Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.crypt
Subject: Re: one time pads and non-random generators
Message-ID: <3569@utzoo.UUCP>
Date: Mon, 20-Feb-84 22:17:28 EST
Article-I.D.: utzoo.3569
Posted: Mon Feb 20 22:17:28 1984
Date-Received: Mon, 20-Feb-84 22:17:28 EST
References: <571@tekchips.UUCP>
Organization: U of Toronto Zoology
Lines: 41

In a discussion of one-time pads and such, Jack Gjovaag suggests:

   In fact, if it isn't inconvenient to generate the key and the
   encrypted text simultaneously, the key can be chosen to be a
   string of readable cleartext...

NO!  A one-time pad is truly unbreakable -- insufficient information
available even in theory -- only if the key is truly random.  Readable
cleartext is not random!

It is true that the redundancies introduced into the ciphertext by
a nonrepeating but nonrandom key are much more subtle than those that
are introduced by a random but repeating key.  They nevertheless are
there, and methods exist for attacking such a cipher by exploiting
those redundancies.

Using (say) the text of a book as the key to a cipher is a very old
idea.  It's not useful for military field communications, but it is
*very* attractive to spies because it eliminates the need for key
listings that are blatantly ciphering aids.  This attractiveness to
a very undesirable class of people (if you are the ones being spied
on, that is!) has meant considerable effort invested in techniques
for cryptanalysis of such ciphers.  Successful attacks were devised
a long time ago.

That aside, Jack's basic point is correct:  you can view ciphertext
and keytext symmetrically, as two sequences of bits that need to be
combined to yield a message.  The pure form of this is the one-time
pad, which achieves absolute secrecy by having one of the two bit
sequences transmitted by a completely secure means.  (Please, no
quibbles about "completely secure" -- incomplete security of key
transmission simply means less-than-absolute secrecy of message.)
The problem is the sheer volume of key needed.  Practically all other
cipher systems can be viewed as ways to reduce the volume of key
transmission by generating the "real" key from a smaller distributed
key.  Cryptanalysis becomes possible because this generation process
inevitably introduces redundancies; the goal of the cipher designer
is to make these redundancies too subtle to be exploited effectively.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry