Re: [Cfrg] Repeated one-time pad
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Thu, 14 July 2011 20:45 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54F2111E80B9 for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 13:45:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WN2gK3O8re2b for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 13:45:05 -0700 (PDT)
Received: from thb-mta-17.emailfiltering.com (thb-mta-17-tx.emailfiltering.com [194.116.199.149]) by ietfa.amsl.com (Postfix) with ESMTP id A400111E8076 for <cfrg@irtf.org>; Thu, 14 Jul 2011 13:45:04 -0700 (PDT)
Received: from exch-hub03.rhul.ac.uk ([134.219.208.197]) by thb-mta-17.emailfiltering.com with emfmta (version 4.8.2.32) by TLS id 2729483854 for cfrg@irtf.org; 661b981000e3b098; Thu, 14 Jul 2011 21:45:03 +0100
Received: from EXCH-CAS02.cc.rhul.local (2002:86db:d06a::86db:d06a) by EXCH-HUB03.cc.rhul.local (2002:86db:d0c5::86db:d0c5) with Microsoft SMTP Server (TLS) id 14.1.289.1; Thu, 14 Jul 2011 21:45:02 +0100
Received: from EXCH-MB02.cc.rhul.local ([169.254.1.74]) by EXCH-CAS02.cc.rhul.local ([2002:86db:d06a::86db:d06a]) with mapi id 14.01.0289.001; Thu, 14 Jul 2011 21:45:02 +0100
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Repeated one-time pad
Thread-Index: AQHMQl4mKypVgrLX/ki5bnUr4jtHipTsOE2A
Date: Thu, 14 Jul 2011 20:45:03 +0000
Message-ID: <932FB3B1-54C3-4568-B087-8836EAA66870@rhul.ac.uk>
References: <mailman.117.1310670016.1187.cfrg@irtf.org> <4E1F467C.8090702@gmail.com>
In-Reply-To: <4E1F467C.8090702@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [134.219.208.226]
Content-Type: multipart/alternative; boundary="_000_932FB3B154C34568B0878836EAA66870rhulacuk_"
MIME-Version: 1.0
Subject: Re: [Cfrg] Repeated one-time pad
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2011 20:45:09 -0000
Hi Yaron, The paper you want is by Mason et al. from CCS a few years back: @inproceedings{DBLP<http://dblp.uni-trier.de/db/about/bibtex.html>:conf/ccs/MasonWES06, author = {Joshua Mason and Kathryn Watkins and Jason Eisner and Adam Stubblefield}, title = {A natural language approach to automated cryptanalysis of two-time pads}, booktitle = {ACM Conference on Computer and Communications Security}, year = {2006}, pages = {235-244}, ee = {http://doi.acm.org/10.1145/1180405.1180435}, crossref = {DBLP:conf/ccs/2006usa}, bibsource = {DBLP, http://dblp.uni-trier.de} } I had a masters student re-implement the algorithms in this paper last summer - they performed very well, but not quite as well as the authors indicated in their paper. Cheers Kenny On 14 Jul 2011, at 20:41, Yaron Sheffer wrote: Regarding "immediate key disclosure": is is well known that reuse of a stream cipher or a one-time pad with different plaintexts leads to immediate exposure of the plaintext (see e.g. http://en.wikipedia.org/wiki/One-time_pad#True_randomness). For a course I am teaching, I would appreciate pointers to the algorithms that are used for this cryptanalysis and/or source code that implements this attack. Thanks, Yaron Message: 2 Date: Thu, 14 Jul 2011 10:00:44 +0200 From: Simon Josefsson <simon@josefsson.org<mailto:simon@josefsson.org>> To: Ted Krovetz <ted@krovetz.net<mailto:ted@krovetz.net>> Cc: cfrg@irtf.org<mailto:cfrg@irtf.org> Subject: Re: [Cfrg] Request For Comments: OCB Internet-Draft Message-ID: <87ipr5gukz.fsf@latte.josefsson.org<mailto:87ipr5gukz.fsf@latte.josefsson.org>> Content-Type: text/plain Ted Krovetz <ted@krovetz.net<mailto:ted@krovetz.net>> writes: I have just submitted an internet-draft for OCB to the IETF. http://datatracker.ietf.org/doc/draft-krovetz-ocb I'd appreciate any comments you may have on how to make the draft better. It would help if you explained (in the security considerations) what happens if a nonce is repeated. The question of failure modes of authenticated encryption modes has come up in several different contexts. It turns out that different AEAD modes have different failure properties. In particular, you want to address whether repeat of a nonce leads to immediate key disclosure, or whether the key can be found after some computation faster than obvious attacks, or whether it can only lead to recovery of the plaintext, and/or whether it depends on the plaintext as well (e.g., something interesting happens if the plaintexts are related). _______________________________________________ Cfrg mailing list Cfrg@irtf.org<mailto:Cfrg@irtf.org> http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Repeated one-time pad Yaron Sheffer
- Re: [Cfrg] Repeated one-time pad Paterson, Kenny
- Re: [Cfrg] Repeated one-time pad Marshall Eubanks