Not exactly "innovative", since it's one of the oldest encryption methods, but the One-Time Pad[0] is considered "perfect encryption" and proven to be unbreakable. The mere possibility of unbreakable encryption could fill up a thesis by itself.
<strike>edit to clarify: "unbreakable" is the wrong word, since it could be brute-forced with enough time and energy, like any encryption method.</strike>
No, one-time pads are really unbreakable. You can't tell if the key you generated, which yielded "ATTACK AT DAWN", decrypted to the real message. It might have been "HN != SLASHDOT" -- all decrypts are equally likely.
The problem, of course, is that you're just flipping the problem around. For every bit you need to send A->B, you need to first securely send a bit B->A (the pad). That's practical for a number of applications, and obviously not for many others.
Combined with envelope keys it can be effective for many applications.
An envelope key is a securely, randomly generated key used to encrypt the large payload. Then the envelope key (much smaller than the payload) can be encrypted using a one time pad.
The result is that the precious bits of encryption provided by the one time pad are used up at a predictable rate.
Guessing the envelope key is more probable than guessing the one time pad key, but that only breaks a single message's encryption.
If you use good encryption and a reasonable key size, that’s good in practice, but theoretically, that’s a lot less secure than a one time pad.
An attacker can ‘simply’ try all possible keys and use statistics to filter out those that look like natural language.
If the encrypted text is large enough, chances are you will be left with only one plausible plaintext.
Also, AFAIK, we don’t know whether good encryption using a key much shorter than the plaintext, in the sense that an attacker can’t use statistics on the encrypted text to learn something about the key, exists at all.
Your final aside, "good encryption using a key much shorter than the plaintext," is something I hadn't really thought much about and seems like a reasonable way to go directly from a one time pad to the ciphertext.
As you say, there doesn't seem to be a way to guess the key length from the ciphertext. Ignoring side channel attacks for the moment, it does seem like the one time pad could encrypt the entire message simply by using some clever way of "extending" the key.
> it does seem like the one time pad could encrypt the entire message simply by using some clever way of "extending" the key
Any way of meaningfully extending the key will be vulnerable to a kind of analysis well understood 70 years ago.
This is basically what almost the entire field of cryptography is about: Figure out how you can effectively and securely encrypt things with a key that's a lot shorter than your cleartext.
I was wondering if using randomly generated shared 1GB or so file as a kind of one-time pad would be useful. Xor data with it using it as circular buffer, do messages must be of the same length or it will go out of sync.
If you're only reusing it once, then I guess frequency analysis gets tricky, but the problem you have instead is that you have provided a validation function: Where, using a one-time-pad, any key that yields plausible cleartext is a possible candidate, if you have two cyphertexts encoded with the same (piece of) the one-time-pad, only keys that result in plausible decrypted cleartext for both cyphertexts are possible candidates.
This was how an early break-through in breaking the Enigma was achieved (tangentially, as the Enigma isn't a one-time-pad, but the analysis is similar): Codes were rotated daily, but the first message sent out every morning with the new codes was a weather-report. Thus, the team could immediately cull the search-space to keys that would decrypt to "Weather on [date]" for the first n characters.
this is the only fully 100% proven crypto method. rest is 'weak' , only saved by lack of computing power, not actual difficulty of algorithm.
problem with otp is dat if you can send the pad... you mightswell not use it. as the pad needs to be sent over secure channel. So it's unbreakable, but also impractical.
Hellow sweis, actually he is posted for me, due to some technical issues I could not. how can u say that I can't get thesis topic? and thank you for your reference links.
Innovative methods of gathering entropy is interesting to me. Because encryption methods are pretty darwinian. The good ones are heavily used and the quirky/bad ones fall into disuse.
But methods of gathering entropy can range from a microphone recording a city street to the classic keyboard/mouse.
Both are valid, but not as practical.
Personally I have the OneRNG, an open source usb-stick that gathers entropy by generating RF noise.
Expanding on that, zk-snarks[0], a kind of non-interactive zero-knowledge proof[1] are really interesting. They're used as the basis for the anonymous cryptocurrency zcash[2], where one can prove they haven't already spent an input without actually revealing which input they are spending.
This is really cool! I know Supersingular Isogeny Diffie-Hellman has a patch to build the cipher suite into OpenSSL [0] like the paper you linked. I know that Microsoft Research also has the best known implementation of SIDH [1]. Do you know of any paper studying the performance of those two?
I initially read this as “homeopathic encryption”, and was prepared to be very amused! Expected something along the lines of “the input is subjected to a random bit flip approximately once per 10kB; amongst practitioners, this is considered more effective than the unnecessarily heavyweight approach taken by Western-style encryption schemes.”
"Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys...."
I think it's innovative and a bit of "thinking outside the box". You do need to ultimately trust a 3rd party (same as in PKI or WOT I guess?).
[0] http://www.cs.utsa.edu/~wagner/laws/pad.html
<strike>edit to clarify: "unbreakable" is the wrong word, since it could be brute-forced with enough time and energy, like any encryption method.</strike>
yes it is completely unbreakable.