Animated Encryption

An anonymous reader submits: "Cartoons for fun and secrecy -- A student at the University of Dayton has apparently come up with an encryption scheme using computer generated animation. Story at the Chronicle of Higher Education."

Scant on details

[SpatchMonkey]

The article was a bit scant on details. As we've seen before, if you keep your encryption scheme unpunlished and just claim that it is 'unbreakable', usually someone comes along later when it is in use and breaks it for you.

Actually it sounds quite similar to the 'teenage genius' story of that Irish schoolgirl who had her similarly 'unbreakable' matrix encryption scheme widely publicized without peer review, and then broken.

It'll be interesting to see what happens in this case ..

Re:Scant on details

[SpatchMonkey]

Yep, here you go. She cracked it herself shortly after it was publicised, the method is detailed in the appendix.

Also here's a link to the press release this guy's university published on his work. Although, come to think of it, it looks quite familiar. Is this a repeated story?

Re:Scant on details

[BlueWonder]

Oh, right, Slashdot. Patents evil.

Patenting a new encryption algorithm is not only evil, but also stupid. Nobody will try to break a patented algorithm, and without years and years of expert cryptographers trying to break an encryption scheme, one cannot consider it secure.

Re:Scant on details

[DaveHowe]

IIRC, the patent application is in the public domain too - after all, if it is secret, how can anyone check it? Patenting is a first-past-the-post system - hence people trying to modify a patent "on the fly" to include stuff originally not covered, rather than start a new one.

Re:Scant on details

[Fjord]

That would make sense if RSA hadn't patented their algorithm. True the patent has run out, but there were 6 years that I was waiting for it to happen. Since then, that patent helped them create a well respected security company.

Re:Scant on details

[Beliskner]

encryption scheme using computer generated animation

<Bugs Bunny> Ehhhhh, what's up Doc? </Bugs Bunny>
<Daffy Duck> 10100101000101000111010111010010 </Daffy Duck>

Re:Scant on details

[BlueWonder]

That would make sense if RSA hadn't patented their algorithm.

True, but a different situation. RSA was the first, and for years the only, (pratical) algorithm to solve a specific problem (the problem of key distribution). It's different if you patent a symmetric encryption algorithm, because there's a large number of unpatented symmetric encryption algorithms to choose from.

No details?

[DaveHowe]

There seem to be no details in the story about just What this marvelous breakthough is; it can't just be that they use encrypted data as motion data and generate a cartoon of it - that is just steganography, and a pretty obvious version too (plus of course, any movement of one character that obscured a move of another would cause data loss).
Anyone know of a more technical piece on this?

Re:No details?

[Lars+T.]

He simply adds numbers from a PRNG into the encryption process. AFAIK that is not new. And if you know what RPNG and the seed(s), it's also not really safe.

The link to animation is very thin, you can use PRNG for "random movements" in computer animation. That's about it.

Re:No details?

[DaveHowe]

Not sure about that - crowd motion is random, but constrained; arms don't just jerk back and forth, but move smoothly (although not a constant speed) between a start and end point; both legs can't be off the ground at once without the body moving down under gravity, lifting a leg up means moving it forward (because of the hinges and so forth) its a mechanical system that can be modelled mathematically. It is possible that the encoding is in the constraints of a system, not the actual values (which can be randomly or pseudo-randomly generated.

I still doubt anything here is practical though.

Pointless article.

[fogof]

This is such a pointless article. They give no insight on the technology. And one of the major points: The inventor is a teenager. Ok ... Maybe if they write about it in a couple of years when the patent passes it might not be a wast of time/bandwidth to read that article. There was no insight only saying saying that he used random numbers and cartoons. And oh yeah, they tried to sell it. If you are going to write about a tech, please .... please describe the technology, isn't that the point ?

Re:Pointless article.

[DaveHowe]

One point that does occur to me - they claim to have made a patent application - so why not link to that application in the article? I thought the us patent office were online these days?

Re:Pointless article.

[SirSlud]

It is.

Hmm ...

[B3ryllium]

What happens when you need to break the encryption?

Do you call in The Tick?

Freakazoid?

The Brain?

Who knows ... ;-)

Unbreakable encryption?

