Cryptography-Digest Digest #723, Volume #11 Sun, 7 May 00 09:13:01 EDT
Contents:
Re: SBOX using boolean logic (Tom St Denis)
Re: Why no civilian GPS anti-spoofing? / proposal (R J Carpenter)
Re: SBOX using boolean logic (Tim Tyler)
Re: SBOX using boolean logic (Tom St Denis)
Re: Is this random? (Tim Tyler)
Re: SBOX using boolean logic (Tom St Denis)
Virtual Unlimited announces secure B2B platform and open source crypto ("Arie
Draaijer")
Re: Is this random? (Tim Tyler)
Re: SBOX using boolean logic (Tim Tyler)
Re: Fresco transmits my name (was: Spammed after just visiting a site) ("Rev. James
Cort")
Re: SBOX using boolean logic (Tom St Denis)
Re: Some pencil and paper cyphers ("Mr. Tines")
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Garry Anderson")
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Date: Sun, 07 May 2000 11:14:36 GMT
It appears that my sboxes are not bijective. Now I have a question: Is
it even possible to make a bijective sbox using just boolean
expressions? I am pretty sure it is. If so, what conditions must I
meet (i.e number of variables, etc..).
I updated the source code [1] to include the inverse boolean operators
as well (just to spice things up).
[1] http://www.tomstdenis.com/func.c
Tom
------------------------------
From: R J Carpenter <[EMAIL PROTECTED]>
Crossposted-To: sci.geo.satellite-nav
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Sun, 07 May 2000 06:16:33 -0700
Reply-To: [EMAIL PROTECTED]
Mxsmanic wrote:
>
> "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> news:8f35o6$o7i$[EMAIL PROTECTED]...
>
> > I'd like to propose that civilian signals on
> > the new carriers have public-key digital signatures,
> > signed by the satellites.
>
> Just what part would you sign, exactly? Public-key encryption is not
> appropriate for every application.
>
> Since mission-critical navigation applications would supplement the
> satellite signals with a ground-based signal, spoofing of both would be
> no more likely than spoofing of VOR or ILS signals today, even without
> encryption. In fact, I don't remember terrorists ever spoofing any kind
> of navigation signal at all--have I missed something?
And wouldn't spoofing likely affect two planes the same way, and not
cause a collision?
IIRC, terrorists in Puerto Rico did destroy a VOR some years ago.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 11:23:17 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Is it even possible to make a bijective sbox using just boolean
: expressions? I am pretty sure it is.
Yes - consider what would happen if you only used XOR and NOT as your
operators. The result would be disgustingly linear - but it would hard
to /avoid/ getting a bijection.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ This tagline no verb.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Date: Sun, 07 May 2000 11:38:10 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : Is it even possible to make a bijective sbox using just boolean
> : expressions? I am pretty sure it is.
>
> Yes - consider what would happen if you only used XOR and NOT as your
> operators. The result would be disgustingly linear - but it would hard
> to /avoid/ getting a bijection.
So is it just a huge search to find a bijective function then? The way
I see it with 4 variables, 4 terms and 6 operators there are
e = 4 * 2 * 4! * 6^4
e = 192 * 1296
e = 248832
possible combinations of four functions. So I should expect to find a
non-linear bijective one in there somewhere?
1. Should I increase the number of terms to increase the chance of
finding one?
2. The number of times an input occurs in the equation should be equal
for all inputs right?
3. Has anyone done this before?
Tom
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Is this random?
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 11:33:18 GMT
[EMAIL PROTECTED] wrote:
: I'm also curious why the author felt that (int)count returns a random
: byte, yet the same integer value requires all that extra mashing
: before returning it as a random integer.
That's not extra mashing - that looks to me like an attempt to write the
next(int nbits) method in java.util.Random - but then giving up and
renaming the result getInt(int nbits).
Unfortunately this doesn't override what it should do - and clashes with
the base class's getInt(int upper_bound) method in JDK >= 1.2 :-(
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Date: Sun, 07 May 2000 11:40:34 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> : Is it even possible to make a bijective sbox using just boolean
> : expressions? I am pretty sure it is.
>
> Yes - consider what would happen if you only used XOR and NOT as your
> operators. The result would be disgustingly linear - but it would hard
> to /avoid/ getting a bijection.
I forgot to mention (arg) that I find the first two columns of outputs
are almost always equal?
