From: alain@elevia.UUCP (W.A.Simon)
Newsgroups: sci.crypt

Subject: braided out (WAS: Braided Streams)
Message-ID: <1991Jun24.191519.11491@elevia.UUCP>
Date: 24 Jun 91 19:15:19 GMT
Followup-To: sci.crypt
Organization: The Electronic Path - Global Village
Lines: 83

I guess it is time to take a break, and step back.  The Braided
Streams system has had its day in Court.  Those who think there
is matter for further exploration are welcome to go ahead, but
let's not hog anymore precious bandwidth, unless there are new
elements to bring to the discussion.  So far, the argumentation
has been rather circular, or should I say triangular...

Whatever merits BS (!) may, or may not have, will not be decided
any time soon, through the current process.   I have brought forth
a rather odd proposal; though none of its components are entirely
new, the composite system is definitely offering new avenues.  For
its strength, I have provided no formal proof.  I am unable to do
so, but I feel the ideas are intriguing enough that they would
whet the curiosity of a few among us, and that some kind of proof,
for or against, would be provided.  It turns out that it is not that
easy, either way.  I have received quite a volume of feedback, in
the news and by e-mail.  Some of the e-mail stuff could be used as
a good approximation of a random key, that's how unexpected and
unconnected it was.  But for the more rational replies, I could
make three categories:

	- I am an amateur, therefore I should go play in my
	  sandbox and leave the grownups alone (a few insults were
	  also added here and there...).      |8-)

	- the braiding algorithm is not new, nor is it interesting,
	  and anyway it is weak; I saw that in two seconds flat, just
	  don't bother me.

	- in the information theory sense, the idea stinks, here is why...

In order to focus the threads on the real problems, let me address the
points made in each category, in a generic manner.

Of course, I am an amateur, and it shows.  Dismissing the idea on this
ground, or letting it affect one's judgement is a mistake.  It does
nothing to advance one side or the other.  It will certainly not dissuade
me from posting.

The weakness of the braiding algorithm is obvious for all to see, until
they actually devote some thinking to it.  It turns out the braided stream
has an interesting quirk.  In fact, there is little doubt that the system
is as strong as its key.  A formal proof is still needed for this claim,
but there was a convincing demo provided.  To recap, any arbitrary desired
plaintext can be extracted from the braid, given the proper key.  In fact,
one plaintext can be extracted by many keys, and any other message could
be extracted from the same braid as well, given another set of keys.  There
is no way to know that one has indeed cracked the cipher.  Parallel thinking
and suggestions for thought experiments are welcome.  For or against.

The key management aspect, without which the braiding would be only
slightly better than a regular XOR, is truly the weakest link.  This
was correctly identified by a number of people who took the time to
think things through.  Shannon's name has come up in just about every
message on this subject.  Knuth has been invoked a couple of times too.
I wish to reassure you all that I am familiar with the problems (and
writers) you quoted, and that I am not quite satisfied with the answers
I am still working on.  You have also helped me understand some aspects
of information theory which I had overlooked.  I wish to thank you for
taking the trouble.  The conventional wisdom here is that there is a
limit to what my key management stream can do for me (Shannon).  There
is also a limit to the deviousness my key management language can
achieve (Knuth and Shannon).  One aspect I have been studying, which
nobody raised, is that we could find ourselves with a dynamic system,
as the key that is generated will be used to program the key generator.
This could be a builtin limit to my approach.  I still have to think
about it.  On the other hand, if I could tune it for chaos...

My claim (one of a tall order), on which the value of the system as a
whole rides, is that due to the peculiar property of the braided stream
output (see above), a sloppy key management scheme would work just as
well as one which would be perfect (but impossible) in the information
theory sense.  It would have to be prolific though.

Your comments and suggestions are welcome.

For now, I will cease posting followups, and I will work on the key
management scheme.  I'll be back.

William "Alain" Simon
                                                   UUCP: alain@elevia.UUCP