[Cryptography] Terakey, An Encryption Method Whose Security Can Be Analyzed from First Principles

Peter Fairbrother peter at tsto.co.uk
Wed Jul 29 02:24:59 EDT 2020


On 28/07/2020 12:11, Peter Fairbrother wrote:
> On 23/07/2020 03:12, Arnold Reinhold via cryptography wrote:
> 
>> The analysis of Terakey 
>> (https://www.researchgate.net/publication/342697247) consists of a 
>> series of levels. For the basic level, the attacker is assumed to know 
>> the PRNG algorithm and the message indicators, ciphertext and 
>> plaintext of all past traffic. Under these assumptions, the attacker 
>> would therefore know the locations and contents of all the Terakey 
>> bytes used for past traffic. The only thing relied on from the PRNG is 
>> providing a reasonable approximation of a uniform random sampling of 
>> the Terakey. It is well established that PRNGs can do that.
>>
>> The security analysis then consists of estimating the likelihood of a 
>> cypherbyte already known to the attacker 
> 
> Oh no no no. That might be your analysis, but it isn't the only analysis.
> 
> Suppose I am the NSA and manage to tweak the PRNG to my nefarious means.
> 
> Perhaps I can arrange that 1 in 3 selections is to a limited set of 
> terabyte bytes. After getting some known plain/cyphertext traffic I can 
> read 1/3 of the plaintext characters - enough to do serious damage.

Or, to be sneakier, suppose I tweak the PRNG such that while it gives a 
location stream A for one key, for another key calculable using some 
(secret but known-to-me) function it also gives location stream B which 
is a permutation of stream A.

Or even just, without tweaking the prng: I can find some PRNG key which 
outputs the same location as the location of the nth character of the 
original location stream.

Then I can do a chosen-key known-plaintext attack.

Peter Fairbrother




More information about the cryptography mailing list