Could it be a bug in my code or math?
Tom
------------------------------
From: "Arie Draaijer" <[EMAIL PROTECTED]>
Subject: Virtual Unlimited announces secure B2B platform and open source crypto
Date: Sun, 7 May 2000 13:46:02 +0200
Virtual Unlimited announces secure B2B platform and open source crypto
VELDHOVEN, THE NETHERLANDS (May 4)-Software start-up Virtual Unlimited today
announced free beta versions of Beeyond, a product for building and running
secure, database-backed B2B applications and creating secure private subnets
on the Internet. Encryption in Beeyond is provided by the BeeCrypt
encryption library, which is being released as an open source product under
the GNU LGPL license.
Beeyond provides secure, inexpensive VPN and business-to-business
transaction capability for the Internet. Its two main components are the
powerful BeeHive server and the free BeeCenter thin client. The BeeHive
contains a high-speed transaction management system which can handle
thousands of simultaneous users. The BeeCenter runs Beeyond applications and
documents with Java user interfaces, and includes built-in development and
server administration tools. Used with the BeeCenter's point-to-point mail
client, the BeeHive is also a free, secure personal electronic mail server.
An important part of the BeeHive's functionality is strong authentication
and encryption provided by the BeeCrypt open source encryption library,
which includes C and assembler implementations of Blowfish, SHA-1,
Diffie-Hellman, ElGamal, and other proven algorithms. The Java portion of
the BeeCrypt library used in the Beeyond BeeCenter will be released as a
future open source project.
When Beeyond version 1.0 goes on sale in mid-2000, the BeeCenter client and
a two user version of the BeeHive server will remain free. A BeeHive license
for up to 50 simultaneous users will cost $250/250 euro per year, and
include all online support and upgrades. The goal of these low prices is to
bring secure B2B and VPN capability to small and medium sized businesses,
and help reduce the cost of application development at large companies.
The free beta versions of Beeyond and BeeCrypt can be found on Virtual
Unlimited's website at http://www.virtualunlimited.com/download. The Beeyond
BeeCenter client runs on any system with Java 2. The Beeyond BeeHive server
currently runs on Linux and Solaris and can connect to any ODBC (2.0 or
higher) compliant database. Versions of the BeeHive for Windows and other
UNIX platforms are coming soon. More information about Beeyond can be found
at http://beeyond.virtualunlimited.com.
About Virtual Unlimited
Virtual Unlimited, based in Veldhoven, The Netherlands, has been developing
Beeyond for the past three years. Twenty-four year old company president
Xander van der Heijden came up with the idea for the product in 1996 while
still a student at the European University. A year later, he founded Virtual
Unlimited, which now has 25 employees. Virtual Unlimited is privately held
and funded by the Delta Informatica Groep, a Dutch IT consulting house. For
more information about Virtual Unlimited and its products, visit the company
website at http://www.virtualunlimited.com.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Is this random?
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 11:39:54 GMT
Will Dickson <[EMAIL PROTECTED]> wrote:
: Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
: On a cursory look, it's something like the "secure" random-number
: generator that used to be part of Java 1 (In Java 2 it's been
: replaced with some JCE gumph that Sun won't export, so stuff 'em).
java.security.SecureRandom is still part of the standard JDK - and
JCE has been cloned for those who want "exported" versions - see:
http://www.openjce.org/
http://www.cryptix.org/ - http://www.cryptix.org/products/jce/
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Reply-To: [EMAIL PROTECTED]
Date: Sun, 7 May 2000 12:02:01 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : Is it even possible to make a bijective sbox using just boolean
:> : expressions? I am pretty sure it is.
:>
:> Yes [...]
: So is it just a huge search to find a bijective function then?
There are various ways of constructing bijective functions, using
boolean logic gates. If you look at the work of those who've built
block cyphers in hardware, this might provide you with some ideas.
What to do depends on to what extent you're happy with s-boxes that
deviate in some systematic way from what you'd get from a random LUT -
i.e. how happy you are with non-random, "algebraic" s-boxes.
You can do the equivalent of table look-ups with gates if you want to.
I'm not certain of the most compact/fastest way of doing this - but
perhaps imagine a binary tree branching from the inputs leading to a
large number of leaves corresponding to the outputs.
You could use a Feistel-like construction - and then use several
rounds of whatever function you like plus some XORs. The approach I seem
to be most interested in would be to build lots of small non-linear
bijective functions out gates and (carefully) connect them together.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ This tagline no verb.
