Cryptography-Digest Digest #678, Volume #11 Mon, 1 May 00 14:13:01 EDT
Contents:
Re: The Illusion of Security ("Douglas A. Gwyn")
Re: The Illusion of Security ("Douglas A. Gwyn")
Re: Autocorrelations ("Marty")
Re: How would a 15 year old start? ("Trevor L. Jackson, III")
Re: new Echelon article ("Douglas A. Gwyn")
Re: new Echelon article ("Douglas A. Gwyn")
Re: New and want to learn ("Douglas A. Gwyn")
Re: As long as we are asking naive questions... ("Douglas A. Gwyn")
Re: Intel drops serial number ("Douglas A. Gwyn")
Re: Joystick as RNG (Tim Tyler)
Re: What is the strongest encryption rate so far possible/achived? (Paul Koning)
Re: Interleaving for block encryption (Paul Koning)
Re: Joystick as RNG (Tom St Denis)
Re: mod function? (David A. Wagner)
Re: Janet and John learn about bits (was Re: Problems with OAP-L3) ("Douglas A.
Gwyn")
Re: Karatsuba threshold ("Douglas A. Gwyn")
Re: How would a 15 year old start? ("Douglas A. Gwyn")
Re: mod function? (Dave Ashley)
Re: 40 Cryptography books reviewed ("Douglas A. Gwyn")
Re: Joystick as RNG (Ichinin)
Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (wtshaw)
Re: mod function? (Anton Stiglic)
Re: mod function? (Richard Parker)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Mon, 1 May 2000 14:24:25 GMT
Diet NSA wrote:
> BTW, here's some advice for you or anyone else using discussion
> groups: If you are flamed it may be best not to counter too
> aggressively using your real identity. We don't want to
> inadvertently encourage someone who might have criminal
> intentions and/or be disturbed to act out- ...
While that sounds paranoid, actually it isn't -- I did receive
a death threat from one of the flamers in e-mail..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Mon, 1 May 2000 14:34:05 GMT
Diet NSA wrote:
> In article <j824e8.1lf.ln@twirl>,
> [EMAIL PROTECTED] (Geoff Lane)
> wrote:
> >Err..., can a non-linear function be composed of a finite
> number of linear
> >functions? Fourier analysis would imply not.
For cryptosystem construction, it is probably the basic
*binary* operators that should be considered "linear" or
not (for this thread), not *unary* functions, which is
the more usual meaning. Without careful clarification
of what is meant by "linear" and "composition", time will
be wasted in arguing at cross-purposes.
> Fourier methods won't apply to nonlinear
> problems because there cannot be any
> superposition of solutions. The
> requirement for superposition also means
> that fourier methods won't apply to linear
> systems either, *if* these sytems are not
> homogonous. Right now, I can't think of an
> (exact) answer to your question but I
> wish I knew the answer.
Fourier analysis certainly *can* be employed
productively against (some) nonlinear systems.
For example, nonlinear systems can be periodic
or quasi-periodic, and Fourier methods can
determine the period.
------------------------------
Reply-To: "Marty" <[EMAIL PROTECTED]>
From: "Marty" <[EMAIL PROTECTED]>
Subject: Re: Autocorrelations
Date: Mon, 1 May 2000 08:29:44 -0700
A simple way to think about it is to note that any correlating process
that produces a different distribution than a random sequence produces
information about that sequence.
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Marty wrote:
>
> > "Perfect" autocorrelation is a property of primitive Galois
polynomials
> > which are notoriously poor for encryption as OTP's.
> >
> > Good crypto will produce the same auto and cross correlations as
random
> > number sources. This might be described as necessary but
insufficient.
>
> But it might under circumstances be beneficial to obtain sequences
that
> have
> somewhat reduced autocorrelations. I conjecture that in most cases the
> autocorrelations of X_t + Y_t will be better than those of X_t and
Y_t.
