Cryptography-Digest Digest #707, Volume #11 Thu, 4 May 00 22:13:01 EDT
Contents:
Re: Silly way of generating randm numbers? (stanislav shalunov)
Re: RC5 math (David Hopwood)
Re: How Extend RMI Security System to handle Delegation (David Hopwood)
Re: GPS encryption turned off (Paul Rubin)
Re: Fixed: Sboxgen tool (Tim Tyler)
Re: GPS encryption turned off (Roger Schlafly)
Re: KRYPTOS Something new ? (Tom Knight)
Re: Fixed: Sboxgen tool (Terry Ritter)
Re: The Illusion of Security (Tim Tyler)
Re: GPS encryption turned off (Paul Schlyter)
Re: The Illusion of Security (Tim Tyler)
Re: U-571 movie (OT) (William Rowden)
Re: Fixed: Sboxgen tool (Tom St Denis)
Re: GPS encryption turned off (Paul Rubin)
----------------------------------------------------------------------------
Crossposted-To: sci.math
Subject: Re: Silly way of generating randm numbers?
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Thu, 04 May 2000 22:17:07 GMT
Richard Heathfield <[EMAIL PROTECTED]> writes:
> As far as I'm aware, pi passes all mathematical tests for randomness.
Not Kolmogorov's algorithmic complexity test. (Kolmogorov complexity
of pi is O(1)).
--
stanislav shalunov | Speaking only for myself.
------------------------------
Date: Thu, 04 May 2000 02:42:06 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RC5 math
=====BEGIN PGP SIGNED MESSAGE=====
Richard Parker wrote:
>
> <[EMAIL PROTECTED]> wrote:
> > Is there a paper available that describes RC5 in mathematical terms
> > including analysis of its strength?
>
> The RC5 encryption algorithm was written by Ronald L. Rivest, who is one of
> the original founders of RSA <http://www.rsalabs.com/>. Information about
> his cipher designs can generally be founds on the RSA website. The first
> published paper in which Rivest described RC5 is available from RSA:
>
> R.L. Rivest, "The RC5 encryption algorithm, "Proceedings of the
> 2nd Workshop on Fast Software Encryption, Springer-Verlag, 1995,
> pp. 86-96.
> <ftp://ftp.rsasecurity.com/pub/rsalabs/rc5/rc5.ps>
A slightly revised 1997 version of this is at
http://theory.lcs.mit.edu/~rivest/rc5rev.ps; the changes are at
http://theory.lcs.mit.edu/~rivest/rc5rev.txt
RC5 is also described in an RFC:
Ron Rivest,
"The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms,"
RFC 2040, October 1996.
> A good overview of the analysis that has been done on RC5 has also been
> prepared by RSA:
>
> B.S. Kaliski Jr. and Y.L. Yin, "On the Security of the RC5
> Encryption Algorithm," RSA Laboratories Technical Report TR-602,
> 1998.
> <ftp://ftp.rsasecurity.com/pub/rsalabs/rc5/rc5-report.pdf>
>
> The best known attack on RC5 is differential cryptanalysis, and the best
> published differential cryptanalysis of RC5 is by Knudsen and Meier:
>
> L.R. Knudsen and W. Meier, "Improved differential attack on RC5,"
> Advances in Cryptology, Proceedings of Crypto'96, LNCS 1109,
> Springer-Verlag, 1996, pp. 216-228.
> <ftp://ftp.esat.kuleuven.ac.be/%2Fpub/COSIC/knudsen/rc5.ps.Z>
An earlier paper was:
B.S. Kaliski, Y.L. Yin,
"On Differential and Linear Cryptanalysis of the RC5 Encryption
Algorithm",
Advances in Cryptology - CRYPTO '95, pp. 171-184.
Springer-Verlag, 1995.
and some more recent ones are:
H. Heys,
"Linearly Weak Keys of RC5,"
IEE Electronics Letters, vol. 33, no. 10, pp. 836-838, 1997.
http://www.engr.mun.ca/~howard/PAPERS/rc5_letter.ps
A. Biryukov, E. Kushilevitz,
"Improved Cryptanalysis of RC5,"
Advances in Cryptology - EuroCrypt '98.
http://www.cs.technion.ac.il/~eyalk/alex.ps.Z
A. A. Selcuk,
"New results in linear cryptanalysis of RC5,"
Fast Software Encryption - Fifth International Workshop, Paris,
France, LNCS. Springer-Verlag, 1998.
H. Handschuh,
"A Timing Attack on RC5,"
Workshop on Selected Areas in Cryptography - SAC '98,
Queen's University, Kingston, Ontario, Aug. 1998.
