Cryptography-Digest Digest #761, Volume #11 Fri, 12 May 00 18:13:01 EDT
Contents:
Re: Scary Possibility: Ticklish Chips (zapzing)
Re: the future of "mindspace"? ("Leo Sgouros")
Re: Algorithm using neural networks? (zapzing)
Re: An argument for multiple AES winners (Mok-Kong Shen)
Re: AES final comment deadline is May 15 (Mok-Kong Shen)
Help!? Accidental 'crypt' needs to be undone ([EMAIL PROTECTED])
Re: zeroknowledge.com and freedom.net - Snake oil? (Anton Stiglic)
Re: Newbie question about primes (Anton Stiglic)
Re: AES final comment deadline is May 15 (Doug Stell)
Re: AES final comment deadline is May 15 (Bryan Olson)
Re: AES final comment deadline is May 15 (Paul Koning)
Re: Cipher contest analysis [several] (James Felling)
----------------------------------------------------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Scary Possibility: Ticklish Chips
Date: Fri, 12 May 2000 17:36:29 GMT
Oh, just one more thing. Would you happen
to know where I could get a DES chip with
an open peer reviewed architecture and
no tamper-resistant packaging ?
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Leo Sgouros" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.politics.org.nsa
Subject: Re: the future of "mindspace"?
Date: Fri, 12 May 2000 17:58:31 GMT
Kirby:
"Kirby Urner" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Lots of different namespaces though. Schools of thought
> remain cryptic to one another, while clear to themselves
> internally. Takes time to decode -- not in an AI sense,
> but in learning to read an alien tongue (usually you
> recruit someone who has already learned it, if time is
> of the essence). It's a misapprehension to think that
> just because you got something in readable ascii, that
> you understand it. On the contrary, it's after you've
> cracked the AI stuff (PGP, RSA or whatever), that the
> real fun begins.
>
> What you say about lurkers sweeping for embedded intelli-
> gence is already the case of course, but doesn't require
> surrender of anonymity, on the part of the lurkers
> especially.
>
You dont see the future "architecture" as having a point where everything is
connected to everything?I see that as a distinct possibility.
> What's true is that the line between "public" and "private"
> person is changing, making it easier for the nameless and
> faceless to have a name and face overnight, if that's
> what they want. But we've always institutionalized the
> ability to abandon a mask, if you really blow it with
> one of your trial balloon identities/personas (kind of
> like in that movie 'Bedazzled', funny). A lot of folks
> are using the internet for that (self recasting) are
> would be loathe to give it up.
>
Here you seem to be talking about simple usenet persona's-what I am saying
is that usenet, in many peoples minds,are as priveledged as diplomatic
communications.Do you think everyone *truly* realizes that usenet is
harvested by TRACTOR XXXXXXX ?.I dont see where there can be seperate
systems(in a future sense).Either everyone's transmission is identifiable as
"them" and thus tagged, or the secrecy of information itself becomes less
important than the the propagation of said information.Isnt that where we
were heading anyway, with chips that identify our presence online?And just
munging addresses isnt going to fool anyone in the future..And do you
discount the very real possibility that certain factions will make a hell of
alot of noise while we are "really" moving towards a one world
consciousness?It is the public perception that is scary, and the public that
pays the bills, at that.
> So I think we'll continue to have this gray area in
> cyberspace, with many options for those who want to
> flirt with identities but not commit to them, and for
> those ready to merge public and private at a higher
> level, so that they might pursue whatever high stakes,
> high commitment careers.
>
Why do we spend billions to keep secrets, when we know secrets are lost
anyway?At some point instead of investing billions on secrets it may be
better off spending the money making better information managers.What
happens when we are "all on the same side"?How are we going to justify
trillion dollar budgets?
> Kirby
>
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Algorithm using neural networks?
Date: Fri, 12 May 2000 17:45:13 GMT
In article <lqTS4.1303$[EMAIL PROTECTED]>,
"Axel Lindholm" <[EMAIL PROTECTED]> wrote:
> I just came up with a small idea for a slightly unusual encryption
> algorithm, let the data be processed through a neural network! I don't
know
> if there already exists something like this, but it hit me that the
idea
> might not be too bad.
>
> Say you'll create a network to pass the data through, then there must
be
> some way of creating an inverse network that can transform it into
it's
> original content. This could be used as a public key encryption system
this
> way. The problem is that I don't have a clue on how hard it might be
to
> generate one network using the information the other one gives. A good
thing
> about this system might be that noone knows the encryption algorithm,
even
> the person who has the network weights should have quite a problem
creating
> an algorithm out of a big network with 100-200 cells.
