Slashdot Mirror
Animated Encryption
An anonymous reader submits: "Cartoons for fun and secrecy -- A student at the University of Dayton has apparently come up with an encryption
scheme using computer generated animation. Story at the Chronicle of Higher Education."
The article was a bit scant on details. As we've seen before, if you keep your encryption scheme unpunlished and just claim that it is 'unbreakable', usually someone comes along later when it is in use and breaks it for you.
..
Actually it sounds quite similar to the 'teenage genius' story of that Irish schoolgirl who had her similarly 'unbreakable' matrix encryption scheme widely publicized without peer review, and then broken.
It'll be interesting to see what happens in this case
There seem to be no details in the story about just What this marvelous breakthough is; it can't just be that they use encrypted data as motion data and generate a cartoon of it - that is just steganography, and a pretty obvious version too (plus of course, any movement of one character that obscured a move of another would cause data loss).
Anyone know of a more technical piece on this?
-=DaveHowe=-
This is such a pointless article. They give no insight on the technology. And one of the major points: The inventor is a teenager. Ok ... Maybe if they write about it in a couple of years when the patent passes it might not be a wast of time/bandwidth to read that article. There was no insight only saying saying that he used random numbers and cartoons. And oh yeah, they tried to sell it. If you are going to write about a tech, please .... please describe the technology, isn't that the point ?
--=.=-- www.cyber2000.qc.ca
What happens when you need to break the encryption?
... ;-)
Do you call in The Tick?
Freakazoid?
The Brain?
Who knows
There already is an unbreakable encryption: the One-Time Pad. Furthermore, it is mathematically provable that no unbreakable encryption can have a shorter key than the One-Time Pad. Since the One-Time Pad algorithm is already extremely simple and fast (XORing the key with the plaintext), I don't see a need for any other unbreakable encryption.
How does he generate his randow numbers?
A computer can do pseudo randomness... but since it's not truly random there are ways to detect periodic repetitions and thus find the missing key to decrypt the message...
The only way to be truly random would be to have an outside source (like a camera pointing to lava lamps, or a tree in the wind, backgroud noise, etc...).
This article is not very detailed, but I understand this invention is in the process of being patented, so we'll have to wait...
Try it! Library of Babel
...means you bit-reverse that byte. Glorious. And this message is double ROT-13 encoded, so anyone reading it is in violation of the DMCA. *shakeshead*
Maybe it is just me, but I think the poster is a little bit confused. It is not that animation is being used in encryption, but rather he was inspired by the crowd scene in Hunchback, where the characters movements were essential being controlled by random numbers to create a lively and chaotic look to it.
The article then states that the thought was to use random data in an encryption algorythm to make it unbreakable. So I don't think that we will be seeing messages passed around the the next Disney flick...
" He hopes to sell the technology to computer companies, banks, government agencies, and other organizations that could use a secure code."
Am i the only one who can't see many / any real world applications for this.
Cruise TT
Working with stick men in animation, Mr. Kauffman wanted to improve upon those techniques, assigning more numbers to more body parts and actions.
While studying number generators for the cartoon project, he found references to mathematicians and computer scientists who had theorized that the technique could be used in encryption technology [...]
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father.
If I understand it correctly, Alice sends a cartoon to Bob. Bob knows which features to looks for (for example the head and feets) -- that's the secret key -- and can then reconstruct the message by analysing the movements of these features.
Not too dumb, but it looks more like steganography than cryptography.
GFK's
new, and potentially unbreakable, encryption technology
Unbreakable? Sounds like snake oil already...
An idea dawned on him for a unique way to use random numbers in a math equation to encrypt data.
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it,"
This is ridiculous. Some stream ciphers use random number generators for their encryptions. The problem is, that since the "random" numbers come from a random number generation algorithm, they are not random -- they just appear to be. When they are subject to analysis, patterns are found, and the whole system is compromised. The security lies in how hard it is to predict the "random" numbers.
Jason Kauffman is going to continue plugging away at his mechanical-engineering degree.
That's a good idea, since this sounds like the junk "unbreakable" encryption that comes around every few years. If he's interested in encryption, he should take some advanced math classes to get a better foundation to work from. And pick up a copy of Applied Crytography.
