From: IPG Sales <ipgsales@cyberstation.net>
Date: Wed, 16 Oct 1996 18:30:42 -0700 (PDT)
To: coderpunks@toad.com
Subject: Q.E.D.
In-Reply-To: <3261C95B.2F4A@bfree.on.ca>
Message-ID: <Pine.BSI.3.95.961016194535.21030B-100000@citrine.cyberstation.net>
MIME-Version: 1.0
Content-Type: text/plain



         Some of you have sardonically written to say "Nihil Est
         Demonstrandum," N.E.D. because an OTP must be derived from a
         hardware source, that is, it must be a pure random sequence
         of limitless entropy. Accordingly, they unbashfully assert
         that an OTP generated by a computer program is not possible.

         How do they know that? Does the Bible tell them so, or the
         Koran, or do they get it from the Torah? Why not cite the
         source of their certainty instead of advancing an unsupported
         proposition.  I do not mean to be rude, but excuse me, what
         scientific proof can they offer for that immovable avowal?
         There is no scientific proof whatsoever, none at all, except
         for the words and their steadfast, and maybe self serving,
         postulate.  Accordingly, obviously it is they, not us, who are
         the ones that have "Nihil Est Demonstrandum," in this matter.
         There is not one scintilla of sustainable evidence to support
         such a doctrine.

         While the vast majority of people knowledgeable about
         cryptography have not heretofore believed that it is possible
         for software to produce an OTP, that does not make it a
         scientific fact, but merely means it is the consensus of
         scientific opinion that it is not possible. With all due
         respect to Bruce, and his exceptional work, Paul, Roy and many 
         others who obviously know the subject matter of which we speak, I
         offer that  history is replete with scientists supplying proof of
         the seemingly impossible.

         In support of their position, some have pointed out that John
         von Neumann, to paraphrase, stated that ARITHMETIC cannot
         produce random numbers, a thesis which I agree with; but
         where is that, in any way inconsistent with IPG's position on
         EUREKA?  IPG has produced a system to generate software OTPs,
         albeit it within limited but but more than ample entropy, not
         software random numbers.

         We stipulate the obvious fact that the encryptor stream
         generated by EUREKA is a PRNG stream, though we do consider
         it gross denigration to castigate it as ONLY a PRNG stream.
         It is a PRNG issue that also happens to be an extremely well
         behaved OTP sequence, with limited but ample entropy, as well.
         It meets each and every criteria rationally established for an
         OTP in all reasonable aspects. Subjected to any and all
         statistical analyses, the EUREKA PRNG stream manifests itself as
         being random, though we know, as a scientific fact, that it is
         not.

         To substantiate that posit, and unlike the consensus of
         scientific opinion, obviously N.E.D., that believes that
         software cannot produce an OTP, IPG offers "Quod Erat
         Demonstrandum," Q.E.D. scientific proof that we can produce
         a humungous number of software OTPs sufficient to meet any and
         all current or future requirements.

         You do not need to be an Einstein, a Hawking, or a von
         Neumann, to understand the fundamental basis of the IPG
         EUREKA algorithm. Succinctly as I can , that is, given a truly
         random key of entropy N, and possibly truly random look up tables
         of combined entropy M, it is possible to generate up to N
         streams of characters of a length in this case of
         approximately 10^223, that manifest themselves as true OTPs.

         Think about that simple supposition for a moment. What do we
         mean by an OTP? We mean that an OTP is a stream of
         characters, or numbers, that cannot be derived in the
         absence of the key that was used to generate them, or
         alternately by trying all possibilities of that said key.
         Thus, when using the resultant as an encryptor stream, the
         only information derivable from the ciphertext is the
         determination of the maximum possible length. Furthermore,
         by using the exclusionary proof, you cannot preclude any
         possible message of that said length.

         If you think through that hypothesis, it becomes clear that
         such is not precluded by von Neumann's proffer, or by
         fundamental mathematical principles. The question then, is
         how can you go about doing that? That is all that IPG has
         done.  We have figured out a mathematical certain way, (
         Q.E.D.), of generating N number, or rather a number very
         close to N, of OTPs from a given key of entropy N, and we can
         prove it.

         Not only that, but you can prove it to yourself, Q.E.D.  We
         maintain that it is discernible to any knowledgeable person
         who probes the algorithm, that the only analytical tack that
         can be mounted against EUREKA is brute force and that is
         patently impossible.. One of your Cpunk colleagues says he
         uses Triple DES, 168 bits, and he does not believe that it
         can be brute forced - I agree, 3-DES, 10^50+ possibilities,
         cannot be brute forced now, or in the foreseeable future -
         then what about the EUREKA's 10^34322 possibilities,
         10^34271+ greater than 3-DES? No way, not now, not ever.
         Furthermore, EUREKA is an order, or more, magnitude faster
         than triple DES, easier to use, much more secure, etal.

         Another has suggested that if the key, and all the variables
         are hacked, then the system can be compromised. That is true,
         but again excuse me, does not that apply to any system,
         whether it be RSA, PGP, IDEA, and yes also a hardware sourced
         OTP.  EUREKA's only edge in that regard is that built in
         means that facilitate safeguards which minimize such risks.

         EUREKA is not a panacea for all your encryption needs.  RSA,
         PGP, ENTRUST, and other systems fill very important
         exigencies. Where EUREKA shines brightest is in two important
         strategic user applications:

            1. To set up a permanent line of Internet/intranet
               communication privacy between two, or a group of,
               individuals. As a result, pass phrases, session
               encryption keys, and other work impediments of that
               genre can be largely eliminated.

               While applicable to everyone, this is especially true
               of newbies, computer novices, technophobes, and other
               non-techies.

               It is much faster, easier to use, and more flexible
               than other systems for this application. As such, it is
               ideal for intranets, or mixed Internet/intranet
               systems.

            2. To protect your private hard disk files, programs or
               data, from compromise by hackers and interlopers. In
               this application it is unsurpassed because differential
               analysis of changing files is rendered impossible and
               it is extremely fast.



         See for yourself. Prove it to yourself, Q.E.D. The IPG
         algorithm is available at:

                   http://netprivacy.com/algo.html

                     or a condensed version at:

                   http://netprivacy.com/condalgo.html


         P.S. My resume can also be found there

                   http://www.netprivacy.com/resume.html 



> ==================================================================
>
>                   Donald R. Wood
>                   ipgsales@cyberstation.net
>==================================================================== 
>
> Some p[eople are more certain of their own opinions than they are of
> facts presented by those they disagree with - Aristotle
>
> ----------------------  Quod Erat Demonstrandum ----------------------