[Cryptography] Entropy is forever ...

John Denker jsd at av8n.com
Sun Apr 19 18:22:12 EDT 2015


By way of background: It is a bedrock principle of sound 
reasoning and sound planning that one should 
   /Consider all the plausible scenarios./

This principle is well known in farming, small business,
big business, and even the Boy Scouts.  If you are
planning a campout, consider the possibility that it
will rain, even if you hope it doesn't.

I mention this because on 04/19/2015 04:27 AM, Jerry 
Leichter wrote:
> ... the problem is that we almost never are in a position to measure
> the expectation value when designing a cryptographic system.  So we
> end up making assumptions.  In fact, we almost always end up making
> the same assumption: 

We should not make any such assumptions.

>  The plaintext is drawn from a uniform
> distribution.

We should not make that assumption, or the opposite,
or anything like that.  Instead, we should make sure
that our methods work for *any* distribution of inputs.
That includes
 -- known plaintext (0% entropy density)
 -- completely random plaintext (100% entropy density)
 -- everything in between

The in-between case is incomparably more important 
than either extreme.  In the case of completely known 
plaintext, the sender has nothing to lose from bad
crypto.  The case of completely random, meaningless, 
unauthenticated plaintext is almost as trivial; the
attacker can replace the message with random garbage
and nobody will know the difference.

So, again, the bedrock principle is:
   Consider all the plausible scenarios.
   Consider all the plausible hypotheses.

The only people who don't recognize this principle
are the high-school science fair people.  They seem
to think that science is some sort of occult guessing
game.  They seem to think that scientists are not as
smart as Boy Scouts.  This is a travesty of science, 
and a safety problem also.
  https://www.av8n.com/physics/scientific-methods.htm#sec-hypothesis
  https://www.av8n.com/physics/scientific-methods.htm#sec-poster

==========================

On 04/19/2015 06:23 AM, Thierry Moreau wrote:

>> In the question I asked, the computational independence is
>> presumed.

Please don't presume that sort of thing when we are
talking about entropy.

Both of the following are interesting:
 -- The computationally-feasible one-way property
 -- Entropy.

They are both interesting, but they are *not* the same.
thing.  To have an intelligent conversation we must
respect this distinction.



More information about the cryptography mailing list