[117559] in Cypherpunks
Build a better OTP?
daemon@ATHENA.MIT.EDU (Sean Roach)
Mon Sep 6 04:07:45 1999
Message-Id: <3.0.6.32.19990906024616.007eb5a0@mail.intplsrv.net>
Date: Mon, 06 Sep 1999 02:46:16 -0500
To: cypherpunks@algebra.com
From: Sean Roach <roach_s@mail.intplsrv.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Reply-To: Sean Roach <roach_s@mail.intplsrv.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Before I start I best state, or remind you, that I am in no way a
cryptographer, having absorbed just enough algebra to graduate
college with a BS in programming.
The way I see it, if you have the means of distribution, one time
pads are the best way to go. They can not be broken, so long as
there is sufficient entropy and they are not re-used. Standard
public key cyphers are, barring breakthroughs, inversely as secure as
computers are fast. And yet breakthroughs do occur. If the
information transmitted is only useful to a cracking party in the
nest week or so, that is really all you need for field
communications. But if the information could be used years later to
destroy you, you would probably prefer that the code never be broken.
This is not rambling. A couple weeks ago, a man was found guilty of
a crime committed by him against another some 20 years ago, for which
there had been insufficient evidence 20 years ago with which to
convict. The evidence that was useful now, and not then, was DNA.
With this in mind, who is to say that an encrypted communication,
recorded now, couldn't be used later, when the technology catches up
with todays cypher, to haunt the sender?
Data that is kept locally can always be called up periodically and
re-encrypted under newer, stronger cyphers. The same can't be said
for a communication sent over a communication channel which was not
physically secured from one end to the other.
Here is my idea. Use a reasionable strength public key cypher, not
to encrypt the communication channel directly, at least not by
itself, but to instruct the receiving party to tune in to an existing
source of entropy that both parties are capable of receiving. This
needs to be something which can be received without sending any
tell-tale signals, like an existing broadcast by a satellite.
Here is a purely hypothetical scenario. Party A decides to send a
communication to Party B which, even years later, could haunt them.
To overcome the possibility of later analysis even years later, party
A uses a public key encryption, not to directly encrypt the channel,
but instead to instruct party B to tune in to a certain channel on a
satellite. This being after party A spent a few seconds ensureing
that the channel truly did have enough entropy to use as a key. With
both XORing thier communication channel with the raw output of the
satellite signal, and with an additional layer of conventional
encryption just in case, they proceed to speak freely, unconcerned
with the fact that thier communication is being recorded by some
organization aligned counter to themselves.
Now, 2 weeks later, that organization, party C, has finally broken
through the encryption. To his dismay, the only truly readable
portion says, in some protocol, to "tune in to channel 23 of
satellite number 81 and XOR the data with that and then encrypt with
this." Because he didn't have the forsight to record EVERY SINGLE
BIT that was broadcast by the multitude of satellites in the sky, he
can't reconstruct the data. Hence, it is secure until someone learns
to reach back into the past for a single radio signal.
This, of course, has its own drawbacks. The first is that some
common source of entropy must be available and that it must be of
sufficient quantity to prevent simply storing all of it "just in
case". It also has to be something that doesn't need either box to
send any instructions over any tappable channel to acquire it. This
rules out everything but broadcast media. It also rules out any
communication occuring over about 180 degrees of the earth. But
worst of all, it means that both computers have to have access to an
additional peripheral just to get the signal.
Also, because the data with which it was encrypted literally won't be
there tomorrow, the method can't be used for anything but real-time
communication. At least anything without fair warning. I could see
an instruction to get the feed from a certain signal for future use
by e-mail, but that's about all. Storage would still have to rely on
a standard scheme. But this can, at least, be re-encrypted as the
technology progresses.
What do you think?
Sean Roach
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN9NxR5HDoiHtqFDZEQKoIACcCu3nbJwQHqbuPmi+07gIt/97+lEAoI+9
no/lnDLgFppEp6CMDZ48Z+HL
=LTRK
-----END PGP SIGNATURE-----