Cryptography-Digest Digest #566, Volume #14 Fri, 8 Jun 01 10:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Mark Wooding)
Re: National Security Nightmare? (SCOTT19U.ZIP_GUY)
Re: National Security Nightmare? ("Tom St Denis")
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(Mark Wooding)
Re: AES question (Mark Wooding)
Re: RSA's new Factoring Challenges: $200,000 prize. (Sergei Lewis)
Re: RSA's new Factoring Challenges: $200,000 prize. (Sergei Lewis)
Re: DES not a group proof (DJohn37050)
Hehehe I found out who David Scott is ("Tom St Denis")
Re: OTP WAS BROKEN!!! (Al)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 8 Jun 2001 12:07:30 GMT
[EMAIL PROTECTED] (Vincent
Quesnoit) wrote in <[EMAIL PROTECTED]>:
>
>I am puzzled, I thought AES was a block cypher which could not produce a
>cypher text smaller than its own blocksize. Do you mean that AES can
>decrypt one byte and produce a 16 byte output ?
>
yes if its in a program like BICOM
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Fri, 08 Jun 2001 12:17:30 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Vincent
> Quesnoit) wrote in <[EMAIL PROTECTED]>:
>
> >
> >I am puzzled, I thought AES was a block cypher which could not produce a
> >cypher text smaller than its own blocksize. Do you mean that AES can
> >decrypt one byte and produce a 16 byte output ?
> >
>
> yes if its in a program like BICOM
Or in a chaining mode.
tom
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 8 Jun 2001 12:33:47 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> Firstly, Rijndael doesn't use an random IV. It uses a fixed one which
> is (I believe) wired into the algorithm.
[pedantry] Rijndael is a block cipher; it says nothing about an IV. IVs
are chaining mode concepts. CBC mode has an IV.
> In order to disguise the first blocks of the message it uses a
> whitening step, which preprocesses the plaintext by appling unkeyed
> diffusion to the first few K of the plaintext - not /quite/ the same
> as an IV - but good enough for many purposes.
No. This can't be secure in the real-or-random model, since encrypting
equal plaintexts yields equal ciphertexts.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: National Security Nightmare?
Date: 8 Jun 2001 12:26:29 GMT
[EMAIL PROTECTED] (Derek Bell) wrote in
<9fqf73$1okm$[EMAIL PROTECTED]>:
>Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>: Well, if there is a UFO cover-up, they have also managed to hide
>: it from people with *very* extensive access to intelligence archives.
>
> Amusingly enough, some UFO fanatics have claimed the Dundee
>Society worked on UFOs!
>
> Derek
Why is it so interesting. I old friend of mine who worked for
the CIA. Swore that only the Roswell story was try. The rest is
false. The government is helping to spread fase UFO stories to
exicite the UFO fanatics so they will not know the truth and to
keep the common man unaware what happened at Roswell. The more
crazy the story the more hyped up the fanatics are and the less
likely the public will belive the small parts that are true.
Well if there true at all that is since I'm not even 100 persent
sure of roswell though my CIA friend was.
It could even be simialar to this long winded discussion about
what perfect security is. A bunch of nuts claim it means one thing
so as to keep people from knowing or thinking about things that
would lead to better crypto. So there seems to be a effort to
destroy Shannons concept of perfect secrecy. They foolishly
think if one has a set of several messags of various lengths.
One only needs to encrypt to end of message and the send that
lenght. failing to realize that they have eliminated message in
the set of different lengths. It very similar to the orcrasated
attempt to discredit bijective compression.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 08 Jun 2001 12:49:18 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Derek Bell) wrote in
> <9fqf73$1okm$[EMAIL PROTECTED]>:
>
> >Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> >: Well, if there is a UFO cover-up, they have also managed to hide
> >: it from people with *very* extensive access to intelligence archives.
> >
> > Amusingly enough, some UFO fanatics have claimed the Dundee
> >Society worked on UFOs!