Sorry about the rant... but this kind of thing gets me going.
Random numbers are used extensively within encryption techniques, particularly for generation of keys. As the key is primarily the guardian of your data, it is vital that it is truly random to ensure it can't be guessed or determined by frequency analysis (or other methods).
This is particularly important for block cipher algorithms which use the same key over and over again on successive blocks of data!
The theory of relativity doesn't work right in Arkansas.
Two problems with one-time pads:
1) Generating the pad initially, and
2) exchanging the pad.
Why not look at other possibilities, since this method has clear limitations?
No reason to limit research...
Now its clear to me: they were sending coded instructions to operatives in the field.
When they all leap onto the sofa at the start of the episode it truly means something.
Now if only I could get a look at the decode manual . . .
I was sitting outside and saw all the blades of grass swaying in the wind before me. I noticed how some were shorter than others, and that they actually didn't all have the exact same color. I thought if I assigned a number to each of these and several other characteristics, I'd be well on my way to unbreakable encryption.
My dad used to be a pretty famous rodeo clown in the 60s and an alumnus of the college I'm attending, so when I approached the board of trustees for approval for my research, they were ecstatic! They gave me $20,000 to conduct my research. Now I will be busy all summer observing the grass swaying in the wind. I plan to have a prototype ready at some point, I hope.
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father. Robert Kauffman formed a partnership with his son and the university to patent the idea. The Kauffmans are reluctant to go into more detail about the idea because it's in the patenting process.
Cryptography based on a hacker "not knowing" something can be in for quite a surprise. And there is not even a hint here that this technique is based on a mathematically sound formula that is "hard" to solve. Perhaps this guy is on to something, but this attempt to talk about it but at the same time claim they can't talk about it yet leads me to believe this is more of an exercise in hype or ego than anything scientific. Cartoon cryptography might turn out to be a fitting term for it.
I'm an American. I love this country and the freedoms that we used to have.
So now I can encrypt animated pr0n in japanese anime...oh wait...
This
Is this really new? See Sherlock Holmes The Adventure of the Dancing
Men
But it's hard to criticize or admire whatever technique this guy is looking at, because there are no details in the article. (zero-knowledge reporting?)
A few points here:
It looks like he's already working on taking people for rides.
At my next development meeting should I recommend we watch the Little Mermaid for inspiration on database design?
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father.
A senior research chemist, well holy smokes! This is the only freakin guy you could get for a quote on this new "unbreakable" cryptography system. What was the janitor at lunch!? Not only that, but its his father to boot, not to knock his extensive work in engine/oil products but come on!
Hey while we're at it...My 4 year old sister says that my newly developed RDBMS is 120 times more efficent than Oracle's, so now can I have the $20,000 to patent it, thanks.
This
Since any truly unbreakable encryption scheme has to use keys at least as long as the One-Time-Pad, I do in fact consider the problem of unbreakable encryption solved. No need for further research.
Of course, there's a lot of need for research into ciphers which are not mathematically provable to be unbreakable, but are more practical than the One-Time Pad. :)
I made an encryption alg which is completely unbreakable. It uses numbers. I got the idea from mathmaticians while studying numbers. Holy FUCK ain't that keen?! Let's make a news story about it. Nah, just use what I just told ya.
-- 'The' Lord and Master Bitman On High, Master Of All
.... Ren n Stimpy password :D
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
From the article reporter: "An unlikely combination of interests -- cartoons and math"
Um. Has this guy never met a math or science student before?!
.. once http://lavarand.sgi.com/, now: http://www.lavarnd.org/
Don't answer me. Moderate. Slashdot is about moderation, not discussion.
Jason finds way to recycle used oil
gives a more technical view of the current discovery (its a prng by the way)
-=DaveHowe=-
1) Generating the pad initially, and
2) exchanging the pad.
1) Generating the one-time pad is easy with a hardware noise generator such as an avalanche diode. Marx makes a USB dongle that has a true white noise generator. Just pump the noise into a file, walla!
2) Exchanging pads is not needed, as the one-time pad can be used in a symetric scheme, just a simple XOR will do fine. You only have to transfer the pad one way. Unfortunately, that is a problem that has no good solution.
