Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!henry From: henry@utzoo.UUCP (Henry Spencer) Newsgroups: net.crypt Subject: Re: one time pads and non-random generators Message-ID: <3569@utzoo.UUCP> Date: Mon, 20-Feb-84 22:17:28 EST Article-I.D.: utzoo.3569 Posted: Mon Feb 20 22:17:28 1984 Date-Received: Mon, 20-Feb-84 22:17:28 EST References: <571@tekchips.UUCP> Organization: U of Toronto Zoology Lines: 41 In a discussion of one-time pads and such, Jack Gjovaag suggests: In fact, if it isn't inconvenient to generate the key and the encrypted text simultaneously, the key can be chosen to be a string of readable cleartext... NO! A one-time pad is truly unbreakable -- insufficient information available even in theory -- only if the key is truly random. Readable cleartext is not random! It is true that the redundancies introduced into the ciphertext by a nonrepeating but nonrandom key are much more subtle than those that are introduced by a random but repeating key. They nevertheless are there, and methods exist for attacking such a cipher by exploiting those redundancies. Using (say) the text of a book as the key to a cipher is a very old idea. It's not useful for military field communications, but it is *very* attractive to spies because it eliminates the need for key listings that are blatantly ciphering aids. This attractiveness to a very undesirable class of people (if you are the ones being spied on, that is!) has meant considerable effort invested in techniques for cryptanalysis of such ciphers. Successful attacks were devised a long time ago. That aside, Jack's basic point is correct: you can view ciphertext and keytext symmetrically, as two sequences of bits that need to be combined to yield a message. The pure form of this is the one-time pad, which achieves absolute secrecy by having one of the two bit sequences transmitted by a completely secure means. (Please, no quibbles about "completely secure" -- incomplete security of key transmission simply means less-than-absolute secrecy of message.) The problem is the sheer volume of key needed. Practically all other cipher systems can be viewed as ways to reduce the volume of key transmission by generating the "real" key from a smaller distributed key. Cryptanalysis becomes possible because this generation process inevitably introduces redundancies; the goal of the cipher designer is to make these redundancies too subtle to be exploited effectively. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,linus,decvax}!utzoo!henry