|
|
|
|
|
|
by mc-lovin
4772 days ago
|
|
|
Thanks, that's what I thought but I'm glad you confirmed it and put it in their notation. So here is my issue: Eve knows P, so she can steal the object and hence compute K(B). The difficulty in "copying" the object is only significant when Eve does not know P. But that same difficulty would apply if K(A) and K(B) were random numbers that Alice and Bob generated when they met. Or is the point that Alice and Bob generate K(A) + K(B) for a lot of values of P, and then randomly select the ones to use when sending a message? That doesn't seem to be what the authors intended, although it would now be secure against stealing the object for a short amount of time. |
|
|
The actual paper does describe generating n different patterns and then randomly selecting one of them to encrypt the message, but the index of the one that is randomly selected is sent with the encrypted message so that Bob can use it to look up the appropriate pattern. I took this as just generating more than one key for convenience's sake.
Notably, a requirement for security of the slab is that given temporary access, Eve "must not be able to efficiently copy or model its contents." So, I think the point is that since there are many different P's (and hence K(A)'s and K(B)'s), Eve cannot recreate K(B) for all P's in a reasonable amount of time. Further, she can't actually make a physical copy of the device. Still, it seems that if Eve can steal the device, she can break old messages --- which I guess is, as you said, a property shared by regular OTPs. When she steals the device, though, she can only decrypt so many messages before detection, since there is apparently a key recovery rate of 1.5 seconds per key.
But one of the other requirements set forth in the paper is that if the slab is stolen, Eve must not be able to send or receive messages. I'm not sure how that is fulfilled here.