Path: cactus.org!milano!cs.utexas.edu!sdd.hp.com!spool.mu.edu!agate!sprite.
+     berkeley.edu!shirriff
From: shirriff@sprite.berkeley.edu (Ken Shirriff)
Newsgroups: sci.crypt

Subject: Re: a key management scheme (longish)
Message-ID: <1991Jun26.222753.1543@agate.berkeley.edu>
Date: 26 Jun 91 22:27:53 GMT
References: <1991Jun26.171120.3653@elevia.UUCP>
Sender: usenet@agate.berkeley.edu (USENET Administrator)
Distribution: usa
Organization: University of California, Berkeley
Lines: 28

In article <1991Jun26.171120.3653@elevia.UUCP> alain@elevia.UUCP
(W.A.Simon) writes:
>	Even for those of us who accept that the braiding
>	algorithm is at least as strong as an XOR

I think that should be "at most as strong".

Suppose we braid two streams.  After consuming k bits of key, we've braided
k bits of data.
Suppose we interleave two streams and xor with the key.  After consuming k
bits of key, we've encoded k bits of data.
So xor and braiding use up key bits at the same rate.

I see several reasons why braiding is worse than xor:
Suppose we know one channel has reasonably uniform bits and the other
channel has one of two messages: 10K of 1's or 10K of 0's.  It is obvious
with braiding what message is sent on the second channel.  This is not
true with xor.

Suppose both channels have lots of redundancy in their messages (e.g. text).
Then, even though we can extract any message from the second channel by
trying various keys, most of these erroneous decodings won't result in
a valid message on the first channel.  In this case a known plaintext attack
might work.

So is there any reason why braiding is better than xor?

Ken Shirriff			shirriff@sprite.Berkeley.EDU
Disclaimer: I know close to 0 about cryptography.