[BlueWonder]

An unlikely combination of interests -- cartoons and math -- has inspired a sophomore at the University of Dayton to develop a new, and potentially unbreakable, encryption technology.

There already is an unbreakable encryption: the One-Time Pad. Furthermore, it is mathematically provable that no unbreakable encryption can have a shorter key than the One-Time Pad. Since the One-Time Pad algorithm is already extremely simple and fast (XORing the key with the plaintext), I don't see a need for any other unbreakable encryption.

Re:Unbreakable encryption?

[DaveHowe]

OTP is a marvellous encryption system - low on cpu, unbreakable security, can be done by hand with less than ten minutes training.

Unfortunately, the large amount of non-reusable key data that is needed (equal in size to the data to be encrypted) means it is almost unusable; a major government could afford to hand courier a cd full of pad to a embassy; I doubt Amazon could afford to do the same to protect your CC details.

Btw, what is the mathematical proof of keylength? I would be interested to see that, as even a simple variant (compressing the plaintext then using OTP) requires less key data...

Re:Unbreakable encryption?

[BlueWonder]

Btw, what is the mathematical proof of keylength?

Very roughly, it goes like this: We define "unbreakable" as the following property: An eavesdropper cannot learn anything (except the length) by looking at the ciphertext, i.e. given a ciphertext, every plaintext of the same length is equally probable. This property can only hold if there are at least as many keys as possible plaintexts, therefore the key cannot be shorter than the plaintext.

I would be interested to see that, as even a simple variant (compressing the plaintext then using OTP) requires less key data...

This case, the compressed plaintext counts as the plaintext. :)

Re:Unbreakable encryption?

[DaveHowe]

To a large extent, it *is* the data amount in the otp. a system that required you to transport one cd's worth of data to a remote subsiduary *once* in the entire lifetime of the system would be practical; you could send a staff member in person with one install disk for the software, and one data disk for the keys

however, a VPN system relying on CDs with keydata on them would probably eat a cd a day just on routing and housekeeping data, never mind actual traffic.

Re:Unbreakable encryption?

[DaveHowe]

That's nice enough in theory; however, it is possible to imagine systems that don't require a 1:1 correspondence between key and data length to acquire this property. The simplest example would be to exploit the entropy within data already encoded to generate additional keydata. Given (say) a 2K block of compressed data, you could hash the first K of data to give a single byte; adding this to the keydata for the second K would allow you to reliably and unbreakably encode the second K with 1023 bytes of truely random keydata.

Re:Unbreakable encryption?

[DaveHowe]

Yes, but then you have some information on what the original text could have been, as it should be a valid [insert compression program] file
True enough; however, this won't give you any sort of a handle on what the original data was (although it will give you an idea of how much entropy was in the data, if you have any idea how big it should be decompressed). It will give you a good chance of a little keydata (particlarly if the file has a fixed-text header after compression) but as keydata is never reused, that isn't a vunerability.

Re:Unbreakable encryption?

[Proaxiom]

I would suggest you find a book on Information Theory. It's an interesting subject, and very relevant to cryptographic theory. The proof of minimum key length relies exactly on the relationship between the entropy of the plaintext and the entropy of the key.

The simplest example would be to exploit the entropy within data already encoded to generate additional keydata.

Once you do this, your scheme is now breakable.

Keep in mind that a legitimate attack is an exhaustive search of the key space. If there are fewer possible keys than possible plaintexts, then for a given ciphertext the attacker can figure out a range of candidate plaintexts that is smaller than all possible plaintexts. That means the attacker has gained information.

Re:Unbreakable encryption?

[BlueWonder]

Such a scheme may well be good enough in pratice, however you can no longer prove mathematically that it is unbreakable.

An attacker with enough resources could encrypt all possible 2048 byte paintexts with all possible 2047 byte keys. For some of the 2^2048 plaintexts, it will not be possbile to generate the given ciphertext with any of the 2^2047 keys. The attacker can rule these out as possible plaintexts. No longer are all possible plaintexts equally probable -- therefore, it's not unbreakable in the sense defined in my previous posting.

Re:Unbreakable encryption?

[Jerf]

"It seems to me"

Famous last words in the field of cryptography.

Re:Unbreakable encryption?

