1995-10-13 - mental cryptography

Header Data

From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 9b1cbc631519c7b6ef4f8680508c1b60d0e4e72381ebefee09987f2089cbe169
Message ID: <199510132226.PAA13627@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1995-10-13 22:28:15 UTC
Raw Date: Fri, 13 Oct 95 15:28:15 PDT

Raw message

From: anonymous-remailer@shell.portal.com
Date: Fri, 13 Oct 95 15:28:15 PDT
To: cypherpunks@toad.com
Subject: mental cryptography
Message-ID: <199510132226.PAA13627@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


As we know, security is always relative to a threat model.  For example, most 
cryptographic protocols today will not protect their users against the cloning 
attack I described earlier, nor more mundanely, against video surveilence of 
your computing space.  What can you do if you ARE worried about such attacks?

The answer is doing cryptography in your head.  Well not quite, since many 
cryptographic operations are very computing intensive, and not everyone can do 
1000 bit mental modular exponention in a reasonable amount of time.  But if 
you have a piece of secure hardware that you can trust to do some of these 
operations for you, then all you need is a secure communications channel to 
this piece of hardware.  

There may be other ways, but I suggest that you establish a common key with 
your crypto server ahead of time, and then simply encrypt all your 
communications using a symmetric algorithm.  RC4 may be a reasonable choice, 
since the operations are simple and easy to remember, but you need to keep 
track of a 255-byte state.  WAKE is probably better.  Although it uses a large 
key table, you only have to memorize it once, after which the only state that 
is changing is four 32-bit registers.

I am sure better algorithms can be found for this purpose if mental 
cryptography is made explicit as a design goal.  Perhaps it should be?

 - the Mad Scientist in the Middle

Version: 2.6.2