Cryptography-Digest Digest #663, Volume #11 Sat, 29 Apr 00 17:13:02 EDT
Contents:
Re: factor large composite (Jerry Coffin)
Re: Intel drops serial number (Bill Unruh)
Re: Help In encryption!!! (Andru Luvisi)
Re: Help with Encryption Algorithm (Andru Luvisi)
Re: factor large composite ([EMAIL PROTECTED])
Request for attacks on slightly less naive algorithm than last time (Richard
Heathfield)
Re: U-571 movie (OT) (Darren New)
Re: Speaking of HD Overwriting... (Jerry Coffin)
Re: sci.crypt think will be AES? (Terry Ritter)
Re: sboxes for the bored... (Terry Ritter)
----------------------------------------------------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Sat, 29 Apr 2000 11:58:27 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Johnny Bravo wrote:
> > The cost is nothing, ...
>
> Wrong. If your CPU is idle, it will execute a HLT and waste far
> less power.
That depends -- there are some laptops and such that halt at least
parts of the processor when they're not in use, but most desktop
machines do nothing of the sort.
> If you always have some low priority task running
> which uses every bit of time he can get, you will waste far more
> power than without it.
"far more"? Again, you seem to be stretching things a bit -- some of
the big RISC CPUs draw quite a bit of power (the highest of which I'm
aware is the Fujitsu SPARC V, at 100 watts) but most CPUs don't draw
narly that kind of power -- 8 to 10 watts is fairly typical for many
CPUs, and something like an ARM or SuperH can run on well under one
watt.
> Plus, no matter how low the priority of such a program is, it
> will always fill the CPU cache with its instructions and drop
> other peoples stuff out of it. This effect is real; you can
> experience it in practice.
This is pure nonsense -- it will have instructions in the cache while
it's running, and typically for a _very_ short period of time
afterwards. Depending on the size of the program involved, and the
OS in use, this often has little effect: a typical OS has an idle
process that runs when nothing else needs CPU time, and something
like an ECDL progam may end up using almost no more memory than the
system idle process.
In any case, as long as the process isn't scheduled and running (i.e.
when you're doing anything else) it will NOT have any instructions in
the cache AT ALL, at least under any reasonably ordinary OS and CPU
-- it's barely possible that somebody has designed something to work
differently, but if so, it's definitely VERY rare.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: talk.politics.crypto
Subject: Re: Intel drops serial number
Date: 29 Apr 2000 18:07:09 GMT
In <8ef2a9$92n$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Vernon Schryver)
writes:
>nothing to do with the PIII ID. By implying that some privacy was
>threatened by the PIII ID and protected by its disappearance, you are
>aiding and abetting those who can and do violate the privacy of anyone
>who doesn't take precautions. By spreading the "big lie" that a battle
>has been won, you fool the ignorant into not seeking and implementing
>defenses.
A battle has been won. This of course does not mean that the war is
over, but each beachhead won is an advance. That other means of privacy
intrusion are also used it true. That this would not have been a danger
until widly implimented is also true, but after it is widely implimented
is not the time to fight the battle.
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Help In encryption!!!
Date: 29 Apr 2000 11:17:07 -0700
[EMAIL PROTECTED] writes:
> Hi:
>
> I was wondering which would be the best and
> easiest encryption algorithm to code using C++,
> such that it could be implemented for a class
> project. Also can someone point me to some
> encryption algorithms where there is a full
> description of the process.
Here's two:
Ciphersaber: http://www.ciphersaber.gurus.com/
TEA/XTEA: http://vader.brad.ac.uk/tea/tea.shtml
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Help with Encryption Algorithm
Date: 29 Apr 2000 11:19:05 -0700
"news.shinbiro.com" <[EMAIL PROTECTED]> writes:
[snip]
> We receive encrytped data from a system that was contractor developed. The
> same contractor provided us with a decryption exe file, but we don't have
> access to the source code. We want to take over the whole process
> ourselves, but need to come up with a way to decrypt the data we receive.
> My gut feeling is that the routine isn't rocket science, but it's more than
> I can figure out.
[snip]
Do you have the source code to the system that generates the encrypted
data?
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: factor large composite
Date: 29 Apr 2000 13:57:34 -0400
In article <[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> writes:
>Jeffrey Williams wrote:
>>
>> Your objection applies only to those for whom market economics apply
>> (ie: you, me, business, etc). It doesn't apply to government, which does
...
>> Therefore, if you wish to keep your information secret from governments,
>> etc, 768 bit RSA may be inadequate.
