[Cryptography] Terakey, An Encryption Method Whose Security Can Be Analyzed from First Principles
Peter Fairbrother
peter at tsto.co.uk
Fri Jul 17 19:41:56 EDT 2020
On 13/07/2020 16:43, Arnold Reinhold via cryptography wrote:
> Terakey(tm) is a cipher that offers confidentiality properties provable
> from first principles. It employs a shared secret key substantially
> larger than the anticipated volume of message traffic.
Ie an OTP.
Key bytes are
> extracted pseudo-randomly from the large key, using a message indicator
> as the seed.
What is the advantage of the pseudo-random selection? That two stations
can use the terakey using some secret shared-to-them-only key to the
PRNG without any other stations seeing that traffic? [3]
Well we know that the other stations know the secret terakey, so as far
as they are concerned the problem is reduced to breaking the PRNG.
That may be a little harder because of the added (I presume) XOR with a
selection from the OTP, as some methods may not work; but it is not
necessarily any harder.
And having multiple stations all in possession of the same secret
terakey is a huge single point of failure - the probability of a
secret's compromise is, inter alia, proportional to the square of the
number of people who know it. [8]
Two messages can occasionally use the same
> key byte, violating the one-time use restriction. That risk can be
> quantified and various ways are proposed to deal with it.
So how do you analyse that? Just probability of collisions? If that's
all, who's to say the pseudo-random generator doesn't kick out
collisions at a more-than-random rate, or in some pattern? You have to
analyse the PRNG as well.
And if you then have a cryptographically secure PRNG ...
Going from the provably-secure OTP to analysable (if it is analysable,
which I doubt) doesn't seem like much of a gain.
Peter Fairbrother
[3] that doesn't seem to be in your proposal, but I am assuming. If it
isn't then I see no advantage - bookeeping is reduced to "don't reuse
key" and if eg a part of the terakey is allocated to station 1 the
station just uses the next portion of its part for sending its next message.
[8] fourteenth law.
More information about the cryptography
mailing list