To be published by Springer-Verlag.
http://www.enst.fr/~handschu/rc5.ps
H. Heys,
"A Timing Attack on RC5,"
Workshop on Selected Areas in Cryptography - SAC '98,
Queen's University, Kingston, Ontario, Aug. 1998.
To be published by Springer-Verlag.
http://www.engr.mun.ca/~howard/PAPERS/rc5_timing.ps
Takeshi Shimoyama, Kiyofumi Takeuchi, Juri Hayakawa,
"Correlation Attack to the Block Cipher RC5 and the Simplified
Variants of RC6,"
Presented at the 3rd AES Candidate Conference.
http://csrc.nist.gov/encryption/aes/round2/conf3/papers/36-tshimoyama.pdf
There are similar lists of references for a wide variety of other
algorithms, with links to on-line versions where available, at
http://www.users.zetnet.co.uk/hopwood/crypto/scan/
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORDVKzkCAxeYt5gVAQF1Vwf+KTsGZM2t8j7Y68a3cswthuZ0EIMY6rw2
BhiYh7PVlenhSHcoRj60LoC5Zqt5qHfFry8ofewet0UFTE5ZIaqsKAuGJZ5mYOJZ
LsKdbKgSHyZ0uUw+N00BZiP92XHDGKrkS6t/Sz3tcj86CDvLAfqy7/XeG27PVVLI
vWepB+2xKrGiIcgJvM0CmQnee0KcjRXcyxZgtCrdsc2/vmtSw9O5LTrN3Qvil7ek
UXrmqdeLJurbwQpBUf0neRLVg7Ap0cynQtkaOZjvePH+YT6Fc3mgnIEt7etZ1Fsb
x15qEYK94ue+tcsbHfG9CGjjN+0FLFxBeVRx2IFcPdd3kPhUVdqglQ==
=WJu8
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 04 May 2000 03:06:08 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: How Extend RMI Security System to handle Delegation
=====BEGIN PGP SIGNED MESSAGE=====
WTNJS wrote:
>
> I have a questions. Please answer if you have the answer/suggestions.
>
> Q:Extend RMI Security system to handle delegation, i.e. to provide the
> possibility to the client to authorize remote server to access another
> server on behalf of the client. Describe what security extensions are
> needed for the client, remote server, and the new remote server to handle
> delegation in a secure way.
Sounds like a "homework question" (perhaps in a CS degree course?),
but anyway, something similar to this has been designed as part of
the E-rights system (https://www.cypherpunks.to/erights/).
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBORDa0zkCAxeYt5gVAQHqfQf+KlG6qJuX9QKDn9ndRrl2mZCFOBP0FUAC
tA0csCP+PIz25sAucDMXySjuYxTLMXkqO4MIv1bOvL2HcoTf6TL0tMk1UHIMvGBV
3/kmcgo43JX8EHz/XZ2rZq+YFPSPvj7cpyXNrJJTvojx18gwd6gcgbQDLTbpUUxy
WSjnJmDJWetDHE4bCR0ydbfAiXT4/4Mrd4PDnQNktPj8UYZVsFUq6pElk1hbQNWm
mUS09j75ZToAbkQexbLcZClwjpSpJRgJJ/VBuJ/Njou+w261HY9O5fZ9f+sNluSu
jDL8zT3TOLsd084jRwY7uC1ObNIp1mH6XJoWJ1IBasFXtwZEt7hcFw==
=klUO
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: GPS encryption turned off
Date: 4 May 2000 22:56:03 GMT
Nogami <[EMAIL PROTECTED]> wrote:
>At any rate, I read a press release on one of the major news sites the
>other day saying that they would turn it back on for specific
>locations if the situation warranted. Since there are quite a few GPS
>satellites, I assume they could just re-scramble european coverage if
>they wanted to, or North America, etc.
That idea has come up on the GPS newsgroup but it appears impossible.
Anyway, it's not needed. The US military can now deny GPS positioning
to adversaries by locally jamming the C/A signal, while still being
able to use the (encrypted) P/Y signal with its own receivers. This
couldn't be done til recently, and is the new technical development
that made it possible to turn off SA. Consensus among the
knowledgeable GPS newsgroup posters (I'm not one) seems to be that SA
is over, done with, finished, no more, an ex-feature, gone forever.