> >
> > Derek
>
> Why is it so interesting. I old friend of mine who worked for
> the CIA. Swore that only the Roswell story was try. The rest is
> false. The government is helping to spread fase UFO stories to
> exicite the UFO fanatics so they will not know the truth and to
> keep the common man unaware what happened at Roswell. The more
> crazy the story the more hyped up the fanatics are and the less
> likely the public will belive the small parts that are true.
> Well if there true at all that is since I'm not even 100 persent
> sure of roswell though my CIA friend was.
Learn to speak dude. "I old friend", "story was try", "The rest is false",
etc..
Here's my 0.02c on the UFO thing (which parallels the "crypto gods") they
look at what we are doing and say "whadda joke!".
The only reason why we haven't been visited by aliens is that they couldn't
be bothered with such a primitive society.
> It could even be simialar to this long winded discussion about
> what perfect security is. A bunch of nuts claim it means one thing
> so as to keep people from knowing or thinking about things that
> would lead to better crypto. So there seems to be a effort to
> destroy Shannons concept of perfect secrecy. They foolishly
> think if one has a set of several messags of various lengths.
> One only needs to encrypt to end of message and the send that
> lenght. failing to realize that they have eliminated message in
> the set of different lengths. It very similar to the orcrasated
> attempt to discredit bijective compression.
"A bunch of nuts *ARE* ...". "They *ARE* foolishly *thinking*".
See the problem is you have broken a cryptosystem not an OTP.
Tom
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 8 Jun 2001 12:49:55 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I suppose Joseph Ashwood was referring to the known fact that in the
> book of Whitehead and Russell 1+1=2 was only proved after having first
> developed sufficient foundations that occupied several hundred pages
> of other materials in logic. Depending on where one starts (matters
> assumed or established as theorems), a mathematical proof can be more
> or less long/involved.
I think my objection is that I see the statement `1 + 1 = 2' as being
the /definition/ of `2'. That this is a sensible thing to want to
define is a matter for proof, but it is a trivial one.
The statement `1 + 1 = 2' can only be in doubt if you have some other
definition in mind for `2'. If you have such a definition, then the
statement above requires proof, but I've not seen a definition of `2'
that makes it hard to deduce that `2 = 1 + 1'. If you have one, I'd be
glad to see it.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: AES question
Date: 8 Jun 2001 12:54:47 GMT
Øyvind Eilertsen <[EMAIL PROTECTED]> wrote:
> In the standard for 3rd generation mobile communication[1], KASUMI[2],
> a variant of the MISTY algorithm[3] is used for encryption. At the
> time the decision was made to use KASUMI, the AES competition was not
> yet finalized, and I believe that is the reason AES was not used.
I think there's a much simpler explanation. KASUMI is, if I'm not
mistaken, patented by NTT. The 3GPP people can use this patent, and
others, to keep undesirables out of the mobile phone business.
-- [mdw]
------------------------------
From: Sergei Lewis <[EMAIL PROTECTED]>
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: Fri, 08 Jun 2001 13:58:07 +0100
Michael Brown wrote:
> "Sergei Lewis" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Michael Brown wrote:
> > > "Sergei Lewis" <[EMAIL PROTECTED]> wrote
> > > > You can set one bit arbitrarily for exactly one of these, since you know
> > > > the two factors are different and exactly one bit is set; this on its
> > > > own doesn't help resolve all of them.
> > > Correct.
> > You can't, actually. This assumes equal length factors. If the factors
> > are not the same length in bits, the bits you haven't worked out yet
> > could be the same in both factors. You have to try the method for every
> > combination of factor lengths - there's 2logn of them.
> Sorry. I read this wrong. You only should need to (and can) set one of these
> boxes to a certain state.
You didn't. That's what I'd assumed. Unfortunately, you can only choose
that box arbitrarily if you know the lengths of the two factors. Try
factoring multiples of 11, or 23*29, say.
