IP: More on the Harvard unbreakable encryption

[David Farber <dave () farber net>]

> Date: Mon, 19 Mar 2001 17:04:00 -0400
> From: "Bruce I. Galler" <bgaller () cisco com> (by way of Bernard A. Galler)
> Subject: IP: More on the Harvard unbreakable encryption
> Cc: farber () linc cis upenn edu
>
>
>
> From: Steve Goldhaber [mailto:goldy () cisco com]
> Sent: Monday, March 19, 2001 2:12 PM
> To: bgaller () cisco com
> Subject: More on the Harvard unbreakable encryption
>
>
> From Bruce Schneier's Crypto-Gram newsletter
> -----------------
> Harvard's "Uncrackable" Crypto
>
> Last month the New York Times reported a cryptography
> breakthrough. Michael O. Rabin and Yan Zong Ding, both of
> Harvard, proposed an information-theoretical secure cipher.
> (Yonatan Aumann was also involved in the research.) The idea is
> that a satellite broadcasts a continuous stream of random bits. The
> sender and receiver agree on several random starting point in that
> stream, and use the streams as continuous keys to XOR with the
> message. Since the eavesdropper doesn't know the starting point,
> he can't decrypt the message. And since the stream is too large to
> store in its entirety, the eavesdropper can't try different starting
> points.
>
> That's basically it. The crypto isn't worth writing about (although
> there's some interesting mathematics), but the context is.
>
> One, the popular press does not count as peer review. I have often
> watched in amazement as the press grabs hold of some random
> piece of cryptography and reports on it like it changes the world,
> only to ignore important pieces of research. When you read about
> something like this in the popular press, pay attention to the
> motivations of the researchers and the public relations people who
> convinced the reporters to write about it. Academic peer-review will
> happen in the upcoming years.
>
> One of my biggest gripes with these sorts of press announcements
> is that they ignore the research and the researchers that come
> before. The model and approach are not new; Ueli Maurer proposed
> it ten years ago. (If you want to look it up, the citation is: U.
> Maurer, "Conditionally-Perfect Secrecy and a Provably-Secure
> Randomized Cipher," Journal of Cryptology, vol. 5, no. 1, pp. 53-66,
> 1992. I discuss some of this work in _Applied Cryptography_, p.
> 419.) Rabin and Ding are not to blame -- their academic paper
> credits Maurer heavily, as well as other work that went before -- but
> none of that came out in the press.
>
> Two, while the paper's mathematical result is a new contribution to
> cryptography, it's nowhere near strong enough to unleash the full
> potential of the model. I think there are better techniques in
> Maurer's paper for finding public randomness, such as using the
> face of the moon as a public source of randomness (his paper also
> includes in its model a satellite broadcasting random bits). And it's
> totally impractical. Maurer's paper provides better methods for
> establishing a secret channel in the presence of an eavesdropper.
> But because Harvard has a better public relations machine, this
> result magically becomes news.
>
> Three, this scheme will never be used. Launching satellites gets
> cheaper all the time, but why would someone have them broadcast
> random numbers when they could be doing something useful
> instead? Remember, strong encryption is not our problem; we have
> secure algorithms. In fact, it's the one security problem we have
> solved; solving it better just doesn't matter. I often liken this to
> putting a huge stake in the ground and hoping the enemy runs right
> into it. You can argue about whether the stake should be a mile tall
> or two miles tall, but a smart attack is just going to dodge the
> stake. I don't mean to trash the work; it is a contribution of
> theoretical interest. It's just that it should not be mistaken for a
> practical scheme.
>
> Oh, and by the way, an attacker can store the continuous random
> stream of bits from the satellite. Just put another satellite in space
> somewhere, and store the bits in a continuous transmission loop.
> The neat property of this attack is that the capacity of this storage
> mechanism scales at exactly the same rate as the data stream's
> rate does. There's no way to defeat it by increasing data rate. Isn't
> satellite data storage science fiction? Sure. But no more than the
> initial idea.
>
> <http://www.nytimes.com/2001/02/20/science/20CODE.html>
> <http://cryptome.org/key-poof.htm>
> <http://slashdot.org/articles/01/02/20/136219.shtml>
>
> Maurer's Research:
> <http://www.inf.ethz.ch/department/TI/um/research/itc/>
>
> A demo of one of Maurer's schemes, more practical than the Rabin
> scheme:
> <http://www.inf.ethz.ch/department/TI/um/research/keydemo>



For archives see: http://www.interesting-people.org/