Cryptography-Digest Digest #685, Volume #11 Tue, 2 May 00 08:13:01 EDT
Contents:
Re: A naive question (Mok-Kong Shen)
Re: Interleaving for block encryption (Mok-Kong Shen)
Re: Another naive question (Mok-Kong Shen)
Re: A naive question (Mok-Kong Shen)
Re: mod function? (Mok-Kong Shen)
Re: Autocorrelations ("Marty")
Re: Autocorrelations (Mok-Kong Shen)
Re: Any good attorneys? (Mok-Kong Shen)
German currency checksum question ? ("Ed C")
Re: Problems with CryptoBag (Tom St Denis)
Re: Problems with CryptoBag (Tom St Denis)
Re: Problems with CryptoBag (Gisle Sælensminde)
Re: Any good attorneys?
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
(George Edwards)
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don (Andy Dingley)
Re: sci.crypt think will be AES? (Runu Knips)
Re: The Illusion of Security (Tom St Denis)
Re: mod function? ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Tue, 02 May 2000 08:53:17 +0200
Joseph Ashwood wrote:
> The basic concept is that if you are only protecting n bits
> of data, it will take an attacker at most 2^n attempts to
> discover what was encrypted, call it inverse brute force if
> you'd like. Given this, there is a very hard limit of
> security at 56-bits, for a 56-bit encryption scheme (either
> key or block). In reality unbreakable, simply should be read
> as unbreakable without using brute force (I'm skipping some
> other qualifications).
I am afraid that I haven't yet quite understood what you wrote. To
repeat my points: If one uses n bits OTP to encrypt, is that breakable
or unbreakable? Now use a perfect (brute force only) block cipher
of n bit key and block size to encrypt, is that breakable or
unbreakable?
Many thanks in advance.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Interleaving for block encryption
Date: Tue, 02 May 2000 08:53:10 +0200
Joseph Ashwood wrote:
> I suppose if you were to add the extra stipulation that
> there be no realizable guessing technique where given x bits
> of plaintext, one could not guess the 64-x remaining bits of
> plaintext, there is a possibility for a an increase
> security. However if there is a technique of guessing the
> remaining bits from having only a few of the bits of each
> block, there is obviously llittle to be gaines this way, and
> it would probably be more secure to simply encrypt the
> blocks as they stand in groups of 64.
>
I suppose different assumptions have different probabilities of
being true. If a probability is so small as to be well below certain
threshold for a particular application, then it could just as well
be equated to zero for all practical purposes. I like to mention
at this opportunity that e.g. sometimes it has been highly
overemphasized that a cipher is broken because there is a method
applicable with tens of millions or more of pairs of plain- and
ciphertext blocks encrypted with the same key.That amount of
material simply cannot exist in any real environment needing
protection unless its manager is a complete fool, in which case
even a perfect cipher would be useless.The variable key approach
I mentioned was proposed by me sometime ago as a counter-measure
against sophisticated techniques such as differential analysis that
needs
lots of materials to work with.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Another naive question
Date: Tue, 02 May 2000 08:53:36 +0200
James Felling schrieb:
> Joseph Ashwood wrote:
>
> > In general I'm inclined to say that the difficulty will be
> > the same, but if E is chosen properly, the difficulty should
> > increase. Honestly this is in terms of analysis difficulty
> > this is equivalent to multiple encryption, which is a
> > double-edged sword.
> > Joe
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > >
> > > Suppose one has a block cipher and two plaintexts of equal
> > length
> > > with
> > >
> > > C1 = E(P1)
> > >
> > > C2 = E(P2)
> > >
> > > Let
> > >
> > > C3 = C1 xor P2
> > >
> > > Assuming that the opponent has no knowledge of P1, is C3
> > easier
> > > or more difficult to analyze than C2 in general? Thanks.
> > >
> > > M. K. Shen
> > >
>
> This all depends upon E, and to some degree your P1. What you are
> doing in this case is using the block cypher as a form of stream
> cypher. If it generates good nearly random output C3 may be more
> difficult to analize than C2, it may not be ( it all depends upon how E
> breaks down -- if it is a better RNG , then C3, if it is a better block
> cypher C2.