Also, if you don't know the lengths of your factors, you end up with two
possible states of the entire table for factors i and j: i * j and 1 *
ij.
> I am unable to prove that setting one box is sufficient to complete enough of the
> boxes so that the factors can be determined.
It should be, because by doing so you have created a multiplication
table that has exactly one state such that all bits are known and the
whole table is consistent. The question is one of how many operations
are required to deduce that state.
> Is it though? This is like saying that using a 4-input, 4-output adder is
> equivilent to mine (which, in a way it is).
> However, a 4-input 4-output box cannot be solved in the way that I describe.
A 4-input adder has 3 outputs, not 4.
Its truth table is
in out
0000 000
0001 001
0010 001
0011 010
0100 001
0101 010
0110 010
0111 011
1000 001
1001 010
1010 010
1011 011
1100 010
1101 011
1110 011
1111 100
- that's 16 possible entries. The knowledge of a small number of bits
will give you complete knowledge of state. The 4-input adder has more
cases than a 3-input adder where two states differ by only two bits;
however, because the adder is now linked to 3 others instead of 2,
determining new bits enables one to determine a more state.
<general wishy-washy handwaving>
I'd say you could definitely solve an interlinked table of 4-bit adders
given an initial output and constraints on the inputs of the sort that
happen in a factoring problem, iff you could solve the 2-bit adder
version. In fact, I'd generalise the method to n-bit adders.
An alternative way of handling the problem would be to see each column
of the multiplication table as the appropriate length adder, with its
inputs being the carries from the previous column and the corresponding
bits in the multiplication table, all but one bits of its output being
the carries into the next column, and the remaining bit being the
appropriate bit of the factor. You could precalculate the truth tables,
and therefore the set of transformations from each possible state to
either the same state or a state where more bits are known, for each
adder length as described in my previous post.
You could then set the known values (that is, the bits of the product
and the zero carries out of the right hand column). You don't need to
assume that the factors are odd, since the adder logic will deduce that
trivially. You have implicitly assumed a length for the factors when
building the table and setting the carries out of the righthand column
to zero.
Couple this with the knowledge that each row of bits in the table either
contains all zeroes or the exact same set of bits as the other nonzero
rows; this enables you, in some cases, to propagate known bits across
the entire table and set entire rows and diagonals to zero, and also
enables you to resolve combinations of bits.
It should be possible to resolve the entire table from there, *if and
only if* your 2-input 2-output adder method works.
> This is easily proven by the fact that trial division (ignoring GNFS etc) is the
> only way to solve a 2 bit prime * 2 bit prime number.
Nah.
2bit primes are 2 and 3
so composites are 4, 6 and 9 (4 bits)
for 4:
ab <-- Note assumption about length is implicit in the table
structure.
cd A 2x4 table is not solvable since 2*2 and 1*4 are both
0100 valid solutions to the equations that result.
First column:
There is no input into b, therefore it must be zero, and therefore
carries zero
Middle column:
a+d+carry(b)=carry(d)+output <-- that's a 3 input 2 output adder
but b is zero, therefore carry(b)=0
a+d=carry(d)
either a and d are both 1 or both are 0
Now, a and d cannot both be one since that would violate the propagation
rule, and therefore they must both be 0.
Therefore c must be 1 since carry(d) is 0 and the output is 1.
00
10
0100
...factored.
6:
ab
cd
0110
First column:
There is no input into b, therefore it must be zero, and therefore
carries zero.
Middle column:
a+d+carry(b)=carry(d)+output
a+d=carry(d)+1
carry(d) cannot be 1 since carry(b), a and d would *all* need to be set
for that
therefore a must equal 1 or d must equal 1
c must equal 1
That's as far as we can go. Because the factors are the same length, we
may set exactly one arbitrary bit of the ones still unknown; either way,
the table resolves to a consistent and correct result.
9 is left as a simple exercise for the reader ;)
--
Sergei Lewis - http://members.tripod.co.uk/~Folken
"I'm not falling - this is how I fly.."
