[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat
Kristian Gjøsteen
kristian.gjosteen at ntnu.no
Mon Sep 8 15:51:43 EDT 2025
8. sep. 2025 kl. 15:21 skrev Patrick Chkoreff <pc at fexl.com>:
> What you do is roll 64 of those 16-sided dice to produce an initial 256 bit seed. Then you run that seed through SHA256 to produce the next 256 bit seed, and continue that chain indefinitely.
>
> The first 256 bit block is "truly" random; the subsequent blocks are "pseuo" random but nevertheless "random enough." There's your OTP. You could probably extend it for many terabytes. Maybe even petabytes.
>
>> How do you distribute the OTP?
>
> You scribble down the initial 256 bit seed onto a small slip of paper in hex notation, meet with your counterparty, and give her the paper.
>
>
> ====> OK, now for one serious question: in the hash chain sequence I describe above, in what way is that NOT suitable for use as an OTP?
It is not suitable, because if you learn one block, you learn every subsequent block.
Instead, we do something like:
First sequence is x1, x2, …, generated as x_{i+1} = SHA-3-256(«0» || x_i), which is almost your sequence.
Second sequence is y1, y2, …, generated as y_i = SHA-3-256(«1» || x_i), which is the actual pseudo-random sequence.
There are a number of variants, which you may or may not care about.
And, even though I guess you know, it must still be said: This is absolutely not a one-time pad. It is a pseudo-random generator, which can easily be turned into a stream cipher.
--
Kristian Gjøsteen
More information about the cryptography
mailing list