[Cryptography] Simple provably secure stream cipher
Bill Cox
waywardgeek at gmail.com
Sat Jun 6 10:56:57 EDT 2015
On Sat, Jun 6, 2015 at 12:04 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> For any prime p suitable for Diffie-Hellman key agreement with group
> generator g = 2, simply generate the binary digits of fraction(2^n/p),
> where n is a shared secret. XOR these digits over the message stream for
> both encryption and decryption.
>
> I'm ignoring issues such as the need for a unique nonce, and maliability
> defense. The standard fixes apply. The ability to determine n is
> trivially equivalent to solving the discrete log problem.
>
> Is this well known? I'm pretty much finding that everything seems to be
> already known in crypto...
>
> Bill
>
Sorry! While true that we cannot recover n, as that is DLP equivalent,
this is not a secure stream cipher at all, as only log(p) bits is enough to
determine the rest of the pattern forever. Specifically, this is _not_
suitable as a stream cipher. It does seem to make a pretty nice PRNG,
though too slow for practical use.
On Sat, Jun 6, 2015 at 12:04 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> For any prime p suitable for Diffie-Hellman key agreement with group
> generator g = 2, simply generate the binary digits of fraction(2^n/p),
> where n is a shared secret. XOR these digits over the message stream for
> both encryption and decryption.
>
> I'm ignoring issues such as the need for a unique nonce, and maliability
> defense. The standard fixes apply. The ability to determine n is
> trivially equivalent to solving the discrete log problem.
>
> Is this well known? I'm pretty much finding that everything seems to be
> already known in crypto...
>
> Bill
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150606/d8cfbf16/attachment.html>
More information about the cryptography
mailing list