Path: cactus.org!milano!cs.utexas.edu!news-server.csri.toronto.edu!bonnie. + concordia.ca!clyde.concordia.ca!altitude!elevia!alain From: alain@elevia.UUCP (W.A.Simon) Newsgroups: sci.crypt Subject: Re: Braided streams (The Leichter Side) Message-ID: <1991Jun24.134236.9524@elevia.UUCP> Date: 24 Jun 91 13:42:36 GMT References: <1991Jun23.042445.9676@elevia.UUCP> <16509@smoke.brl.mil> Organization: The W.A.Simon Wild Life Fund Lines: 41 In <16509@smoke.brl.mil> gwyn@smoke.brl.mil (Doug Gwyn) writes: >In article <1991Jun23.042445.9676@elevia.UUCP> alain@elevia.UUCP (W.A.Simon) >writes: >> [ ... ] >> published a convincing demonstration that given any desired target >> plaintext, there is a key string that will allow you to retrieve >> it from the ciphertext. He did this with a 1bm only sample. I'll >> [ ... ] >No, that's not logically correct. In the known plaintext analysis, >if the key is unique (i.e., if there are not two keys producing the >same ciphertext from the same plaintext), then it can be unambiguously >recovered (given more plaintext than the key size), and the only issue >is how efficiently it can be recovered. > [ ... ] I think you are assuming a perfectly symmetrical world here. I'll try a parallel example: Six divided by two will always give three and only three. By nine divided by three will also do that. In the braided stream any given bit may belong to either of: the plaintext, the key management program, or a noise channel. The resulting stream is much larger than the plaintext. This (let's try the intuitive approach here) means there could be a number of different keys that would yield the same plaintext. There is enough raw material to do that. One could consider this to be a weakening factor, but if many keys can produce one plaintext, then what if we try to produce ANY arbitrary plaintext? Would there be keys that fit the criteria? In <1991Jun17.155825.1019@thunder.mcrcim.mcgill.edu> der Mouse shows that he can pick ANY desired plaintext, and find a key (in fact, a number of keys) that will retrieve it from the braid, any braid. It is not a formal proof, but he shows that it can be true. I don't know if it is always true. If it is, we have a cipher which we can break, but never know that we did. -- William "Alain" Simon UUCP: alain@elevia.UUCP