Cryptography-Digest Digest #535, Volume #11 Wed, 12 Apr 00 13:13:01 EDT
Contents:
Re: manual cypher (MCTER) (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: SHA2 (DJohn37050)
Re: SHA2 (Volker Hetzer)
RC6 world fastest realization - true or fake (Ilya Levin)
Re: Is AES necessary? (Mok-Kong Shen)
Extended Euclid problem (Simon Brown)
Geneneral Criptanalysis Information ([EMAIL PROTECTED])
More on self-shredding documents ("David C. Oshel")
Re: Q: Inverse of large, sparse boolean matrix, anyone? (Tim Tyler)
Re: SHA2 (John Savard)
Re: [Q] PGP - RSA - DH/DSS - Newbie (Doug Stell)
Re: Q: Inverse of large, sparse boolean matrix, anyone? (James Felling)
Re: Encode Book? (James Felling)
Re: SHA2 (David A Molnar)
Re: Simulaneous exchange of secrets ([EMAIL PROTECTED])
US crypto laws? (JONATHAN DINERSTEIN)
Re: Encode Book? (Diet NSA)
----------------------------------------------------------------------------
Subject: Re: manual cypher (MCTER)
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Wed, 12 Apr 2000 13:17:42 GMT
David Hopwood <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Jacques Thériault wrote:
>
> [cipher description snipped]
>
> An obvious weakness of this is that for plaintexts requiring
> more than one block (> 52 characters), the state of CRPT after
> the first block is completely determined by the keystream
> used for the first block. I.e. a known plaintext attack can
> break every block after the first easily.
I guess you're right on this one
>
> Even for a single block, the hash applied to the CRPT array
> (i.e. the loop over k) seems to be quite weak. In particular,
> the three lookups used to get c3 aren't a good way to obtain
> an unbiased value - consider what happens when the first
> character of CRPT is 'A', for example.
>
> I don't have enough time to spend on this to break it, but I'm
> pretty sure it is easily breakable.
But do you have an estimate to how long it could take, are we
talking hours, days, weeks, months, or years.
If you want more plaintext, I can give you all what you want.
>
> - --
> David Hopwood <[EMAIL PROTECTED]>
> PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>
This is a method designed to be used by hand, when no computer is
readily availabe. This is not a replacement for DES.
What I'm trying to find out is how long it would take to decrypt a
message and what kind of power is needed to do that. Can it be broken
by hand, without the use of a computer?
Jacques Thériault
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: SHA2
Date: 12 Apr 2000 13:19:37 GMT
SHA-2 is the informal name of the new hash function that will have increased
output sizes, namely double the AES key sizes. It is supposed to be published
(with the official name) by 8/2000 or so.
Don Johnson
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: SHA2
Date: Wed, 12 Apr 2000 13:34:50 +0000
DJohn37050 wrote:
>
> SHA-2 is the informal name of the new hash function that will have increased
> output sizes, namely double the AES key sizes. It is supposed to be published
> (with the official name) by 8/2000 or so.
Any reason they don't do a contest like with AES?
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
Subject: RC6 world fastest realization - true or fake
From: Ilya Levin <[EMAIL PROTECTED]>
Date: Wed, 12 Apr 2000 05:17:41 -0700
Here is a RC6 implementation source code. The person, provided
it, claim this is his personal and unique code has been awarded
and recognized as a RC6 world fastest realization. Can somebody
comment it, please?
