[Cryptography] Any Electrical Engineers here who know about noise filtering?

Sun Jan 3 11:58:35 EST 2016

On Jan 2, 2016, at 6:16 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> At 04:47 PM 1/2/2016, Ron Garret wrote:
>> On Jan 2, 2016, at 6:50 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
>>> Here's my problem:
>>> 
>>> I'm trying to characterize a 1x pad.
>>> 
>>> A 1x pad *adds* (modulo, but that shouldn't matter)
>> 
>> But it does matter.
>> 
>> That's what makes it secure.
>> 
>>> uniformly distributed "noise" (the "key") to the
>>> "message" signal.
>>> 
>>> Classical filtering theory says that given a
>>> noise spectrum, one can compute an optimal
>>> filter to remove as much noise from the signal
>>> as possible.
>> 
>> Yes.
>> 
>> In a linear system.
>> 
>> XOR is non-linear.
> 
> Actually XOR *is* linear.  The problem isn't linearity, but the "folding" that happens with modulo.

Then you and I mean different things by “linear” then, in this context.

“Linear” in the context of signal processing means that the spectrum of the sum of two signals is the sum of the spectrums of the individual signals.  That is not true for XOR.  Linearity in this sense is the foundational assumption of the theory of filters.

There are non-linear filters (https://en.wikipedia.org/wiki/Nonlinear_filter) but "nonlinear filters are considerably harder to use and design than linear ones, because the most powerful mathematical tools of signal analysis (such as the impulse response and the frequency response) cannot be used on them”.  And in the case of XOR, nothing works.  It is the ultimate non-linear function with respect to filtering (That’s why it’s information-theoretically secure).  The spectrum of the output (the “ciphertext”) is identical to the spectrum of the key and bears no relationship to the spectrum of the plaintext.

An interesting consequence of this is that it is meaningless to distinguish between the ciphertext and the key.  They are completely interchangeable.  In fact, one potential “practical" use of a one-time pad is providing plausible deniability to people who want to distribute illegal content (e.g. copyrighted material).  If I send you an OTP key and you use that to encrypt a copyrighted work and send me the result, then in order to prove that you sent me the pirated content and not vice versa the plaintiff would have to prove that I sent you the key *before* you sent me the output.  Otherwise you could plausibly claim that what I sent you *was* the output and not the key (because the output and the key are indistinguishable after the fact).  This protocol can be extended so that all parties have plausible deniability even if the authorities have access to *all* of the communications between the parties.  All parties can plausibly claim to have done nothing but publish OTP keys, i.e. strings of random bits.

rg