Cryptography-Digest Digest #617, Volume #10 Tue, 23 Nov 99 12:13:02 EST
Contents:
Re: getting a public key ("Tim Wood")
Quantum Computers and PGP et al. (Anthony Stephen Szopa)
Random Noise Encryption Buffs (Look Here) (Anthony Stephen Szopa)
Re: math (Helger Lipmaa)
Quantum Computer Simulation Source Code ([EMAIL PROTECTED])
Re: NSA should do a cryptoanalysis of AES (SCOTT19U.ZIP_GUY)
Not all stream ciphers are CPRNG-based (WAS Re: RC4 in Kremlin) (Paul Crowley)
Re: Filters, Superpositions and Entanglements ([EMAIL PROTECTED])
Re: Quantum Computers and PGP et al. ("jay")
Re: Not all stream ciphers are CPRNG-based (WAS Re: RC4 in Kremlin)
Re: What part of 'You need the key to know' don't you people get? (James Felling)
----------------------------------------------------------------------------
From: "Tim Wood" <[EMAIL PROTECTED]>
Subject: Re: getting a public key
Date: Tue, 23 Nov 1999 11:57:33 -0600
MANIK TANEJA wrote in message ...
>
>how can i get myself a public key from some certified authority / trusted
>third party. also can i acquire it programatically. are there any code
>samples. please give me a refrence of some kind.
>thank you
>manik Taneja
>
>
Key pair for DSA in java 1.2 You may want to improve the random number
generation though.
try {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
keyGen.initialize(1024, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();
System.out.println("Private key: " + priv); /* not a good idea;
just for demo */
System.out.println("Public key: " + pub);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
}
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Quantum Computers and PGP et al.
Date: Tue, 23 Nov 1999 03:56:19 -0800
Reply-To: [EMAIL PROTECTED]
Quantum Computers and PGP et al.
I heard an interesting program on the radio last week.
The professor who demonstrated the first quantum computer was being
interviewed.
He said that quantum computers will be unbelievably efficient when
it comes to FACTORING.
He said that factoring problems today in cryptography that would take
longer than the time left in the universe will be factored in a
couple of hours using quantum computers.
He said his demonstration of a primitive quantum computer performed
a data base search. He said this primitive quantum computer
performed the search faster and in fewer steps than a modern
computer.
He said the quantum computer used chloroform in a small tube. He
said it contained 10^23 computers.
This 10^23 figure reminds me of the equivalent of one mole of
chloroform molecules. This would be equivalent to the atomic weight
of chloroform in grams. Seems to jive if each molecule is considered
to be one computer.
He said what makes quantum computers so powerful is that they store
one bit of information per electron, each electron can be in
multiple states, electrons are very small, any quantum computer
can be combined with any number of other quantum computers thus
making a larger quantum computer, and the state of each electron
effects the state of every other electron in a quantum computer.
If we speculate that quantum computers will exist in 5 to 20 years,
all of you using PGP or some other similar encryption that uses large
primes making factoring by today's standards perhaps impossible or
unlikely, should consider that if you are encrypting messages that
may conceal illegal activity, (I would suspect that the NSA is
archiving all encrypted transmissions,) when quantum computers become
practicable, they will decrypt all these (YOUR) past encrypted
messages. If this is you, you better think about this.
OAP-L3 does not rely on the impracticability of factoring large primes
or anything else like this. OAP-L3 users have much much less to worry
about from quantum computers. Even with quantum computers OAP-L3 can
use key lengths large enough to thwart them. So if you are using
OAP-L3, I'd make those keys very very long.
Can't do this with an encryption software program that limits your key
length.
OAP-L3 has no limit as to how long your key can be.
Quantum Cheers!
And lots of 'em!
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Random Noise Encryption Buffs (Look Here)
Date: Tue, 23 Nov 1999 04:12:04 -0800
Reply-To: [EMAIL PROTECTED]
Random Noise Encryption Buffs (Look Here)
It has already been done.
Here is the bare bones idea: use a random noise generator and
connect the output to an analog to digital converter.
Create lots of CD-ROMs filled with these random bits.
Then combine 2 or more of these CD-ROMs bit by bit starting at any
desirable starting points on each CD-ROM. The combination of these
bits from these CD-ROMS will be your random encryption / decryption
bits.
