Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!linus!philabs!cmcl2!seismo!brl-tgr!gwyn
From: gwyn@brl-tgr.ARPA (Doug Gwyn )
Newsgroups: net.crypt
Subject: Re: Crypto puzzle.
Message-ID: <2745@brl-tgr.ARPA>
Date: Sat, 2-Nov-85 18:21:16 EST
Article-I.D.: brl-tgr.2745
Posted: Sat Nov  2 18:21:16 1985
Date-Received: Tue, 5-Nov-85 05:23:05 EST
References: <1046@ttds.UUCP>
Organization: Ballistic Research Lab
Lines: 48

A much better test would be to include a complete
description of the encryption system, omitting
only the particular keys used (and the plaintext,
of course).  In practice, this information will
become available to the cryptanalyst one way or
another.

Most professional cryptanalysts are not especially
interested in solving challenge cryptograms, for
the same reason that most mathematicians don't
bother with proofs of Fermat's last theorem sent
to them and that most physicists don't check out
unsolicited theories of the universe that arrive
in the mail.

This may be a good cryptosystem or it may not,
but if it takes much effort to crack, people are
only going to attempt it if they have sufficient
motivation.  Suppose for example that someone
discovers a weakness that allows him to unravel
the message, and that he reports that to you.
Would you at that point give up?  No, much more
likely you'd modify your encryption scheme
slightly to plug that particular loophole.  The
analyst would then have to start over, find the
next loophole (there is almost certain to be one),
inform you of that, and watch as you fail to get
the idea and instead apply yet another patch.

One way to really subject your scheme to a good
test would be to publish a description of the
workings of the cryptosystem along with a very
large continuous sample of encrypted text, and
to offer a substantial monetary reward for the
first person who can mail you a prespecified
length of decrypted text, enough to compensate
for the hours of hard work that may be involved.

Of course, if it is really not a very good
cryptosystem, some hacker may break it just
from what you posted, but failure to have it
broken that way will not prove anything about
its security against a determined attack by
experts.

I hope these suggestions will be taken in
the constructive spirit in which they are
offered.