Our contention, in the paper on the factorization of
RSA-155 (at 512-bits), to appear, May, EuroCrypt 2000,
is that 768-bit RSA is no longer ".com-secure", much less
".gov-secure". It's not unusual for a credit card account
to be open for ten years; likewise for home addresses,
medical data; not to mention social security numbers. So
we're not discussing today's mpi-capable clusters, but rather
2010's. I've picked ten years as the relevant time period
myself (rather than referring specifically to Bob's or Arjen's
estimates) from the historical record. The Fermat number
F9 = (2^(2^9))+1 = (2^512)+1 was factored using SNFS in 1991.
The first 512-bit RSA-key was factored using GNFS in 1999. We're
expecting to factor (2^773)+1 in 2001 (we'd need more help to
hit Dec 31, 2000) using SNFS. The runtime ratio
(768-bit-GNFS)-to-(768-bit-SNFS) to (512-GNFS)-to-(512-SNFS)
is nontrivial. Even with that as a handicap, I expect that
the matrix for 768-bit RSA will be done in public by 2010.
People with shorter time horizions might watch for when
1024-bit SNFS is broken, which is quite a bit easier than 768-bit
GNFS.
>And the reality of the situation. Talk to Bob Silverman about the
>memory required on avg to hold the matrix for the nfs of a 1024 bit RSA
>style composite. Then tell me it depends on your adversary. I don't
>know alot about the highest tech computers (this much is obvious) but
>looking at the quotes and papers on the nfs I doubt that it could be
>done at all right now.
Once again, Tom has me puzzled. So far as I know, the security
of 1024-bit RSA isn't even remotely subject to precise estimate.
One of the points of the cyptosavvy estimates is to give Lower
bounds. Not "factoring 1024-bit RSA keys will take ...", but
"factoring 1024-bit RSA keys can't plausibly take less than ..."
Discussing the feasiblity of the 1024-bit RSA matrix is way in
the range of vapour-ware, rather than hardware; especially since
the point in contention is a software question: is there a
(reasonably-well performing) parallel version of Montgomery's
block Lanczos? I don't want to mis-characterize Bob's views
(which are on-line at rsalabs), but I do recall one of his posts
here from a few months ago asserting that processors would
inevitably spend too much of their time waiting for data to
arrive. The Shamir-Lenstra paper (to appear, EuroCyrpt 2000)
asserts that -- if there is a well-performing parallel block
Lanczos -- you'd still need a network with the computing power
of c. 80000 Pentium II's at 450 Mhz. For a lower bound, we can
think about when to expect such an mpi-capable network.
So supposing that there is such a network in the public within
ten years, say a successor of the T3E or a tightly coupled linux
network, can the parallel matrix software be worked out? I know
of two people working on the code; short of asking Montgomery,
one can read Bob's asessment of Peter's current progress in the
rsalabs keylength report. Last I checked, the people doing the
sieving for producing the current hardest challenge matrix had
better info than people that weren't.
B. Dodson, Math Dept, Lehigh.EDU
>Tom
>--
>Want your academic website listed on a free websearch engine? Then
>please check out http://24.42.86.123/search.html, it's entirely free
>and there are no advertisements.
------------------------------
Date: Sat, 29 Apr 2000 19:17:50 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Request for attacks on slightly less naive algorithm than last time
[In this article, ^ means XOR, ** means 'to the power of', % means
'modulo'.]
Recently, I asked this newsgroup to analyse my 'unbreakable'
(naturally!) cryptographic algorithm, as follows:
Let J be an array with 2 ** CHAR_BIT (i.e. 256 on most machines)
elements, each populated with some arbitrary number.
Let K be the key, consisting of k bytes.
P is plaintext, of course, and C is ciphertext. p is the number of bytes
in the plaintext.
C = P
for b = 0 to k - 1
Rotate C left by J[K[b]] bits
for u = 0 to p - 1
C[u] = C[u] ^ K[u % k]
In other words, it's an eminently breakable Vigenere, with the twist
that I'm rotating the bits to try to avoid the classic anti-Vigenere
attack.
Some members of this newsgroup very kindly pointed out that this
algorithm was vulnerable to attacks on multiple ciphertexts of the same
length, encrypted with the same key (e.g. network packets);
particularly, there was a problem with the fact that, if two plaintexts
differed by just one bit, the ciphertexts too would differ by just one
bit. Someone mentioned "avalanche" to me.
Having discovered that "avalanche" means a kind of pseudo-chaotic effect
- one bit's value affects many other bits' values in the end ciphertext
- I gave some thought to whether I could devise a technique for
achieving this, so I looked around for examples in my own experience.
