log☇︎
338000+ entries in 0.239s
punkman: mp must guess how many of the 100 ciphertexts are made from the string ""mircea_popescu: long, deeply biased plaintexts are dangerous for otp.""
asciilifeform: what's the 3rd ?
punkman: the third variant is also ok I think
asciilifeform: mircea_popescu has to demonstrate greater-than-chance telepathics
mircea_popescu: you can make as many otps as you want, it's still coming out the same way o.O
asciilifeform: and that's no fun at all
asciilifeform: if mircea_popescu generates two files, we're playing coinflipsies
asciilifeform: then we just learn that mircea_popescu can break sha!
punkman: other variant: ascii makes 100 otps, makes 100 plaintexts, X of which are the string "mircea_popescu: long, deeply biased plaintexts are dangerous for otp.", then passes 100 ciphertexts to mp. mp must guess X withing some range.
mircea_popescu: can just deedbot the result.
asciilifeform: 4) mircea_popescu tells me which of the 100 it was.
asciilifeform: 3) i select one of these, sign, and send to jurov or kakobrekla or somebody, referee
asciilifeform: 2) i xor over each of them with 1MB from a cardano rng.
asciilifeform: it has to be with mircea_popescu generating the magic strings, because this is how he said he will carry out the telepathy - by selecting specially-crafted biased input.
mircea_popescu: ok i guess ima have to figure out some way to hm. hey asciilifeform , how about this deal : i pay you 10 btc of my eventual winnings, should they exist, but you make the messages and show the result. i dun have a compiler ready and nfi how you generate the described messages in bash
mircea_popescu: for the very reason that it can't create pattern,
asciilifeform: work it on paper. the plaintext (payload), in xor operation, merely flips the key bit.
asciilifeform: mircea_popescu: the output bits - the lot of them - is necessarily as entropic as my key.
asciilifeform: (i will happily collect the win in its stead, like that fool wanted to collect nobel for satoshi!11)
assbot: Posts containing 'many time pad' - Cryptography Stack Exchange ... ( http://bit.ly/1Pe9gKa )
asciilifeform: you are still playing against the xor lemma.
asciilifeform: so, for this variant of game, algo would be 1) mircea_popescu generates his string set, signs, deedbots; 2) i xor'em, sign, deedbot at first only the signature; 3) i post one of the xor'ed strings 4) he telepathies which one 5) i reveal my hand, which is the tarball in step 2 6) if he wins, i lose 10b, or vice-versa
mircea_popescu: how about that.
mircea_popescu: han byte n-1. The larger of the two indicates the message encrypted ; the difference between these counts indicate your confidence (or the rng's bias).
mircea_popescu: asciilifeform : Let message A consist of individual bytes counting down from FFFFFFFF ; let message B consist of individual bytes counting up from 00000000. Let the enemy xor one of these two against a random, unbiased OTP of the same length and supply the enciphered result. Take that result, and count the instances where byte n is larger than byte n+1. Take that result, and count the instances where byte n is larger t
asciilifeform: and i'm lazy, he will have to pad'em himself.
asciilifeform: punkman: this reduces to 'same length'
asciilifeform: but in practice longer, because they must be N ~distinct~ strings
asciilifeform: (and L, trivially, is 7 bits or more.)
asciilifeform: if they are all of length L.
asciilifeform: and anyway that was not the proposed game (because it would not be the least bit interesting)
mircea_popescu: well no not that.
asciilifeform: if there is one otp key, and it gets used two or more times, with mircea_popescu controlling the input and knowing anything whatsoever about the output, he learns the key trivially.
punkman: well not in kindergarten, but I did play this game on paper once
asciilifeform: no two xors with one motherfucking bit.
punkman: if you want to do 1, must have 1000 plaintexts instead
asciilifeform: the way i read it, the 'if' is whether mircea_popescu can demonstrate convincingly higher than chance guessatronics.
mircea_popescu: which is why ima try and show it theoretically.
mircea_popescu: that i guess your message. which i suppose necessarily carries the caveat that "must not be by chance",
asciilifeform: mircea_popescu: what's the if
mircea_popescu: asciilifeform notice that this isn't "wins/loses". you're just giving 10 btc away, on the if.
asciilifeform: anyway i will play if experiment is specified such that mircea_popescu has 100:1 or less odds of winning based on pure guessing ('telepathy')
asciilifeform: punkman: not problem, but must specify this, otherwise somebody wins/loses on an idiot technicality that teachs nothing
thestringpuller: and this is what #b-a is the most amazing channel on freenode
asciilifeform: (and it goes without saying that the plaintexts must be same length)
mircea_popescu: mk, ima bbl see if i can hack together something that satisfies the audience theoretically.
