[Cryptography] "Perpetual Encryption" (or why bother?)

Viktor Dukhovni cryptography at dukhovni.org
Wed Mar 29 12:41:54 EDT 2017


> On Mar 29, 2017, at 11:48 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> 
> 1) Generate n bits of true random data that have no bias or any detectable non-randomness
> 2) Manually deliver this OTP random bits to the recipient, then go home.
> 3) XOR OTP data with an n-bit secret message to generate ciphertext.
> 4) Use HMAC-SHA512(ciphertext) to generate tag
> 6) Transmit ciphertext | tag over any unsecured channel to the recipient.
> 
> I claim this OTP scheme has "perfect security", is authenticated, has information theoretic security,

Actually, by transmitting the tag in the clear it fails to
have information theoretic security.  For that, you'd first
append the tag, and then apply the OTP covering both the data
and the checksum.

Switching topics, I am perplexed why Rich chose to nerd-snype
this group with this particular snake-oil instance.  Is there
really something interesting or unusual in this case?  If not,
we can perhaps find more amusing distractions.

If there is nothing compelling, perhaps it would be if this
were the last message in the thread (silence would be enough
confirmation).

-- 
	Viktor.



More information about the cryptography mailing list