[Cryptography] Terakey, An Encryption Method Whose Security Can Be Analyzed from First Principles
Peter Fairbrother
peter at tsto.co.uk
Wed Jul 29 02:24:59 EDT 2020
On 28/07/2020 12:11, Peter Fairbrother wrote:
> On 23/07/2020 03:12, Arnold Reinhold via cryptography wrote:
>
>> The analysis of Terakey
>> (https://www.researchgate.net/publication/342697247) consists of a
>> series of levels. For the basic level, the attacker is assumed to know
>> the PRNG algorithm and the message indicators, ciphertext and
>> plaintext of all past traffic. Under these assumptions, the attacker
>> would therefore know the locations and contents of all the Terakey
>> bytes used for past traffic. The only thing relied on from the PRNG is
>> providing a reasonable approximation of a uniform random sampling of
>> the Terakey. It is well established that PRNGs can do that.
>>
>> The security analysis then consists of estimating the likelihood of a
>> cypherbyte already known to the attacker
>
> Oh no no no. That might be your analysis, but it isn't the only analysis.
>
> Suppose I am the NSA and manage to tweak the PRNG to my nefarious means.
>
> Perhaps I can arrange that 1 in 3 selections is to a limited set of
> terabyte bytes. After getting some known plain/cyphertext traffic I can
> read 1/3 of the plaintext characters - enough to do serious damage.
Or, to be sneakier, suppose I tweak the PRNG such that while it gives a
location stream A for one key, for another key calculable using some
(secret but known-to-me) function it also gives location stream B which
is a permutation of stream A.
Or even just, without tweaking the prng: I can find some PRNG key which
outputs the same location as the location of the nth character of the
original location stream.
Then I can do a chosen-key known-plaintext attack.
Peter Fairbrother
More information about the cryptography
mailing list