------------------------------
From: Sergei Lewis <[EMAIL PROTECTED]>
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: Fri, 08 Jun 2001 14:07:49 +0100
> You didn't. That's what I'd assumed. Unfortunately, you can only choose
> that box arbitrarily if you know the lengths of the two factors..
..and they're equal, *and* you've deduced all you can from the bits you
already knew. Otherwise there is *already* a difference between them
that is implicit in the structure of the table, *or* they could be the
same (the product could be a square) - that case should be deducible
*without* having to set an arbitrary bit.
<snip>
> There is no input into b,
..and its output is zero,
> therefore it must be zero, and therefore carries zero
> There is no input into b,
..and its output is zero,
> therefore it must be zero, and therefore carries zero.
> 9 is left as a simple exercise for the reader ;)
(you need to use the propagation rule ;) )
--
Sergei Lewis - http://members.tripod.co.uk/~Folken
"I'm not falling - this is how I fly.."
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 08 Jun 2001 13:25:08 GMT
Subject: Re: DES not a group proof
BTW, the conjecture is that DES generates the alternating group on 64 bits.
Don Johnson
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Hehehe I found out who David Scott is
Date: Fri, 08 Jun 2001 13:30:06 GMT
Check out
http://www.timecube.com/
Note how "Gene Ray" writes just like David Scott. hehehehe
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (Al)
Subject: Re: OTP WAS BROKEN!!!
Date: 8 Jun 2001 06:35:27 -0700
Interesting...
Your replies seem to suggest that you think there is some merit in
what newbie says...
OTP is indistinguishable from completely randomly generated numbers,
even seemingly random typing of the upper row of numbers. This could
be any message shifted out mod 26, thats the point of this OTP thread.
Do you guys get out much?
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 13:34:13 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Vincent Quesnoit" <[EMAIL PROTECTED]> wrote in message
:> Do you mean that AES can decrypt one byte and produce a 16 byte output ?
: Yes, in a CTR block mode you can encrypt single bits if you choose.
I'm not sure you read the question correctly. In CTR mode the plaintext
and cyphertext are normally the same size.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 13:38:44 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> It won't have perfect secrecy if it has to encypher variable length
:> plaintexts to cyphertexts of the same length. There will be better
:> systems. I wouldn't dream of calling it perfect.
: Aha, fallacy! Now for the kill.
Go for it Tom.
: an OTP is not a cryptosytem! Shazam you proved my point.
: an OTP is just an algorithm just like RSA.
: It's how you use the OTP that matters in terms of security.
: In the contrived "yes" vs "no" case you could simply always send four byte
: blocks (null padded). That would then be provably secure. Hence an OTP
: can be made into something perfectly secure. Of course in this case you
: could aim to keep your job by not wasting 31 bits of the pad!
Yes - if you pad all messages to the same length you can give the OTP
perfect secrecy. That was never under dispute.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 13:44:41 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Firstly, Rijndael doesn't use an random IV. It uses a fixed one which is
:> (I believe) wired into the algorithm.
: That's nonce. CBC is a mode (and not bad radio station mind you) of
: operation. It has no ties into AES other than AES can be used in CBC mode.
: To say the IV is fixed is meaningless.
"Rijndael, in CBC mode with a constant initial value"
- http://www3.sympatico.ca/mtimmerm/bicom/bicom.html
"Initial Value" is one of the things IV stands for. To describe it as
fixed is hardly meaningless. Practically everybody will know what it means.
:> In order to disguise the first blocks of the message it uses a whitening
:> step, which preprocesses the plaintext by appling unkeyed diffusion to the
:> first few K of the plaintext - not /quite/ the same as an IV - but good
:> enough for many purposes.
: What are you talking about?
I was describing how BICOM works.
: I dunno what you are talking about in this post but it is not CBC.
Of course it wasn't. The CBC encryption comes after the whitening
of the first 16K.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
