projects

OTP Enhancement : Failure Report

Overview

A failed attempt to make one time pads usefull. Given a set of 3 starting pads that are truly random and securely negotiated before hand, generate new pads that are only used once. I do not have a formal proof, but it seems any manner of extending a one time pad by generating new random keys will fail in this same manner.

Algorithm Description

• s = Message to send(Output)
• u = Update Message for secret values(Output)
• X = Secret values, need 3 to start
• m = Message to send
• r = Random data
• n = Iteration of data
• ^ = XOR operation

1. s_n := X_(n+1)%3 ^ X_(n+2)%3 ^ m_n
2. X_(n+1)%3 := r_n
3. u_n := X_(n+1)%3 ^ X_n%3

Receiver

1. m_n := X_(n+1)%3 ^ X_(n+2)%3 ^ s_n
2. X_(n+1)%3 := X_n%3 ^ u_n

No single key is used twice in a pass, and no pair of keys is ever used twice. The sender's message is XORed with two keys, then a new random value for one of the two keys used is generated. The third key we haven't used is XORed with the newly generated key and sent out.

Cracking it

Thanks to the hard work of Christopher Wellons at nullprogram I now know this is not feasible. Changing the notation not to cycle for the sender only:

1. s_n := X_(n+1) ^ X_(n+2) ^ m_n
2. X_(n+3) := r_n
3. u_n := X_(n+3) ^ X_n

1. s₁ := X₂ ^ X₃ ^ m₁
2. u₁ := X₄ ^ X₁
3. s₂ := X₃ ^ X₄ ^ m₂
4. u₂ := X₅ ^ X₂
5. s₃ := X₄ ^ X₅ ^ m₃

1. s₃ := X₄ ^ X₅ ^ m₃ ^ u₂ ^ u₁
2. s₃ := X₄ ^ X₅ ^ m₃ ^ (X₅ ^ X₂) ^ (X₄ ^ X₁)
3. s₃ := X₂ ^ X₁ ^ m₃

So it breaks down to the original pad used for sending a message for any message, and thus susceptible to plaintext attacks on the key.

Chris had previously encountered this issue and even had the smart idea to use bitmap data to visualize it.

Comments(0) 2009-01-04 19:41:57

Add your comment:

Name:

Captcha) 63 - nothing + 4 =   

Hardware

• • Continuous Inking System (Epson R300)
  • Fan Modifications(iMac G5 and a random case)
  • Heat Controlled Blinkenlight
  • PIC Microcontroller Doorknob Combo Lock
  • Simple wireless solenoid lock

Software

• • TAIM (Alpha Version): GHCI integration with vim
  • CheaTorrent -- An evil BitTorrent client
  • Self Modifying 2D Turing Automata
  • Competing Conway Life Automata
  • X11 Timelapse Desktop Video
  • Colored Wolfram Automata With Sound Input
  • Pseudo Video Feedback in Processing
  • Haskell Cipher Saber
  • Illegal FIlenames -- Windows and *nix
  • Simple Perl SDL Music Keyboard (Updated)
  • Image to Spectrogram
  • Pastebin Hell
  • OMGWTFRNG (OWR)
  • OTP Enhancement : Failure Report
  • Java Network File Transfer Tool
  • AES Encrypted Filesystem Speeds
  • Dual Message Encryption
  • PHP Website
  • Mp3 Splitting Script
  • Random Obfuscation Tool
  • Filesystem Speed Comparisons
  • Java Based Web Server GUI

Math

• • Collatz Conjecture in Haskell
  • Nontransitive Dice Finder
  • Domain Coloring Movies and X11 Display
  • Online Python Domain Coloring
  • x^y > y^x and x^y - y^x

Woodwork

• • Stepping Stool
  • Quilting and Embroidery Stand
  • Router Table Extension
  • Speaker Stands
  • Frankenbench
  • Travel Sized Rabbit Cage
  • Original Rabbit Cage

Other

• • Galvanic Etching Of Brass
• 
  

  Search