From: HO  JUNYA <hojunya@ecf.toronto.edu>
Date: Mon, 10 Jan 94 19:36:38 PST
To: cypherpunks@toad.com
Subject: request for references on random one time pad
Message-ID: <94Jan10.223522edt.4884@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hi, I am taking part in an engineering design course, where we will
be designing and building something of our choice, with an emphasis
on electronics...  What i proposed to do was basically a one time
pad, with a true random number generator to generate the pad.  We
want to do it on 8 bit xt plug in cards, with the initial transfer
of the random pad between the sender and receiver being done over
a cable (with the terminals side by side).  Then, an arbitrary amount
of time later, the two terminals can be separated, and a promiscuous
method of transmission can be used to transmit encrypted data.

The encrypted data is to be generated by simply XORing the bits of
the pad, and the bits of the plaintext, with decryption occuring at
the receiving end by XORing the bits of the pad and the bits of the
encrypted message, to extract the plaintext bits.

Talking to the instructor today, he didn't understand why I wished
to use a truly random number generator, since he believed that any
pseudorandom number generator, or even something periodic would be
just as secure, in practical terms.  Is this true?  I did not wish
to use a pseudorandom number generator (and after all, it's an electronics
design course, not software design) or any period function, because
i believed that it would be susceptible to brute force attacts by
statistical analysis of the encrypted data (are there other ways of
attacking it?).  Wouldn't this also apply to any textual input as
the pad?  (eg, verse n of chapter m of book o of the bible)

I would like to be able to back up my assertion that using pseudorandom
number generators, periodic functions or english texts would not be
secure (to what degree?), and that the use of a true random number
generator (probably using circuit noise) is theoretically the most
secure method available (assuming real randomness and not taking into
account the transfer of the pad).  Can anyone suggest any references?

I was also wondering how difficult it would be to implement DES into
this, using random bits for keys, in hardware or software.  I'm afraid
that we may have to use basic, if we are to talk with the plug-in-card,
as i'm not confident of my C abilities, and am not aware of any libraries
out there.

Any help would be greatly appreciated.  I am not on the cypherpunks
mailing list yet, however, and would appreciate a Cc: to my email
address, in addition to the list itself.

Junya

______________________________________________________________________________
"Merci, merci, merci." -La Femme Nikita       |        hojunya@ecf.toronto.edu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~