Monday, April 21, 2008


A sentence in Vikram's rollercoaster ride of enthusiasm/concern caught my eye
The critical question of course is whether or not Snapper is based on MiFare Classic chips. There is no publicly available information that I could find which confirms or denies this.

Makes me think of accepted best-practice in crypto of making public the details of any new algorythm, i.e. rely for security on the inherent difficulty of some one-way function and not secrecy about the nature of that function.

And this sort of openness & transparency (in some sense providing a headstart to the very attackers that aim to crack your crypto) makes me think of the practice of stotting in the animal kingdom.

Stotting is a bouncy straight-legged gait that some species of gazelle engage in when confronted by a predator. Rather than run immediately away (as common sense would seemingly dictate), the gazelles jump up and down in the same area, effectively giving to the lion a headstart in the race should it choose to run one.

Why hang around clear and present danger?

The game-theory explanation for the behaviour is that the gazelle is sending a message to the lion, along the lines of

Hey lion, look at me, I'm so confident that I can outrun you should you try to chase me that I'm still here, bouncing up and down in this extremely silly manner. Your time would be much better spent chasing that other gazelle over there trying to sneak away.

If the gazelle can indeed beat the lion (which a healthy adult likely can), then it is in the interests of both to not even run the race. Why bother when the result is predetermined? Better for the lion to save energy for a future race that it might actually win. Better for the gazelle to keep grazing.

Critically, to convince the lion that there is indeed no point in the race, the gazelle has to back the "Dont Bother, I'm fast" message up with a behaviour with associated risk, e.g. jumping up and down in place. If there were no risk involved, then even gazelles with a gimpy leg or smoker's lungs would perform it, and the lion would learn to distrust it.

For gazelle's and crypto, if you can walk the walk, it's best to talk the talk.

1 comment:

d.MZyF0FiYTMRV7HvaQhibAAOwfPNcOiLkR93ekis3iH1XQLMnE- said...

We presume that stotting persists because it has some selective advantage .... but, for things the size of gazelles, evolution works over a very long timescale. Do you think we'll have to wait as long to see the selective advantage of openness & transparency manifest itself? :-)