[BlueWonder]

I won't discuss if it compromises security, since I'm too lazy to define mathematically what compromised security means. :) But one thing is for sure: such a scheme is not information theoretically unbreakable. Please see my posting elsewhere in this thread for a more elaborate explanation.

Re:Unbreakable encryption?

[BlueWonder]

I'll agree that one time pads are the only true secure form of cryptography, but that is still not reason enough not to develop more/better algorithms which are more effective in other areas.

Any truly unbreakable cipher (in the information theoretical sense) needs a random key at least as long as the plaintext. This is provable. Therefore, no information theoretically unbreakable cipher can exist which is more effective than the One-Time Pad.

If it is more effective, it is not unbreakable. Of course, this says nothing about usefulness. In fact, effective but breakable ciphers are more useful than unbreakable ciphers in almost all cases.

Re:Unbreakable encryption?

[DaveHowe]

Keep in mind that a legitimate attack is an exhaustive search of the key space. If there are fewer possible keys than possible plaintexts, then for a given ciphertext the attacker can figure out a range of candidate plaintexts that is smaller than all possible plaintexts. That means the attacker has gained information.
This is true - I should have thought it though more. I will surrender on this one before I look a bigger fool than I do now :)

Re:Unbreakable encryption?

[DaveHowe]

By definition, it no longer gives you any info at all about the original message - not even its length :)

Re:Unbreakable encryption?

[DaveHowe]

Ok, I call uncle on this one too :)

Not Using Animation to encrypt

[nairnr]

Maybe it is just me, but I think the poster is a little bit confused. It is not that animation is being used in encryption, but rather he was inspired by the crowd scene in Hunchback, where the characters movements were essential being controlled by random numbers to create a lively and chaotic look to it.

The article then states that the thought was to use random data in an encryption algorythm to make it unbreakable. So I don't think that we will be seeing messages passed around the the next Disney flick...

Re:Not Using Animation to encrypt

[SuiteSisterMary]

Sure, why not? It's neither encryption nor stego, but it's a great way to leave general instructions.

"In the scene where the guy on stilts kicks some guards in the crotch, count how many guards get kicked. ONE guard means attack on Monday. TWO means attack on Tuesday. THREE means attack on Thursday. FOUR means attack on Friday. FIVE or MORE means attack at your own discretion."

Once you've got an innocuous set of actions and indicators listed, you can throw up a 'student project' with something specific in the title, and live secure in the knowledge that your agents can safely view it, and act upon it.

This is similar to the telltales used by intelligence officers everywhere to send and recieve messages to and from their agents. "If I'm carrying the newspaper folded up in a certain way, the meet is on. If I drop it, it means the meet is off. If I'm carrying it folded a different way, it means get to your bolt hole and leave the country."

Real Work

[JohnHegarty]

" He hopes to sell the technology to computer companies, banks, government agencies, and other organizations that could use a secure code."

Am i the only one who can't see many / any real world applications for this.

Do I understand correclty?

[gfilion]

Working with stick men in animation, Mr. Kauffman wanted to improve upon those techniques, assigning more numbers to more body parts and actions.

While studying number generators for the cartoon project, he found references to mathematicians and computer scientists who had theorized that the technique could be used in encryption technology [...]

"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father.

If I understand it correctly, Alice sends a cartoon to Bob. Bob knows which features to looks for (for example the head and feets) -- that's the secret key -- and can then reconstruct the message by analysing the movements of these features.

Not too dumb, but it looks more like steganography than cryptography.

GFK's

unbreakable? right....

[KillerCow]

new, and potentially unbreakable, encryption technology

Unbreakable? Sounds like snake oil already...

An idea dawned on him for a unique way to use random numbers in a math equation to encrypt data.
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it,"

This is ridiculous. Some stream ciphers use random number generators for their encryptions. The problem is, that since the "random" numbers come from a random number generation algorithm, they are not random -- they just appear to be. When they are subject to analysis, patterns are found, and the whole system is compromised. The security lies in how hard it is to predict the "random" numbers.

Jason Kauffman is going to continue plugging away at his mechanical-engineering degree.

That's a good idea, since this sounds like the junk "unbreakable" encryption that comes around every few years. If he's interested in encryption, he should take some advanced math classes to get a better foundation to work from. And pick up a copy of Applied Crytography.