In Conway's "Game of Life", we have a clear example of cells affecting
other cells. This made me think of finite automata generally, and I came
up with this finite-automaton-style idea, as a part-way stage in the
encryption process:
Input bits Output bits
000 101
001 100
010 001
011 010
100 110
101 011
110 111
111 000
(Yes, I know that not all messages are a multiple of three bits in size!
This isn't a problem, I hope, because of the rotations that are going on
elsewhere.)
If, then, I could interleave this translation process into my algorithm,
I could perhaps increase its security. It would become something like:
C = P
for b = 0 to k - 1
replace each 3-bit pattern with its looked-up substitute pattern
Rotate C left by J[K[b]] bits
for u = 0 to p - 1
C[u] = C[u] ^ K[u % k]
It would slow the algorithm down, but I could compensate for that by
giving up my ridiculous 20,000-bit or even 80,000-bit keys. I suspect
that I could use a much smaller key - and with, say, a 256-bit key, it
might even be quite quick. And of course it's easily reversible, for
decryption purposes.
Before I get down to coding it, I have two questions:
(1) does this increase the security of the algorithm?
(2) are there any obvious attacks? (I can't think of any, but that means
little.)
(3) have I inadvertently re-invented these mysterious 'S-boxes' you
folks keep talking about?
Okay, that's three questions. :-)
If it helps, my 'threat model' (hey, I catch on /relatively/ quickly) is
a spotty teenager with an attitude and a packet sniffer, and my primary
concerns are (i) authentication and (ii) the privacy of short, irregular
messages which may have repeated blocks of information in them (such as
message type indicators).
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: U-571 movie (OT)
Date: Sat, 29 Apr 2000 18:38:39 GMT
Stou Sandalski wrote:
> But which Hollywood movie has had more then 2% truth in it?
Apollo-13?
--
Darren New / Senior MTS / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
Not so much a killfile as a slightly-woundedfile.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Speaking of HD Overwriting...
Date: Sat, 29 Apr 2000 13:52:22 -0600
In article <8ec8qc$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> It's more complicated than that. The write laser melts the metal under a nonmelting
> transparent layer. If the laser is turned off in a nanosecond or so, the metal
> freezes with a bunch of crystals, which are less reflective. If the laser is turned
> off slowly (microseconds) the metal freezes as a single crystals, which is less
> reflective. The actual area that is melted is close to the wavelength of the laser,
> so the very idea of "missing" or "hitting" the spot is fuzzy - you need to get into
> the quantum behavior to understand what is going on.
Some may also remember that shortly after CDs came out, Tandy
invented what they called THOR technology, which was essentially CD-
RW, but long before that name came into use. The technology was
substantially different though: THOR actually produced "dents" in a
layer of reflective material, just about like a normal CD has.
It did this by having two different lasers, and layers of plastic on
each side of the aluminium that melted under exposure to the
different wavelengths from the lasers. The plastic layers would
expand slightly when melted, so by manipulating the order in which
you turned the lasers on and off, you could keep one side expanded
slightly while the other hardened and held the reflective layer into
place.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: sci.crypt think will be AES?
Date: Sat, 29 Apr 2000 20:25:52 GMT
On 29 Apr 2000 09:20:44 -0600, in <8eeukc$7s2$[EMAIL PROTECTED]>,
in sci.crypt [EMAIL PROTECTED] (Vernon Schryver) wrote:
>In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
>
>> ...
>>>Yes, but in the case of those examples, at least a couple were clearly
>>>less than novel.
>>
>>Perhaps *you* have checked out the claims of those patents (in the
>>context of their body), but *I* sure haven't. Absent that, I am
>>unwilling to make the uninformed judgment you seem to want.
>
>That's mighty convenient for someone who recently claimed:
>
>] Since I already have patents, I don't have to *argue* that I *thought*
>] I have something new and unique; that has been confirmed.
>
>The two URL's I offered are damning evidence about Mr. Ritter's claim that
>his idea has been confirmed new and unqiue.
I claimed that, and I would claim it again. But the point before that
was, unless we discuss THE CLAIMS there is no reality to the
discussion. A patent has legal coverage over the described CLAIMS,
*not* its Title or Summary or even the body description. Judging a
patent without studying the claims is just irrelevant and ignorant.
Nor is it unreasonable to find some bad patents in the millions
approved -- one at a time -- by a bureaucratic human process. Bad
decisions happen. But it is simply false reasoning to assert that
because some patents are bad, all patents are bad. Since we are
writing in a .sci newsgroup, it seems a shame that I even have to
point that out.
