Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Thu, 08 Apr 1999 10:19:32 +0200
mgraffam@idsi.net wrote:
>
> On Wed, 7 Apr 1999, Mok-Kong Shen wrote:
>
> > However, on p.21 of the Handbook by Menezes et al. one reads:
> <clipped for brevity>
>
> > Thus (1) the Vernam cipher is a stream cipher, (2) a Vernam cipher
> > does not necessarily have to do with the one-time pad. In my humble
> > understanding the majority of present day stream encoding is performed
> > at the bit level with XOR and is hence Vernam cipher.
>
> I agree with (1) .. a Vernam cipher IS a very special stream cipher.
>
> However.. I take issue with the idea that a Vernam cipher MUST use
> XOR, further a periodic key stream is a Vigenere cipher, not a Vernam.
You don't need to take the trouble to take issue here. The equation
I cited from Menezes et al. explicitly uses XOR. The definition
given by Menezes et al. doesn't go any far to specify the property
of the key stream, excepting that there are as many key bits as the
message bits. There might be a multitude of undesirable properties
of the key stream that you would like to avoid in applications, but
that belongs properly to an entirely separate discussion of key
stream generation itself and not to the definition of the Vernam
cipher, which simply consists of the (simple but ingenious) idea of
combining the message bits with an equal number of key bits with XOR
(and nothing more). I am therefore of the opinion that the treatment
by Menezes et al. is the single correct treatment of the topic in
question. If you do think that the definition of Vernam cipher
I cited needs modification/extension, I suggest that you submit your
arguments to the authors of the Handbook.
>
> A one-time pad is no less a one-time pad if it uses simple addition
> instead of XOR. It works the same way, and has all of the same
> properties, strengths and flaws.. with the one exception that one needs
> subtraction to decrypt.
>
> I therefore take exception with (2) in Handbook of Applied Cryptography.
For bitwise operation (opeartion on pairs of corresponding bits),
which is by definition the operation used in the Vernam cipher, XOR
is IDENTICAL to addition or subtraction. That is, XOR is the
same as modular addition or subtraction. This is well-known.
You can very trivially verify this yourself.
My (2) means that (according to what is said in the Handbook) a
one-time pad is a special case of the Vernam cipher, namely when the
key bits are random and never used again. I don't see why (2) has
any direct relation with the choice of operation you are discussing
here.
>
> That the mistake was made in an important work of modern cryptography is
> embarrasing, but it is still a mistake.
Having explained above, I don't see the mistake or cause of
embarrasing that you alluded to.
M. K. Shen
P.S. There are some other follow-ups. One attempted to give a more
lengthy explanation of the Vernam cipher. Personally I don't think
that is needed at all, since Menezes et al. have aptly given a
very concise and precise definition that any reader should be able
to readily capture. So, unless called attention to otherwise, I
I'll not write to respond to the other follow-ups individually.
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21