> However, that's pure intuition. I have nothing to substantiate that.
>
> M. K. Shen
>
------------------------------
Date: Mon, 01 May 2000 11:57:01 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
>
> > It may be useful to reinspect your experience categorizing it with
> respect to
> > symmetric versus asymmetric crypto. Asymmetric crypto is based on
> relatively
> > esoteric mathematics (number theory). Symmetric crypto does not have
> the same
> > level of prerequisite background in theoretical mathematics.
>
> This is a gross (but seemingly widely held) misconception.
> You may believe you can learn about symmetric cryptography without
> the math, but you are fooling yourself. All you can be is a tinkerer.
> Your statement is totally wrong. You can not begin to understand modern
> cryptanalytic techniques of symmetric ciphers without a strong
> grounding in linear algebra, probability theory and combinatorics.
> (look at the math behind linear and differential cryptanalysis).
> Another example: try PROVING that RC6 is a Feistel Cipher without
> basic number theory.
It may be that from the perspective of a person as well studied as yourself
the mathematics of linear algebra, probability theory, and combinatorics
appears to be the same level of abstraction as ECDL (for example). But
consider the audience -- a talented 15-year-old. In high school he's going to
get linear algebra, probability, and combinatorics if he has not already
encountered them. In the not particularly advanced school system I attended,
these concepts were introduced in primary school, and given some rigor in
7-8th grade. Now just when does the average student encounter phi() or number
theory as a topic? Perhaps never.
Certainly a math student is going to encounter number theory at the
undergraduate level, but many undergrads, even in relatively hard sciences may
never encounter it.
YMMV.
P.S. They teach linear algebra, probability theory, and combinatorics in the
School of Education. QED. ;-)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: new Echelon article
Date: Mon, 1 May 2000 14:45:40 GMT
Diet NSA wrote:
> I am not sure what your post is implying,
> nor do I know what "greps" or "Godwin's
> Law" are.
"grep" is an extremely handy UNIX utility (created to perform
what was turning out to be a major use of the UNIX text editor)
that searches text files for lines containing a specified
"regular expression" (the simplest case of which is simply a
word to search for). Other systems these days often offer
something of the sort, usually without support for r.e.s.
To "grep" something is to search it for the occurrence of a
particular pattern (usually, word or phrase).
"Godwin's Law" could be found by grepping the Jargon file
at the link you were given:
Godwin's Law prov.
[Usenet] "As a Usenet discussion grows longer, the probability
of a comparison involving Nazis or Hitler approaches one."
There is a tradition in many groups that, once this occurs,
that thread is over, and whoever mentioned the Nazis has
automatically lost whatever argument was in progress. Godwin's
Law thus practically guarantees the existence of an upper bound
on thread length in those groups.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: new Echelon article
Date: Mon, 1 May 2000 14:50:44 GMT
[EMAIL PROTECTED] wrote:
> Then how could you post to alt.security.pgp Mr. Mole?
Dunno, maybe there was a local glitch in the newsgroup filtering.
Certainly, it is the announced policy (which I'm supposed to try
to conform to even if the automated filtering breaks down), and
usually if I forget to remove an alt.* newsgroup from the addressee
list, the posting is rejected and as a side-effect my Netscape
"Compose" window deactivates the "Send" button, which makes it a
nuisance to fix up and repost.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New and want to learn
Date: Mon, 1 May 2000 14:54:52 GMT
Tom St Denis wrote:
> Just post questions.
And read the sci.crypt FAQ, then look up some of the
references it gives.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: As long as we are asking naive questions...
Date: Mon, 1 May 2000 14:58:13 GMT
Guy Macon wrote:
> My extremely limited messing around with crypto has shown me that in
> some systems encrypting twice with the same algorithm and key turns
> the plaintext into itself. My first naive impression of multiple
> encryption with different algorithms and keys would make the attackers
> job much harder. But would it? Could it be that some common elements
> that I don't understand are undoing each other, making the result easier
> to crack rather than harder?