With respect to proven novelty, perhaps if I put it another way the
idea will get through: It is the *role* of the PTO to make
legally-binding decisions about novelty, and an issued patent is the
result of a positive decision. Absent an actual court contest, a
claim of novelty has been reviewed, the decision made and represented
to society in a legal grant of rights. Like any human decision, that
decision could be wrong, but there has been a formal presentation and
review of just that topic. That is something of a completely
different nature than going on about how there is damning evidence and
so on.
>One URL is about finding the
>head of a circular list in two of ways known to any programmer who has
>ever read anything about garbage collection. The following is from the
>"SUMMARRY OF THE INVENTION" of the other:
>
> The main purpose of this device is:
> 1. To allow signals to travel great distances at many times the
> speed of light.
> 2. To use considerably less power to travel the same distance,
> compared to transmitters not using this device.
You are not understanding the situation: The title does not matter.
The summary of invention does not matter. What does matter are the
claims, with the body of the patent serving to define the terms used
there. There is just no point in getting upset about the rest, and
there is no point in showing how stupid a particular patent may be
without discussing the claims.
>> ...
>>>It would, in my opinion, be better if you could just mail your
>>>application to a seperate section of the office and not even have it
>>>reviewed unless someone tried to patent the same thing later.
>>
>>That sure would have simplified things for me. Everybody who thinks
>>it is so easy to get a serious patent should have to actually do it.
>
>No one here has claimed that it is easy or cheap to get a patent.
>However, no one honest, sane, and with a clue would claim that the cost
>or effort to get a whatever Mr. Ritter means by a "serious patent" differ
>from what is required to get one of the other kinds or types.
"...no one honest, sane, and with a clue?" Really? Interesting that
you would put it that way:
In fact, there are *three* kinds of patent: Utility Patents, Design
Patents, and Plant Patents. When we discuss patents on a technical
newsgroup we normally imply a Utility Patent, which covers functional
devices. This is basically the way to make a machine, the functioning
of a process and so on. Getting a Utility Patent -- of which I have
three -- requires a very substantial application with formal drawings,
with one or more PTO reviews and formal responses, typically over a
year or two, plus various fees. Trust me; this is hard.
But it is also possible to get a Design Patent, which covers only
ornamental or aesthetic non-functional devices. That basically
requires drawings, some formal paperwork, and a filing fee. Much,
much easier, but still "a patent."
Now, there was something about "sanity" and "a clue"....
>Mr Ritter also wrote in <[EMAIL PROTECTED]>:
>
>] The implication of the previous article was that I had to *argue* that
>] my idea was new and unique. But that is what the patent *application*
>] is about; we are past that argument with an issued patent. Now, you
>] may not like that, but, again, that is *your* problem.
>
>There Mr. Ritter once again claims that the existence of his patent proves
>that his idea was new and unique. As demonstrated by the many obviously
>bogus patents, that claim is utter nonsense. The existence of his patent
>shows nothing about whether his idea was new or unique. He is not required
>to argue his ideas's merits here, but no one need assume that his patent
>would survive a challenge.
Well, that is the situation for almost any legal decision. However,
*absent* an actual court contest, a legally-binding decision has been
delivered and is now in actual legal force. You can whine about how
*maybe* that would not stand up, but absent actual evidence of prior
art, your flailing about is just silly.
Any PTO decision *could* be a mistake, but I hold three (3) such
decisions. All mistakes? Well, maybe. But they are binding anyway,
wrong or not.
>Even even if Mr. Ritter's idea were new and
>unique, whether it might be worth using is a separate question.
Indeed. That is not an issue for patent. The point of the patent is
to establish a limited monopoly over the claimed invention. There is
no implication (other than in a very basic sense) that the invention
is worthwhile.
>Shouting about a patent on a minor idea is a great way to keep the idea
>from being used even after the patent expires. There have been examples
>of that syndrome in the IETF. For example, people at DEC invented a way
>to allow simutaneous 16 and 32 bit checksums for PPP packets. When the
>DEC patent lawyers got greedy, the community yawned and blacklisted the
>notion. It was a nice little idea, but not nice enough to to jump through
>licensing hoops, and not to mention paying royalties. The messy histories
>of Unisys's LZW patent and of many other compression patents are more
>complicated but similar stories. (Never mind the compession patents with
>well known prior art.)
How interesting, then, that nobody -- NOBODY -- had the money or the
guts to take such an obvious bad patent to court.
I think part of the issue here is a basic lack of desire to understand
the technical legal term "prior art"; it is not just something similar
that was done earlier. "Prior art" must be *published*, so that the
ordinary worker in the field can use the idea. So just find the
*publication* that showed how to do that compression *before* the
article that resulted in the patent. I doubt there is any such thing.
