Cryptography-Digest Digest #698, Volume #11 Wed, 3 May 00 17:13:01 EDT
Contents:
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on (John M
Collins)
Re: Janet and John learn about bits (was Re: Problems with OAP-L3) (James Felling)
Re: sci.crypt think will be AES? (Jerry Coffin)
Re: quantum crypto breakthru? ("Leo Sgouros")
Re: factor large composite ("Dann Corbit")
Re: RC6 as a Feistel Cipher (Anton Stiglic)
Re: Cascading Crypto Attack (Mok-Kong Shen)
Re: quantum crypto breakthru? (Anton Stiglic)
Re: Interleaving for block encryption (Mok-Kong Shen)
Re: factor large composite (Diet NSA)
Re: RC6 as a Feistel Cipher (John Myre)
Re: quantum crypto breakthru? (Diet NSA)
Re: factor large composite ("Dann Corbit")
----------------------------------------------------------------------------
Date: Wed, 03 May 2000 19:09:58 +0000
From: John M Collins <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on
JimD wrote:
> Here we go again! Nobody gives any consideration to the enormous
> task of monitoring all EMail.
>
> Agreed a dictionary computer will look for keywords, but first it
> has to have access to all the traffic...which will have to be
> stored somewhere for most of the time.
>
> The sifted information has, eventually, to be looked at by a
> (slightly) human. 0.5% of it would take all week to plough through.
Some people spice up their all their emails with juicy phrases to send such
sniffers into overdrive all the time.... The "Zippy the Pinhead" stuff in GNU
Emacs can do the trick.
--
John Collins ([EMAIL PROTECTED])
5 The Reeds, Welwyn Garden City, Herts, AL7 3BN
Tel/fax: 01707 883174 Work: 01707 886110
Personal Web Site: http://www.jmc.xisl.com
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Janet and John learn about bits (was Re: Problems with OAP-L3)
Date: Wed, 03 May 2000 14:16:48 -0500
Anthony Stephen Szopa wrote:
> James Felling wrote:
> >
> > Anthony Stephen Szopa wrote:
> >
> > > Tom St Denis wrote:
> > > >
> > > > Richard Heathfield wrote:
> > > > > unsigned char num[] = { 0x16, 0x30, 0x47, 0x91 }; /* binary coded
> > > > > decimal (almost!) - wastes 6 combinations per nybble */
> > > > >
> > > > > as opposed to
> > > > >
> > > > > unsigned char num[] - { 0xF8, 0xCA, 0x97 }; which is clearly more
> > > > > efficient, as it uses all the bits available to it.
> > > > >
> > > > > So perhaps we're in violent agreement?
> > > >
> > > > No since not all combinations of 3 byte values are possible you are
> > > > still wasting space. That was my point.
> > > >
> > > > >
> > > > > > > If we have two cryptography applications, one of which uses its memory
> > > > > > > efficiently, runs on my PII/400 at an acceptable speed, and offers me
> > > > > > > reliable security, and the other which doesn't use its memory
> > > > > > > efficiently, runs on my 400 MHz box at a speed which even its author
> > > > > > > says is far too slow, and is based on source code which has not been
> > > > > > > published and therefore has not had the chance to be validated by the
> > > > > > > cryptographic community - thus making its security untrustworthy - which
> > > > > > > application do you think anyone with a brain will buy?
> > > > > >
> > > > > > Or just use. Why do you have to buy good crypto programs?
> > > > >
> > > > > I agree entirely. Just roll your own...
> > > > >
> > > > > > If you have enough time on your hands you can even write your own.
> > > > >
> > > > > Ah, I don't have enough time on my hands. But I'm trying to write my own
> > > > > anyway <g>. Unfortunately, I'm too inexperienced in cryptanalysis to
> > > > > perform serious cryptanalytic attacks on my own code, let alone other
> > > > > people's. (I've cracked a couple of 'unbreakable' algorithms presented
> > > > > to me by other would-be cryptographers, but these were only 'kid-sister
> > > > > unbreakable', of course.)