If E doesn't generate good nearly random output, then I am afraid that
it stands a good chance of being broken as a block cipher as such,
As I mentioned, the scheme could be generalized through using more
resources by xoring the ciphertexts of several different P1's. That
should give rise to ample improvement in respect of randomness,
unless E is really very poor, I suppose.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Tue, 02 May 2000 08:53:29 +0200
Bryan Olson wrote:
>
> > > That's largely what Shannon's "Communication Theory
> > > of Secrecy Systems" is about. It distinguishes
> > > information theoretic security versus practical
> > > computational security, and under theoretical security
> > > it shows graphs of monotonically decreasing equivocation.
> > >
> >
> > Would you like to comment on my post of 28 Apr 2000 17:47:07 +0200
> > concerning a point that appears odd and is puzzling for me? Thanks.
>
> My comment is that Shannon resolved the puzzling issue
> half a century ago with the distinction between theoretic
> and computational security.
>
But you don't sketch any concrete points relating to my issue such
that one can understand what you mean. In the present issue
one compares the case of OTP and the case of a block cipher.
Now you said distinction.Which one of the two is connected to
theoretical security and which one is connected to computational
security? And why is that so? Many thanks in advance.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Tue, 02 May 2000 08:53:44 +0200
Mike Kent wrote:
> Mok-Kong Shen wrote:
> >
> > [EMAIL PROTECTED] wrote:
> > ...
> > > In the first case, we're talking about a function with two arguments
> > > that returns a result of the same type as the operands.
> > >
> > > In the second case we're talking about a function with three arguments
> > > that returns a boolean result.
> >
> > Thanks for the clarification. I am afraid that the three arument mod
> > function is at least largely unknown (not previously used) in mathematics
> > and other branches of natural sciences.
>
> The function described is the characteristic function of
> the relation, a standard construct in mathematics dating
> back to the early days of the explicit development of set
> theory ... at least 85 years.
I suppose that there are certain common convention of
designating characteristic functions. One can't simply
use a name that is popularly employed otherwise,
silently add an argument and demands that the reader
should understand it to be a characteristic function.
M. K. Shen
------------------------------
Reply-To: "Marty" <[EMAIL PROTECTED]>
From: "Marty" <[EMAIL PROTECTED]>
Subject: Re: Autocorrelations
Date: Mon, 1 May 2000 23:27:45 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Marty wrote:
>
> > A simple way to think about it is to note that any correlating
process
> > that produces a different distribution than a random sequence
produces
> > information about that sequence.
>
> Sorry for my poor comprehension capability. I can't yet get from
> what you wrote an idea of how to (qualitatively or quantitatively)
assess
> the autocorrelations of X_t and Y_t from the properties of its
components.
> Would you please elaborate a little bit?
I don't understand your question. How does this relate to my statement?
>
> BTW, could you give a literature pointer to the 'perfect' (void of)
auto-
> correlation of primitive Galois polynomials that you mentioned in the
last
> post? I like to learn the proof. Thanks.
Sorry about the lack of literature ptrs. but I am an engineer, not
theoretician. However the property is well known. At least I've known
about it for a long enough time that I forgot when I learned it.
Another interesting one is that the DFT of a generated sequence from a
primitive 2^N field is a set of 2^(N-1)-1 equal spaced "tones" with
identical magnitudes. Same spectral content as a properly sized impulse
zero padded to a length of 2^N-1. There are probably people here that
can give you specific references. Try Terry Ritter.
>
> M. K. Shen
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Autocorrelations
Date: Tue, 02 May 2000 10:34:57 +0200
Marty wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Marty wrote:
> >
> > > A simple way to think about it is to note that any correlating
> process
> > > that produces a different distribution than a random sequence
> produces
> > > information about that sequence.
> >
> > Sorry for my poor comprehension capability. I can't yet get from
> > what you wrote an idea of how to (qualitatively or quantitatively)
> assess
> > the autocorrelations of X_t and Y_t from the properties of its
> components.
> > Would you please elaborate a little bit?
>
> I don't understand your question. How does this relate to my statement?
I suppose there must be some misunderstanding, either on your or on
my part. Your first follow-up was a response to my original post, wasn't
it? So I toke it for granted that your statement there must be related to
my question. In the quote above I hence simply repeated my original
question.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Tue, 02 May 2000 11:08:56 +0200
Tom St Denis wrote:
>
> Anyone want to help me out?
