[Cryptography] "Perpetual Encryption"
Patrick Chkoreff
patrick at rayservers.net
Wed Mar 29 06:39:44 EDT 2017
Bill Frantz wrote on 03/28/2017 07:38 PM:
> On 3/28/17 at 1:50 PM, patrick at rayservers.net (Patrick Chkoreff) wrote:
>
>> I wonder, is this some variant of the idea of starting with a shared
>> unpredictable one-time pad K1, and sending the encrypted message (xor K1
>> M1) along with (xor K1 K2), where K2 is a new unpredictable one-time pad
>> to use for the next encryption?
>
> OK. With this scheme you can calculate message 2 (M2) encoded with K1
> by: M2 xor (K1 xor K2). Now if you have any known plaintext in message 1
> (M1) you can decode the same offset in M2.
I'm sorry, but I do not understand the problem you describe. Just to be
clear, consider keys and messages that are single bits. For the first
transmission, we have:
\T1=(xor K1 M1)
\T2=(xor K1 K2)
Those two bits T1 and T2 are transmitted in the clear.
For the next transmission, we have:
\T3=(xor K2 M2)
\T4=(xor K2 K3)
Those two bits T3 and T4 are also transmitted in the clear.
I assert that it is not possible to calculate { K1 M1 K2 M2 } from { T1
T2 T3 T4 } alone.
I even ran the truth table. I ignored T4 because it is just the
encoding of a brand new unpredictable bit K3 which is irrelevant.
K1 M1 K2 M2 T1 T2 T3
0 0 0 0 0 0 0
0 0 0 1 0 0 1
0 0 1 0 0 1 1
0 0 1 1 0 1 0
0 1 0 0 1 0 0
0 1 0 1 1 0 1
0 1 1 0 1 1 1
0 1 1 1 1 1 0
1 0 0 0 1 1 0
1 0 0 1 1 1 1
1 0 1 0 1 0 1
1 0 1 1 1 0 0
1 1 0 0 0 1 0
1 1 0 1 0 1 1
1 1 1 0 0 0 1
1 1 1 1 0 0 0
I then grouped the table by transmission outcome { T1 T2 T3 }:
K1 M1 K2 M2 T1 T2 T3
0 0 0 0 0 0 0
1 1 1 1 0 0 0
0 0 0 1 0 0 1
1 1 1 0 0 0 1
0 0 1 1 0 1 0
1 1 0 0 0 1 0
0 0 1 0 0 1 1
1 1 0 1 0 1 1
0 1 0 0 1 0 0
1 0 1 1 1 0 0
0 1 0 1 1 0 1
1 0 1 0 1 0 1
0 1 1 1 1 1 0
1 0 0 0 1 1 0
0 1 1 0 1 1 1
1 0 0 1 1 1 1
As you can see, all possible transmissions are equally probable and thus
yield no information about the keys and messages.
Did I make a mistake here, or did you make a mistake, or were you making
an entirely different point?
-- Patrick
More information about the cryptography
mailing list