Sometimes it makes cracking easier, "usually" it makes it harder.
You are right to appreciate that one shouldn't just compose
cryptosystems without understanding the consequences.
------------------------------
Crossposted-To: talk.politics.crypto
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Intel drops serial number
Date: Mon, 1 May 2000 15:01:38 GMT
Vernon Schryver wrote:
> Describe the danger that the PIII ID would constitute if it were
> widely implemented.
The main danger is that Web sites etc. would become inaccessible
to people using processors other than the Pentium III (even Intel
pre-PIII models). Of course, Intel marketing would love that.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Reply-To: [EMAIL PROTECTED]
Date: Mon, 1 May 2000 15:49:32 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : Since almost everyone with a x86 PC has a joystick anyways, this may
:> : be usefull..
:>
:> : Has this ever been discussed before?
:>
:> Mine doesn't have a joystick. I expect many PCs in offices will not
:> either ;-)
: They should.
;-)
:> It seems to me that use of a joystick is /very/ much like use of a mouse -
:> though more people have a mouse - and they are more likely to be wiggling
:> it while operating programs requiring seeds to be generated.
: How do you do that? Xor the x/y position together and take the result
: mod 2? Will try that.
I haven't had much cause to interact with the code behind the mouse-jigglers.
However, I believe if you're actually trying to extract entropy from such
things, XOR is usually less-than-ideal.
The above constrction also throws away all the higher bits. The low bits
may have the most entropy - but there's no need to completely discard the
higher bits.
I think a more convential approach would be to maintain a hash pool with a
conventional one-way hash function. When new X,Y values arrive, hash them
with the current pool.
XOR has various unpleasant properties. For one thing if you are faced
with values A, B and C, the result is the same as if faced with C, A and
B. If this is at all likely (as it might well be from a mouse) then
entropy from the input has been unnecessarily wasted.
I expect even applications where high speed is essential could do much
better than XOR. However, getting entropy from mouse movement is often
done during key-generation - probably not a very CPU-intensive stage.
Use all the bits you can find, and feed them through something like a hash
function would probably be what I'd ideally do.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: What is the strongest encryption rate so far possible/achived?
Date: Mon, 01 May 2000 11:13:10 -0400
Monolo wrote:
>
> Just curious? Anyone know?
You mean "fastest"? Here's one data point:
DES at 1 Gb/s was reported in 1992 (DEC SRC research
report 90).
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Interleaving for block encryption
Date: Mon, 01 May 2000 11:17:21 -0400
Mok-Kong Shen wrote:
>
> In channel encoding there is a technique for dealing
> with burst bit errors named interleaving (or code
> splicing). Analogously applied to block encryption
> with a cipher of block size, say, 64 bits, this would
> mean first to accumulate 64 blocks of plaintext and
> then to take all first bits of the given blocks to
> form one block as input to the cipher, then take all
> second bits of the given blocks, and so on. This seems
> to be beneficial to strength, since in bruteforcing the
> opponent would need to tackle at least 64 blocks.
I must be missing something.
The blocksize is still 64 bits; you still need only
one cipherblock to do a (known plaintext) brute force
attack. Yes, those 64 bits come from 64 plaintext
blocks, one bit apiece, but so what?
Besides, you need to assume attacks where thousands
or millions of blocks of plaintext and ciphertext
are available, so increasing a requirement from
1 to 64 is not particularly interesting...
paul
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Joystick as RNG
Date: Mon, 01 May 2000 16:07:04 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Since almost everyone with a x86 PC has a joystick anyways, this may
> :> : be usefull..
> :>
> :> : Has this ever been discussed before?
> :>
> :> Mine doesn't have a joystick. I expect many PCs in offices will not
> :> either ;-)
>
> : They should.
