1993-06-18 - Re: xor w/prbs
Header Data
From: bear@eagle.fsl.noaa.gov (Bear Giles)
To: cypherpunks@toad.com
Message Hash: 258a60c7b4c190c682a1377ee19572dfc76b3a84b1825cf8de364279dc5a4ca4
Message ID: <9306180534.AA01952@eagle.fsl.noaa.gov>
Reply To: N/A
UTC Datetime: 1993-06-18 05:37:47 UTC
Raw Date: Thu, 17 Jun 93 22:37:47 PDT
Raw message
From: bear@eagle.fsl.noaa.gov (Bear Giles)
Date: Thu, 17 Jun 93 22:37:47 PDT
To: cypherpunks@toad.com
Subject: Re: xor w/prbs
Message-ID: <9306180534.AA01952@eagle.fsl.noaa.gov>
MIME-Version: 1.0
Content-Type: text/plain
>How *do* you break this cypher? He is generating a lot of random numbers
>between 0 and 255, and xor'ing each successive one with the next byte of plain-
>text. I know that this is a trivial cypher to break, according to PRZ at
>least, but how do you do it?
In this case, since the modulus is a small power of 2, you can do exhaustive
search. There is _one_ sequence of 256 distinct values.
Still want to know how long it will take to crack his ciphertext?
>#define MULTIPLIER 0x015a4e35L
>#define INCREMENT 1
>
>long RandomSeed;
>
>int GetRandomNumber(int Range)
> {
> RandomSeed = MULTIPLIER * RandomSeed + INCREMENT;
> return(RandomSeed % Range);
> }
>
>So how do you crack this cipher without trying all the keys, guys?
Since
max_integer / gcd (range, max_integer) > range
you can move the modulus operation around without worrying about
weird effects from the finite word size. This is because the
closed form of the loop is:
seed[k] = (seed[0] * mult^k + incr * sum (j = 0 to k-1) of mult^j) % range
which is equal to
seed[k] = (seed[0] % range) * (mult % range)^k +
(incr % range) * sum (j = 0 to k-1) of (mult % range)^j
and the modulus operation with a power-of-2 range simply keeps the last
n bits. But, this also means there are effectively only "range" possible
values for the initial seed.
Even if you make the increment and multiplier part of the key, they must
(both?) be odd so you only have 22 bits of key. Of course at this point
you can simply use the fact that this "one time pad" is actually a
Vigenere cipher with 256 columns -- easy to crack if you have some
insight into the nature of the plaintext (e.g., English text).
For instance, 10-15 small documents (40 lines) encrypted with the same
key is enough to crack it even if the multiplier and increment are
unknown but constant.
Bear Giles
Thread
Return to June 1993
Return to “bear@eagle.fsl.noaa.gov (Bear Giles)”
1993-06-18 (Thu, 17 Jun 93 22:37:47 PDT) - Re: xor w/prbs - bear@eagle.fsl.noaa.gov (Bear Giles)