The idea is that you can make all your random noise CD-ROMs available
in the public domain.
All you need to do is communicate to your recipient which CD-ROMs to
use and what starting point to begin on each CD-ROM. And use
the combinations of CD-ROMs and starting points only once.
This is patented by Fawcett, Jr. #5,414,771 - 5/1995.
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: math
Date: Tue, 23 Nov 1999 14:57:14 +0200
jerome wrote:
> On Sun, 21 Nov 1999 14:29:10 GMT, JPG wrote:
> >Hello
> >
> >I'm looking for a crypt system with something interesting for my maths
> >studies.
> >Could you help me (I'm already aware of RSA) ?
>
> you can look at elliptic curves. www.certicom.com has tutorials.
or hyperelliptic ones. or at the public key systems based on class fields
:-). See http://www.cacr.math.uwaterloo.ca -> technical reports for some
nice pieces of algebraic cryptography.
what area of math do you do in your 'math studies'? :)
Helger Lipmaa
http://home.cyber.ee/helger
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.physics,sci.math,comp.dsp
Subject: Quantum Computer Simulation Source Code
Date: Tue, 23 Nov 1999 14:08:26 GMT
Here is a useful link to quantum computer simulators
in various languages like Java and C++.
http://www.dcs.ex.ac.uk/~jwallace/simtable.htm
I'm reading through the java code by Andrew Childs which
seems well written (some of the other implementations
do not seem correct at all). Andrew's implementation
of Shor's prime factorization is fascinating.
What's interesting is that these simulators really point
out how quantum effects are not limited to physical
systems but can be implemented in software.
This implies that 'quantum computers' are really an extension
of our ideas of deterministic computing in terms of a separated
space-like and time-like complexities, to include non-deterministic
computing in a more unified space-time complexity.
This is particularly evident in Shamir's implementation of
TWINKLE which, although it is not a true 'quantum computer'
in the sense that it incorporates superpositions in a
Hilbert space, does optimally distribute the space-like
and time-like aspects of his algorithm so that the physical
parallelism offered by light is exploited in the space-like
portion of the non-deterministic factorization algorithm.
The non-deterministic aspect is made very clear in A. Child's
code in that the simulation yeilds the desired answer (or not)
after a series of trials or attempts.
Because the number of basis states increases as n^2 for n
qubits, modelling a quantum computer in a simulation on
typical computers quickly exhausts all of it's conventional
memory in an effort to trade large amounts space for speed
(less time). This is typical of all algorithm complexities
in formal language theory.
The implementation of the 'quantum computing' paradigm
using light or other means, such as chemical or genetic
(see Adleman for instance), suggests that physical decoherence
in the case of light is not really the problem in quantum
computing, but rather a problem with mathematical
convergences which are implemented using light as the
means of providing the needed parallelism, and n^2 computational
'space' (non-local or instantaneous access memory:
IAM as opposed to RAM).
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 23 Nov 1999 15:31:58 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Bruce Schneier)
wrote:
>On Tue, 16 Nov 1999 17:30:31 -0800, albert <[EMAIL PROTECTED]>
>wrote:
>
>> I see that NSA has not entered a candidate for AES. I assume it's
>>because they don't want to give away some secrets they have. What
>>secrets? My conspiracy theories...
>> Suppose the NSA has found a way to break feistel ciphers, and SP
>>style ones. So what would that mean? That would mean that their
>>algorithm would be based on something totally different, to combat that
>>kind of attack, just like before Serpent came out, we all knew that
>>Eli's entry would almost certainly be resistant against differential
>>attacks. That is why Bruce says good crypto analysists make good cipher
>>writers, because they will design ciphers that are resistant to their
>>own attacks, so the better the attacker, the more resistant their
>>algorithms (generally).
>>BUT, they should post a thorough analysis of the AES candidates. We'd
>>like to see what our tax-dollar funded crypto-think tanks have come up
>>with in terms of attacks and analysis.
>>
>>Do you think the reason they aren't giving an analysis is because they
>>can break all the second round candidates and so they aren't going to
>>say anything about it? I personally don't, but it's a thought...
>
>I can only tell you what NIST has said publicly.
When has this ever stopped your wild speculating. Or do you
just flash this phrsae when it suits your purpose.
>
>The NSA was ready to submit a cipher, but NIST asked them not to.