Sorry about the rant... but this kind of thing gets me going.

New Patented Idea

[mborland]

I can't disclose the details of my new patented idea for what I know is an unbreakable encryption algorithm, but I will describe my research.

I was sitting outside and saw all the blades of grass swaying in the wind before me. I noticed how some were shorter than others, and that they actually didn't all have the exact same color. I thought if I assigned a number to each of these and several other characteristics, I'd be well on my way to unbreakable encryption.

My dad used to be a pretty famous rodeo clown in the 60s and an alumnus of the college I'm attending, so when I approached the board of trustees for approval for my research, they were ecstatic! They gave me $20,000 to conduct my research. Now I will be busy all summer observing the grass swaying in the wind. I plan to have a prototype ready at some point, I hope.

unimpressive

[frovingslosh]

Too many times someone without a good background in this area thinks they have done something impressive, when they have really left wide open holes. Clearly we are not being given enough information here to prove this is the case, but the important thing is that we are not being given enough information to evaluate it either way. The article makes some vague claims but they are pretty lame:

"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father. Robert Kauffman formed a partnership with his son and the university to patent the idea. The Kauffmans are reluctant to go into more detail about the idea because it's in the patenting process.

Cryptography based on a hacker "not knowing" something can be in for quite a surprise. And there is not even a hint here that this technique is based on a mathematically sound formula that is "hard" to solve. Perhaps this guy is on to something, but this attempt to talk about it but at the same time claim they can't talk about it yet leads me to believe this is more of an exercise in hype or ego than anything scientific. Cartoon cryptography might turn out to be a fitting term for it.

Re:unimpressive

[Proaxiom]

Cryptography based on a hacker "not knowing" something can be in for quite a surprise.

All cryptography is based on an attacker "not knowing" something. This 'something' is conventionally referred to as the 'key'.

If you are alluding to Kerkhoff's Principle, then it is really about defining what makes a good key and what makes a bad key.

Too many times someone without a good background in this area thinks they have done something impressive

This is true, and I have small doubt this guy's idea will amount to nothing. I would add that many times people with good backgrounds in this area think they have done something impressive and later find a flaw. Good cryptography is really really hard.

Of course, occasionally you get your Diffies, Hellmans, and Merckles who come up with relatively straightforward ideas that really are good, and really are significant. Even Rivest, Shamir and Adleman weren't experts in cryptography; they were number theorists who realized integer factorization would make a good trap-door one-way function.

Re:unimpressive

[westfirst]

Diffies, Hellmans, and Merckles...

First, it's Ralph Merkle. Second, the scheme he invented with Martin Hellman was broken. It looked cool at the time, but someone came up with a neat way to break it. So things come to naught even with the best prepartions and reputation.

Re:Computer != true randomness

[Antity]

How does he generate his randow numbers?

A computer can do pseudo randomness... but since it's not truly random there are ways to detect periodic repetitions and thus find the missing key to decrypt the message...

What you mean is probably: "Computers cannot generate true random numbers in software".

Germanium diodes are said to generate real random, chaotic electron flows if used in blocking direction.

One usually uses a Germanium diode, places an A/D converter past it and calls it "hardware random number generator".

That said, scientists still aren't sure whether there is such a thing like "true random numbers" at all. Create your own universe and maybe you will be able to predict any "random" number that beings within this universe try to create.

Cool...

[parad0x01]

So now I can encrypt animated pr0n in japanese anime...oh wait...

Re: At last I understand those Simpsons cartoons!

[Antity]

When they all leap onto the sofa at the start of the episode it truly means something.

Now if only I could get a look at the decode manual . . .

Homer's hair. Nuff said.

And whenever they need to send a burst of data, there always is some reason to show Homer in the 60s in the storyline, right? ;-)

Let me get my smart-ass remarks in

[scott1853]

Like his encryption technology, his studies have been inspired by Disneyland; he wants to use his degree to design roller coasters and other amusement-park rides.

A few points here:

It looks like he's already working on taking people for rides.

At my next development meeting should I recommend we watch the Little Mermaid for inspiration on database design?

Re:You're right, there's no reason for alternative

[BlueWonder]

Since any truly unbreakable encryption scheme has to use keys at least as long as the One-Time-Pad, I do in fact consider the problem of unbreakable encryption solved. No need for further research.