Sincerely,
Ilya O. Levin
Nattyware Research Lab
http://natty.port5.com
===
void
#ifdef _MSC_VER
__declspec(naked)
#endif
__fastcall fast_rc6_encode(const unsigned __int32 *in_data,
const T__rc6_raw_key&keys, unsigned __int32 *out_data)
{
// Borland C++ Builder 4.0 __fastcall:
// eax = in_data
// edx = keys
// ecx = out_data
// Microsoft VC++ 6.0 __fastcall:
// ecx = in_data
// edx = keys
// out_data - on stack
#define A ebp
#define B ebx
#define C esi
#define D edi
#define s(n) [edx + (n)*4]
__asm
{
push ebp
#if defined(__BORLANDC__)
push ecx
# define ASM_NL ;
# define IN_DATA eax
#elif defined(_MSC_VER)
push edi
push esi
push ebx
push [esp + 5*4] // out_data
# define ASM_NL
# define IN_DATA ecx
#else
# error "Unsupported compiler type"
#endif
mov B, [IN_DATA + 4]
mov D, [IN_DATA + 12]
add B, s(0)
mov A, [IN_DATA]
mov C, [IN_DATA + 8]
add D, s(1)
};
#define RE(a, b, c, d, i) \
{ \
__asm lea ecx, [b + b + 1] ASM_NL\
__asm imul ecx, b ASM_NL\
\
__asm lea eax, [d + d + 1] ASM_NL\
__asm rol ecx, 5 ASM_NL\
__asm imul eax, d ASM_NL\
\
__asm xor a, ecx ASM_NL\
__asm rol eax, 5 ASM_NL\
__asm xor c, eax ASM_NL\
\
__asm rol c, cl ASM_NL\
\
__asm add c, s(i*2 + 1) ASM_NL\
__asm mov cl, al ASM_NL\
__asm rol a, cl ASM_NL\
\
__asm add a, s(i*2) ASM_NL\
};
RE(A, B, C, D, 1)
RE(B, C, D, A, 2)
RE(C, D, A, B, 3)
RE(D, A, B, C, 4)
RE(A, B, C, D, 5)
RE(B, C, D, A, 6)
RE(C, D, A, B, 7)
RE(D, A, B, C, 8)
RE(A, B, C, D, 9)
RE(B, C, D, A, 10)
RE(C, D, A, B, 11)
RE(D, A, B, C, 12)
RE(A, B, C, D, 13)
RE(B, C, D, A, 14)
RE(C, D, A, B, 15)
RE(D, A, B, C, 16)
RE(A, B, C, D, 17)
RE(B, C, D, A, 18)
RE(C, D, A, B, 19)
RE(D, A, B, C, 20)
__asm
{
pop eax
add A, s(r2 + 2)
add C, s(r2 + 3)
mov [eax], A
mov [eax + 4], B
mov [eax + 8], C
mov [eax + 12], D
#ifdef _MSC_VER
pop ebx
pop esi
pop edi
pop ebp
ret 4
#else
pop ebp
#endif
};
#undef A
#undef B
#undef C
#undef D
#undef s
#undef IN_DATA
};
void
#ifdef _MSC_VER
__declspec(naked)
#endif
__fastcall fast_rc6_decode(const unsigned __int32 *in_data,
const T__rc6_raw_key&keys, unsigned __int32 *out_data)
{
// Borland C++ Builder 4.0 __fastcall:
// eax = in_data
// edx = keys
// ecx = out_data
// Microsoft VC++ 6.0 __fastcall:
// ecx = in_data
// edx = keys
// out_data - on stack
#define A ebp
#define B ebx
#define C esi
#define D edi
#define s(n) [edx + (n)*4]
__asm
{
push ebp
#if defined(__BORLANDC__)
push ecx
# define IN_DATA eax
#elif defined(_MSC_VER)
# define IN_DATA ecx
push edi
push esi
push ebx
push [esp + 5*4] // out_data
#else
# error "Unsupported compiler type"
#endif
mov A, [IN_DATA]
mov C, [IN_DATA + 8]
sub A, s(r2 + 2)
sub C, s(r2 + 3)
mov B, [IN_DATA + 4]
sub B, s(r2 + 1)
mov D, [IN_DATA + 12]
sub D, s(r2)
};
#define RD(a, b, c, d, i) \
{ \
{ \
__asm lea ecx, [d + d + 1] ASM_NL\
\
__asm imul ecx, d ASM_NL\
__asm lea eax, [b + b + 1] ASM_NL\
__asm rol ecx, 5 ASM_NL\
\
__asm imul eax, b ASM_NL\
__asm ror a, cl ASM_NL\
\
__asm xchg eax, ecx ASM_NL\
__asm rol ecx, 5 ASM_NL\
__asm ror c, cl ASM_NL\
\
} \
if(i!=1) \
{ \
__asm sub b, s(i*2 - 1) ASM_NL\
__asm xor a, ecx ASM_NL\
__asm xor c, eax ASM_NL\
__asm sub d, s(i*2 - 2) ASM_NL\
} \
else \
{ \
__asm xor a, ecx ASM_NL\
__asm xor c, eax ASM_NL\
} \
};
RD(D, A, B, C, 20)
RD(C, D, A, B, 19)
RD(B, C, D, A, 18)
RD(A, B, C, D, 17)
RD(D, A, B, C, 16)
RD(C, D, A, B, 15)
RD(B, C, D, A, 14)
RD(A, B, C, D, 13)
RD(D, A, B, C, 12)
