[13162] in cryptography@c2.net mail archive
Re: eWeek: Cryptography Guru Paul Kocher Speaks Out
daemon@ATHENA.MIT.EDU (Peter Wayner)
Fri May 2 21:24:59 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <sjm8ytpnzh9.fsf@kikki.mit.edu>
Date: Fri, 2 May 2003 13:14:53 -0400
To: Derek Atkins <derek@ihtfp.com>
From: Peter Wayner <pcw2@flyzone.com>
Cc: <cryptography@metzdowd.com>, nobody@dizum.com, rivest@MIT.EDU,
tls@rek.tjls.com, iang@systemics.com, decoy@iki.fi, sidney@sidney.com
At 11:24 AM -0400 5/2/03, Derek Atkins wrote:
>Peter Wayner <pcw2@flyzone.com> writes:
>
>> Let's say four people get together to steal a document by "averaging"
>> their documents. Since you can't have half a bit, they flip a coin for
>> the four bits, "i,j,k$ and $l$ that are different in the four
>
>But wait. Based on your assumption, each user's data will differ from
>an unmarked version by 1 bit and that one bit is different for each
>person. Sure, you can't have partial bits, but you CAN have bit
>probabilities! So you find that all but those four marked bits match
>with probability 1, but each of these four marked bits matches a
>distribution of .25/.75. That means you now know with certainty 75%
>what the proper bit setting is to make it an unmarked copy.
Good point. They had some workaround for this. I don't have time to
reread the paper right now for a zillion reasons. I think they were
using some coding scheme that effectively put $n$ vectors in an
n-dimensional vector space. That's not exactly the same as flipping
$n$ bits. I guess I was looking at one canonical form in my brain.
Plus they had several levels and modifications that increased
security in different ways. It's been some time. If I remember
correctly, they included a rich theoretical framework which makes it
a bit harder to digest.
Perhaps someone else has the time to explain this in a better way. My
apologies for dealing from memory, but it's all I can offer at this
time.
-Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
