[Cryptography] "Perpetual Encryption"

Patrick Chkoreff patrick at rayservers.net
Wed Mar 29 06:39:44 EDT 2017 

Bill Frantz wrote on 03/28/2017 07:38 PM:

> On 3/28/17 at 1:50 PM, patrick at rayservers.net (Patrick Chkoreff) wrote:
> 
>> I wonder, is this some variant of the idea of starting with a shared
>> unpredictable one-time pad K1, and sending the encrypted message (xor K1
>> M1) along with (xor K1 K2), where K2 is a new unpredictable one-time pad
>> to use for the next encryption?
> 
> OK. With this scheme you can calculate message 2 (M2) encoded with K1
> by: M2 xor (K1 xor K2). Now if you have any known plaintext in message 1
> (M1) you can decode the same offset in M2.


I'm sorry, but I do not understand the problem you describe.  Just to be
clear, consider keys and messages that are single bits.  For the first
transmission, we have:

\T1=(xor K1 M1)
\T2=(xor K1 K2)

Those two bits T1 and T2 are transmitted in the clear.

For the next transmission, we have:

\T3=(xor K2 M2)
\T4=(xor K2 K3)

Those two bits T3 and T4 are also transmitted in the clear.

I assert that it is not possible to calculate { K1 M1 K2 M2 } from { T1
T2 T3 T4 } alone.

I even ran the truth table.  I ignored T4 because it is just the
encoding of a brand new unpredictable bit K3 which is irrelevant.

K1 M1 K2 M2   T1 T2 T3
0  0  0  0    0  0  0
0  0  0  1    0  0  1
0  0  1  0    0  1  1
0  0  1  1    0  1  0
0  1  0  0    1  0  0
0  1  0  1    1  0  1
0  1  1  0    1  1  1
0  1  1  1    1  1  0
1  0  0  0    1  1  0
1  0  0  1    1  1  1
1  0  1  0    1  0  1
1  0  1  1    1  0  0
1  1  0  0    0  1  0
1  1  0  1    0  1  1
1  1  1  0    0  0  1
1  1  1  1    0  0  0


I then grouped the table by transmission outcome { T1 T2 T3 }:

K1 M1 K2 M2   T1 T2 T3
0  0  0  0    0  0  0
1  1  1  1    0  0  0

0  0  0  1    0  0  1
1  1  1  0    0  0  1

0  0  1  1    0  1  0
1  1  0  0    0  1  0

0  0  1  0    0  1  1
1  1  0  1    0  1  1

0  1  0  0    1  0  0
1  0  1  1    1  0  0

0  1  0  1    1  0  1
1  0  1  0    1  0  1

0  1  1  1    1  1  0
1  0  0  0    1  1  0

0  1  1  0    1  1  1
1  0  0  1    1  1  1


As you can see, all possible transmissions are equally probable and thus
yield no information about the keys and messages.

Did I make a mistake here, or did you make a mistake, or were you making
an entirely different point?


-- Patrick

More information about the cryptography mailing list