It is history. In the event of hostilities, the Pentagon will not
slightly fuzz GPS all over the world (by restoring SA). Instead,
they'll disable it totally (by jamming), but only in the affected
areas. The technical means for that didn't exist before but do now.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Fixed: Sboxgen tool
Reply-To: [EMAIL PROTECTED]
Date: Thu, 4 May 2000 23:28:32 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
: Terry Ritter schrieb:
:> No, that is not right. The desired situation is to have *about* half
:> the bits change, not *at* *least* *half*.
: And I think its impossible to build any function where at least
: half of the bits changes between two possible inputs (except in
: trivial cases).
Two arbitrary possible inputs is not the case in hand.
Two inputs that differ by a single bit is what the SAC refers to.
The parity function is an example of the output bit *always* changing
(i.e. p = 1.0) when *any* input bit is toggled.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: GPS encryption turned off
Date: Thu, 04 May 2000 17:12:10 -0700
Paul Rubin wrote:
> It is history. In the event of hostilities, the Pentagon will not
> slightly fuzz GPS all over the world (by restoring SA). Instead,
> they'll disable it totally (by jamming), but only in the affected
> areas. The technical means for that didn't exist before but do now.
Rationale? ISTM that even in the even of hostilities there might be
commercial aircraft and others depending on GPS that the US might
not want to disrupt. Couldn't they just fuzz up GPS over one
continent if they wanted to? They have a couple of dozen satellites,
and just fuzzing up a couple of satellites should only introduces
inaccuracies for those using those satellites.
------------------------------
Subject: Re: KRYPTOS Something new ?
From: Tom Knight <[EMAIL PROTECTED]>
Date: 04 May 2000 20:12:36 -0400
Does anyone know the details (or text) of the Sanborn sculpture
outside of the Hirshorn museum at the Smithsonian? Is it a copy of
the CIA one? Half of its letters are roman, and the other half
cyrillic, with a top portion of each a matrix of alphabetic rotations,
and the bottom half a similar sized matrix of seemingly random text.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Fixed: Sboxgen tool
Date: Fri, 05 May 2000 00:17:55 GMT
On Thu, 04 May 2000 23:57:44 +0200, in
<[EMAIL PROTECTED]>, in sci.crypt Ichinin
<[EMAIL PROTECTED]> wrote:
>[...]
>Where can one find the original SAC specification? (PDF/PS)
>(Seems like it was published before '81 so it's not on "the" cd.)
One more time: From the Glossary at:
http://www.io.com/~ritter/GLOSSARY.HTM#StrictAvalancheCriterion
'Strict Avalanche Criterion (SAC)'
'As introduced in Webster and Tavares:
"If a cryptographic function is to satisfy the strict avalanche
criterion, then each output bit should change with a probability of
one half whenever a single input bit is complemented." [p.524]
'Webster, A. and S. Tavares. 1985. On the Design of S-Boxes.
Advances in Cryptology -- CRYPTO '85. 523-534.'
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Reply-To: [EMAIL PROTECTED]
Date: Thu, 4 May 2000 23:42:38 GMT
Jerry Coffin <[EMAIL PROTECTED]> wrote:
: The reality is that until relatively recently, factoring was
: studied almost entirely by more or less the "lunatic fringe"
: of mathematicians -- until RSA was invented, factoring was among
: the least useful occupations known to man, and only a very small
: number of people cared about it at all.
Enough to make one wonder where the "lunatic fringe" is at work today ;-)
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ This tagline no verb.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: GPS encryption turned off
Date: 5 May 2000 00:48:24 +0200
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
>Paul Schlyter wrote:
>>
>> In article <8eraha$5rq$[EMAIL PROTECTED]>,
>> Paul Rubin <[EMAIL PROTECTED]> wrote:
>> ...
>> > I don't think it's the same situation. Satellite TV's don't have to
>> > be rekeyed under battlefield conditions and they don't have to be
>> > simultaneously rekeyed all over the world.
>>
>> That's only because a TV satellite doesn't cover the whole world. It
>> usually doesn't even cover all of the visible hemisphere of the world.
>
>Neither does GPS; in fact, GPS satellites are in lower orbits
>(a few thousand miles if memory serves) than TV satellites (which
>are in the Clarke orbit).
The GPS satellites orbit in 12-hour orbits, which will put them
approx. 20,000 km above the Earth's surface. The Clarke orbit is
36,000 km above the Earth'ss surface.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Reply-To: [EMAIL PROTECTED]
Date: Fri, 5 May 2000 00:01:03 GMT
Diet NSA <[EMAIL PROTECTED]> wrote:
: "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
:>Without a proof of randomness, the proof of OTP is invalid, without the
:>proof of OTP the security there is no proof of security available.