>
Not a help but an advice: Keep your fingers from anything
that has a patent. Forget these! You can always, if you
want, 'steal' some important ideas from such and do your
own design in such a way that nobody can claim patent
imfringements. Much much much better still, try to develop
your algorithms all the way with sufficiently novel ideas
(sufficiently, because there is nothing new under the sun)
of your own such that you are entirely independent of any
stuffs of those commercial guys. In that way you can, if
you succeed, materially contribute to the freedom of privacy
of (in majority finacially humble) people in that you render
good quality encrytion available to them without their (and
your) paying any cents to the money collectors of such
patent holders. Yor are only helping their marketing
departments in doing free advertisement for them, if you
waste your precious time and energy to implement the
patented algorithms and popularize these!!!
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Ed C" <[EMAIL PROTECTED]>
Subject: German currency checksum question ?
Date: Tue, 2 May 2000 05:48:32 -0400
I am trying to figure out the checksum used on German currency.
Please contact me if you know the algorithm or a way to determine it.
I have included 20 consecutive sample serial numbers below.
I have tried a number of algorithms I am aware of and have tried changing
the multiplication factors, the base, and various offsets with no success.
Thanks,
Ed Cohen
[EMAIL PROTECTED]
GG1254672Z9
GG1254673Z8
GG1254674Z2
GG1254675Z5
GG1254676Z1
GG1254677Z4
GG1254678Z6
GG1254679Z0
GG1254680Z4
GG1254681Z6
GG1254682Z8
GG1254683Z7
GG1254684Z3
GG1254685Z9
GG1254686Z2
GG1254687Z0
GG1254688Z5
GG1254689Z1
GG1254690Z0
GG1254691Z5
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Problems with CryptoBag
Date: Tue, 02 May 2000 10:05:24 GMT
[EMAIL PROTECTED] wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > Well it appears RSA got ticked with me using RSA patented stuff in
> > Cryptobag and PB. So effective immediately I took it all off my
> > website, and am working on patching in ElGamal where RSA was.
>
> Doesn't the RSA patent expire soon? If so, is RSA going back in the
> day after? ;)
Nope I am just using ElGamal now. Maybe in the future I will add it
back, but I just want to avoid RSADSI for now.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Problems with CryptoBag
Date: Tue, 02 May 2000 10:07:23 GMT
Paul Rubin wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >Well it appears RSA got ticked with me using RSA patented stuff in
> >Cryptobag and PB. So effective immediately I took it all off my
> >website, and am working on patching in ElGamal where RSA was.
> >
> >The modifications will take about a week and in the mean time please
> >donot redistribute either.
> >
> >Sorry about the mess.
>
> The RSA public key system is unpatented in Canada, and the patent
> expires on September 20 of this year in the US, as I'm sure you're aware.
> If you remove RSA from your page for now, I hope you'll put it back
> when the patent expires. You might replace it with a notice giving
> the expiration date and that it will be restored after that. Reference:
> http://www.rsasecurity.com/rsalabs/faq/6-3-1.html
I want to avoid RSADSI all together. I will add Elgamal and next year
if there is a demand for RSA in CB I will add it back. A release of CB
should be available in a week or two...
> The situation with RC5 is separate and probably different. The US
> patent is much newer and won't expire for a long time, and RC5 might
> be also patented in Canada.
It's ok there are plenty of other free block ciphers.
> Please do post developments on this issue (such as new communications
> from RSA Security) to the newsgroup. There's a journalist's saying,
> that "sunshine is the best disinfectant".
Well it's pretty much done, I just have to remove "their" stuff from my
software.
Tom
------------------------------
From: [EMAIL PROTECTED] (Gisle Sælensminde)
Subject: Re: Problems with CryptoBag
Date: 2 May 2000 12:19:08 +0200
In article <[EMAIL PROTECTED]>, Tom St Denis wrote:
>Well it appears RSA got ticked with me using RSA patented stuff in
>Cryptobag and PB. So effective immediately I took it all off my
>website, and am working on patching in ElGamal where RSA was.
>
>The modifications will take about a week and in the mean time please
>donot redistribute either.
>
>Sorry about the mess.
As other pointed out, the RSA patent expires in September. AFAIK
it's not forbidden to implement and distribute patented stuff,
but illegal to use without licence from the patent holder.
The Visualization ToolKit (VTK) distributes patented algorithms
in a seperate directory, with a remark in several README files,
and you must explicitly add an option to the configure script
to get the patented packeges included in the VTK library.
This should be OK, since most of the world is outside USA.
I cannot see how this violates the RSA patent, and other
computer users will not violate it unless it's done deliberatly.