>
> ;-)
>
> :> It seems to me that use of a joystick is /very/ much like use of a mouse -
> :> though more people have a mouse - and they are more likely to be wiggling
> :> it while operating programs requiring seeds to be generated.
>
> : How do you do that? Xor the x/y position together and take the result
> : mod 2? Will try that.
>
> I haven't had much cause to interact with the code behind the mouse-jigglers.
>
> However, I believe if you're actually trying to extract entropy from such
> things, XOR is usually less-than-ideal.
>
> The above constrction also throws away all the higher bits. The low bits
> may have the most entropy - but there's no need to completely discard the
> higher bits.
>
> I think a more convential approach would be to maintain a hash pool with a
> conventional one-way hash function. When new X,Y values arrive, hash them
> with the current pool.
>
> XOR has various unpleasant properties. For one thing if you are faced
> with values A, B and C, the result is the same as if faced with C, A and
> B. If this is at all likely (as it might well be from a mouse) then
> entropy from the input has been unnecessarily wasted.
>
> I expect even applications where high speed is essential could do much
> better than XOR. However, getting entropy from mouse movement is often
> done during key-generation - probably not a very CPU-intensive stage.
>
> Use all the bits you can find, and feed them through something like a hash
> function would probably be what I'd ideally do.
> --
> __________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
> |im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
I will try using a hash with the jrng, and a mrng (mouse-rng). I think
a hash could help the jrng a whole bunch...
Tom
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: mod function?
Date: 1 May 2000 08:43:49 -0700
In article <8ek33d$4b5$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> On a computer, 'mod' can indeed be viewed as a function.
>
> Within the more general context of cryptography, 'mod' is most
> definitely NOT a function. It is an equivalence relation within a
> set.
Well, every equivalence relation ~ on a set S induces a natural map
S -> S/~, and the latter map is (I think) what most people mean when
they refer to 'mod n' as a function.
The distinction is important in some contexts, and we should of course
be careful not to use the same name for the two concepts when such a
practice could cause confusion; but in contexts where there is no risk
of confusion, is there any harm in it?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Mon, 1 May 2000 15:19:11 GMT
Tom St Denis wrote:
> You have yet to prove it's totally secure, just saying "it's
> unbreakable" isn't enough.
As near as I have been able to determine, his basic argument
is that there are so many possible combinations involved by
the time the final encryption step actually occurs that
nobody can feasibly reproduce exactly all the preceding
steps without being privy to the key, or mixfiles, or
whatever. (This system seems intended for protecting
storage on a single host, not for communicating securely
with another host.)
Of course, similar arguments have been given throughout
history, and they weren't valid then either. A cryptanalyst
doesn't *have* to reproduce all the steps of the encryption;
cryptanalysis is largely about finding short cuts.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Karatsuba threshold
Date: Mon, 1 May 2000 15:05:18 GMT
Michael Scott wrote:
> For (an extreme) example GF(2) "multiplication" (carry-free multiplication -
> in GF(2) add and subtract are both XOR) is not supported by any instruction
> set I know of. Therefore it must be implemented by a shift-and-xor program.
? GF(2) multiplication is simply the AND operator. Almost all
instruction sets have an operator that will AND all bits in a
word in parallel.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How would a 15 year old start?
Date: Mon, 1 May 2000 15:28:10 GMT
Andy Dingley wrote:
> ... as "career advice to the dedicated cryptologist" would you
> recommend comp sci ?
Mathematics (finite fields especially) is more important,
but a basic knowledge of CompSci principles is helpful.
The best development of cryptologic systems involves both
theory (math) and implemention (programming), which can
be accomplished by teams in order to obtain the necessary
expertise in multiple areas.
------------------------------
From: Dave Ashley <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Mon, 01 May 2000 17:00:00 GMT
FOUL! FOUL! FOUL! FOUL!
Don't even go there.
Any function where the derivative changes sign can be viewed as an
equivalence relation of some sort. This includes MOD, sine, cosine,
etc.