Of course, there's a lot of need for research into ciphers which are not mathematically provable to be unbreakable, but are more practical than the One-Time Pad. :)

Math and animation

[dstone]

From the article reporter: "An unlikely combination of interests -- cartoons and math"

Um. Has this guy never met a math or science student before?!

More Details - His Abstract

[Cryptosporidium]

This is a direct quote from his science fair project abstract:

The purpose of this project was to create unbreakable cryptography employing a random number generator for personal and business use on the Internet or for internal communications and data storage. A literature search found that currently used methods have computational security (DES, Public Key) and that only cryptography with "one-time pad" encryption and random keys has unconditional security. The hypothesis for this project was that unconditional cryptography is possible if the random number generator has perfect probability and is mathematically random. A wide range of random number generators (computer built-ins and from the literature) were tested for randomness, speed, range of seed numbers, simplicity, and period length. Randomness was tested for frequency patterns using the chi-square test method.

The best random number generator (from literature) was combined with a shift cipher to produce cryptography that is simple to implement, suitable for personal or networked computers, and has unconditional security. The method uses one time, random keys and modulus arithmetic to make the cipher one-way and unbreakable. Disks containing a large array coordinates of the seed used to generate the one-time, random key can be transmitted publicly. The developed cryptography would be suitable for personal use, business sensitive messages and data, and top-secret military communications.

Re:More Details - His Abstract

[Proaxiom]

I hope you getted modded up higher than 3. If he wrote that abstract then he really has no idea what he's doing.

And presumably, his school has no idea what he's talking about.

to make the cipher one-way and unbreakable

This would be interesting. A one-way cipher? Cryptography actually is very easy when you remove the requirement of being able to decrypt the ciphertext.

Re:More Details - His Abstract

[Jerf]

Cryptography actually is very easy when you remove the requirement of being able to decrypt the ciphertext.

Hey, thanks, I think I just figured out what my Master's thesis will be... ;-) "On Cryptographically Secure Write-Once, Read-Never Memory And Its Application To Buzzword-Compliant Technologies."

(disclaimer: I am not specifically a cryptographic researcher as that statement may imply. Just a regular ole' comp. sci. master's student who understand math well enough to trust the crypto researchers over a poorly-prepared teenager any day, no matter how romatic it might be to think that the teen has actually come up with something valuable...)

Re:More Details - His Abstract

[DaveHowe]

The basic unit of DES is a one-way cypher...

Re:More Details - His Abstract

[BlueWonder]

The hypothesis for this project was that unconditional cryptography is possible if the random number generator has perfect probability and is mathematically random.

If by "unconditional cryptography" he means information theoretical security, this hypothesis is provably wrong. Otherwise, I'd like to know what advantage his scheme offers with respect to (e.g.) the Blum-Blum-Schub generator.

Re:More Details - His Abstract

[God!+Awful]

Where is it described as such? In crypto, 'one-way' means 'irreversible' or at least 'computationally irreversible'.

The basic security of DES derives from a progression of pseudorandom numbers which are XORed with the plaintext (or portions thereof). The derivation of these pseudorandom numbers is a one way operation, even though the actual encryption is not.

The only time I have seen the term 'one-way cipher' used is in referring to hash functions.

RSA encryption is sometimes called a one-way trapdoor cipher.

-a

Re:More Details - His Abstract

[DaveHowe]

Its part of the definition of DES.
put simply:

1. split data in half (a and b)
2. do a one-way operation on a
3. xor with b
4. pass a xor b to the next stage as "a", pass a to the next stage as "b"

to reverse, you

1. take a (which is passed forward) and perform the same one-way operation again
2. xor with the previous result to get b.

obviously, for a single pass this is insecure, but after over a dozen, it becomes impossible to reverse without knowing just what the one-way operation was - which of course is key-dependent.

Re:More Details - His Abstract

[swillden]

Where is [the basic unit of DES] described as [a one-way cypher]? In crypto, 'one-way' means 'irreversible' or at least 'computationally irreversible'. The only time I have seen the term 'one-way cipher' used is in referring to hash functions.

