asciilifeform: dun have to swap ~all~ the keys every time there's an rsagram
asciilifeform: ( in other 'gangrene ? what gangrene?' horrors : 'LibTomCrypt is pretty nice to read (only bug found in last 10 years was in prime generation — failed to iterate Miller-Rabin)' -- from turd https://comsecuris.com/slides/slides-bignum-bhus2015.pdf re broken bignumatrons. cited line presented as a 'hey it's pretty good'... )
asciilifeform: ( the latter is defined as a family of functions, and so 'rubber' )
asciilifeform: rather like the diff b/w sha512 and keccak
asciilifeform: mircea_popescu: serpent isn't defined as a stretchable thing - i.e. it isn't obvious what ought to be changed to produce a larger ( or smaller, for that matter ) block, and still to have it meaningfully similar to original
asciilifeform: almost impossible to bring up crypto in heathendom without a 'voice in the crowd' 'helpfully' reminding about 'standardized, well-designed aes'
asciilifeform: ( in the shannon sense. you haven't narrowed down what the 4th could be, by knowing 1..3 )
asciilifeform: diana_coman: observe that knowing 1,2,or even 3, gives you 0 bits of info re the original.
asciilifeform: diana_coman: now let's split 1 byte into ~four~, A,B,C,D. we take same transform and do it to X and Y in turn. in total, we've used 4 bytes from rng device, to cut 1 byte into 4 otpfrags.
asciilifeform: diana_coman: lemme give specific example. start with splitting 1 byte. to split byte B into X and Y, you take byte R from rng, and compute B xor R = X. then Y = R . X xor Y = B .
asciilifeform: ( your encipherment speed is limited to 1/S of your rng's bit rate, where S is the splitness )
asciilifeform: my approach is a universal 'stretcher', predicated on having reasonably fast and high-quality trng.☟︎
asciilifeform: not defined for any kind of stretching.
asciilifeform: nope. it isn't a keccak-like thing, isn't 'rubber'
asciilifeform: ( which it is really but a restatement of )
asciilifeform: you thereby get a 'ratchet'. which afaik is the only hard strength result in all of crypto aside from von neumann's otp proof...
asciilifeform: anyway orig method is in log, http://btcbase.org/log/2017-02-25#1618462 << merely in application to slightly different form of the problem ( how to combine voodoociphers in such a way that the result can in no circumstances be weaker than the strongest of the items )☝︎
asciilifeform: and, on top of this, each stream ~individually~ is not distinguishable from rngolade.
asciilifeform: back to the shamir scheme : the only thing i can properly prove about it, is that it isn't weaker than straight single-key-with-no-splits
asciilifeform: ( i see it as a still-unsolved problem. )
asciilifeform: on the decipherment end, each split gets deciphered with the respective 128b key , and the four parcels xor'd to form the plaintext again.
asciilifeform: anyway for 512bit key, you still keep the 128bit block. but each time you have incoming 128b plaintext, you shamir it rngistically into 512bits, i.e. 4 128b parcels that must be xor'd to reconstitute the original. each of these get ciphered with one of 4 independently-generated 128b keys.☟︎☟︎
asciilifeform: this is wrong; and the correct algo is in the l0gz...
asciilifeform: xor split each plaintext block, that is
asciilifeform: to expand a K-bit (block and key, we'll assume, are each K-bit) voodoocipher to J bitness, xor split ( on rng ); having generated J / K independent keys; each incoming plaintext block of J bits, is cut into J / K blocks, and each enciphered with the corresponding key. decipher -- same.
asciilifeform: truth be told, all published symmetric ciphers are fundamentally liquishit, and for approximately the same reason ( http://btcbase.org/log/2016-06-06#1477746 ) . they divide merely into the 'already publicly broken' and 'not yet'☝︎
asciilifeform: the process whereby rijndael became usg's national One Troo Cipher was as dubious a thing as could be expected.
asciilifeform: ^ possibly in there, actually. re the faux 'contest'.
asciilifeform: the item at the time known as 'rijndael' was crowned by nsa, and was proclaimed 'aes'
asciilifeform: diana_coman: well 'a candidate replacement for the algorithm used at that time under the name of “Advanced ..' is not quite it, they competed for the usg tourney crown
asciilifeform: ... sci-hub.la turns out still worx ( reminds of ye olde mpex... )
asciilifeform: ( anyone outside of gringolandia wanna try ? )
asciilifeform: in other noose, sci-hub.cc dun resolve nomoar.☟︎
asciilifeform: or how about bugs in basic arithm routine.
asciilifeform: or how about the 'pre-allocated vs not' nonsense
asciilifeform: hilarious on multiple levels : bignumtron so large and unfitting in head that it has to be probed via fuzzing, like microshit...
asciilifeform: in other lulz : http://www.openwall.com/lists/oss-security/2017/11/21/4 ( https://archive.is/N6vFJ ) << 'bignum fuzzer that compares the results of mathematical operations (addtion, subtraction, multiplication, ...) across multiple bignum libraries. Among these is the Go programming language, specifically the "math/big" package [1]. Recently, the fuzzer found a problem in its exponentiation operation...'
asciilifeform: also phf's linked pediwiki item is hilarious : '...floating material in lava lamps, extracting random data from the pictures, and using the result to seed a pseudorandom number generator.[1] Although the secondary part of the random number generation uses a pseudorandom number generator, the full process essentially qualifies as a "true" random number generator due to the random seed that is used.'
asciilifeform for some reason unable to turn up the thread in the l0gz where we did the 'rng design is not a technical problem , but a political problem' thing
asciilifeform: with bigger, bigger wall of lamps, each time.
asciilifeform: ( will also point out, the lamps per se contribute ~0 entropy, arrangement is really ~same as hashwhitening output of camera static with the lens cap on )
asciilifeform: and apparently doomed to be recycled forever by svderps
asciilifeform: was sgi publicity stunt, even patented