This is like the particle and wave arugment.
FOUL! FOUL! FOUL! FOUL!
Stop now!
Dave
In article <8ek33d$4b5$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Richard Parker <[EMAIL PROTECTED]> wrote:
> > Steve Maughan <[EMAIL PROTECTED]> wrote:
> > > Basically, I've started reading Bruce Schneiders' Applied
> Cryptography
> > > and I've been coming across a function which seems to be used a
lot
> > > called "mod". Can anyone explain to me what this function does?
> >
> > The book you are reading, "Applied Cryptography," describes the mod
> function
> > and modular arithmetic on pages 242-243.
>
> I sure hope not.
>
> On a computer, 'mod' can indeed be viewed as a function.
>
> Within the more general context of cryptography, 'mod' is most
> definitely NOT a function. It is an equivalence relation within a
> set.
>
> A set S = {x1, x2, x3, ......} is said to be an equivalence
> relation mod n, for n, x_i \in Z if (x_i - x_j) is divisible by n
> for all x_i \in S.
>
> In other words, x_i = x_j mod n for all i,j if (x_i - x_j) is
> divisible by n. x_i and x_j are said to be congruent mod n.
>
> example. 3 = 10 = 17 = 24 = 31 = .... mod 7.
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him
think"
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
--
=================================================
Dave Ashley, [EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 40 Cryptography books reviewed
Date: Mon, 1 May 2000 16:01:36 GMT
"John A. Malley" wrote:
> I'm focusing on "self-taught" cryptanalysis. I bought the Military
> Cryptanalysis set (Parts 1 - 4) and I'm working my way through them.
A good choice for developing general skill in cryptanalysis and an
appreciation for certain methods that can be applied even to modern
cryptosystems (which of course are not addressed in MilCryp). At
this level, cryptanalysis is grand puzzle solving, with high enough
potential success rate to be intellectually and emotionally rewarding.
An extra dimension can be added by the use of personal computers, as
Jim Gillogly has done, but more is learned if one doesn't just brute-
force a problem. There are also some declassified US military courses
in cryptanalysis available, from APP, on line, and in the US National
Archives.
> I recall Douglas Gwyn posted a message on the merits of the Military
> Cryptanalytics series.
Much of Military Cryptanalytics (Callimahos & Friedman) is an updated
and extended version of Military Cryptanalysis (Friedman only).
(MilCryp Part III contains all new material, basically reprinted from
the NSA Technical Journal, but it's not available to the public.) If
one were to buy just one set, therefore, I'd recommend the Callimahos
series. Start with Part I, Vol. I & II, if you can't afford to buy
the whole set at once, and when you have mastered that buy Part II
(both volumes).
As a "final exam", try working independently on the Zendian problem
given in Military Cryptanalytics Part II Vol. II. It is also available
(from APP) in "Traffic Analysis" (Callimahos), with larger print and
a few hints to get started. To save typing in the messages and headers,
you can pick up an archive of them from several on-line sources (search
the Web for "Zendian"). ** WARNING ** There is a German Web site that
contains solutions for the Zendian problem; if you want to get the most
benefit from the exercise, you MUST NOT LOOK at that site until you
absolutely cannot make further progress. You should be able to solve
about half of the total Zendian traffic and reconstruct the radio net
for the entire First Army almost perfectly without cheating, although
you'll learn that persistence is one of the essential attributes of a
good cryptanalyst.
I'm still planning to set up an "official" Zendian Web site, but not
for a while yet. If you get stuck at some point, feel free to post
what you've tried (and of course the system you're tackling), or send
me e-mail for a hint.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Joystick as RNG
Date: Sun, 30 Apr 2000 21:39:15 +0200
Try this:
Connect a socket to some site. Then take the
Connection-time Mod 2.
Even in a Lan you can get random occurrances
i have only observed this, not tested it.
Just an idea.