RD(C, D, A, B, 11)
RD(B, C, D, A, 10)
RD(A, B, C, D, 9)
RD(D, A, B, C, 8)
RD(C, D, A, B, 7)
RD(B, C, D, A, 6)
RD(A, B, C, D, 5)
RD(D, A, B, C, 4)
RD(C, D, A, B, 3)
RD(B, C, D, A, 2)
RD(A, B, C, D, 1)
__asm
{
sub B, s(0)
pop eax
sub D, s(1)
mov [eax], A
mov [eax + 4], B
mov [eax + 8], C
mov [eax + 12], D
#ifdef _MSC_VER
pop ebx
pop esi
pop edi
pop ebp
ret 4
#else
pop ebp
#endif
};
#undef A
#undef B
#undef C
#undef D
#undef s
};
===
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Wed, 12 Apr 2000 15:51:14 +0200
Tom St Denis wrote:
>
> Oh well, yea you are right AES is completely not required, but neither
> is further space exploration. Been there, done that.
I know it is often difficult to argure about 'requirements', for
that word usually has a wide range of interpretations. (I hope
though that my interpretation in this thread has been unabmiguous.)
At the end it is clearly something in the domain of politics and
consequently one could aptly argue on both sides. About 'space',
BTW, it is my personal (certainly subjective/biased, exotic) view
that one shouldn't spend a cent researching whether there are other
intelligent beings elsewhere in the universe before the daily
uncounted number of people perishing due to hungry in our world
could be stopped.
> Yea 3DES is secure, but I think by properly implementing [*] the new AES
> ciphers in my program that others will eventually use, I am doing those
> cryptographers a nice favor. It's one thing to design a cipher,
> cryptanalyze it, [and get the women] but if it's never used who cares?
AES certainly will be a very good cipher, even though someone has
cautioned that one should await some further analysis. It will also
surely be used in practice. My aruments could probably be compared
to somebody in a family questioning why an expensive new car is
brought while the predecessor is not yet two years old.
M. K. Shen
------------------------------
From: Simon Brown <[EMAIL PROTECTED]>
Subject: Extended Euclid problem
Date: Wed, 12 Apr 2000 14:38:35 +0100
Hi
I seem to be stuck in a rather silly position. I've been reading the
handbook of Appl Crypto to help me do an RSA decrypt. I've been using
the C code that I think Steve pate did for the extended Euclid algo. The
problem is it gives me the wrong answer. It returns a value for d where
e*d mod Phi is -1 not +1. Could some who is better at maths than me
point out the error of my ways. The numbers involved are 143 and 928368
which returns 77905 for d
Cheers
SMB.
Simon Brown, [EMAIL PROTECTED] 0x93BE39C9
------------------------------
From: [EMAIL PROTECTED]
Subject: Geneneral Criptanalysis Information
Date: Wed, 12 Apr 2000 13:42:19 GMT
Hi,
I'd like to learn something about ciptanalysys, but I can't find
information about the methods that are used. I've read a lot about
criptography, and I wish to expand my knowledge.
Can anyone recomend me some information source??
Thanks in advance
WSM
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "David C. Oshel" <[EMAIL PROTECTED]>
Subject: More on self-shredding documents
Date: Wed, 12 Apr 2000 08:52:42 -0500
Sorry, I missed the beginning of this thread, but yes, self-shredding documents
are very easy to implement. For example, if you are using an OTP, you destroy
your pad, which effectively turns anything encrypted with it into waste paper.
