Path: cactus.org!milano!cs.utexas.edu!news-server.csri.toronto.edu!bonnie.
+     concordia.ca!clyde.concordia.ca!altitude!elevia!alain
From: alain@elevia.UUCP (W.A.Simon)
Newsgroups: sci.crypt

Subject: Re: Braided streams (The Leichter Side)
Message-ID: <1991Jun24.134236.9524@elevia.UUCP>
Date: 24 Jun 91 13:42:36 GMT
References: <1991Jun23.042445.9676@elevia.UUCP> <16509@smoke.brl.mil>
Organization: The W.A.Simon Wild Life Fund
Lines: 41

In <16509@smoke.brl.mil> gwyn@smoke.brl.mil (Doug Gwyn) writes:
>In article <1991Jun23.042445.9676@elevia.UUCP> alain@elevia.UUCP (W.A.Simon)
>writes:
>> [ ... ]
>>	published a convincing demonstration that given any desired target
>>	plaintext, there is a key string that will allow you to retrieve
>>	it from the ciphertext.  He did this with a 1bm only sample.  I'll
>> [ ... ]
>No, that's not logically correct.  In the known plaintext analysis,
>if the key is unique (i.e., if there are not two keys producing the
>same ciphertext from the same plaintext), then it can be unambiguously
>recovered (given more plaintext than the key size), and the only issue
>is how efficiently it can be recovered. 
> [ ... ]

	I think you are assuming a perfectly symmetrical world here.
	I'll try a parallel example:

	Six divided by two will always give three and only three.
	By nine divided by three will also do that.

	In the braided stream any given bit may belong to either of:
	the plaintext, the key management program, or a noise channel.
	The resulting stream is much larger than the plaintext.  This
	(let's try the intuitive approach here) means there could be
	a number of different keys that would yield the same plaintext.

	There is enough raw material to do that.  One could consider
	this to be a weakening factor, but if many keys can produce
	one plaintext, then what if we try to produce ANY arbitrary
	plaintext?  Would there be keys that fit the criteria?  In
	<1991Jun17.155825.1019@thunder.mcrcim.mcgill.edu> der Mouse
	shows that he can pick ANY desired plaintext, and find a key
	(in fact, a number of keys) that will retrieve it from the braid,
	any braid.  It is not a formal proof, but he shows that it can
	be true.  I don't know if it is always true.  If it is, we
	have a cipher which we can break, but never know that we did.


-- 
William "Alain" Simon
                                                   UUCP: alain@elevia.UUCP