Glenn
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Mon, 01 May 2000 11:08:53 -0600
In article <[EMAIL PROTECTED]>, David Blackman
<[EMAIL PROTECTED]> wrote:
> I'd trust the stuff i wrote a lot more than i'd trust yours. But not far
> enough to use it for anything that matters. If i really wanted
> industrial strength stuff i'd probably use the open-ssl libraries which
> are free, heavily tested and scrutinised, and actually in use by a lot
> of companies for real work.
To each person who actualy writes some form of original crypto, it sets
you apart from copycats. As to the strength of such, it varies from one
end of the scale of security to the other. Those that cry for order in
the field usually want to exclude something or other that they don't
like. Well, prunes to that.
Those that build around someone elses library are usually still mere
hangers on. This may be a good way for some to start, but it is no
finish unless you actually use such functions in a way that does not allow
someone else to circumvent you assumptions of security. Know what code
you copy; better yet, derive it into internal functions.
Doing good crypto badly is not much different than from missing the point
of security entirely. If you are just playing with code to learn, know
that you cannot promise to build something great without a proper
foundation.
--
Laughter is often the most pleasing result of successful analysis.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Mon, 01 May 2000 13:56:39 -0400
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> Richard Parker <[EMAIL PROTECTED]> wrote:
> > Steve Maughan <[EMAIL PROTECTED]> wrote:
> > > Basically, I've started reading Bruce Schneiders' Applied
> Cryptography
> > > and I've been coming across a function which seems to be used a lot
> > > called "mod". Can anyone explain to me what this function does?
> >
> > The book you are reading, "Applied Cryptography," describes the mod
> function
> > and modular arithmetic on pages 242-243.
>
> I sure hope not.
>
> On a computer, 'mod' can indeed be viewed as a function.
>
> Within the more general context of cryptography, 'mod' is most
> definitely NOT a function. It is an equivalence relation within a
> set.
yes, and an equivalence relation is usually defined by an operator
R on a set S, satisfying the following criterias:
1. Reflexive: aRa for all a in S
2. Symmetric: aRb => bRa for all a, b in S
3. Transitive: aRb and bRc => aRc.
The mode operator respects these criterias. In this case, the mod p
operator would be a function SxS -> {true, false} defined in the
obvious way.
But you can also view mod as a function of SxS -> S, such as in
the definition of a Group. A group is defined by a 3-tuple (S, *, e)
satisfying certain properties, where
- G is a set,
- * is a binary operator that returns an element of G (you can
definitely call it a function here)
- and e the identity element.
Multiplicative groups like Z*_p = ({1, .., p-1}, * mod p, 1) with p
prime of Z*_n = ({1, ..., n-1}, * mod n, 1), where n is the product
of two primes (a group Bob certainly knows about) are definitely
common in crypto so I don't see a problem in calling the mod
operator a function.
Anton
------------------------------
Subject: Re: mod function?
From: Richard Parker <[EMAIL PROTECTED]>
Date: Mon, 01 May 2000 18:01:28 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote:
> Richard Parker <[EMAIL PROTECTED]> wrote:
>> Steve Maughan <[EMAIL PROTECTED]> wrote:
>>> Basically, I've started reading Bruce Schneiders' Applied Cryptography
>>> and I've been coming across a function which seems to be used a lot
>>> called "mod". Can anyone explain to me what this function does?
>>
>> The book you are reading, "Applied Cryptography," describes the mod
>> function and modular arithmetic on pages 242-243.
>
> I sure hope not.
>
> On a computer, 'mod' can indeed be viewed as a function.
>
> Within the more general context of cryptography, 'mod' is most
> definitely NOT a function. It is an equivalence relation within a
> set.
Not to worry, the pages in question demonstrate 'mod' as an equivalence
relation and distinguishes it from 'mod n' modular reduction and the modulo
operator that appears in some programming languages. I just didn't want to
cause the original poster additional confusion by modifying his language.
-Richard
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