Yup, all the tell-tale signs are there:
My guess is, he found some "smooth noise" generator and thought that it would make a good source of "random numbers", used, e.g., as a key schedule algorithm, and as soon as the patent is published (which it will be, thanks to the dumb patent office), it will be broken (it probably has a short "key" to set initial conditions, which will be easy to break) and this guy will be forgotten.
Though the cartoon connection is kinda cute and might get some press attention.
Next?
Specifically, we have the unbreakable claim warning sign, and even more specifically, this is almost certainly one of the one -time pad errors: There's also the technobabble, secret algorithms, and revolutionary breakthrough warning signs.
I hope they enjoy the $20,000 patent, 'cause it's not worth the paper it's printed on.
We can come immensly close to it, but if data was to move from human readable to encrypted and back to human readable, than at some point it had to be decrypted, and if it can be decrypted it can be broken. It doesn't mean that the chances of it being broken are immensely small, but the chance is still there. Espesialy if the randomness is generated by computer, I have yet to see a random generator scheme for a computer that doesn't have some sort of formula to it. True randomness is very hard to come by.
T Money
World Domination with a plastic spoon since 1984
I wondered about the article -- being so scanty on info needed to evaluate Kauffman's claim -- and then sent searching online for the patent application. The cos site was a pay site, offering searches for US$250/yr for individuals. Screw that. I went to uspto.gov and then here within it. I did an "advanced" query for Kauffman's name on published patent applications; the query string was "in/Kauffman or in/Jason", the years were "2001-2002". I got 411 results -- too many. Dunno why I used "or" -- so I reduced the query to just "in/Kauffman", which got me 15 results. I went through any that even remotely could have to do with numerical processes, but none were from Jason Kauffman.
Hmm.
[also misbehaves on Kuro5hin as Peahippo]
Check out One Time Deck: the world's most wasteful encryption scheme. The key size (in expressible values) grows with the factorial of the message size (also in expressible values, not bits).
Basically, your key is the equivalent of a randomly shuffled deck of cards with each possible messages written on a card. Your ciphertext tells where to cut the deck to find the card with your message on it. Each deck is used for only one message, then destroyed. Hence the name.
It has the interesting property that if you don't have the deck, even if you know the plaintext exactly, any changes to the ciphertext will result in a completely random plaintext (except that it's not the same).
Anyways, since you don't want to become bored while watching the grass, i've got some green "equipment" you might find handy. My pager number is .... oh fuck, the Feds........
I have this vision of an FBI agent watching tons and tons of porn in his cubicle. The boss comes by and starts scolding him. He then says:
"Please calm down. It is possible to hide secret messages in images now. Here is a printout of a slashdot article about it. I am just looking for hidden terrorist messages in this porn found on Al-Quida PC's. I think her breasts are jiggling to a descernable pattern, so I am trying to plot the jiggle pattern here."
Boss: "Then why are you sweating like that?"
Table-ized A.I.
A calls his counterpart B (shielded line), and says "Demon Tit Wonderful hentai, episode 5, x bytes!". A xors his file with the divx file and sends it to B. B gets the hentai from Kazaa and xors the data with it. Unbreakable (except for that shielded line of course)!
I choose to remain celibate, like my father and his father before him.
Is that a porn-version of Johnny Mnemonic?
seed rand() from user input
while !EOF
read a char
print char ^ rand()
("^" is xor)
We all did this when we were kids.
You might also add a hash function like:
print char ^ rand() ^ (lastin * lastout + lastin *lastout >> 8)
( ">>" is bitshift)
There now it's data dependent, totally unbrakeable
A variation is using + instead of ^ but then you need a corresponding decryption algo with -
Suprisingly many people make the same algo(or similar variations of it) independently.
FRA: STFU GTFO
While not exactly the same, this still seems reminiscant of Jonny Mnemonic, where the information stored in his head is locked away by 3 images, which are the key.
0110100100100000011000010110110100100000011000100
And I heard if you watch the Lion King with special "bin Ladin" glasses you can see the Twin Towers falling as soon as Simba watches his father die.
Snow White was used to plan the attacks....