mircea_popescu: it really needn't be done over more than one try lol. srsly ? 1k ?
punkman: mp makes 2 plaintexts, ascii generates 1000 otps, for each otp: picks one of the 2 plaintexts and xors with otp. mp must guess guess correctly 501?, 600? more?
mircea_popescu: why does there have to be a referee ?
mircea_popescu: well, alrighty. can't turn down free moneyz.
asciilifeform: who wants to referee ? jurov ? kakobrekla ?
asciilifeform: but why beat the horse? i'm willing to play !
asciilifeform: crc is built to survive a small fixed percentage (typically 1 in 9) of flipped bits.
mircea_popescu: you don't see the crc discussion sufficient for our purposes ?
asciilifeform: (perhaps he is trying to teach us something ?)
thestringpuller: ;;later tell ben_vulpes http://dpaste.com/0MGQE6P.txt
asciilifeform: if you would like to specify this game in a way that doesn't reduce to gambling on coin flips, i will play.
asciilifeform: my contention is that in your case 'recover' == guess.
mircea_popescu: and if the plaintext is long enough, this is equivalent to a requirement of minimal bias in the otp pad.
mircea_popescu: but in general, if you do away with the requirement to recover ALL of the plaintext,
asciilifeform: those 'bits' are still 'in there.'
asciilifeform: this is basic theory per shannon.
mircea_popescu: how biased the otp needs to be is part of the crc spec, for instance "every 8th bit may be a 1" etc.
mircea_popescu: let me put it this way : stuff like CRC, or ECC etc, exists fundamentally out of "we guarantee you can recover the plaintext after it has been otp'd with a pad which is AT LEAST this biased"
asciilifeform: still want to play ?
asciilifeform: (i.e. they are independent streams)
asciilifeform: so long as the latter has no feedback from the former
asciilifeform: just as in the old thread where we demonstrate that trng XOR hitler's rng is still trng.
asciilifeform: xoring the bits does not preserve their statistical distribution.
asciilifeform: let's put it this way,
asciilifeform: in the original challenge it does also.
mircea_popescu: the examples given are not structured and readily reduce to "1" and "0", so no, it wouldn't work here.
asciilifeform: actually this contradicts the xor lemma.
mircea_popescu: if you're making 1 mb of 01111110 and 1mb of 10000001 and then otp them against a random pad
punkman: so you'd be able to pick the right message more than 50% of the time?
asciilifeform: specifying wtf you're doing, clears the mind
mircea_popescu: asciilifeform funny how money clears the mind, even if it's too little to mention.
mircea_popescu: punkman why, he didn't feel obliged to add any btc to the other one, just bitch about the insufficiency of the sum.
punkman: should add some btc to challenge :)
mircea_popescu: you pick one of two lengthy, structured plaintexts i provide, you encrypt them with a biasless, purely random rng, and i decide which of the two you picked.
asciilifeform: telepaths - straight to j. randi, plox
asciilifeform: also try randi first, he pays 1M usd
asciilifeform: mircea_popescu: specify the experiment ?
asciilifeform: the ciphertext literally tells you nothing useful, other than an upper bound for the length
mircea_popescu: are you paying me 10 btc if we do this experiment and i do guess it, "with telepathy, at home" ?
asciilifeform: you can guess the message just as easily with telepathy, at home.
asciilifeform: mircea_popescu: think about it, with otp, there is no reason for you to actually intercept the ciphertext
mircea_popescu: because they are long, and structured.
asciilifeform: think about it. the ciphertext conveys LITERALLY NO information without the key.
punkman: you would find infinite texts that make sense
asciilifeform: because they are all equally probable.
asciilifeform: an actual otp conveys no information whatsoever via the ciphertext.
mircea_popescu: there is another way to die using otp, and that way is to use a lengthy biased message the enemy knows most of.
asciilifeform: (but, the hard part, same one on both ends
asciilifeform: ergo the linked thread, where i posit that an ideal otp is actually a physical object which brings the bits somehow into existence one at a time
asciilifeform: or captured, and then funkspieled
asciilifeform: yet another is to have the pad surreptitiously copied by the enemy
mircea_popescu: this alone should show they're deeply inadequate, but who knows fundamentals anymore.
mircea_popescu: since they all use xor.
mircea_popescu: asciilifeform technically speaking, the s-box cipher crapolade is an ellaborate exercise in reusingselect parts of otp