Re: [Cfrg] Repeated one-time pad
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Thu, 14 July 2011 20:45 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54F2111E80B9 for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 13:45:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WN2gK3O8re2b for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 13:45:05 -0700 (PDT)
Received: from thb-mta-17.emailfiltering.com (thb-mta-17-tx.emailfiltering.com [194.116.199.149]) by ietfa.amsl.com (Postfix) with ESMTP id A400111E8076 for <cfrg@irtf.org>; Thu, 14 Jul 2011 13:45:04 -0700 (PDT)
Received: from exch-hub03.rhul.ac.uk ([134.219.208.197]) by thb-mta-17.emailfiltering.com with emfmta (version 4.8.2.32) by TLS id 2729483854 for cfrg@irtf.org; 661b981000e3b098; Thu, 14 Jul 2011 21:45:03 +0100
Received: from EXCH-CAS02.cc.rhul.local (2002:86db:d06a::86db:d06a) by EXCH-HUB03.cc.rhul.local (2002:86db:d0c5::86db:d0c5) with Microsoft SMTP Server (TLS) id 14.1.289.1; Thu, 14 Jul 2011 21:45:02 +0100
Received: from EXCH-MB02.cc.rhul.local ([169.254.1.74]) by EXCH-CAS02.cc.rhul.local ([2002:86db:d06a::86db:d06a]) with mapi id 14.01.0289.001; Thu, 14 Jul 2011 21:45:02 +0100
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Repeated one-time pad
Thread-Index: AQHMQl4mKypVgrLX/ki5bnUr4jtHipTsOE2A
Date: Thu, 14 Jul 2011 20:45:03 +0000
Message-ID: <932FB3B1-54C3-4568-B087-8836EAA66870@rhul.ac.uk>
References: <mailman.117.1310670016.1187.cfrg@irtf.org> <4E1F467C.8090702@gmail.com>
In-Reply-To: <4E1F467C.8090702@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.219.208.226]
Content-Type: multipart/alternative; boundary="_000_932FB3B154C34568B0878836EAA66870rhulacuk_"
MIME-Version: 1.0
Subject: Re: [Cfrg] Repeated one-time pad
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2011 20:45:09 -0000
Hi Yaron,
The paper you want is by Mason et al. from CCS a few years back:
@inproceedings{DBLP<http://dblp.uni-trier.de/db/about/bibtex.html>:conf/ccs/MasonWES06,
author = {Joshua Mason and
Kathryn Watkins and
Jason Eisner and
Adam Stubblefield},
title = {A natural language approach to automated cryptanalysis of
two-time pads},
booktitle = {ACM Conference on Computer and Communications Security},
year = {2006},
pages = {235-244},
ee = {http://doi.acm.org/10.1145/1180405.1180435},
crossref = {DBLP:conf/ccs/2006usa},
bibsource = {DBLP, http://dblp.uni-trier.de}
}
I had a masters student re-implement the algorithms in this paper last summer - they performed very well, but not quite as well as the authors indicated in their paper.
Cheers
Kenny
On 14 Jul 2011, at 20:41, Yaron Sheffer wrote:
Regarding "immediate key disclosure": is is well known that reuse of a stream cipher or a one-time pad with different plaintexts leads to immediate exposure of the plaintext (see e.g. http://en.wikipedia.org/wiki/One-time_pad#True_randomness). For a course I am teaching, I would appreciate pointers to the algorithms that are used for this cryptanalysis and/or source code that implements this attack.
Thanks,
Yaron
Message: 2 Date: Thu, 14 Jul 2011 10:00:44 +0200 From: Simon Josefsson <simon@josefsson.org<mailto:simon@josefsson.org>> To: Ted Krovetz <ted@krovetz.net<mailto:ted@krovetz.net>> Cc: cfrg@irtf.org<mailto:cfrg@irtf.org> Subject: Re: [Cfrg] Request For Comments: OCB Internet-Draft Message-ID: <87ipr5gukz.fsf@latte.josefsson.org<mailto:87ipr5gukz.fsf@latte.josefsson.org>> Content-Type: text/plain Ted Krovetz <ted@krovetz.net<mailto:ted@krovetz.net>> writes:
I have just submitted an internet-draft for OCB to the IETF.
http://datatracker.ietf.org/doc/draft-krovetz-ocb
I'd appreciate any comments you may have on how to make the draft better.
It would help if you explained (in the security considerations) what
happens if a nonce is repeated. The question of failure modes of
authenticated encryption modes has come up in several different
contexts. It turns out that different AEAD modes have different failure
properties.
In particular, you want to address whether repeat of a nonce leads to
immediate key disclosure, or whether the key can be found after some
computation faster than obvious attacks, or whether it can only lead to
recovery of the plaintext, and/or whether it depends on the plaintext as
well (e.g., something interesting happens if the plaintexts are related).
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org<mailto:Cfrg@irtf.org>
http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Repeated one-time pad Yaron Sheffer
- Re: [Cfrg] Repeated one-time pad Paterson, Kenny
- Re: [Cfrg] Repeated one-time pad Marshall Eubanks