Israeli Firm Claims Unbreakable Encryption

Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...

One Time Pad

[Overand]

One Time Pad is uncrackable... but the "key" is the same size as all the data you'll ever want to send... but DAMN it works. =]

Re:One Time Pad

[jtdubs]

Also of note:

You CAN NOT use the same pad more than once. Hence the name "One-time" pads. Here's why:

Here are two messages, encrypted with the same pad:

cyphertext1 = plaintext1 + one-time-pad
cyphertext2 = plaintext2 + one-time-pad

For short:

c1 = p1 + otp
c2 = p2 + otp

Now, I get ahold of both cyphertexts, and I suspect, or guess, that they were encrypted with the same key.

(c2 - c1) = (p2 + otp) - (p1 + otp)
(c2 - c1) = (p2 - p1)

So, now, the "enemy" has a new set of numbers, obtained by the subtraction of the two cyphertexts, and this result is also the subtraction of the two plaintexts as the one-time-pads cancelled out.

A message that is simply the difference between two plaintext messages is trivially crackable via statistical analysis.

Anyone who enjoys encryption theory and a good yarn should go pick up a copy of Neal Stephenson's Cryptonomicon. It is one of the best book I have ever read.

Justin Dubs

Re:One Time Pad

[lars_stefan_axelsson]

One solution is to use a universally accessible pad that's pre-agreed upon. Like, "download CNN.com at precisely 5:00am, convert it to binary, and use that."

That's a book cipher, and it's not a one time pad. There's a lot of structure in your pad material.

No, the problem is still the random source. If you have two sources that produce the same key stream they are not "random" in the sense that we mean. And if you distribute (broadcast) the pad, then you have the key distribution problem again.

Not to say that book ciphers cannot (and have not) been used to good effect. But one-time-pads they're not.

VME was broken

[eddy]

I haven't read the article (c'mon!) but I saw the mentions of VME, which...well... was broken.

It's snakeoil. Just marketing, no security. Move along. Nothing to see here.

Beware of David Irving

[Joe+Enduser]

This fpp.co.uk is David Irving's site. He is the guy who denies the holocaust. More on Mr.Irving: http://www.geocities.com/irving_challenger/

Snake oil since 1999

[ronys]

Professional cryptographer Bruce Schneier used these guys as the exemplar for "Pseudo-mathematical gobbledygook" in the February 1999 issue of his monthly crypto-gram newsletter:

"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.