> > > >
> > > > Well it's one thing to take already developed and analyzed algorithms
> > > > and stick it together, and it's another thing *entirely* to invent your
> > > > own ciphers at the same time. If you want a 5kb file crypto program
> > > > just take RC4 and a hash (say md2) and write a small program (I have
> > > > done it more then once.... :)).
> > > >
> > > > > >
> > > > > > Mr Szopa has some thinking todo about making his algorithm(s) not only
> > > > > > public but efficient.
> > > > > >
> > > > >
> > > > > Possibly, but that's not his main problem. He has some really serious
> > > > > thinking to do about his ability to deal with fellow professionals in a
> > > > > professional way. It seems that anyone who dares take issue with him is
> > > > > instantly killfiled - in a mysterious and magical process which allows
> > > > > Mr Szopa to read their posts anyway, presumably so that he can killfile
> > > > > them again, and again, and again.
> > > > >
> > > > > When he learns to talk to grown-ups as if they are grown-ups, I suspect
> > > > > he can look forward to some excellent help from the heavyweight computer
> > > > > scientists in this newsgroup (Doug Gwyn and so on) in making his
> > > > > algorithm efficient.
> > > >
> > > > Well the pros are really turned off from him, so at best he will have to
> > > > deal with the-less-than-amateurish people like You and I....
> > > >
> > > > Tom
> > > > --
> > > > Want your academic website listed on a free websearch engine? Then
> > > > please check out http://tomstdenis.n3.net/search.html, it's entirely
> > > > free
> > > > and there are no advertisements.
> > >
> > > You say writing encryption software is easy. You've done it? Just
> > > do this and just do that?
> > >
> > > Who wants just "adequate" or "okay" encryption software? We've got
> > > plenty of that already.
> > >
> > > The gold medal goes to creating unbreakable encryption... And
> > > creating it first.
> >
> > Anyone can create software that is as "unbreakable" as yours. In a few days with a
> > decent compiler. Your product wouldn't even take an honnorable mention.
> >
> > >
> > >
> > > I claim to have created unbreakable encryption software.
> >
> > Excellent choice of words -- true enough given enough effort, but in any usable
> > aplication........?
> >
> > > And I
> > > can provide anyone with the software to see for themselves. The
> > > Help Files describe OAP-L3, and the Theory and Processes Help Files
> > > prove my claim.
> >
> > They "prove" nothing of the sort. This is like saying that the existence of the
> > Princess Bride (which claims to be a 'good parts' version of annother novel) proves
> > that that other volume exists. All it does is provide some evidence possibly
> > supporting our claim, there is nothing there that is conclusive ( or even very
> > readable).
>
> Show us where the logic in the theory and processes is incorrect,
> then, please.\
I believe that the logic present is flawless, however, the flaw of accepting that brute
force is the best way to attack a cypher, and that all users will process the mix files
as agressively as is needed for security is assumed, and these flawed axioms compromise
the assertion that perfect security is produced by your cypher.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Wed, 3 May 2000 13:28:00 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> At about that time, a patents clerk famously resigned, saying
> "Everything has been invented".
I'm not sure he actually resigned, but the quote was NOT a patent
clerk, but the commissioner running the patent office. It's
interesting to note that this was _before_ Thomas Edison had ever
submitted a single patent application. I guess none of his
inventions was original or had any merit...
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Leo Sgouros" <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Wed, 03 May 2000 19:12:24 GMT
"Roger" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Leo Sgouros wrote:
> > One could picture a dynamically evolving system where the transmissions
> > modify as soon as they start sensing "states" that have a sign of
> > tampering.You could take the position that *any* modification is
essentially
> > a tap and hostile, and if you know the time frame at which certain data
was
> > "exposed to the air" you could conceivably "rerun" the data period and
find
> > where and when the tap was.
> > Theoretically, of course.
>
> So then every router and switch would have to able to detect
> tampering? And shut down the connection if tampering is
> detected? Any bad data at all would look like tampering.
> I just don't see any practical advantages to this.