>NIST would rather have the NSA as an impartial analyst than as a
>partial combatant. Certainly, any analysis the NSA does will be
>classified. I agree that this is annoying, but it's about what I
>expected.
It is exactly what I suspect. Why would they tell us if they have
an easy break to a cipher when there job is to break ciphers so they
can contimue to read what we write. After all isn't it still policy to
keep strong crypto from foreignors or what is the latest policy on
that. Surely the AES would not be so strong as to violate US exprot
policy.
>
>The only way this will turn out badly is if public opinion leans
>heavily towards one cipher and NSA classified opinion leans toward
>another. Then, NIST has a problem.
How could public opinion lean heavy towards one cipher when you
control to a large extent the so called direction of public opinion.
If NSA classifed opinions find one they can easily break. Surly they
can give you a phony suggestion of an attack on an opponents
system that would sway public oppinion to the weaker cipher so
they could read our mail. The NSA can't lose. If later people find
a break that gets to see light of day the NSA could pretend they
did not know the break existed at the time. Thus helping to foster
the belied that they are not really very far ahead.
>
>Personally, I don't believe that the NSA will point to a weakened
>cipher design and suggest that NIST choose that one. That kind of
>secret just won't stay inside the agency...it will eventually leak.
>And the academic community will figure out the NSA's attack, sooner or
>later.
Dream some more. Or is this as your openig shot says
"I can only tell you what NIST has said publicly."
>
>I truly believe that everyone's intentions are honorable here. The
>only problem I forsee is if the NSA has classified information that
>affects NIST's decision.
>
Are you using the Presidents defination of "honorable" it sounds
very much like a man who shook his finger at us saying very
loudly that he did not have sex with that woman.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Not all stream ciphers are CPRNG-based (WAS Re: RC4 in Kremlin)
Date: 23 Nov 1999 08:14:05 -0000
Tom St Denis <[EMAIL PROTECTED]> writes:
> All stream ciphers are simply secure PRNG or RNGs. SEAL, RC4, WAKE
> are all PRNGs where the output is xored with plaintext/ciphertext.
Not so.
WAKE, as originally described, uses the previous word of output to
generate the next word of state, so the internal state depends
non-linearly on all the plaintext read up to that point.
I'd also argue that (eg) CBC-mode is a scheme for constructing a
stream cipher from a block cipher, in the same way that BEAR is a
scheme for constructing a block cipher from a stream cipher and a
message digest function.
I'd refer to RC4 (and the majority of other stream ciphers, including
OFB mode and counter mode based constructions) as "CPRNG-based stream
ciphers". AFAICT, CPRNG-based stream ciphers are usually the best way
to encrypt bulk data, since chosen-plaintext attacks are never any
better than known-plaintext.
> I will argue this to the end of the earth.
I won't worry if you have the last word on the subject, then.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.ai.fuzzy,sci.physics,sci.math
Subject: Re: Filters, Superpositions and Entanglements
Date: Tue, 23 Nov 1999 14:49:57 GMT
In article <6Vg_3.597$[EMAIL PROTECTED]>,
"karl malbrain" <[EMAIL PROTECTED]> wrote:
>
> <[EMAIL PROTECTED]> wrote in message
news:81bbc2$q52$[EMAIL PROTECTED]...
> > In article <%G_Z3.307$[EMAIL PROTECTED]>,
> > What is brisbane/san mateo about ?
>
> It's a TRANSLATION of STOP-THE-DRAFT-WEEK, October 1967, Oakland, CA.
This
> time the CITY OF SAN FRANCISCO was blacked out. I used the example
based on
> your `handle', California PI.
>
> > Even a pure noise signal is distinguished from
> > non-noise. That's a sort of paradox making noise
> > somewhat predictable.
>
> I don't believe that there's another common interpretation of
> the COSMIC BACKGROUND `ZERO' SIGNAL.
Is that distinct from the idealized zero-point of a
_vacuum_ in quantum theory ?
If you can distinguish anything, it is in respect to
'something else'. What is that 'something else' ?
The cosmic background radiation is said to be the hiss remnant
of the big bong. How can they distinguish that from the
electric hiss of a very cold resister in a dewar ?
Is it because there is some directionally dependant
nature of the CBR ? Is CBR a scalar field with a superposed
(overlaid) abstract vector field ?
