[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat
Magnus Ahltorp
magnus at ahltorp.pp.se
Mon Sep 8 17:17:17 EDT 2025
> 8 sep. 2025 15:21 Patrick Chkoreff <pc at fexl.com> wrote:
>
> ====> OK, now for one serious question: in the hash chain sequence I describe above, in what way is that NOT suitable for use as an OTP?
>
> I understand the higher risk of key compromise: namely, that if you know any one of the 256 bit blocks in the OTP sequence, you therefore know all the subsequent blocks to infinity. There are ways to mitigate that. I'm just asking about the "randomness" quality of the OTP material itself.
I don't know how serious your question is, but I'll answer it seriously.
Your method is basically a really bad version of OFB, with no key and secret IV. It is not OTP at all, since everything can be derived from a shorter key (the IV in this case). Having no encryption in each step, and instead using a hash, ensures that a known-plaintext attack in any 256-bit block of the string will trivially disclose the rest of the string. There are probably a number of other reasons this is insecure as well.
/Magnus
More information about the cryptography
mailing list