If there was such a thing, there would have been a court decision.
What probably happened is that -- as usual -- some programmers may
have come up with similar ideas, and kept them to themselves, or to a
select group. In legal terms, they chose "trade secrecy" over "patent
protection" or even open publication. Simply distributing a program
which does the thing does not inform the ordinary worker in the field
about how to do it. So the secret remains until someone else figures
it out and publishes it for the public good. They also can apply for
and receive a patent. Then *everybody* knows how to do it, not just
the few programmers who kept it to themselves. Open information is
what the whole patent process is about.
>The Ethernet patents are examples the obverse,
>of how patenting an idea and then giving it away can make it popular.
>Even Stac Electronics finally figured out that tactic and profited by
>applying it to PPP compression.
>
>Mr. Ritter has for years complained that he has been wronged by NIST and
>the industry in general.
I'm not sure that's fair. I certainly have complained that the AES
contest (which I guess has been going on for years) was unfair to me
and other patent holders but also every cipher designer. The process
not only fails to provide a return to compensate those who actually do
the work, it positively prevents such a return. It fails to respect
cipher design as a business and industry. It is like the bureaucrats
think profit implies a "trust" and should be illegal.
The idea of trying to do a serious project for free means that you
necessarily depend upon those who can afford to contribute. This same
problem happens in industry standards efforts, where we often see big
companies continually represented, while individual experts may only
be able to visit once in a while. I think big money should not decide
industrial standards. Nor should we have a system which discourages
virtually everyone but academic entrants.
I don't think I have complained about industry not adopting my ideas.
But I certainly *have* complained that the current crypto texts have
not addressed those ideas. People entering the field depend upon
those texts to get a background to what has been done, and the texts
are insufficient to do that. They just talk about the conventional
wisdom.
>Perhaps his ideas are wonderful. I was been
>underwhelmed when I've looked, but I've assumed that since I'm not skilled
>in the art, I can't distingish good encryption ideas from the likes of
>faster than light travel and programming techiques from textbooks that
>were 20+ years old on the filing date. (See Waite's 1973 book).
I have no idea what you are talking about.
>My guess is that Mr. Ritter' idea is like many non-bogus patents, at best
>barely the sort of innovation that the authors of the Constitution had in
>mind. I suspect that by patenting it and then talking about getting rich
>(e.g. his endless whining about the AES) he has ensured that for the next
>20 years encryption experts will check his patents and do something else.
I do find it interesting that you would make such claims without
understanding the material.
It is difficult for me to review my own work. That said, I believe in
each case I have presented new (that would be "novel") areas of
cryptographic technology. These are not patents on ciphers, or even
cipher designs, but basic technology patents.
Now, you can go on about how these *issued* *patents* probably aren't
what "the author's of the Constitution had in mind," and you could
disrespect my published articles, or my work on the Crypto Glossary,
the Intro to Cryptography, and my original work on constructing Latin
squares and so on. But at some point you will be forced to admit that
I have done *something* in cryptography.
What have *you* done that qualifies *you* to write about my work in
negative tones? Where is *your* work so *I* can review that?
>Mr. Ritter has made clear many times he thinks that his patents should
>have given him wealth and respect.
Sometimes I post frequently, but despite that I doubt that you could
show even one such time.
I have few illusions about wealth. Respect would be nice, but even
then I can't buy groceries with it.
>Sadly for some holders of really novel
>and great ideas, those are not among even the nominal purposes of the
>patent system.
The problem with restricting patents only for great ideas is that it
is so hard for a new idea to be perceived as great within the context
of conventional wisdom. Almost by definition a great idea follows a
different course, and understanding that requires a large amount of
background which the ordinary worker in the field will not have. If
it is the great ideas we want to protect, we must protect all the
ideas.
>Perhaps Mr. Ritter's patent lawyers sold him a bill of
>goods, but I do wish he would "Get Over It."
Yeah, so much so that you keep discussing it.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: sboxes for the bored...
Date: Sat, 29 Apr 2000 20:26:48 GMT
On Sat, 29 Apr 2000 10:31:32 GMT, in <[EMAIL PROTECTED]>,
in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>> >[...]
>> >I dunno what he is talking about the walsh transform (taken from "On
>> >linear cryptanalysis") will give you a negative when the function is
>> >affine, a positive when it's linear and close to zero if it's neither.
>>
>> Is that true? I don't think so. Let's see you deliver a few examples
>> where that is so.
>
>Look at the paper, there are negative entries in the WT table of SBOX 5.
Are you under the impression that there is only one paper in this
area?
What paper?
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