Sheesh
Get your Unix fortune now!
it's not Hentai Anime, it is actually important encrypted company secrets
...not encryption.
"Algorithm or product X is insecure"
From the other article:
Companies that require high levels of computer security currently use either a DES (Data Encryption Standard) or a triple DES code, but the Kauffmans say both are breakable.
"The currently used DES encryption method, which is now being replaced by AES (Advanced Encryption Standard), was once thought unbreakable and can now be cracked in a matter of minutes to hours," said Robert Kauffman, who helped his son write parts of the computer program. "The AES also can be cracked in theory. These algorithms have computational security, which means they can be broken if enough time and computer power are used. AES would take hundreds of years to break with today's supercomputers.
FRA: STFU GTFO
It may be little information, but mathematically enought to say it's no longer unbreakable.
You might as well claim the same thing if the attacker knows that the plaintext is sensible ASCII-encoded English. That the attacker knows the character of the plaintext (and therefore has a wealth of statistical information about the plaintext) is one of the fundamental assumptions of cryptography.
The perfect secrecy of OTP is based on the secrecy and randomness of the key alone, it doesn't require an obscure or disordered encoding of the plaintext. Knowing some key bits gives you no clue about the value of other key bits.
Of course you must account for the information that can be inferred from the length of the ciphertext (and pad your plaintext to avoid any information leak). This problem is no greater or worse for compressed plaintexts than uncompressed ones.
It seems to me like having the first and last number the same doesn't compromise the security of the message one bit!
It compromises the security of the message exactly one bit (assuming that it's binary OTP). If the first and last bits of the ciphertext are the same, then you know that the first and last bits of the plaintext are the same, and vice versa. You gain one bit of information about it, and cut the number of possible plaintexts in half.
Cryptanalysis is based on statistical data. The attacker presumably can make reasonable guesses about the contents. So if they can guess the first bit with 70% probability, they also know the last bit with 70% certainty.
This kid could really use a copy of "RSA Laboratories' Frequently Asked Questions About Today's Cryptography" or "Applied Cryptography" or even "PGP DH vs. RSA FAQ". At the University of Dayton page on this discovery (https://alumni.udayton.edu/np_story.asp?storyID=7 84), he says that Triple-DES could be easily broken.
That is complete B.S.
Triple-DES is a 112-bit algorithm, and perhaps even stronger that Rjindael (AES), since it's been subjected to rigorous cryptanalysis for many, many years.
It seems as if the encryption technology might be secure, but without any information on it, I am very skeptical.
I wonder if his dad's engine oil invention was "Slick 50" - about as snake oil as it gets.
Yeah. I'm also confused why anyone would want a "personalized" crypto algorithm in the first place.
Scrambling your algorithm to prevent brute force attacks is just stupid -- you could get far more security against brute force attacks by simply adding a single bit to your key-length. And unless all of the variables were relatively prime in any case you couldn't guarantee a single solution.
I think his "unconditional cryptography" translates in this case as "I still need to read Schneier and Koblitz and study number theory".
does this remind anybody else of Johnny Pneumonic?
He claims his cipher cannot be broken at all, no matter how many supercomputers you use (unconditional security). That is complete rubbish. Any calculation can be reversed no matter how complicated. You just need some computing power.
I quote from the origina article:
"The currently used DES encryption method, which is now being replaced by AES (Advanced Encryption Standard), was once thought unbreakable and can now be cracked in a matter of minutes to hours," said Robert Kauffman, who helped his son write parts of the computer program. "The AES also can be cracked in theory. These algorithms have computational security, which means they can be broken if enough time and computer power are used. AES would take hundreds of years to break with today's supercomputers. Jason's cryptography has unconditional security and can be proven unbreakable. Supercomputers won't make any difference."
FLT, not just any theorem.
Somewhere around the start of the PGP User guide, none other than Phil Zimmerman was discussing snake oil. He mentioned how 1337 he felt when he "discovered" a whole new kind of stream cipher. Why not just get a PRNG, convert a key to a seed for it, and then XOR that with the bit stream? Little did Phil know that this technique had been "discovered" many many times before and was covered in all good cryptography books. Moral? If you don't have a PhD in number theory, don't even try it.
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".