Cryptography-Digest Digest #942, Volume #8 Thu, 21 Jan 99 13:13:05 EST
Contents:
Re: UK TV programme on Enigma (Michael Josefsson)
Re: SSL - How can it be safe? (Volker Hetzer)
Re: Java speed vs 'C' (was Re: New Twofish Source Code Available) (Fabrice Noilhan)
Re: Need some info (Mok-Kong Shen)
Re: Metaphysics Of Randomness (Patrick Juola)
Re: Pentium III... (fungus)
Re: Seemingly secure family of scaleable large block ciphers ("Ulrich Kuehn")
Re: Metaphysics Of Randomness (R. Knauer)
Re: Metaphysics Of Randomness (R. Knauer)
Re: Seemingly secure family of scaleable large block ciphers ("Ulrich Kuehn")
Re: long numbers math - how to ? (Ajay Shekhawat)
Re: Dumb Question: Relationship between RSA and Factoring ([EMAIL PROTECTED])
Re: Playfair Cipher (AbsolutAF3)
Re: Pentium III... (Mok-Kong Shen)
Re: french law about cryptography ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Michael Josefsson)
Subject: Re: UK TV programme on Enigma
Date: Thu, 21 Jan 1999 12:53:40 CET
In article <S$[EMAIL PROTECTED]> "NewsUser.2436"
<[EMAIL PROTECTED]> writes:
>Path:
>news.ifm.liu.se!news.lth.se!feed1.news.luth.se!luth.se!news-ge.switch.ch!news-zh
>.switch.ch!news.belnet.be!newshub.bart.net!bullseye.news.demon.net!demon!news.de
>mon.co.uk!demon!g4ikj.demon.co.uk!marvin.g4ikj.demon.co.uk!ArjfHfre
>From: "NewsUser.2436" <[EMAIL PROTECTED]>
>Newsgroups: sci.crypt
>Subject: Re: UK TV programme on Enigma
>Date: Thu, 14 Jan 1999 19:21:51 +0000
>Organization: OZJgbhevatPnef
>Message-ID: <S$[EMAIL PROTECTED]>
>References: <[EMAIL PROTECTED]>
>Reply-To: "NewsUser.2436" <[EMAIL PROTECTED]>
>NNTP-Posting-Host: g4ikj.demon.co.uk
>X-NNTP-Posting-Host: g4ikj.demon.co.uk:158.152.228.117
>X-Trace: news.demon.co.uk 916381554 nnrp-09:27414 NO-IDENT
>g4ikj.demon.co.uk:158.152.228.117
>X-Complaints-To: [EMAIL PROTECTED]
>MIME-Version: 1.0
>X-Newsreader: Turnpike (32) Version 4.01 <N8+7L4YQxmkVoMo3nrP3$t$j8C>
>Lines: 21
>Xref: news.ifm.liu.se sci.crypt:91268
>In article <[EMAIL PROTECTED]>, David Hamilton
><[EMAIL PROTECTED]> writes
>>
>>UK TV Channel 4 is showing 'Station X' on Tuesday 19th January at 9:00pm.
>>It's about breaking the Enigma code which was done, according to the trailer,
>>by chess champions and crossword fanatics.
>You might also find the book to accompany the series of interest:
>Station X, The codebreakers of Bletchley Park.
>by Michael Smith,
>Pub. 1998 by Channel 4 books (an imprint of Macmillan books)
>ISBN 0-7522-2189-2 (Hbk, UKP 14.99)
And David Kahn's book on ENIGMA. That was a fascinating read!
>p.s.
>Just a happy reader - having no connection with Channel4, the author, or
>the publishers ;-) but looking forward to the series.
>--
>Paul newsuser.2436 @ G 4 I K J .demon.co.uk
>Never argue with a fool, he may be doing the same.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SSL - How can it be safe?