I dont either.
You want to keep it going, you want the people doing the tampering to keep
on keepin on.Try and take a step back from what you know about networks
*now*, and think about a scenario where a network becomes sort of
sentient.Could you design a "photon" to take bits of its journey with it?One
could see it has lost certain parts, showing you where to look in the
system.
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Wed, 3 May 2000 13:17:07 -0700
"Diet NSA" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> In article <A0OP4.2298$PY3.2549@client>
> , "Dann Corbit" <[EMAIL PROTECTED]>
> wrote:
>
> >Wrong. I never said impossible.
>
>
> I didn't state that you said "impossible".
> If you remember correctly, you instead
> wrote "infeasible".
>
>
> RSA is not compromised by some wild-
> eyed notion that has yet to pan out into
> >something useful.
>
>
> I have never made any *specific* claims
> for the potential of QC. I was only
> pointing out that others were making
> categorical-type statements without
> (seemingly) first considering the
> potential.
If you glance back up at the thread title "factor large composite" you will
see that we are talking about that very subject. Will someone use QC to
factor a large composite? Maybe someday. But for now, it is completely
infeasible. If you want to talk about what is possible then I submit that
anything is possible including faster than light speed and factoring billion
digit Carmichael numbers. We just don't know how to do it yet. And
(indeed) it may take quite a while to find the answers if we ever do.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: RC6 as a Feistel Cipher
Date: Wed, 03 May 2000 16:24:39 -0400
Francois Grieu wrote:
> <cut>
>
> (..) try PROVING that RC6 is a Feistel Cipher (..)
>
> The RC6 round function goes like
>
> t = (B*(2*B+1)) <<< 5
> u = (D*(2*D+1)) <<< 5
> A = ((A ^ t) <<< u) + S[2*i]
> C = ((C ^ u) <<< t) + S[2*i+1]
> (A; B; C; D) = (B; C; D; A)
> <cut>
Hmmm,
If you look at it just that way, obviously half the message doesn't
get changed. In fact, after one round you end up having:
A' = B and C' = D (this is the part that doesn't change),
and
B' = ((C^{(D*(2*D+1)) << 5} << {(B*(2*B+1)) << 5}) + S[2*i + 1],
D' = ((A^{(B*(2*B+1)) << 5}) << {(D*(2*D+1)) << 5}) + S[2*i],
where A', B', C', D' is the message that goes into the next round.
You can rearrange the words so that the first half changes, just
by looking at it in the order A, C, B, D instead of A, B, C, D, if
you would like to.
Isn't this enough to say that it is a Feistel cipher?
Anton
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Cascading Crypto Attack
Date: Wed, 03 May 2000 22:36:26 +0200
Joseph Ashwood wrote:
> On a techincality you are right. Taking a more generic
> approach. As I have stated before in argument against
> increasing rounds blindly, and multiple encryption without
> analysis. If you take a function f with an output range of
> S, within size(S) applications of f on an input you will
> recieve the first output, or more importantly for
> cryptography (due to the assumed limitations on the
> functions) the plaintext will be revealed within size(S)
> tests.
I think that the big problem is that there could be a large number of
probable plaintexts. The real plaintext is one among these. But the
analyst has difficulty to know which one is the right one.
M. K. Shen
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Wed, 03 May 2000 16:28:28 -0400
"Douglas A. Gwyn" wrote:
> I wish reporters wouldn't "explain" things incorrectly.
>
> He's talking about the EPR paradox, and the key to understanding
> it is that Einstein's intuition against action at a distance was
> *right* -- information is *not* transmitted "instantaneously" nor
> faster than light. One doesn't even need quantum principles to
> exhibit a kind of EPR paradox: just take two synchronized, highly
> accurate clocks to distant locations, then look at the second hand
> on one of the clocks. Before making the observation, you had no
> knowledge of the state of the second hand on the remote clock,
> but when you make the observation, you know with certainty what
> the second hand reads on the remote clock at the same instant (as
> determined in the common inertial frame for both clocks). <cut>
I would add to the analogy that once one clock is looked at, both
clocks stop at that precise moment.
anton
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Interleaving for block encryption
Date: Wed, 03 May 2000 22:42:26 +0200
Paul Koning schrieb:
> Mok-Kong Shen wrote:
> > ... a cipher is broken because there is a method
> > applicable with tens of millions or more of pairs of plain- and
> > ciphertext blocks encrypted with the same key.That amount of
> > material simply cannot exist in any real environment needing
> > protection unless its manager is a complete fool, in which case
> > even a perfect cipher would be useless.
