1993-05-29 - Trust, Amateur/Professional, use of PRNGs

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 1f43a211381c01212531ecca7b617b8dcebfadc4788185f69f4913c26fa66756
Message ID: <9305290737.AA03283@soda.berkeley.edu>
Reply To: <9305280750.AA07434@wixer>
UTC Datetime: 1993-05-29 07:41:19 UTC
Raw Date: Sat, 29 May 93 00:41:19 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Sat, 29 May 93 00:41:19 PDT
To: cypherpunks@toad.com
Subject: Trust, Amateur/Professional, use of PRNGs
In-Reply-To: <9305280750.AA07434@wixer>
Message-ID: <9305290737.AA03283@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Re: disclosure

>If I were I wouldn't
>be revealing the details of the encryption method and I wouldn't
>be subjecting the software to critical examination.

To my mind, selling the code for the encryption method does not count
as revealing the details to a very wide audience.  Were it freely
available, I would say that you had satisfied that concern.  Were it
even available on a non-compete covenant basis and free of monetary
charge I would be satisfied.

Let me see if I can paraphrase.  You'll sell me the code, so that I
can evaluate it or have someone else do this.  This evaluation is much
more for your benefit than mine, because where I might use it for
myself, this same information accrues much more to the value of the
cipher itself, which is yours.

Oh, please.

Re: An inappropriate historical comparison

>You omit to point out that Kahn also discusses the cryptosystem
>invented in the late 18th Century by Thomas Jefferson.  I'm not
>aware that Jefferson was a "professional" cryptologist or that he
>was "credentialed" in this field.  

The single salient difference that you ignore is fifty years of public
and intensive research into cryptography, starting with Shannon.  I
have seen nothing other than vague claims of security and one
statistic of flat byte distribution in the ciphertext (necessary and
easy to achieve).

I have seen very little awareness of any of this work.  In particular,
the most sophisticated analysis for ciphers to date has been
differential cryptanalysis.  I have not seen the results of any such
examination of your cipher.  To give you a clue as to how good this
technique is, Biham and Shamir were able to break FEAL-4 with a few
dozen chosen plaintexts, and FEAL-8 with somewhat more.

Re: levels of expertise

>This shows that your distinction between "professionals" (by
>implication, the experts) and "amateurs" (by implication, the
>self-deluding fools) is false.  There is no such clear-cut
>distinction.  

The state of cryptography two hundred years ago is not relevant to the
current state of knowledge.  Today there is much, much more to know
about the subject, and there is a lot of relevant prior art.

Should you claim that this prior art is not needful to know in order
to design new ciphers, I will not imply that your are a self-deluding
fool, I will explicitly declaim you as self-deluding fool.

Re: arguments _ad authoritatem_

>Whether a cryptosystem is strong or not has to be
>decided by an examination of the system itself, not on the basis of
>whether its author has attended cryptology classes at M.I.T.

But lacking both criteria, I have no belief at all that your cipher is
secure.  In fact, given the track record or the uncredentialled in the
last twenty years, I have exactly the opposite opinion.

Re: cryptanalysis

>No doubt you've read
>your Abraham Sinkov on "Mathematical Cryptanalysis" and other such
>works, 

These and other such works are by no means the state of the art.  If
you've learned all your cryptography from these, it's time to do some
more reading.

>where the solving of simultaneous equations in several
>(perhaps many) unknowns may yield a solution in some cases.  

One of the fundamentals of real cryptography is that exact solution
techniques are much less powerful than statistical methods of the
appropriate form.  Techniques of adding in 'noise' prevent exact
methods, but that is largely irrelevant.  Every useful statistic will
come through just as before, except that a larger data set is needed.

Eric





Thread