Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 22 00:05:13 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
> ``never'' is in this case based on one case of provable secure scheme
> (that was notably difficult in implementation)?
I wouldn't be so quick to place blame on the difficulty of
implementing the one-time pad. Implementing the OTP is really pretty
simple: use each pad once and burn it when you're done. The
difficulty lies in trying to make fallible human nature rise to the
level of competency required to use the OTP.
Anyway, to answer your question, no. It's based on a couple of things.
1. Many provably secure schemes are isomorphic to the one-time pad.
This means that the other provably secure schemes share the same
flaws as the OTP.
2. The provably secure schemes that aren't isomorphic to the OTP
typically get broken pretty quickly.
As an example of #2, look at IBM's Atjai-Dwork, which was released at
CRYPTO97. Atjai-Dwork was some nice work, really, with a beautiful
mathematical proof of security. I emphasize this: _proof_. It
wasn't built on conjecture.
Within a year there were three different breaks against Atjai-Dwork.
Turns out the axioms Atjai and Dwork used to build the algorithm
weren't quite as robust as they thought.
Moral of the story: proofs of security are nice. They give us
something to point and laugh at.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
More information about the Gnupg-users