[Cryptography] New White Paper: GhostLine - Information-Theoretically Secure Multi-Party Chat
Patrick Chkoreff
pc at fexl.com
Sat Jan 3 17:45:00 EST 2026
On 1/2/26 3:01 PM, Ray Dillinger wrote:
> The thing you missed is that knowing any one of the 256 bit blocks in
> the OTP sequence is terrifyingly easy and can be done by passive
> eavesdropping.
To recap, I had previously described a way to generate a pseudo-random
OTP versus a truly-random OTP.
I was of course assuming that the OTP would never be reused, not even
one block -- EVER. That's the primary rule of using an OTP. In that
ideal perfect case, there cannot be a known-plaintext attack.
However, assuming that EVEN ONE block of the OTP is in fact reused, the
difference between a pseudo-random OTP and a truly-random OTP is
catastrophic. In the pseudo-random case, you can recover that one block
of key bits and, knowing the hash scheme, thereby reconstruct the entire
remainder of the OTP. That is not the case with a truly-random OTP,
where each successive block is completely independent of the previous one.
So, the pseudo-random OTP is far more frail in the case of misuse, not
so much because its randomness is measurably inferior by statistical
tests, but because it is fundamentally deterministic. That is something
that a mere statistical test would not reveal, unless it was trained to
look specifically for hash dependencies or other deterministic schemes.
Thanks Ray.
-- Patrick
More information about the cryptography
mailing list