[Cryptography] OTP USB TLA

Sampo Syreeni decoy at iki.fi
Mon Sep 22 19:56:15 EDT 2025 

On 2025-09-22, Steven M. Bellovin wrote:

> I think that there are real-world protocols that do that. Or see §5 of 
> https://www.cs.columbia.edu/~smb/papers/netmeas.pdf from 1992.

Yours is about the same reasoning I'm talking about, yes, but it hasn't 
been implemented in the wild, and certainly not as in an acute fashion 
as what I'm talking about.

Your paper uses network delay as the lower bound in a temporally bound 
protocol and its suggested proof-of-correctness. What I'm suggesting is 
that in certain situations we should and *could*, using current radio 
technology, approach the ultimate relativistic time-of-light bound, 
instead of an abstract network one. I'm thinking about how you might 
approach *that* bound, and then by so doing actually *guarantee* 
something in security which is founded in physics. Not in *a* time of 
flight bound, but *the* one.

I'd argue that with current electronics, this can be done to a rather 
high degree. But not to a perfect or immediately obvious degree. The 
calculation is still involved, especially in NFC-like systems. They work 
in the resonant, non-radiative, coupled, near field, so that the idea of 
an invariant speed of light does not really fit. The group velocity, 
which governs the rate of information transfer, is in general much 
slower in these kinds of systems than is its straight phase velocity 
counterpart which coincides with it in the far field. And the field 
kicks back quite differently between the two near "antennas" (not really 
those, because we're working the near field and not the radiative outer 
one, so that e.g. the magnetic field decays as 1/r^3)). There are all 
*kinds* of band limitation and even noise issues to contend with here, 
before we're really done with the analysis, and know how bilateral 
communication in the near feal should even be like; what it can and 
cannot do. How it should translate into the extant nonlinear/amplifying 
elements in circuit design.

What I'm thinking about here is not the high level architecture you 
referred to in your early paper, but the nitty-gritty, the minutiae of 
how you implement a bilateral privacy amplification protocol at the 
level of nanoseconds, using actual transistors (?). So that you could 
actually approach the flight-of-light final bound in a provable, 
physically implemented fashion.

(Steven et al, I grew up reading your work. I cannot readily discern 
what I thought of from what you and others fed me, via literature. But 
here, you clearly do not think about radio technology and circuit 
design like I do.)
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3648785, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cryptography mailing list