstrably impossible to detect with
certainty. However, what I was talking about is NOT this situation.
You are looking at *one* crypto-chip, a single source of information, a single
trusted source, when you have no correction channel available.  I am
looking at N outputs, N sources of information (each one as independent as
possible but not necessarily 100% independent). You have no reference for
detecting a "spike", I have N-1.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com