[liberationtech] OneTime 2.0 (beta): one-time pad system.
Steve Weis
steveweis at gmail.com
Thu Aug 1 11:26:23 PDT 2013
Comments inline...
On Thu, Aug 1, 2013 at 7:58 AM, Andy Isaacson <adi at hexapodia.org> wrote:
>> Then someone may force you to exhaust your
>> pad bits by corrupting or dropping messages in transit.
>
> An attacker with control of your wire can deny you service. News at 11!
> What cryptosystem does not have this property?
With a one-time pad, the attacker only needs to deny service for a
fixed amount of messages until you run out of bits.
>> Regardless, you could use a one-time MAC on the ciphertext. Here are
>> some lecture notes on the topic:
>> http://cs.nyu.edu/~dodis/randomness-in-crypto/lecture1.pdf
>
> Thanks for the link, that looks very helpful (although too dense for me
> to absorb quickly right now).
Here are a couple more lecture notes that may be relevant:
https://wiki.cc.gatech.edu/theory/images/9/9e/Lec11.pdf
http://www.cs.nyu.edu/courses/fall08/G22.3210-001/lect/lecture11.pdf
More information about the liberationtech
mailing list