[cryptography] non-decryptable encryption

Ben Laurie ben at links.org
Tue Jun 19 06:05:36 EDT 2012


On Tue, Jun 19, 2012 at 8:09 AM, Jon Callas <jon at callas.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am reminded of an article my dear old friend, Martin Minow, did in Cryptologia ages ago. He wrote the article I think for the April 1984 issue. It might not have been 1984, but it was definitely April.
>
> In it, he described a cryptosystem in which you set the key to be the same as the plaintext and then XOR them together. There is a two-fold beauty to this.
>
> First that you have full information-theoretic security on the scheme. It is every bit as secure as a one-time pad without the restrictions of a one-time pad as to randomness of the keys and so on.
>
> The second wonderful property is that the ciphertext is compressible. Usually cipher text is not compressible, but in this case it is. Moreover, it is *maximally* compressible. The ciphertext can be compressed to a single bit and the ciphertext length recovered after key distribution.

Surely it can be compress to no bits at all?



More information about the cryptography mailing list