Path: cactus.org!milano!cs.utexas.edu!sdd.hp.com!think.com!snorkelwacker.mit. + edu!thunder.mcrcim.mcgill.edu!mouse From: mouse@thunder.mcrcim.mcgill.edu (der Mouse) Newsgroups: sci.crypt Subject: Re: Braided Stream Communication Multiplexer Message-ID: <1991Jun15.213424.5917@thunder.mcrcim.mcgill.edu> Date: 15 Jun 91 21:34:24 GMT References: <13451@pt.cs.cmu.edu> Organization: McGill Research Centre for Intelligent Machines Lines: 61 In article <13451@pt.cs.cmu.edu>, mnr@daisy.learning.cs.cmu.edu (Marc Ringuette) writes: Well, actually, the text I'm quoting is from "Alain" Simon. Marc is just the person who finally posted it where it belongs. > The Braided Stream (used to be known as: Entropy Insertion) > Communication Multiplexer is a simple and fast system which allows > for high levels of confidence without having recourse to weak, > dubious, or controlled, technologies. I'll summarize. The essence of the system is to interleave data streams, with key bits choosing which stream to take the next bit from. This strikes me as dreadfully insecure. Suppose we have two streams of pure noise available, and we use one to interleave the other with ordinary English plaintext. I would be sufficiently confident of the weakness of this scheme that it would take only minimal incentive for me to undertake to break anything more than about 2KB of the resulting "cipher" - and I name that large an amount only because I am inexperienced; I would expect someone used to working with the redundancies of natural language to be able to unweave as small an amount as one line of text. (Those unconvinced might consider how easy it is to do the same thing at the character level instead of the bit level: xht|hs6Ra1is i4snxa'9EtAB(6LY rDs ]|ces[all4x&y_'Gy al=;l tMRQ hkOat5 haX\rR d, 1ibs B$it? You can almost read it right off by eye - I tried this with a netnews article from a group I never read, just to see how hard it was.) On top of that, it is proposed to communicate new key information through unused streams of the multiplexor. Unfortunately, unless all streams are used for new key data, key data is being used at the receiver faster than it arrives over the stream. Alain handwaves this issue, saying > [Key] material gets exhausted faster than it can be transmitted. > Therefore, we need a method for the creation of long [key]s from > short ones. It is assumed the short [key] is cryptoanalytically > sound. [and presents several possibilities: code-book, various methods of reusing old key data, various algorithmic methods.] He also states his opinion that this does not weaken the system. Well, given how weak it is already, I am inclined to agree - sorry, cheap shot. But in general, Alain, any pattern to your key information gives the cryptanalyst a toehold...whether that pattern is due to a codebook, an algorithm, reusing old key, or what, affects only the difficulty of breaking. If you can keep the codebook secret (how?), and it's large, that could force the analyst to collect a large sample...but not that much more (small factors, at best) than simply using the codebook itself as the key. No, Alain, I don't think your scheme has to worry about the spooks suppressing it. :-) der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu