Interesting People mailing list archives
IP: More on the Harvard unbreakable encryption
From: David Farber <dave () farber net>
Date: Mon, 19 Mar 2001 18:00:28 -0500
Date: Mon, 19 Mar 2001 17:04:00 -0400 From: "Bruce I. Galler" <bgaller () cisco com> (by way of Bernard A. Galler) Subject: IP: More on the Harvard unbreakable encryption Cc: farber () linc cis upenn edu From: Steve Goldhaber [mailto:goldy () cisco com] Sent: Monday, March 19, 2001 2:12 PM To: bgaller () cisco com Subject: More on the Harvard unbreakable encryption From Bruce Schneier's Crypto-Gram newsletter ----------------- Harvard's "Uncrackable" Crypto Last month the New York Times reported a cryptography breakthrough. Michael O. Rabin and Yan Zong Ding, both of Harvard, proposed an information-theoretical secure cipher. (Yonatan Aumann was also involved in the research.) The idea is that a satellite broadcasts a continuous stream of random bits. The sender and receiver agree on several random starting point in that stream, and use the streams as continuous keys to XOR with the message. Since the eavesdropper doesn't know the starting point, he can't decrypt the message. And since the stream is too large to store in its entirety, the eavesdropper can't try different starting points. That's basically it. The crypto isn't worth writing about (although there's some interesting mathematics), but the context is. One, the popular press does not count as peer review. I have often watched in amazement as the press grabs hold of some random piece of cryptography and reports on it like it changes the world, only to ignore important pieces of research. When you read about something like this in the popular press, pay attention to the motivations of the researchers and the public relations people who convinced the reporters to write about it. Academic peer-review will happen in the upcoming years. One of my biggest gripes with these sorts of press announcements is that they ignore the research and the researchers that come before. The model and approach are not new; Ueli Maurer proposed it ten years ago. (If you want to look it up, the citation is: U. Maurer, "Conditionally-Perfect Secrecy and a Provably-Secure Randomized Cipher," Journal of Cryptology, vol. 5, no. 1, pp. 53-66, 1992. I discuss some of this work in _Applied Cryptography_, p. 419.) Rabin and Ding are not to blame -- their academic paper credits Maurer heavily, as well as other work that went before -- but none of that came out in the press. Two, while the paper's mathematical result is a new contribution to cryptography, it's nowhere near strong enough to unleash the full potential of the model. I think there are better techniques in Maurer's paper for finding public randomness, such as using the face of the moon as a public source of randomness (his paper also includes in its model a satellite broadcasting random bits). And it's totally impractical. Maurer's paper provides better methods for establishing a secret channel in the presence of an eavesdropper. But because Harvard has a better public relations machine, this result magically becomes news. Three, this scheme will never be used. Launching satellites gets cheaper all the time, but why would someone have them broadcast random numbers when they could be doing something useful instead? Remember, strong encryption is not our problem; we have secure algorithms. In fact, it's the one security problem we have solved; solving it better just doesn't matter. I often liken this to putting a huge stake in the ground and hoping the enemy runs right into it. You can argue about whether the stake should be a mile tall or two miles tall, but a smart attack is just going to dodge the stake. I don't mean to trash the work; it is a contribution of theoretical interest. It's just that it should not be mistaken for a practical scheme. Oh, and by the way, an attacker can store the continuous random stream of bits from the satellite. Just put another satellite in space somewhere, and store the bits in a continuous transmission loop. The neat property of this attack is that the capacity of this storage mechanism scales at exactly the same rate as the data stream's rate does. There's no way to defeat it by increasing data rate. Isn't satellite data storage science fiction? Sure. But no more than the initial idea. <http://www.nytimes.com/2001/02/20/science/20CODE.html> <http://cryptome.org/key-poof.htm> <http://slashdot.org/articles/01/02/20/136219.shtml> Maurer's Research: <http://www.inf.ethz.ch/department/TI/um/research/itc/> A demo of one of Maurer's schemes, more practical than the Rabin scheme: <http://www.inf.ethz.ch/department/TI/um/research/keydemo>
For archives see: http://www.interesting-people.org/
Current thread:
- IP: More on the Harvard unbreakable encryption David Farber (Mar 19)