Also, if you are using a proprietary bytestream system (the simple kind with
good statistical properties, such as winding the output from a couple of lagged
fibonacci generators through TEA), then destroying the codebook used to initialize
the lfgs will render anything previously encrypted useless. There is an existence
proof, and it takes about 2 seconds to shred any number of tons of backup disks this
way.
--
David C. Oshel mailto:[EMAIL PROTECTED]
Cedar Rapids, Iowa http://pobox.com/~dcoshel
``Tension, apprehension, and dissension have begun!" - Duffy Wyg&, in Alfred
Bester's _The Demolished Man_
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 12 Apr 2000 14:40:54 GMT
Gadi Guy <[EMAIL PROTECTED]> wrote:
: MacKay says: "Such a random sparse matrix is not necessarily
: invertable, but there is a probability (for large N) of about
: 0.29 that it is." [...]
If there are rows which may be expressed as linear combinations of other
rows, the matrix will be singular. If your matrix is *very* sparse,
this is pretty likely to happen.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: SHA2
Date: Wed, 12 Apr 2000 15:00:49 GMT
Volker Hetzer <[EMAIL PROTECTED]> wrote, in part:
>Any reason they don't do a contest like with AES?
I guess they felt that in this case no problem would be caused to
national security by accepting more fully the benefit of the NSA's
expertise for this one.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: [Q] PGP - RSA - DH/DSS - Newbie
Date: Wed, 12 Apr 2000 15:01:16 GMT
On Sun, 09 Apr 2000 17:30:49 GMT, [EMAIL PROTECTED] (Gilles F)
wrote:
>Can you answer me ?
>
>RSA is an asymetric cryptosystem (or algorithm), OK....
>PGP uses a secret session key, encrypted with public key, OK....
>
>PGP promotes Diffie Hellman/DSS instead of RSA/MD5 (for royaltie-free
>reasons, I think)....
>
>In which way this protocol can replace RSA ?
>(may be, it's an another Diffie Hellman protocol, diffrent form the
>exchanging key protocol ... ?)
PGP relies on the ability of the sender to randomly create the session
key and securely send it to the recipient, via store-and-forward
email. RSA encryption permits this. However, plain Diffie-Hellman does
not do encryption. However, the ElGamal extension of the
Diffie-Hellman technique does.
The KEA-SKIPJACK documents give one of several other ways to do
store-and-forward with a key agreement algorithm. Another scheme is
one in which senders post weekly or monthly vectors and all senders
for that week/month use that vector.
doug
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Date: Wed, 12 Apr 2000 10:29:09 -0500
The odds of a large Sparse Boolean matrix being singular are very high.( much
higher than a traditional large sparse)
Tim Tyler wrote:
> Gadi Guy <[EMAIL PROTECTED]> wrote:
>
> : MacKay says: "Such a random sparse matrix is not necessarily
> : invertable, but there is a probability (for large N) of about
> : 0.29 that it is." [...]
>
> If there are rows which may be expressed as linear combinations of other
> rows, the matrix will be singular. If your matrix is *very* sparse,
> this is pretty likely to happen.
> --
> __________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
> |im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Wed, 12 Apr 2000 10:31:29 -0500
I learned pascal at about the same age. It was a big achievement, but
not on the same order as Ms. Flannery's achievement. You are gifted and
talented, but she has done something that was truly extraordinary. Live
with it.
Tom St Denis wrote:
> lordcow77 wrote:
> >
> > In article <[EMAIL PROTECTED]>, Tom St Denis
> > <[EMAIL PROTECTED]> wrote:
> > >> In any case, I doubt I could create a fast new public-key
> > algorithm
> > >> right now. I *know* I could not have done it at her age. It
> > remains an
> > >> impressive acheivement.
> > >
> > >So what, I tought myself Pascal when I was 12, big deal. It's
> > nice to
> > >know she understands it enough to break her own algorithm
> > though.