DES is one of a class of algorithms known as Feistel networks, invented by Horst Feistel in the early 70s. Feistel noticed that he could take any "round function", invertible or not, and create an invertible function from it.

The idea's pretty simple, really (as most really good ideas are). To make an n-bit block cipher from an n/2-bit function f (preferably one-way), just take your n-bit data block and divide it in half. Call the halves L_0 and R_0 (L and R are for Left and Right, and the 0s should clue you in that we're going to repeat this a few times). Then, let:

L_1 = R_0

R_1 = L_0 XOR f(R_0)

Or more, generally,

L_i = R_(i-1)

R_i = L_(i-1) XOR f(R_(i-1))

To really make this a cipher, of course, f should be a keyed function and generally (like in DES) different keys are used for each round (well, different subkeys).

The cool thing about Feistel networks is they are guaranteed to be invertible. To "decrypt", just execute the same process, using the reversed halves of the ciphertext as the input and running through the keys in the opposite order from that used to encrypt.

As an example to give you a hint why it works, consider the final round of DES encryption:

(eq. 1) L_15 = R_14

(eq. 2) R_15 = L_14 XOR f(R_14, K_15)

(K_15 is the final subkey, in case that's not obvious). The ciphertext is then L_15||R_15 (ignoring the whitening phase, which is reversible and hence ignorable).

So, what happens if we reverse L_15 and R_15 and feed them back in, starting with the last subkey? The calculation is:

L = L_15

R = R_15 XOR f(L_15, K_15)

Well, notice that since L_15 = R_14 (eq. 1), we can substitute the first argument to f, giving:

R = R_15 XOR f(R_14, K_15)

Now if we substitute right-hand side of eq. 2 for R_15, this is:

R = L_14 XOR f(R_14, K_15) XOR f(R_14, K_15)

Given the nifty properties of XOR that 'a XOR a = 0', and 'b XOR 0 = b', the results of f cancel each other out, leaving:

R = L_14

So we have "reversed out" the effects of f, without having to invert f. And since L = L_15 = R_14 (by eq. 1 again), we have recovered L_14 and R_14 and reversed the final round of the encryption. Do it 15 more times and you have the plaintext (again, ignoring whitening).

Of course, none of this in any way implies that the guy mentioned in the original article has or has not done anything worthwhile.

Re:Computer != true randomness

[Toshito]

You are correct, but I must say that the Germanium diode you are talking about must be considered as an external source of randomness, since it's not something normally found in a computer.

What I meant to say is that in today's personal computers, there is nothing truely random.

Video poker machines have been exploited because the random numbers they generates tend to repeat. When you sample those numbers over a couple of weeks, you can see patterns emerging from those numbers. If you can find a formula or method that duplicates theses patterns, you have a way to predict the "random" numbers that the machine will generate.

Google?

[DaveHowe]

A quick websearch threw up the occasional highlight:

Jason finds way to recycle used oil
gives a more technical view of the current discovery (its a prng by the way)

Re:Google?

[mborland]

I'm glad that his dad supports him in his scientific endeavors...but...his dad is in every article posted about him...interesting.

His dad is most likely very intelligent, but a bit of a spin-meister:

"Jason is so far outside of the box with his thinking that he can't find the box..."

Puleeze!

Good luck with the research...but there are a number of PRNGs out there already. Sounds like Jr. has learned a thing or two about how to spin a story from his dad...

Re:You're right, there's no reason for alternative

[NortWind]

Two problems with one-time pads:
1) Generating the pad initially, and
2) exchanging the pad.

1) Generating the one-time pad is easy with a hardware noise generator such as an avalanche diode. Marx makes a USB dongle that has a true white noise generator. Just pump the noise into a file, walla!

2) Exchanging pads is not needed, as the one-time pad can be used in a symetric scheme, just a simple XOR will do fine. You only have to transfer the pad one way. Unfortunately, that is a problem that has no good solution.

two words: SNAKE OIL

[Dr.+Awktagon]

Yup, all the tell-tale signs are there:

• claims that it's potentially "unbreakable"
• hasn't spent much of his academic career breaking other people's cryptography
• uses the clout of his dad to get funding
• and of course, he's patenting it, which means it won't be of any use to anyone.