:>If I am wrong, please give a reference.
: You might want to read D. Gwyn's reply in
: the "Claims/Science Daily" thread and
: also why physicists consider certain
: quantum phenomena to be "random",
: physically speaking.
Regardless of the randomness or otherwise of quantum phenomena, there's
still no sign of a proof that there exists a usable source of randomness
with provably secure properties for use as an OTP.
For one thing, you can't rule out the possibility that your equipment for
amplifying the signal from the quantum domain is not under your opponent's
influence in any way.
Also, as a physical device it will inevitably be influenced by its
immediate enviroment - which necessarily includes non-random signals,
such as cosmic ray particles.
A proof of security that would satisfy a hardened sceptic appears to
be inconceivable.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ UART what UEAT.
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: U-571 movie (OT)
Date: Fri, 05 May 2000 00:52:33 GMT
In article <[EMAIL PROTECTED]>,
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> Paul Matthews wrote:
> > Hello, I believe that one of failings of the original Enigma code books was
> > the codes were "too" random.
[snip one of several refutations in this thread]
> > bods are Bletchley Park quickly realised this and this substantially cut
> > down the permutations to find the day's settings.
[snip more contrary evidence]
IIRC, one of the characteristics of the Enigma that Bletchley Park
*did* exploit was that no letter would be enciphered as itself. This
reduced the number of locations a probable plaintext could appear in
the ciphertext.
According to the NOVA program "Decoding Nazi Secrets," when letters
(for transmitting the daily key, if memory servers) were chosen by the
operators, they were often not very random. The group "MAD" would be
matched with "RID", "BER" with "LIN", "HIT" with "LER", etc. (I'm not
making a comparison; Godwin's Law does not apply. :-])
Perhaps someone else knows more detail about these weaknesses.
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Fixed: Sboxgen tool
Date: Fri, 05 May 2000 00:29:35 GMT
Terry Ritter wrote:
>
> On Thu, 04 May 2000 23:57:44 +0200, in
> <[EMAIL PROTECTED]>, in sci.crypt Ichinin
> <[EMAIL PROTECTED]> wrote:
>
> >[...]
> >Where can one find the original SAC specification? (PDF/PS)
> >(Seems like it was published before '81 so it's not on "the" cd.)
>
> One more time: From the Glossary at:
>
> http://www.io.com/~ritter/GLOSSARY.HTM#StrictAvalancheCriterion
>
> 'Strict Avalanche Criterion (SAC)'
>
> 'As introduced in Webster and Tavares:
>
> "If a cryptographic function is to satisfy the strict avalanche
> criterion, then each output bit should change with a probability of
> one half whenever a single input bit is complemented." [p.524]
>
> 'Webster, A. and S. Tavares. 1985. On the Design of S-Boxes.
> Advances in Cryptology -- CRYPTO '85. 523-534.'
Which is what my program does now. I added a small margin of error (i.e
if the output size is n bits then the amount of bits that change can
differ by +- n/2 from expected.).
Tom
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: GPS encryption turned off
Date: 5 May 2000 02:01:08 GMT
In article <[EMAIL PROTECTED]>,
Roger Schlafly <[EMAIL PROTECTED]> wrote:
>Paul Rubin wrote:
>> It is history. In the event of hostilities, the Pentagon will not
>> slightly fuzz GPS all over the world (by restoring SA). Instead,
>> they'll disable it totally (by jamming), but only in the affected
>> areas. The technical means for that didn't exist before but do now.
>
>Rationale? ISTM that even in the even of hostilities there might be
>commercial aircraft and others depending on GPS that the US might
>not want to disrupt. Couldn't they just fuzz up GPS over one
>continent if they wanted to? They have a couple of dozen satellites,
>and just fuzzing up a couple of satellites should only introduces
>inaccuracies for those using those satellites.
The experts on sci.geo.satellite-nav keep saying this is impossible,
and that SA is all or nothing. I'm not an expert myself, so I can't
add much to that. I do know that the satellites are in 12-hour orbits
(about 10k miles altitude) and are visible from half the planet, and
only three of them need to be in view for a GPS fix, so fuzzing up
just a couple of them could still leave as many as 8 or 9 unfuzzed in
view from most places on the planet. Also, when SA was turned off a
few days ago, there was a minute-by-minute watch on the satellite-nav
newsgroup ("SA is now off in France!") and it took about 10 hours for
the SA shutdown to complete after it started. It kind of reminded me
of a DNS update.
Best general GPS info site I know of: http://joe.mehaffey.com.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