Date: Thu, 21 Jan 1999 11:35:33 +0100
Paul Crowley wrote:
>
> [EMAIL PROTECTED] (Stefek Zaba) writes:
> > SSL (and its IETF standards-track flavour, TLS), as most commonly used, has
> > only the *server* authenticated.
>
> "as most commonly used": are there flavours of use that authenticate
> the client too then? And are there Web browsers than can do these
> flavours?
No, but the protocol also permits the server to request a certificate from the client.
Only, most WWW-Servers don't.
However, for the type of app, the original poster has in mind, that would be necessary.
Volker
------------------------------
From: [EMAIL PROTECTED] (Fabrice Noilhan)
Subject: Re: Java speed vs 'C' (was Re: New Twofish Source Code Available)
Date: 21 Jan 1999 11:47:12 GMT
According to <[EMAIL PROTECTED]>:
> I find it hard to belive a pure C version could run any faster
> if you allowed the assembly version to run on the same processor.
> Sure maybe it goes 25% faser on the 68030 hardware than the
> assembly on the 68020 but that might be due to HARDWARE speed
> increased and not SOFTWARE.
This was experienced for the DFC algorithm very recently. DEC's cc was
faster than an assembly code. The reason is that this assembly-coded
program was optimized for the 21064 and the compiler was good enough to
do optimizations on the 21164. So, C code was faster than assembly code
on the 21164 (on account of new instructions and different pairing).
Fabrice
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Need some info
Date: Thu, 21 Jan 1999 14:17:11 +0100
Raghu Nandakumara wrote:
>
> I'm a college student and have to do a physics project on something to
> do with systems. I want to do something on methods of encryption and the
> physics involved in the encryption systems. I desperately need as much
> information as I can possibly fins. I would be very greatful if anyone
> here could possibly help me.
I am not knowledgeable to be able to help you. But if you want to
do something on "physics AND cryptology", I guess that there
are at least three topics relevent to you:
1. Generation of good random bit sequences (to approximate the ideal
one-time pad excellently).
2. Quantum computing in relation to cryptology.
3. Prevention of interception (communication media that are difficult
to tape, methods of rendering monitoring devices non-performing,
shielding of radiation from computers, etc.) and irrecoverable
deletion of information from storage media.
M. K. Shen
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Metaphysics Of Randomness
Date: 21 Jan 1999 08:23:54 -0500
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>
>> Randomness is what's left after you throw
>> out everything non-random.
>
>There's a strong definitional similarity between random numbers and irrational
>numbers. Both are defined in the negative sense; what's left after you throw
>away the regular stuff. Further, the succinct description of an irrational as a
>"non-repeating fraction" has an analogue wherein a random number contains no
>pattern (correlation).
>
>The statistical definition of the *generation process* for random numbers,
>selection from a pool of equal probabilities, has no analogue for irrationals
>that I can spot. Is this just empty sophistry or is there something I'm not
>seeing?
You're not seeing the fundamnental distinction between "irrationality"
and "randomness" in that randomness is a function, not of a number, but
of a process.
Just for clarification : *Any* number/string can be the result of
a uniformly random process. In fact, a uniformly random process will
always produce all numbers equiprobably, by construction.
Any number can also be produced as the result of a non-random process,
although for many numbers this will be a very uninteresting process
such as a simple table-lookup and copy.
The closest relative for irrationality is not the properties such
as "non-repeating fraction" (which is a thoroughly bogus definition,
by the way), but the method by which you GET a rational number.
To wit, a rational number can be generated as the ratio of two integers
p and q (q != 0 for the formalists, pthththththth). An irrational
number is a number that cannot be so generated.
Now, it so happens (lucky us) that any number that can be generated
as the ratio of two integers can also be written as a terminating
and/or repeating continued decimal string. This is an independent
property, first proved in the year <mumble> by someone no doubt too
famous for me to remember offhand. But the fact that you can
characterize a number as rational or irrational by inspection is,
strictly speaking, a lucky fluke.
