Re: Tristrata / Breaking PAL?

New Message Reply About this list Date view Thread view Subject view Author view

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Mon, 12 Apr 1999 18:39:47 +0200


Thomas Roessler wrote:
>
> Niels Ferguson, Bruce Schneier, and Dave Wagner have an unpublished
> paper on a model of what Tristrata's Random Key Stream may look
> like. Their model is as follows: There are M pointers t_1, ..., t_M
> into a pool of random bytes of size S. The key stream is then:
>
> k_i = Xor_{j = 1}^{M} pool[(t_j + i) mod (S - j + 1)]
>
> One of the attacks described in this paper relates to finding the
> pool from known keystream and know pointers. They note that each
> known byte of key stream is an equation in five elements of the
> pool. Given a sufficient amount of known key stream for known
> pointers, the pool can be reconstructed by solving a large system of
> linear equations.

I am entirely unfamiliar with the way of functioning of the system
of Tristrata. Hence my naive question: If a key stream is to be
constructed from a pool of random bits, why shouldn't the M pointers
be derived in someway from a secret session key which is unknown
to the analyst? Or were the intention of the system to free the users
from the burden of having to deal with session keys themselves at all?
Another question: what is the speed of encryption as a function
of the number of pointers chosen?

M. K. Shen


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:22