------------------------------
From: "Rev. James Cort" <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.acorn.misc
Subject: Re: Fresco transmits my name (was: Spammed after just visiting a site)
Date: Sun, 7 May 2000 13:07:15 +0100
In article <[EMAIL PROTECTED]>, Mark Wooding
<[EMAIL PROTECTED]> writes
>[sci.crypt added to newsgroups.]
>
>greg <[EMAIL PROTECTED]> wrote:
>> "Rev. James Cort" <[EMAIL PROTECTED]> wrote:
>>
>> > I know this is off topic, but... speaking of which, the US government
>> > changed its tune pretty quickly about that (128-bit SSL). Is it likely
>> > that they've got a system which can cerack it?
>>
>> I personally think that they can.
>
>Do you suspect this from a position of knowledge of cryptography, or are
>you just responding with an uneducated personal guess?
Heh. This was only meant to be a "quick question". I'm not an encryption
expert, nor do I pretend to be. About the level of my knowledge
regarding the RSA algorithm is "more unknown bits is good".
> * The symmetric session keys are too short. A space of 2^{128} bits
> can be searched in less than a week given the sort of computing
> power available to the US government.
IMHO, Most likely possibility. Intel admit to having some *much* faster
processors operating in their labs than anything generally available.
Why shouldn't the government have similar or greater levels of computing
power which *aren't* known about?
> * The symmetric algorithms used by SSL3 are weak. The US government
> is able to decrypt messages encrypted using all or most of 156-bit
> triple DES[1], CAST-128, 128-bit RC2, and 128-bit RC4 in less than
> a week.
I'm not really qualified to answer this one.
> * The US government can break RSA by factoring 1024-bit moduli in less
> than a week because
> -- they have enough computing power to make the generalized number
> field sieve work fast enough; or
See above re. chips in labs
> -- they have some clever new factoring algorithm which we don't
> know about.
I'm not sure knowledge like that could be kept secret for very long. In
which case, while possible, I doubt it.
> * The US government can break RSA because they can efficiently
> decrypt messages without without factoring the RSA modulus, using
> some method we don't know about.
I can't comment on this either.
> * The US government have found a way of attacking the SSL3 protocol
> itself, and have sufficient resources to mount an active attack
> against every SSL connection crossing US borders (or a large
> proportion of them, at any rate).
They don't need resources to attack every connection. They just need
sufficient resources to know which connections to attack.
> * The US government have persuaded all vendors of SSL3 software to
> insert a back door for them in their implementations, although
> nobody has noticed it. This includes the developers of OpenSSL,
> who are based outside the United States and whose software is
> released in source form and widely reviewed by experienced security
> experts and cryptographers.
I think this can be safely dismissed out of hand. If it's open source
software, there's nothing stopping people from removing such a back door
if it *did* exist.
>[1] Which has frustrated the concerted efforts of civilian
> cryptographers worldwide for the best part of twenty years.
--
"Must have been someone he ate!"
- Flanders/Swann, "The Reluctant Cannibal"
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SBOX using boolean logic
Date: Sun, 07 May 2000 12:18:36 GMT
Tim Tyler wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Is it even possible to make a bijective sbox using just boolean
> :> : expressions? I am pretty sure it is.
> :>
> :> Yes [...]
>
> : So is it just a huge search to find a bijective function then?
>
> There are various ways of constructing bijective functions, using
> boolean logic gates. If you look at the work of those who've built
> block cyphers in hardware, this might provide you with some ideas.
Ok any speakers?
> What to do depends on to what extent you're happy with s-boxes that
> deviate in some systematic way from what you'd get from a random LUT -
> i.e. how happy you are with non-random, "algebraic" s-boxes.
They are hardly linear though.
> You can do the equivalent of table look-ups with gates if you want to.
> I'm not certain of the most compact/fastest way of doing this - but
> perhaps imagine a binary tree branching from the inputs leading to a
> large number of leaves corresponding to the outputs.
These are all serial experssions, but you could do n bits in parallel.
> You could use a Feistel-like construction - and then use several
> rounds of whatever function you like plus some XORs. The approach I seem
> to be most interested in would be to build lots of small non-linear
> bijective functions out gates and (carefully) connect them together.