There's a similar definition for, e.g., transcendentals -- a transcendental
number, of course, is a number that cannot be produced as the solution
to a polynomial equation. Transcendentals are a strict subset of
irrationals -- sqrt(2), for instance, is irrational but not transcendental.
However, there's no way to characterize *by inspection* whether or not
a given irrational number is transcendental. I can easily prove a given
number is *NOT* transcendental by showing a polynomial to which &c., but
I can't go the other way.
So the point is that the characterization of both irrationals and
transcendentals is a) strictly process-driven, and b) defined in the
negative sense -- "no possible way to..." That irrationals can be
cleanly defined in typographic properties should *not* lead you to
believe that randomness can also be defined in typographic
properties or that it can be defined in positive terms.
-kitten
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Pentium III...
Date: Thu, 21 Jan 1999 13:18:47 +0100
[EMAIL PROTECTED] wrote:
>
> fungus ([EMAIL PROTECTED]) wrote:
>
> : Intel has announced that the Pentium III will have a built in hardware
> : random number generator, and individual serial number on each chip.
>
> : http://www.techweb.com/wire/story/TWB19990120S0017
>
> Hmm. The serial number on the chip is to assist in copy-protection
> schemes, creating a market for cryptographic techniques...
>
Possibly. Most Unix machines have had serial numbers for years now
and software is usage is often keyed to the machine. I'm not sure how
it will work in the mass market of the PC world though. Any big selling
program will probably cause a lot of headaches if people try to key
it to the machine.
> and a hardware random number generator on the chip will be useful to
> cryptography programs.
>
Maybe not as useful as people will think. It can be used for session
keys etc., but I doubt if people will use it for OTP (cue new thread!)
due to all the key management problems that involves. The question is
whether a hardware number generator provides much benefit over a software
generator for session keys.
> So useful, I'm surprised they included such a feature (yes, I know dice
> aren't export controlled) since they probably have enough headaches
> getting approval to export their latest and greatest microprocessors.
>
Do random number generators fall under export restrictions? I would
say "only if they can be seeded and synched with other machines". If
this isn't the case then I don't see how they can have problems. I'm
sure a company like Intel has thought this through pretty carefully....
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: "Ulrich Kuehn" <[EMAIL PROTECTED]>
Subject: Re: Seemingly secure family of scaleable large block ciphers
Date: 21 Jan 1999 13:42:51 +0100
[EMAIL PROTECTED] (WHu9539962) writes:
> I recently had an idea as to how to make scaleable ciphers using
> small-size block ciphers such as DES.
>
> The technique is to use a small, fixed-size block cipher as an S-box
> for a larger block cipher. For example, to produce a block cipher of
> size 256 bits using DES one can adopt the following procedure:
>
> Encrypt bits 0-63 using subkey A.
> Encrypt bits 64-127 using subkey B.
> Exclusive-or encrypted bits 0-127 with bits 128-255 to produce
> encrypted bits 128-255.
> Repeat with subkeys C and D to yield a 256 bit block cipher with a 224
> bit key.
>
> Note that, in this context, a subkey is 56 bits long.
>
Hi,
with a single known block of plaintext and ciphertext, the scheme can be
broken with four times the time to brute force DES, thus gaining two
bits in effective key length.
Lets call the input blocks p1, p2, p3, p4 and the output blocks c1, c2,
c3, c4. Since the output of the last two DES ops (keyed with C and D)
-- becoming c3 and c4 in the final output -- is xored with the output
of the first two DES ops (keyed with A and B) to form c1 and c2,
this xor op can be undone easily, thus revealing the output of
the first two DES ops. Call that i1, i2. The input to the
last two DES ops is p3^i1 and p4^i2.
Now we have the input and output of all the single DES ops available
and can do a simple brute force search for each single subkey.
This requires four times the effort for a single brute force search,
thus a break takes at most 2^58 operations.
>
> The above described technique seems a useful way of building
> relatively secure ciphers even with the DES, thus enabling the use of
> such things as DES chips.