> > >
> >
> > Teaching yourself Pascal is not a big deal. Inventing a new
> > public key cryptosystem that is at least plausibly difficult to
> > break and then attacking it yourself at her age is a big deal.
> > If you don't realize this, I'm afraid that it wouldn't be
> > productive to explain this any further.
>
> You try teaching pascal to a 12 year old, and tell me that.
>
> Tom
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: SHA2
Date: 12 Apr 2000 15:45:46 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> Volker Hetzer <[EMAIL PROTECTED]> wrote, in part:
>>Any reason they don't do a contest like with AES?
> I guess they felt that in this case no problem would be caused to
> national security by accepting more fully the benefit of the NSA's
> expertise for this one.
Speaking of that, any odds on whether this hash function will need
a bug fix as well? and if it does, will that be SHA2.1 or SHA3?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Simulaneous exchange of secrets
Date: Wed, 12 Apr 2000 16:33:15 GMT
there is an PDF-file about it, by Tatsuaki Okamoto and Kazuo Ohta, at
http://www.acm.org/pubs/citations/proceedings/commsec/191177/p184-
okamoto/
Hope this will help you - but you as will see that you have to pay for
it, i just dropped over it a while ago - but it is not my kind of
business, so don't ask me more about it.
Greetings from Germany
Oliver
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (JONATHAN DINERSTEIN)
Subject: US crypto laws?
Date: 12 Apr 00 10:58:14 MDT
Does anyone know what the new US laws are for exporting crypto software? I
know the laws just recently changed. Can even software using new algorithms
(MARS, Twofish, etc) be exported?
thanks!
Jonathan Dinerstein
[EMAIL PROTECTED]
------------------------------
Subject: Re: Encode Book?
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 12 Apr 2000 10:00:23 -0700
In article <2bfa1245.23735ac7@usw-
ex0103-018.remarq.com>, lordcow77 <
[EMAIL PROTECTED]>
wrote:
>Teaching yourself Pascal is not a big deal. Inventing a new
>public key cryptosystem that is at least plausibly difficult to
>break and then attacking it yourself at her age is a big deal.
I know very little about high school
students but some of their achievements
in crypto (such as Flannery's & also
Viviana Risca's DNA steganography) seem
somewhat remarkable for people that age.
I also find it impressive that Tom St
Denis appears to be able to learn
computers & crypto so rapidly, especially
since he is only doing this part-time. He
is not afraid to learn by making mistakes
which he regularly catches & corrects
himself. What Tom develops & puts on his
website would be impressive to any
potential school or employer & he could
probably get a job in most areas of IT
even with only a high school diploma
(especially since nearly 850,000 IT
positions in the U.S. will go unfilled in
the near term causing some economic
slowdown).
>From your postings, it seems obvious that
you are far beyond the high school level.
You needn't be too harsh with Tom- What
you might perceive as arrogance could be
an expression of confidence. Whether
anyone likes it or not, it has been shown
that the brains of teenagers are
hardwired differently for processing
emotions and that young people
(especially males) have more of the
neurons associated with aggression
(gradually these neurons start to die off).
A female biologist (an Australian whose
name I forget) claims that intelligence is
primarily linked to the X chromosome.
Supposedly, then, intelligence is more
likely to average out in females and is
more likely to be abnormally low or high
in males. Among peolpe with high IQs
there are about 50 times as many men as
women. Also, there is evidence that
testosterone contributes to intelligence
and that spatial reasoning abilities are
greater in men than in women. These may
be some biological reasons why there are
more men than women in mathematics.
I don't know if it is so difficult to come
up with an idea for a "plausible" PK
cryptosystem. It wouldn't surprise me if,
for example, Tom posted a new proposal
for PK crypto based, say, on a certain
class of permutation polynomials. I could
*try* to devise a new PK system based on
a combination of cellular automaton &
gate array architecture. However, there is
a very good chance that these proposals
will be like Flannery's - not standing up
to cryptanalytic attacks or not offering
any advantage over existing systems.
Also, they could have problems with
implementation. Anyways, if you don't
like Tom's posts you don't have to read
them.
I toy with Big Brother, yet He does not share His toys with me :-(
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
