+     edu!!mouse
From: (der Mouse)
Newsgroups: sci.crypt

Subject: Re: Braided Stream Communication Multiplexer
Message-ID: <>
Date: 15 Jun 91 21:34:24 GMT
References: <>
Organization: McGill Research Centre for Intelligent Machines
Lines: 61

In article <>, (Marc Ringuette)

Well, actually, the text I'm quoting is from "Alain" Simon.  Marc is
just the person who finally posted it where it belongs.

> The Braided Stream (used to be known as: Entropy Insertion)
> Communication Multiplexer is a simple and fast system which allows
> for high levels of confidence without having recourse to weak,
> dubious, or controlled, technologies.

I'll summarize.  The essence of the system is to interleave data
streams, with key bits choosing which stream to take the next bit from.

This strikes me as dreadfully insecure.  Suppose we have two streams of
pure noise available, and we use one to interleave the other with
ordinary English plaintext.  I would be sufficiently confident of the
weakness of this scheme that it would take only minimal incentive for
me to undertake to break anything more than about 2KB of the resulting
"cipher" - and I name that large an amount only because I am
inexperienced; I would expect someone used to working with the
redundancies of natural language to be able to unweave as small an
amount as one line of text.  (Those unconvinced might consider how easy
it is to do the same thing at the character level instead of the bit
level: xht|hs6Ra1is i4snxa'9EtAB(6LY rDs ]|ces[all4x&y_'Gy al=;l tMRQ
hkOat5 haX\rR d, 1ibs B$it?  You can almost read it right off by eye -
I tried this with a netnews article from a group I never read, just to
see how hard it was.)

On top of that, it is proposed to communicate new key information
through unused streams of the multiplexor.  Unfortunately, unless all
streams are used for new key data, key data is being used at the
receiver faster than it arrives over the stream.  Alain handwaves this
issue, saying

> [Key] material gets exhausted faster than it can be transmitted.
> Therefore, we need a method for the creation of long [key]s from
> short ones.  It is assumed the short [key] is cryptoanalytically
> sound.

[and presents several possibilities: code-book, various methods of
reusing old key data, various algorithmic methods.]

He also states his opinion that this does not weaken the system.

Well, given how weak it is already, I am inclined to agree - sorry,
cheap shot.  But in general, Alain, any pattern to your key information
gives the cryptanalyst a toehold...whether that pattern is due to a
codebook, an algorithm, reusing old key, or what, affects only the
difficulty of breaking.  If you can keep the codebook secret (how?),
and it's large, that could force the analyst to collect a large
sample...but not that much more (small factors, at best) than simply
using the codebook itself as the key.

No, Alain, I don't think your scheme has to worry about the spooks
suppressing it. :-)

					der Mouse

			old: mcgill-vision!mouse