[Cryptography] VW/EPA tests as crypto protocols ?

Tom Mitchell mitch at niftyegg.com
Sun Sep 27 16:48:15 EDT 2015

On Fri, Sep 25, 2015 at 11:59 PM, <dj at deadhat.com> wrote:

I've seen this go too far, where randomized testing is all that is done
and so the corner cases you can reach with directed testing are never
I'm keeping my skeptic's hat on. Until someone shows us the code, I have
seen nothing that can reconcile the journalists claims with what I know
about how the testing works.

There is something else that may be involved.
In the context of Bayesian statistics a lot of moving parts can be
hidden behind a simple 1/0, Good/Bad,  True/False result.

These new method Bayesian statistics are being applied to
many complex multi dimensional decision trees and the relationship
between the dimensions is unknown.  These systems are self tuning
and interesting in that some results are near magic.
Spam filters are a good example... there is no need to know that viagra
is a key word just a set of is-spam files allows the statistics
to build the filter.

So a simple Pass/Fail feedback could tune specifically for
emission tests without knowing what the test was or even
the way the system adjusted itself.   i.e. It is possible that the
test design is the problem not people.

This impact of modern statistics to tease out relationships
may have interesting impact on crypto systems.   The clarity
of decrypted/decrypted based on has words/ has characters/
has some other chink exposed may allow information to be
discovered that can bound or expose the key quicker than

The foundations of Bayesian statistics are old but the modern
subset insight made computationally difficult problems almost
easy on modern hardware.

Applying this to public+private key systems can be done with
no interaction with the target...  because the attacker has full
control of known input and a fixed but known public key.

Pay attention to statistics...

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150927/b25f2707/attachment.html>

More information about the cryptography mailing list