--
Gisle Sælensminde ( [EMAIL PROTECTED] )
ln -s /dev/null ~/.netscape/cookies
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Tue, 2 May 2000 06:32:59 -0400
There are several of the AES candidates for which the authors have
waived patent rights; RIJNDAEL, SAFER+ and SERPENT definitely; quite
possibly TWOFISH, (based on the history with BLOWFISH) so why use a patent
algorithm?
As far as writing your own code, patents in general cover a
means of doing something, not the details. So it would be the algorithm
itself that is patented, not the code.
=========
My home page URL=http://members.xoom.com/afn21533/ Robert G. Durnal
Hosting HIDE4PGP, HIDESEEK v5.0, TinyIdea, BLOWFISH, [EMAIL PROTECTED]
and tiny DOS versions of RC6, RIJNDAEL, SAFER+, and [EMAIL PROTECTED]
SERPENT. Working on key exchange at present.
------------------------------
From: George Edwards <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Tue, 2 May 2000 00:03:17 +0100
hopefully. but hey, mi5......
In article <[EMAIL PROTECTED]>, Paul C
<[EMAIL PROTECTED]> writes
>DENIM WEARER! PISSED OFF WITH YOU ALL!!!! COME and GET ME!
>
>..... and nobody ever heard from him ever again. :-)
--
George Edwards
------------------------------
From: Andy Dingley <[EMAIL PROTECTED]>
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don
Date: Tue, 02 May 2000 12:19:55 +0100
Anonymous <[EMAIL PROTECTED]> a écrit :
>Is it any wonder most of George Orwell's books are set in a country that bears
>a striking resemblance to Britian?
Instead of Paris, Catalonia or Burma ?
Maybe it's because Eric Blair was English !
------------------------------
Date: Tue, 02 May 2000 13:22:16 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Terry Ritter wrote:
> A patent is about novelty, and not your particular
> interpretation of what might be worthwhile.
Well, I don't know what patent you yourself are holding,
but...
Thats the braindead idea american people have about it.
In europe, a patent must not only be new, but also be
a true invention. Not something so simple that anybody
would solve it this way without much thinking.
Again, I don't know what patents you yourself are
holding, and this is not a comment to these patents
you're holding.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Tue, 02 May 2000 11:33:38 GMT
Mike Kent wrote:
>
> Diet NSA wrote:
>
> > This is a good point but I was hoping that someone might know of
> > a proof or disproof of whether, in the general case, a nonlinear
> > function can be composed of a finite number of linear functions.
>
> Can a nonlinear function (in this context) be composed from
> *two*
> linear functions? If not, that is if for your combining method
> "#",
> f#g is linear whenever f, g are linear, then f#(g#h) and (f#g)#h
> are
> linear for linear f,g,h and a straightforward induction
> establishes
> the linearity for any finite combination.
No because you simply get a linear function out.
For example:
F(x) = 2x + 1
G(x) = 7x - 5
F o G = F(7x - 5)
= 2(7x - 5) + 1
= 14x - 9
You have to create the function normally from a table.
However you can make non-linear functions from higher order equations
such as
F(x) = 45^x mod 257
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: mod function?
Date: Tue, 2 May 2000 13:47:49 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
writes:
>
>
> [EMAIL PROTECTED] wrote:
>
>>
>>
>> At the risk of oversimplifying, the debate is between:
>>
>> mod ( 8, 3 ) = 2 ( 8 has remainder 2 when divided by 3)
>> mod ( 4, 3 ) = 1 ( 4 has remainder 1 when divided by 3)
>>
>> and
>>
>> mod ( 8, 4, 3 ) = false ( 8 and 4 do not have the same remainder when
>> divided by 3 )
>> mod ( 8, 5, 3 ) = true ( 8 and 5 have the same remainder when divided
>> by 3 )
>>
>> In the first case, we're talking about a function with two arguments
>> that returns a result of the same type as the operands.
>>
>> In the second case we're talking about a function with three arguments
>> that returns a boolean result.
>
> Thanks for the clarification. I am afraid that the three arument mod
> function is at least largely unknown (not previously used) in mathematics
>...
On the contrary. The primary meaning of "modulus" in mathematics is
in the second sense. Though a mathematician would rarely be caught using
it as a function of three variables. A mathematician would be more
likely to use a notation like:
8 = 5 modulo 3
Where the "modulo 3" part is read as an alteration to the equality operator.
John Briggs [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