>
Sorry, but it offers -- compared direct DES application -- only two
more bits of security against an attack with a single known
plaintext/ciphertext pair. Additionally you might get a performance
penalty due to key setup times.
Ciao,
Ulrich
--
Ulrich Kuehn ------------------ [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://wwwmath.uni-muenster.de/~kuehn/
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Thu, 21 Jan 1999 13:55:12 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 21 Jan 1999 04:48:56 GMT, Darren New <[EMAIL PROTECTED]>
wrote:
>(I'll grant Chaitin defining "random", but I don't think
>he's wise in *re*defining "deterministic".)
He isn't redefining deterministic. He uses the term "indeterminant" to
describe the condition where one cannot determine the value of
something, such as each of the bits of Omega.
Whether Omega is deterministic is another issue altogether, which I do
not believe he comments on.
Bob Knauer
"A man with his heart in his profession imagines and finds
resources where the worthless and lazy despair."
--Frederic the Great, in instructions to his Generals
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Thu, 21 Jan 1999 13:59:03 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 21 Jan 1999 05:12:23 GMT, Darren New <[EMAIL PROTECTED]>
wrote:
>I would argue that perhaps there would be no "we" to be a part of a
>physical world, even if such a physical world existed. That is, without
>quantity, there would be no "we" to observe that there was no quantity,
>even if the physical world was still there. *Now* lets get down to some
>heavy metaphysics. ;-)
Shades of the One And The Many Problem.
>1+1=2 because we define it to be that way.
If I define 1 + 1 = 11, where 11 is the concatenation of the two ones,
then that has a reality of its own, that is, there is nothing
arbitrary anymore. 1 + 1 + 1 = 111 is not arbitrary either.
>But the real world doesn't
>pay any attention to our definitions. When our theories are wrong, the
>world doesn't change to accomodate us, regardless of what the
>politicians might like to believe.
You need to read that book I keep referring to.
Bob Knauer
"A man with his heart in his profession imagines and finds
resources where the worthless and lazy despair."
--Frederic the Great, in instructions to his Generals
------------------------------
From: "Ulrich Kuehn" <[EMAIL PROTECTED]>
Subject: Re: Seemingly secure family of scaleable large block ciphers
Date: 21 Jan 1999 15:38:52 +0100
"Ulrich Kuehn" <[EMAIL PROTECTED]> writes:
> with a single known block of plaintext and ciphertext, the scheme can be
> broken with four times the time to brute force DES, thus gaining two
> bits in effective key length.
>
Sorry for quoting myself, but I want to get the thing correct:
due to the unicity distance, one needs at least two pairs of known
plaintext/ciphertext in order to determine a unique key with high
probability.
Ciao,
Ulrich
--
Ulrich Kuehn ------------------ [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://wwwmath.uni-muenster.de/~kuehn/
------------------------------
From: Ajay Shekhawat <[EMAIL PROTECTED]>
Subject: Re: long numbers math - how to ?
Date: 21 Jan 1999 10:54:11 -0500
In sci.crypt Rx Video <[EMAIL PROTECTED]> wrote:
» Hello,
» I'm looking for some information on how to implement the long numbers
» calculations. I have some ideas of my own, but I'm sure there are some
» better solutions. If anybody knows of some articles on the subject, or
» has tried to do it, please, let me know. I'm looking for conceptual
» (theoretical) solutions.
» Sincerely yours,
» Martin
Checkout NTL, at
http://www.cs.wisc.edu/~shoup/ntl/
>From the blurb:
NTL is a high-performance, portable C++ library providing data
structures and algorithms for manipulating signed, arbitrary length
integers, and for vectors, matrices, and polynomials over the integers
and over finite fields.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Dumb Question: Relationship between RSA and Factoring
Date: Thu, 21 Jan 1999 14:48:28 GMT
In article <784bc7$j1k$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dean Povey) wrote:
> "Sam Simpson" <[EMAIL PROTECTED]> writes:
>
> >Further to this response, you may wish to look at the paper:
>
> >D.Boneh, R.Venkatesan, "Breaking RSA may not be equivalent to factoring",
> >Eurocrypt '98, Lecture Notes in Computer Science, Vol. 1233,
> >Springer-Verlag, 1998.
