Path: cactus.org!milano!cs.utexas.edu!sdd.hp.com!spool.mu.edu!agate!sprite. + berkeley.edu!shirriff From: shirriff@sprite.berkeley.edu (Ken Shirriff) Newsgroups: sci.crypt Subject: Re: a key management scheme (longish) Message-ID: <1991Jun26.222753.1543@agate.berkeley.edu> Date: 26 Jun 91 22:27:53 GMT References: <1991Jun26.171120.3653@elevia.UUCP> Sender: usenet@agate.berkeley.edu (USENET Administrator) Distribution: usa Organization: University of California, Berkeley Lines: 28 In article <1991Jun26.171120.3653@elevia.UUCP> alain@elevia.UUCP (W.A.Simon) writes: > Even for those of us who accept that the braiding > algorithm is at least as strong as an XOR I think that should be "at most as strong". Suppose we braid two streams. After consuming k bits of key, we've braided k bits of data. Suppose we interleave two streams and xor with the key. After consuming k bits of key, we've encoded k bits of data. So xor and braiding use up key bits at the same rate. I see several reasons why braiding is worse than xor: Suppose we know one channel has reasonably uniform bits and the other channel has one of two messages: 10K of 1's or 10K of 0's. It is obvious with braiding what message is sent on the second channel. This is not true with xor. Suppose both channels have lots of redundancy in their messages (e.g. text). Then, even though we can extract any message from the second channel by trying various keys, most of these erroneous decodings won't result in a valid message on the first channel. In this case a known plaintext attack might work. So is there any reason why braiding is better than xor? Ken Shirriff shirriff@sprite.Berkeley.EDU Disclaimer: I know close to 0 about cryptography.