>
> Not so fast. You're making obsolete assumptions...
>
> For example, if you're using IPSec, you may very well
> be encrypting every byte leaving your site. If you
> have a T3 link, that's up to 44 Mb/s, or about 0.7 million
> 64-bit blocks per second.
>
> You probably can't afford to re-key every second (since
> rekeying is quite expensive) and even if you could, you
> might not want to... so indeed you would have a legitimate
> application where millions of blocks are keyed by the
> same key.
>
> And T3 is not exactly the highest performance link
> available right now, never mind a year or two from now.
> The need for ciphers to be secure against an attacker
> who has access to many millions of blocks is very real.
It is my humble opinion though that any message that really needs
security protection should have an encryption of its own and not rely
on encryption en masse.
M. K. Shen
------------------------------
Subject: Re: factor large composite
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 13:54:04 -0700
In article <bP%P4.1541$ZO4.1580@client>
, "Dann Corbit" <[EMAIL PROTECTED]>
wrote:
>infeasible. If you want to talk about what is possible then I
submit that
>anything is possible
Then, you would be wrong because there
are, for instance, certain mathematical
contexts in which specific operations,
etc. are not possible.
"640K of memory ought to be enough for anybody" - Bill Gates (1981)
=================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: RC6 as a Feistel Cipher
Date: Wed, 03 May 2000 14:58:41 -0600
Francois Grieu wrote:
>
> I'm trying to solve an exercise proposed by Bob Silverman in another
> thread:
>
> (..) try PROVING that RC6 is a Feistel Cipher (..)
With respect to (mathematical) proofs, how is "Fiestel Cipher"
defined? I've only seen informal explanations of the concept.
I can imagine formalizations that make the proof of RC6 trivial
or impossible.
John M.
------------------------------
Subject: Re: quantum crypto breakthru?
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 14:04:00 -0700
In article <
[EMAIL PROTECTED]>, Roger <
[EMAIL PROTECTED]> wrote:
here is a new NY Times
>article on quantum cryptography (no relation to quantum
computing).
Potentially, these 2 ideas could be
related in some cases- such as the
possibility of doing quantum computation
over continous variables (instead of
discrete systems, i.e., qubits). BTW, a
different article about this same subject
was recently discussed in the sci.crypt
thread "Re: Science Daily".
"640K of memory ought to be enough for anybody" - Bill Gates (1981)
=================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: factor large composite
Date: Wed, 3 May 2000 14:08:26 -0700
"Diet NSA" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> In article <bP%P4.1541$ZO4.1580@client>
> , "Dann Corbit" <[EMAIL PROTECTED]>
> wrote:
>
> >infeasible. If you want to talk about what is possible then I
> submit that
> >anything is possible
>
>
> Then, you would be wrong because there
> are, for instance, certain mathematical
> contexts in which specific operations,
> etc. are not possible.
Depend on the restrictions you allow. Division by zero is not allowed under
many contexts. Yet in others it is allowed. Even taking the square root
of -1 is not allowed in the context of the real numbers, but in the context
of imaginary numbers it is fine. If you provide an operation which is not
allowed, I can always define a new system where it is.
The thing about impossibility is that you always have a set of restrictions
imposed to make a thing impossible. So do it a different way.
At any rate, we are no longer topical to sci.crypt. Further, I'm not
particularly interested in taking this to email, since I think you just like
arguing for the sake of argument. Hence, I suggest that you just drop the
whole thing.
Up to you, of course.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