>
> >Which provides evidence that certain instances of RSA cannot be equivalent
> >to the IFP. This is contrary to the belief by some that RSA and IFP are
> >equivalent.
>
> Thanks for the reference.
>
> I actually wasn't asking whether breaking RSA was equivalent to factoring,
> merely whether _recovery of the private key_ is equivalent to factoring.
> I am aware that there may be other methods of obtaining plaintext from
> ciphertext which may not be equivalent to factoring. But I am just
> interested in recovering the private key.
Yes, recovery of the private key is equivalent to factoring:-
(Notation: N=pq, ed = 1 mod LCM(p-1,q-1), d is secret key)
1. FACTORING => KEY_RECOVERY
If p and q are known then d can be easily computed.
2. KEY_RECOVERY => FACTORING
Consider ed-1 = 0 mod PHI(N), then x^(ed-1) = 1 mod N for
all x coprime to N. But e and d are both odd so ed-1 is even,
therefore x^((ed-1)/2) mod N is a square-root of 1 modulo N.
For N an RSA number there are four sq-roots of 1, two are
non-trivial and so for a randomly chosen x we can get a
non-trivial square-root of 1 with 50% probability, call it r.
Then r^2 = 1 mod N and we can use Fermat-style factoring on N.
(specifically (r+1)(r-1) = 0 mod N so take gcd(r-1,N) = p or q).
On the other hand, recovery of the message is not known to be equivalent
to factoring, but it is certainly no harder (which I guess is what the
referenced paper is discussing - but I haven't read it yet).
It is this message recovery problem that is often called the RSA problem.
Hope this helps,
Paul(o)
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (AbsolutAF3)
Subject: Re: Playfair Cipher
Date: 21 Jan 1999 16:55:38 GMT
Check out the following URL for some basic info on playfair.
http://members.magnet.at/wilhelm.m.plotz/Doc/Playfair.htm
Brandon
l>Could somebody please explain me how it works the Playfair Cipher?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Pentium III...
Date: Thu, 21 Jan 1999 17:00:35 +0100
fungus wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> > fungus ([EMAIL PROTECTED]) wrote:
> > Hmm. The serial number on the chip is to assist in copy-protection
> > schemes, creating a market for cryptographic techniques...
> >
>
> Possibly. Most Unix machines have had serial numbers for years now
> and software is usage is often keyed to the machine. I'm not sure how
> it will work in the mass market of the PC world though. Any big selling
> program will probably cause a lot of headaches if people try to key
> it to the machine.
>
> > and a hardware random number generator on the chip will be useful to
> > cryptography programs.
Licensed software can be downloaded that works only on machines
of certain serial numbers. I don't see a difference here between
UNIX workstantions and PC.
>
> Maybe not as useful as people will think. It can be used for session
> keys etc., but I doubt if people will use it for OTP (cue new thread!)
> due to all the key management problems that involves. The question is
> whether a hardware number generator provides much benefit over a software
> generator for session keys.
Presumably a good session key can be constructed from a combination
of the generator output and input from the user. This would eliminate
questions concerning the quality of the hardware generator.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: french law about cryptography
Date: 21 Jan 1999 18:25:28 +0100
Chem-R-Us <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
>
> > 19 jan 1999. the french prime minister announced that the gouvernement
> > will allow the key size up to 128bytes.
> >
> > the original text in french:
> > http://www.premier-ministre.gouv.fr/PM/D190199.HTM
>
> Is that *bytes* or *bits*?????
bits.
[...] le Gouvernement a décidé de relever le seuil de la cryptologie
dont l'utilisation est libre, de 40 bits à 128 bits [...]
--
Mats Kindahl, IAR Systems, Sweden
Any opinions expressed are my own, not my company's.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