I'll have to look into CBR some more...
> > Very similar to a space-heater
> > which uses a large resistance, rather than a more
> > _informative_ circuit; it, the heater, provides only the
> > singular distinction of hot and cold.
>
> No, heater usage provides an indication of which side of the
> energy war you're on. Most people CAN'T AFFORD TO USE THEM.
> They have to go out to the forrest and chop what's left of the
> wood.
And the electric company then pays them for the heat,
unless it's nuclear, and then the wood burners are
out of a job. A real Escher jigsaw puzzle enigma.
Figure out where 'money' comes from, and you figure out
where 'energy' comes from and vice versa.
> > Is the ground acting in this manner ?
>
> Grounds are leakage shunts and potential points at ONCE. Karl M
Leakage, hmm, that rings a bell or two,...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "jay" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Quantum Computers and PGP et al.
Date: 23 Nov 1999 15:00:28 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> Quantum Computers and PGP et al.
>
> I heard an interesting program on the radio last week.
>
> The professor who demonstrated the first quantum computer was being
> interviewed.
>
> He said that quantum computers will be unbelievably efficient when
> it comes to FACTORING.
>
Quantum computers, like nuclear fusion, language translation or artificial
intelligence, may prove more difficult than originally anticipated.
.
>
> OAP-L3 does not rely on the impracticability of factoring large primes
> or anything else like this.
Most symmetric algorithms do not rely on factoring primes. Comparing your
symmetric OAP to a public key algorithm is comparing apples and oranges. As
far as symmetric algorithms go, why use an untested proprietary algorithm
when we can use a publicly validated that has survived attack by people who
know what they are doing.
jay
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Not all stream ciphers are CPRNG-based (WAS Re: RC4 in Kremlin)
Date: 23 Nov 99 15:13:06 GMT
Paul Crowley ([EMAIL PROTECTED]) wrote:
: Tom St Denis <[EMAIL PROTECTED]> writes:
: > All stream ciphers are simply secure PRNG or RNGs. SEAL, RC4, WAKE
: > are all PRNGs where the output is xored with plaintext/ciphertext.
: Not so.
: WAKE, as originally described, uses the previous word of output to
: generate the next word of state, so the internal state depends
: non-linearly on all the plaintext read up to that point.
: I'd also argue that (eg) CBC-mode is a scheme for constructing a
: stream cipher from a block cipher, in the same way that BEAR is a
: scheme for constructing a block cipher from a stream cipher and a
: message digest function.
: I'd refer to RC4 (and the majority of other stream ciphers, including
: OFB mode and counter mode based constructions) as "CPRNG-based stream
: ciphers". AFAICT, CPRNG-based stream ciphers are usually the best way
: to encrypt bulk data, since chosen-plaintext attacks are never any
: better than known-plaintext.
: > I will argue this to the end of the earth.
: I won't worry if you have the last word on the subject, then.
It should also be noted that Douglas A. Gwyn, in a number of his posts,
has noted that many stream ciphers used by the U.S. military operate
somewhat like a block cipher in CFB mode; the plaintext is XORed with a
keyed function of previous ciphertext. I have no reason to doubt that,
since other descriptions that have appeared in other sources (such as a
passing mention of a device used in Vietnam, in Deavours and Kruh)
correspond with that as well.
John Savard
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Tue, 23 Nov 1999 09:22:35 -0600
Tom St Denis wrote:
> In article <81bh7h$29no$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> > Tom why do you act so stupid. Just try the dam example.
> > Encrypt several blocks in a file using an IV of your choice.
> > Then decrypt with a different IV and look at the files in hex.
> > I get tired of telling you this. Since you seem to stuipd to
> > even test it out. Yeah stupid the first block is wrong when
> > you decrypt but look at the whole file asshole.
>
> Ok so what is this test?
>
> 1. Create random K
> 2. Encrypt M with K [C = Ek(M)]
> 3. Ditch K
> 4. Modify byte of C
> 5. Decrypt C with what K?
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
I believe that what he proposes is Given a key K and two IV values V1
and V2
1. Encrypt M with K, V1[C1=Ek(V1,M)
2. Encrypt M with K , V2[C2=Ek(V2,M)
He is then suggesting that you examine the contents of both files for
similarities. (I do not believe that such will be found, but this is
his sugggestion.)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