Well that's sorta my goal, to have sboxes using only primitive boolean
logic so you can get large sboxes in a tight squeezz. Pratically I am
looking for 8x8 sboxes, these would be ideal for software since you can
just implement it as a lut.
So far no luck in finding a series of non-linear expressions that are
bijective.
Have you looked at the code, maybe there is a bug in it?
Tom
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: Some pencil and paper cyphers
Date: Sun, 7 May 2000 13:32:05 +0100
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]>
writes
>"Mr. Tines" wrote:
>> Base-26 ARCFOUR - where all the 0-255 iterations become 0-25, and mod26
>> replaces mod256. This would probably also benefit from a deck of cards -
>> use two suits to represent the current state of the key schedule; and
>> possibly the other two suits to help count the 26 iterations of mixing
>> the key in.
>>
>> Like the stream cipher generated by the Solitaire cipher, this keystream
>> would be added to encrypt and subtracted to decrypt rather than simple
>> XORed.
>
>I suspect doing ARCFOUR by hand would require a <lot> of manual dexterity.
>I had a vague feeling when reading Cryptonomicon that Solitaire
>was to some extent inspired by RC4, with adaptations for manual use.
>Other bases for ARCFOUR have been suggested. Michael Johnson suggested
>working with nibbles (base 16), which I found experimentally to require
>no more than about 2^28 key checks to recover the state array. Base 26
>might make it more reasonable... but have you tried doing this by hand?
Yes. It's not fast - about 1 character per minute, taking care and
double checking each move, but could be speeded up by practise.
What I did was to deal the cards out into a 5x5 array on the floor, with
one over, and use a couple of counters to give the values of the
auxiliary variables i and j (I used my wedding and signet rings as they
were, uh, to hand; but two different coins would do) by their position
on the grid.
Doing this at a table would probably have made the act of manipulation
easier, and speeded execution. Another impediment was that, lacking any
conventional decks easily to hand, I was using a tarot deck (Major
Arcana 0-21 plus Page/Knight/Queen/King of one suit) for the working
which meant that I was also having to convert Roman numerals.
I wouldn't try to run this cipher with the cards kept in a stack
Using the mapping A=0...Z=25 and I believe the key BSDGPVS yields an
initial key schedule of
JVIHL
RCPDZ
BMKQF
YXUTA
GSWOEN
(the key is ARCFOUR, Caesared by 1 as I didn't get my encoding
consistent); and plaintext TIMED yields JGKTS. This encryption took
about 5 minutes to do after the key schedule set-up.
>> Iterated Playfair with diffusion.
[snip]
>This was used by Robert Thouless in a cipher he did in the 1940s to help
>establish that there was life after death. His spirit communed with my
>laptop Toshiba some years ago -- the paper is "Cryptograms from the Crypt",
>J. J. Gillogly and L. Harnisch, Cryptologia, Oct. 1996.
>
>Some manual ciphers that diffuse to some extent are Bifid, Trifid,
>Seriated Playfair, and the "Double Playfair" used by the Germans in
>WW2.
Thanks for the references. Previously I'd only seen diffusion in a
rather cumbersome reduced alphabet cipher, and with commentary noting
quite how unusual this feature was. So, the idea may not be original,
but at least it seems to have been somewhat sound.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Garry Anderson" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Sun, 7 May 2000 13:25:40 +0100
Neon Bunny <[EMAIL PROTECTED]> wrote in message
news:0_bR4.165$[EMAIL PROTECTED]...
Hello Neon,
> Rumours are that echelon has the ability to recognise "natural language"
> and so you need to write a realistic paragraph about us all killing Tony
> Blair with the bombs that I've constructed in my shed with plans off the
> internet to create a response. And if they have their heads screwed on
> then they'll automatically delete any messages with the word "echelon" in
> since it's probably about what we're talking about and not some secret
> murder plot.
I believe "natural language" recognition is true. I remember reading
following information:
A software program identified individual by his writings from 5 people who
wrote in a similar style and manner. The technology has been available for
some time.
It is good enough to recognize a person from several others. I have read
quiet extensively on subject and will do my best to find this again. Will
post here soon as found.
Read how free speech on the Internet is being stiffled on www.WIPO.org.uk.
It has no connection with, and wishes to be totally disassociated from, the
World Intellectual Property Organization (WIPO.org).
Think twice about Elective Surgery, see my hospital ops on www.SKILFUL.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
