Marcus Watts (mdw@umich.edu)
Wed, 13 Jan 1999 16:36:36 -0500
You wrote:
> Based on what you said (as far as I understood) I'll suggest now the
> replacement term 'a new stream encryption scheme intended to
> achieve as best as possible the functionality of an ideal OTP'.
> Does that satisfy all people who have sent in comments in matters
> of terminology? If no, please suggest better terms. If yes, please
> kindly use a text editor to do the replacement (i.e. change all
> occurences of 'pseudo-OTP' to the above term) in my original post
> and kindly soon contribute your discussions on the topic.
You're still using that dangerous emotionally laden word "OTP". Instead,
why not say:
'a new stream encryption scheme intended to
achieve as best as possible perfect secrecy'
You can then define what you mean by "perfect secrecy", or you can
crib someone else's definition.
In fact, this really should be even better. One of the most important
properties of an "ideal OTP" (OTP has a strict definition to mathematicians,
so the term "ideal" is meaningless) is that it has a really big key that
you can only use once. This is an essential part of its functionality,
but I suspect, it's not a part that you wish to duplicate. Another aspect
is that an "ideal OTP" is really fast. Since the only math involved is xor,
an "ideal OTP" would normally be I/O bound during all aspects of its
operation. In other responses you've made, you've indicated a perfectly
willingness to sacrifice speed for other considerations, particularly in
key setup time, and indeed, made this slowness a deliberate part of your
design - if it *were* as fast in key setup as an "ideal" OTP, your
security would be greatly weakened.
-Marcus Watts
UM ITD PD&D Umich Systems Group
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:03