[Cryptography] Terakey, An Encryption Method Whose Security Can Be Analyzed from First Principles

Peter Fairbrother peter at tsto.co.uk
Fri Aug 28 23:32:44 EDT 2020

On 28/08/2020 23:30, Arnold Reinhold via cryptography wrote:

> The first-principle security proof I do claim is for confidentiality 
> from people who do not have access to the current Terakey. In particular 
> they would not be able to mount the active attacks we have been 
> discussing.  

Why do you say that? Of course an attacker could mount these attacks. 
That is the entire point.

While active chosen-key attacks are not straightforward to execute, they 
are in the armamentarium of at least some potential attackers. They are 
part of the literature. And more important, they are something which any 
proof of confidentiality must take into account - ignoring them is like 
building a huge strong gate but leaving holes in the fence for people to 
walk through.

Step 1, Mallory, who does not have access to the terakey, wants to 
cryptanalyse a message ciphertext. First he breaks the PRNG.

Mallory then knows the indicators for the terakey bytes used in the 
message he wants to break, though he doesn't know the actual terakey 
byte values.

Step 2, he then finds a PRNG key which generates some of the same 
indicators, and does a chosen-key known-plaintext attack, or two, or 
seventy thousand. He gets someone who does know the terakey to encrypt a 
known message with his chosen key. He then calculates the relevant 
terakey byte values by comparing the known plaintext with the ciphertext.

Step 3, he then uses his knowledge of the terakey bytes to break the 
original message.

If you are talking in terms of _proof_, you cannot prove that Mallory 
cannot do any or all of these steps. If he does them, he gets the 
plaintext of any message he wants.

> I appreciate your thoughts on Terakey, but at this point we don’t seem 
> to disagree so much about what Terakey does, 

I strongly disagree.

In terms of proof, it simply does not do what you say it does - it does 
not provably protect 99.9% of the traffic. It does not provably protect 
*ANY* of the traffic.

To claim terakey provides provable security you have to prove that the 
attack above is impossible. Nothing else will do.

Peter Fairbrother

More information about the cryptography mailing list