Slashdot Mirror
Totally Random One Time Pads
liliafan writes "Scientists in Japan have come up with a way of harnessing a truly random datasource for generating one time encryption pads: Quasars. One time encryption pads are widely accepted as being the most secure form of encryption, but this new technology from the National Institute of Information and Communications Technology makes the pads even more secure."
The summary for this article is a little misleading. One time pads aren't new, and good sources of natural randomness aren't new either.
The interesting part of this article is the fact that quasars could be used as a natural source of randomness for one time pads, yet can be accessed by both parties simultaneously. The historical problem with one time pads (and the reason they're rarely used in practice) is that it's a huge pain to distibute sufficient random data to all parties involved in a communication. Being able to use a natural source of randomness that's available to everyone at once would be a major increase in the usability of one time pads.
You forgot that the LcYxkN (who live in the disc, at a 90-degree angle from the jet of 3C273, and who escaped the blast) have developed faster-than-light communication.
How does this increase security? It's not like quasars are private property. Anyone can look at 'em...
How is this more secure than one-time pads? Whereas only the two parties involved have access to one-time pads, everyone has access to quasar radiation. The two users still have to tell eachother where to look and when, and that information is all someone would need to crack the message. The only way it could be more secure is if the coordinates are only available on one-time pads, in which case you're basically saying that code breakers have to go out and buy an antenna....
One Time Pads may be the most secure form of encryption, but they are *not* the most secure way to protect your secrets.
Time and time again, security breaks down because of the way people treat their keys, not because the encryption algorithm is week.
With a one time pad, you need to keep a copy of the pad with everyone who wants access to the data. Compare that to Public Key Crypto where you can keep your private key in one secure spot and distribute your public key widely.
Or how about session keys (Diffie Hellman for example)... single use keys that only you and your partner have access to. How good is that! And you don't need to transfer and secure your OTP to use them!
If the party trying to decrypt your message knows that your "random" data comes from a quasar, they could just monitor the quasar themselves and crack the data pretty quickly (faster than brute force). Cryptography relies on the random data being secret, and this isn't secret at all unless your trying to hide your conversation from someone whose planet can't view the quasar you're using.
"O'Connor, smash the window." "Why me, Bigboote?" "It might be boobie-trapped!" "Oh!"<smash> -Buckaroo Banzai
OK, even if the keyspace is pretty large, what you have now is a symmetrical cipher. You still have to distribute that key securely.
If the two communicating parties have to agee on a particular time to start observing they need to synchronize their clocks. The most practical approach is GPS. Figure 10-100 nanoseconds of timing resolution. If an adversary can guess to within three years when you started observing, there are 1E15 to 1E16 possible starting times. There's 50 bits, if there are a thousand QSO's we add 10 bits, so they've got the equivalent of a 60-bit private key.
Worse, this scheme doesn't let you get forward secrecy. In a conventional one-time pad you destroy the keying material after you use it. What are these people going to do, destroy quasars retroactively? Copyright QSO recordings and stage DMCA raids periodically?
Worse yet, someone pointed out (who? I want to give you credit) that an active adversary could trivially inject fake signals into your radio telescopes and control the contents of your one time pad.
The keyspace offered by a million quasars, 5000 possible frequencies, and an almost arbitrarily fine time sampling is pretty vast.
The point is how do you get those parameters to the other party secretly? This is the same problem as giving them a one-time pad generated any random way. I think the point is that you can get randomness but the previous problem will always exist.
why run from Vincenzo?
I start monitoring as many quasars as I can the moment I intercept the key message. That way, when I finally decode the key message I can also read the actual message. The secrecy of your message then depends on whether my choices of quasars get lucky, which is not nearly as good as a real one-time pad.
It's not truly random - it is subject to statistical analysis and the physical constraints of the resistor. Implement that avalanche breakdown wrong and that introduces a weakness. Show me or any mathematician 'appropriate whitening' - if you can appropriately whiten a random set, it's not truly random, now is it?
All algorithmic approaches to generating true randomness are fundamentally wrongdoing.
The question is, is a jittery thermal source in our backyard more or less random, more or less signatory, than one that occurred billions of years ago?
The idea of making a one time pad out of a universally available information resource just seems real silly. It may be the easiest, highest volume, highest quality source of random data, but we have already in the past see ideas like large key space and computational complexity fall to one advance or another. It strikes me that even if there are 80,000 sources in the sky, that can be narrowed down quite a bit if you just look at the direction they are pointing their radio telescopes. Or are they using some secret hidden radio telescopes to capture quasar data? There may be some small ones but I think most are really, really big. You could probably tell the angle they are pointed at from a satellite. Also, if this encryption method gets used a lot you have to expect that more information about the route the data takes gets known. It seems to me there are a more limited number of radio telescopes with this system installed than there are say labs with a more traditional random data generator.
Yep, pretty much.
I actually thought that they were talking about using the data from quasars to generate one-time pads, which would then be distributed by conventional means. I didn't think they were actually proposing having two separate people observe the same quasar, to produce the "one-time" pad simultaneously. Unless you had a quasar that you knew nobody else knew about, and definitely wasn't monitoring, it seems like a pretty bad idea. Especially if the people you're trying to conceal information from have more resources than you do.
In short, I think it's actually a pretty dumb idea; its forward security depends entirely on the assumption that somebody, someplace, wasn't out there, recording the same quasar that you used to generate your pad. And given the rather finite (to my knowledge) number of visible/recievable quasars, it seems like a poor assumption to make. Certainly I wouldn't want to bet my life on it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Hmmm. Generate a random integer between 1 and 3 inclusive.
This must be done with a finite number of coin tosses.
The probability of each integer occuring must be equal.