[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat
Pierre Abbat
phma at bezitopo.org
Tue Sep 16 01:20:43 EDT 2025
On Monday, September 15, 2025 6:11:32 PM EDT Jon Callas wrote:
> Not really. Or perhaps, absolutely you can. We have constructs to bracket
> what the parameters are. For example, is it worthwhile to limit the
> security parameter from information-theoretic security, down to one that
> has a security factor of, oh, let's say 2^256 while getting in return a
> 2^-256 reduction in pad size? Is that a decent tradeoff?
>
> If it is, then yes, we have such constructs. They're called stream ciphers.
I'm not talking about a stream cipher. I'm talking about a one-time pad, where
the rule for combining the pad with the plaintext is not xor, but arithmetic
in a finite field. Let's say there are less than 64k participants and the field
is F65537. (Any more and you'd have to use a base-2 Galois field, since 65537
is the largest known Fermat prime.) Each 2-byte piece of pad (probably grouped
into bundles of a kilobyte or so) is split into three shares, with two shares
given to each of three participants. If Alice and Bob want to communicate,
they find a part of the pad they both have and neither has used. Alice
reconstructs the pad from her two shares and encrypts the message by
multiplying each two bytes by the pad mod 65537. She sends the ciphertext to
Bob. Bob reconstructs the pad from his two shares (one of which Alice also
has) and decrypts the message.
I'll leave the mathematical and implementation details to Hitokiri, since I
think the idea is crackpot.
Pierre
--
I believe in Yellow when I'm in Sweden and in Black when I'm in Wales.
More information about the cryptography
mailing list