1992-10-13 - one time pads

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 59880107a8682ff630340193de22e9bf74179cc0b1399b38c188fa4c661518f3
Message ID: <9210131558.AA25287@soda.berkeley.edu>
Reply To: <199210130821.AA03658@well.sf.ca.us>
UTC Datetime: 1992-10-13 15:51:51 UTC
Raw Date: Tue, 13 Oct 92 08:51:51 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Tue, 13 Oct 92 08:51:51 PDT
To: cypherpunks@toad.com
Subject: one time pads
In-Reply-To: <199210130821.AA03658@well.sf.ca.us>
Message-ID: <9210131558.AA25287@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain

Previously I said about one-time pads: "High security, high cost."
(Well, not exactly that...)  I invoked it then in order to argue that
I personally didn't need to use one-time pads.  Implicit also in that
statement is the claim that when the worth of security is high, the
cost may be relatively cheap.  George and I agree on this point.

When you are fighting a military battle, when you have a government
pissed off at you in a serious way, you need as good as you can get.
Since you can get perfect end-to-end link encryption, you use it.

All cryptography is economics.  Repeat after me.  All cryptography is

I don't need one-time pads.  Sendero Luminoso does.  It's as easy as
that.  It's merely a matter of scale.  Large scale, high security.
Small scale, pretty good security.

Re: Mathematical breakthroughs.  George missed my main point here.  We
don't know whether factoring is "fundamentally hard." (Project your
own definition here.)  We should not assume that when the breakthrough
comes, that is will be found "easy."  It may be that factoring is
hard, and that RSA is secure for that reason.  (The astute reader will
see that these two are not exactly the same question.)  My current
thinking is that factoring is hard because of various randomness
properties of primes, that in fact multiplying one large prime by
another is like encrypting one prime with the other as a one-time pad!
But I'm no number theorist.

I do, however, agree with "caution in the face of an unknown."  And
for high stakes, George's "irrational caution" is not irrational at

Re: Relative security.  It seems I had an editing error.  What I meant
to say (paraphrased) was the following.  Perfect security is not worth
the cost when the marginal cost of perfect security is more than the
marginal benefits of such security.  This encompasses both the high
end and the low end.  I don't need one-time pads.  Abu Nidal does.

Repeat after me.  Cryptography is all economics.