My guess is, he found some "smooth noise" generator and thought that it would make a good source of "random numbers", used, e.g., as a key schedule algorithm, and as soon as the patent is published (which it will be, thanks to the dumb patent office), it will be broken (it probably has a short "key" to set initial conditions, which will be easy to break) and this guy will be forgotten.

Though the cartoon connection is kinda cute and might get some press attention.

Next?

Re:two words: SNAKE OIL

[Animats]

Yup, that's it. It isn't even a original bad idea.

There's lots of work to be done on encryption algorithms. A system based on an algorithm with a provable lower bound on solution time would be helpful. Some popular algorithms have "bad keys" that are easier to crack than the average key. A reliable way to detect man-in-the-middle attacks automatically would be useful. Systems that synch up fast on noisy channels would help.

But another scheme based on a psuedorandom number generator isn't useful.

"No new encryption algorithm is worth looking at unless it comes from someone who has already broken a very hard one" - Friedman

Snake Oil

[Jerf]

Assuming this abstract is complete and correct, then it provides us enough information to know that his encryption technique is more snake oil.

Specifically, we have the unbreakable claim warning sign, and even more specifically, this is almost certainly one of the one -time pad errors:

The bits in the pad cannot be generated by an algorithm or cipher. They must be truly random, using a real random source such as specialized hardware, radioactive decay timings, etc. Some snake oil vendors will try to dance around this issue, and talk about functions they perform on the bit stream, things they do with the bit stream vs. the plaintext, or something similar. But this still doesn't change the fact that anything that doesn't use real random bits is not an OTP. The important part of an OTP is the source of the bits, not what one does with them.

There's also the technobabble, secret algorithms, and revolutionary breakthrough warning signs.

I hope they enjoy the $20,000 patent, 'cause it's not worth the paper it's printed on.

Re:Snake Oil

[DaveHowe]

Not necessarily - I am told a *lot* of military field-crypto is basically a prng stream cypher. There were an extended series of arguments in [pgp-users] between Larry Randall (a supporter of prng stream crypto in hardware) and pgp enthusiasts - check the archives around april.

Re:Snake Oil

[God!+Awful]

The bits in the pad cannot be generated by an algorithm or cipher. They must be truly random, using a real random source such as specialized hardware, radioactive decay timings, etc

This is one of the axioms used in proving that a one-time pad is "perfectly secure". If you don't use truly random numbers, there is no reason why your algorithm can't be secure; it just doesn't really deserve to be called "theoretically unbreakable".

We already have ciphers which are based on algorithm-generated "one time pads." They are called stream ciphers. A stream cipher is simply a long string of pseudo-random data (derived from a shared key) which is XOR'ed with the text. It sounds like this kid has just invented a new kind of stream cipher.

Stream ciphers are faster than block ciphers but they are less widely used because they also tend to be less secure. Block ciphers are less susceptible to attacks because the per-round encryption keys are data-dependent. Who knows -- maybe this kid has invented the best stream cipher in the world (but I doubt it).

I hope they enjoy the $20,000 patent, 'cause it's not worth the paper it's printed on.

You're right, but perhaps for the wrong reason. The patent is worthless because there are numerous free alternatives. Encryption inventors think a lot like open source advocates. Give away your algorithm for free and use your newfound fame to sell your books, network monitoring services, etc (e.g. Bruce Schneier).

-a

Stupid encryption tricks.

[Nindalf]

Check out One Time Deck: the world's most wasteful encryption scheme. The key size (in expressible values) grows with the factorial of the message size (also in expressible values, not bits).

Basically, your key is the equivalent of a randomly shuffled deck of cards with each possible messages written on a card. Your ciphertext tells where to cut the deck to find the card with your message on it. Each deck is used for only one message, then destroyed. Hence the name.

It has the interesting property that if you don't have the deck, even if you know the plaintext exactly, any changes to the ciphertext will result in a completely random plaintext (except that it's not the same).

Kickass!

[unformed]

Anyways, since you don't want to become bored while watching the grass, i've got some green "equipment" you might find handy. My pager number is .... oh fuck, the Feds........

and what do you do for a living again?

