#trilema | 2018-12-23

00:11

the more i think about this whole serpent business, the more it becomes evident that the ~only~ way to have a cipher (not encryption, ie, asym keys, but enciphering, ie, simmetric keys) stronger than serpent is to ~mix rng bits~. ie, the weakest cipher is the one where len(E) = len(P), and they're all equally week, and 1 serpent worth. to go stronger, you must have something that has len(E) = a len(P) + b sorta thing. the key

00:11

mircea_popescu

schedule will then not merely "mix" the P bits but also explain how to separate the R bits out of E.

~ 19 minutes ~

00:31

00:11	mircea_popescu	the more i think about this whole serpent business, the more it becomes evident that the ~only~ way to have a cipher (not encryption, ie, asym keys, but enciphering, ie, simmetric keys) stronger than serpent is to ~mix rng bits~. ie, the weakest cipher is the one where len(E) = len(P), and they're all equally week, and 1 serpent worth. to go stronger, you must have something that has len(E) = a len(P) + b sorta thing. the key
00:11	mircea_popescu	schedule will then not merely "mix" the P bits but also explain how to separate the R bits out of E.
		~ 19 minutes ~
00:31	asciilifeform	mircea_popescu: we had thread, i suggested several algos for specifically this
00:32	asciilifeform	will dig it up after sleep
		~ 42 minutes ~
01:14	mircea_popescu	aha.
		~ 2 hours 18 minutes ~
03:33	diana_coman	mircea_popescu, re ((123)) comments my plugin at least requires a space i.e. (( 123))
03:43	mircea_popescu	afaik it's space before so " ((" rather than simply "(("
		~ 6 hours 14 minutes ~
09:57	mircea_popescu	in other news, there's apparently such a place as humble, texas.
		~ 45 minutes ~
10:43	feedbot	http://trilema.com/2018/the-lesbian-in-winter/ << Trilema -- The lesbian in Winter.
10:45	asciilifeform	mircea_popescu: re the ciphers : it's the item asciilifeform regularly comes back to, iirc most recently in http://btcbase.org/log/2017-11-22#1742198 , http://btcbase.org/log/2017-02-14#1613906 , but also we did the luby variant of same, and iirc earliest discussion was the http://btcbase.org/log/2016-12-24#1589881 thing ( and mircea_popescu's various extensions of subj )
10:45	a111	Logged on 2017-11-22 21:45 asciilifeform: anyway for 512bit key, you still keep the 128bit block. but each time you have incoming 128b plaintext, you shamir it rngistically into 512bits, i.e. 4 128b parcels that must be xor'd to reconstitute the original. each of these get ciphered with one of 4 independently-generated 128b keys.
10:45	a111	Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
10:45	a111	Logged on 2016-12-24 01:03 asciilifeform: picture the following 1-dimensional automaton, that eats bitstring in sets of 2bits, and : '10' -> 'tape step left' ; '01' -> 'tape step right' ; '11' -> invert bit at current square; '00' -> terminate.
10:45	mircea_popescu	i guess that makes two of us.
10:46	mircea_popescu	asciilifeform yeah, kinda in the vein of my algo hash thing. but honestly i'd prefer an algebraic form.
10:46	asciilifeform	it has strong smell of The Right Thing, but i cannot claim to have nailed down precisely how it oughta go, just yet.
10:47	asciilifeform	the simplest algebraic variant is shamir's split (which trivially nukes 'knownplaintextism'). but it introduces a usable relationship b/w plaintexts, which is The Wrong Thing, and is how i ended up with 'hmm automata?' etc
10:55	mircea_popescu	myeah.
10:57	mircea_popescu	i think basically the point here is to summarize what was found. and that's specifically that a) there's no meaningful discussion of "better" or "worse" ciphers worth having when by "cipher" one understands "mixing in 0 entropy".
10:57	mircea_popescu	this is the fundamental cost here : EITHER have asymmetric keys, or ELSE leak entropy.
10:57	mircea_popescu	the gods demand a sacrifice.
10:58	asciilifeform	per shannon, ~all~ methods other than otp (i.e. where key is shorter than payload) 'leak entropy'. the q is just how much, and how to even quantify.
10:59	mircea_popescu	kinda states differently ye olde "ciphers are not worth having when encryption's available". IF you have rng to piss out, might as well find some primes.
10:59	mircea_popescu	asciilifeform no, the question of what % of the "entropy" leaked was entropic. obviously from chtulhu's pov your message's just as delicious entropy as any other.
11:00	mircea_popescu	give him some messages you don't care about, is the idea.
11:03	asciilifeform	important not to confound the shannon bit with the practical. sending a dozen rsagrams, for instance, 'leaks' (in the sense where it is not difficult to derive) the public mod; which contains (again, from shannon pov, obv. nobody knows how to extract it trivially) the private.
11:06	asciilifeform	currently nobody's got algo that doesn't do this (aside from the degenerate case of otp.)
11:07	asciilifeform	near as i can tell, if there's been any movement on that front since 1940s, nobody's talking.
11:08	asciilifeform	!#s trapdoor
11:08	a111	20 results for "trapdoor", http://btcbase.org/log-search?q=trapdoor
11:08	asciilifeform	^ see also.
11:12	mircea_popescu	meanwhile over at the intelligent moron farms, http://p.bvulpes.com/pastes/TvslL/?raw=true
11:13	asciilifeform	( the mega-q, from asciilifeform's pov, is whether it is possible to make a bridge b/w shannon's result and the practical, i.e. to demonstrate a method where key is smaller than payload (i.e. not otp) but where the actual leakage of key bits per N message bits sent, can be ~quantified~ with upper bound. )
11:13	mircea_popescu	rather, where leakage of key bits can be ~geographically bound~.
11:14	mircea_popescu	if i get something like "only odd bits of key can be leaked" we've won.