In need of an EllipticCurve example (jdk1.5)

[Roedy Green]

Can't find a citation now, but basically they instructed secretaries to
just randomly punch keys on the typewriters. There were inherant patterns in
the typing which the Americans picked up and thus managed to crack all the
messages being sent without Russia being aware of it.

that would be very non-random. The low order bits of the microtimings
between keys is quite different matter.

 

[Oliver Wong]

If this message is transmitted in clear, how do you prevent Charlie
from intercepting the message and replacing it with his own?

Good point. I hadn't thought deeply about that one. The problem "goes
away" if we have reliable an authentic, but non-encrypted communication
medium.

An example of this situation is a bulletin board system with accounts.
Alice, Bob and Charlie all have accounts, and all messages posted on the
board are seen by everyone. Using this medium, is it possible for Alice and
Bob to have a private conversation? Yes, using the scheme described above.

More specifically, there are two mediums available to Alice, Bob and
Charlie. There's the authenticated and reliable BBS, but the problem with it
is that it's open. Then there's the quantum photon medium. The problem with
that one is that it can be intercepted.

So the idea is using these two base mediums, one can build a protocol
over it in which we add the feature of "private conversation" as part of our
"encryption stack".

I'll think about your question some more and see if I can come up with
an alternate solution (which uses simpler primitives), or perhaps someone
else will post a responce.

- Oliver

 

[James McGill]

that would be very non-random. The low order bits of the microtimings
between keys is quite different matter.

On the order of microseconds, you may be right. But I wouldn't be
surprised to find patterns on the order of milliseconds.

 

[Roedy Green]

On the order of microseconds, you may be right. But I wouldn't be
surprised to find patterns on the order of milliseconds.

I would think so. You would find people hitting certain key pairs
pretty well the same way each time. Let's say you type 200 wpm, that
is 2000 chars per minute or 33 cps. So that is only 30 ms per char.
Your inter char time would vary perhaps only between 25 and 35
milliseconds per char, not enough to give you the variation you want.
However a nanosecond timer or a tight loop counter should. It would
vary between 25000 and 35000 ns you discard the high order 7 bits or
xor them into the lower to give you one random byte.

In the version I wrote long ago I put in code to detect holding down
the repeat key. I may also have insisted you hit a different key each
time. If you worked at it, you probably could get non-random values,
e..g by warbling back and forth between two keys at a consistent
speed.

Radiocativity should be a lot cheaper than Mexican peasants for
generating one-time pads and more secure.

How could you crack it? Have your peasant smuggle in a typing device
you hide in your palm that hits key using a timing based on a linear
random number generator.

With all these schemes, you have to put on hats of attacker and
defender back and forth to guess just how much work the attacker would
have to go through.

Defenders tend to get in the mindset of improving an already
substantial defense, not appreciating that any attack will try to
bypass it.

I remember humilating a company that presented an encryption package
to our computer club claiming it would take x million years to crack
the code. I did it in a few minutes -- very simply. They did not
think to wipe the clear text temp files it created then "deleted".

 

[James McGill]

Let's say you type 200 wpm, that
is 2000 chars per minute or 33 cps.

If that only qualifies you for "peasant" status, why bother?

 

[Chris Uppal]

More specifically, there are two mediums available to Alice, Bob and
Charlie.

If they have two mediums available to them, then they should be able
communicate privately via the Spirit World. Or do you consider a
ghost-in-the-middle attack to be possible in this case ? (I'm not sure whether
contact with the spirits of the dead is self-authenticating).

Or did you mean "media" ?

;-)

BTW, I think your scheme still suffers from the problem that the adversary can
spoof the receiver (even an idealised BBS isn't self-authenticating). You
could get around that by transmitting more random bits than are necessary in
the initial exchange, and for Bob to include those (in clear) in his response
as an N-bit strong token of his legitimacy.

-- chris

 

[Scott Ellsworth]

It's been a while since I read about this so many details are long
gone. Are you saying that they reused the same page three, four, five
and even more times?

Yep. IIRC, the people that made the pages to be assembled into pads
generated several copies of some of the pages. These pages were then
put into various different pads.

While it is not as bad as completely re-using a whole pad (and thus a
whole series of messages having duplicate information), it does mean
that there were two, three, or more messages that had been duplicated
with exactly the same page.

Further, the trade traffic was not as secure as the diplo traffic, and
had much higher volume. This made it easier to examine and analyze the
duplicate pads on the trade traffic, and thus compromised those diplo
messages that used one of the duplicate pages.

Scott