[Cryptography] "Perpetual Encryption"
Dennis E. Hamilton
dennis.hamilton at acm.org
Thu Apr 6 15:02:47 EDT 2017
> -----Original Message-----
> From: cryptography [mailto:cryptography-
> bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of Dennis E.
> Hamilton
> Sent: Thursday, April 6, 2017 08:48
> To: 'Crypto' <cryptography at metzdowd.com>
> Subject: Re: [Cryptography] "Perpetual Encryption"
[ ... ]
> OTHER CONSIDERATIONS
>
> It is crucial that K1 be cryptographically-random and not be reused.
>
> Considering that K1 is proposed to be of any length and that the Xi may
> also be any length within a buffer size, it is unclear what is required
> for the seeding of RNG2 and the encryption of X1 by K1 to work well. It
> is also unclear how derivation of K[i+1] = f(Ki, Xi) is assured to work
> well. This is left unspecified in CP, above.
>
> This sketch does not address how the Ci.size and Bi.rot values are
> determined in a manner that will provide sufficient "equivocation" in
> terms of demand for RNG1 Xi contributions. There also needs to be a
> practicable upper-limit on Ci.size.
[orcmid]
Another goof. The last paragraph above should commence
This sketch does not address how the Ci.size and Bi.split values are
... .
[clearly over-engineering if I can't keep these straight in my head 😊.]
- Dennis
More information about the cryptography
mailing list