[Tablizer]

I have this vision of an FBI agent watching tons and tons of porn in his cubicle. The boss comes by and starts scolding him. He then says:

"Please calm down. It is possible to hide secret messages in images now. Here is a printout of a slashdot article about it. I am just looking for hidden terrorist messages in this porn found on Al-Quida PC's. I think her breasts are jiggling to a descernable pattern, so I am trying to plot the jiggle pattern here."

Boss: "Then why are you sweating like that?"

Good one!

[ImaLamer]

And I heard if you watch the Lion King with special "bin Ladin" glasses you can see the Twin Towers falling as soon as Simba watches his father die.

Snow White was used to plan the attacks....

Sheesh

Re:No such thing as unbreakable encryption

[BlueWonder]

I should probably have been more specific in my original posting. By unbreakable I mean information theoretically secure, a mathematically well-defined property which is in fact achievable and achieved by the One-Time Pad. I have given a rough definition here.

Re:Computer != true randomness

[mesocyclone]

Even hardware random generators are prone to bias. For example, the germanium diode might generate more 1's than 0's. That knowledge alone may be enough to break messages. Thus it is not trivial to even create one time pads... they source of THAT data must also be random.

Another example... use the time between radioactive decay detects. This is theoretically random from quantum physics.... BUT.... there may be artifacts. For example, there will be a minimum time resolution of your detector. It may have hysteresis or dead times after a particle is detected.

As has been shown many times, cryptography isn't for the faint of heart. It also isn't for the foolish, like this kid's father.

Utter nonsense.

[Nindalf]

It may be little information, but mathematically enought to say it's no longer unbreakable.

You might as well claim the same thing if the attacker knows that the plaintext is sensible ASCII-encoded English. That the attacker knows the character of the plaintext (and therefore has a wealth of statistical information about the plaintext) is one of the fundamental assumptions of cryptography.

The perfect secrecy of OTP is based on the secrecy and randomness of the key alone, it doesn't require an obscure or disordered encoding of the plaintext. Knowing some key bits gives you no clue about the value of other key bits.

Of course you must account for the information that can be inferred from the length of the ciphertext (and pad your plaintext to avoid any information leak). This problem is no greater or worse for compressed plaintexts than uncompressed ones.

Actually...

[Nindalf]

It seems to me like having the first and last number the same doesn't compromise the security of the message one bit!

It compromises the security of the message exactly one bit (assuming that it's binary OTP). If the first and last bits of the ciphertext are the same, then you know that the first and last bits of the plaintext are the same, and vice versa. You gain one bit of information about it, and cut the number of possible plaintexts in half.

Cryptanalysis is based on statistical data. The attacker presumably can make reasonable guesses about the contents. So if they can guess the first bit with 70% probability, they also know the last bit with 70% certainty.

Anyone Know His Dorm Number?

[SiMac]

This kid could really use a copy of "RSA Laboratories' Frequently Asked Questions About Today's Cryptography" or "Applied Cryptography" or even "PGP DH vs. RSA FAQ". At the University of Dayton page on this discovery (https://alumni.udayton.edu/np_story.asp?storyID=7 84), he says that Triple-DES could be easily broken.

That is complete B.S.

Triple-DES is a 112-bit algorithm, and perhaps even stronger that Rjindael (AES), since it's been subjected to rigorous cryptanalysis for many, many years.

It seems as if the encryption technology might be secure, but without any information on it, I am very skeptical.

Re:True....

[mpe]

Yeah. I'm also confused why anyone would want a "personalized" crypto algorithm in the first place.

It's a very effective way to get something which isn't very secure. Since the process may modify how the program works.

Re:Computer != true randomness

[karlm]

Correct. Also don't forget that Linux et. al constantly gather entropy from your mouse movements, network traffic, HD seek times (influenced by turbulence inside the drive, providing "true" randomness).

Try writing a program that takes several hundred MB from /dev/random. You'll find its runtime depends on how much mouse movement and other user input is going on. I once ran a random acess file system simulation for class. I went to dinenr and came back and the stupid thing was stuck. I later emailed the prof to let him know he should use /dev/urandom instead of /dev/random if he's not hyper sensitive about the entropy content and needs time-critical random data.

Off hand, what PRNG does the Linux /dev/urandom use when it exhausts the entropy pool? My best bet is that OpenBSD uses Yarrow, but all bets are off with Linux.