>
> Does anyone know if this has been tried before? Is it totally
impossible?
> Feel free to share your thoughs with me!
If you are talking about what I think,
you should realize that not all the info
that goes into a neural network will
necessarily make it to the other side.
Think about it, every time you add two
numbers together you lose about half the
info that was in the original numbers.
So it seems to me there is no guarantee
that a NN will be reversible.
OTOH, any nonlinear function can be
used to construct a Feistel network,
So maybe you could concentrate on that.
It wouldn't be a "public key" algorithm,
though.
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Fri, 12 May 2000 20:13:46 +0200
Mark Wooding wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > To be honest, I personally see that to be good publicity. What's bad??
> > If I were the manager of Hitachi, I would definitely do that.
>
> Could be something to do with being seen to be a bunch of opportunistic
> money-grabbing bastards, I suppose.
What an idea do you have about business?? Business is to make money,
isn't it? If you were a businessman, why would you let go money that
you can legitimately (and perhaps not very difficultly) gain? Maybe
you are an idealist, guided by very high moral, ethical standards, religious
dogmas and what not. But you would then certainly be one of a very small
minority of the businessmen! As I mentioned, in practice there are even
those who go beyond the laws, e.g. industrial espionage. If patents
are not to assure the patent holders some rights to gain money, why
should there be patents at all? I would in your place be a bit more
conservative in venturing to call others 'money-grabbing bastards'.
A more polite formulation is at least called for. Note that there are
plenty of other patents in cryptography, one of the best known
being held by RSA.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 20:13:56 +0200
Bernie Cosell wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> } DJohn37050 wrote:
> }
> } > This is just a reminder that the AES final comment deadline is May 15. See
> } > http://www.nist.gov/aes for details.
> }
> } Maybe I am wrong, but I have the impression that AES has
> } somehow attracted much less attention than it evidently
> } deserves.
>
> And I'm wondering whether once AES appears if we'll be treated to a decade
> of folks alleging that NSA stuck a trap door into whatever-scheme-wins..:o)
The chance of that is, in my estimation, much less than the case with
DES. For most AES candidate submissions have given sufficiently
detailed design rationales and some even take pain to explain that in
some points certain constants used are from known mathematical
constants so that backdoors can't exist.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Help!? Accidental 'crypt' needs to be undone
Date: Fri, 12 May 2000 18:07:35 GMT
This feels silly to admit, but while leaving a UNIX
'vi' edit session, I hit :X instead of :x, and ended up
encrypting my file. I wasn't watching what I was typing,
and have no idea what kind of key I may have supplied.
I lost several days of critical work on a very visible
project. Any suggestions on how I can get my code back
out of there? I find all sorts of sources saying that
attacks on crypt are well known, and this should be
easy to do, but I'm not at all plugged into this scene
and have had no luck chasing anything down.
Please, please, please...
If this isn't the right place to post this kind of question,
let me know (or forward this note on my behalf). I'm desparate.
Thanks,
John
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: zeroknowledge.com and freedom.net - Snake oil?
Date: Fri, 12 May 2000 15:32:26 -0400
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Anton Stiglic <[EMAIL PROTECTED]> wrote:
> > "Dr. Yongge Wang" wrote:
> >
> > > Surely I agree with you that is not a practical attack..
> > > which is just the same as the key-escrow system or the
> > > threshhold cryptosystem... I have just had a rough look at
> > > their whitepage (I have to say that I have no time to look
> > > at details, so I may wrong some where)..It seems that
> > > there is much for the deployment of the Freenet servers.
> > > If all the servers are deployed by ZKS, then indeed you
> > > have no privacy. You have to trust ZKS (ZKS can easily
> > > trace you). Then the problem is why we need a such complicated
> > > system instead of choosing a simple anonymizer proxy like
> > > www.anonymizer.com ?
> >
> > Most of the Freedom servers are owned and are run by
> > independent servers, and a user can choose which servers
> > he wants to use for his route. You can choose servers from
> > the US, Canada, Japan, operated by people you thrust. This is
> > a big difference from the Anonymizer system.
>
First of all, allow me to correct my typo, thrust -> trust
:)
Now, for your remarks:
> BUT:
> a.) Freedom is only available for Windump 95 & 98
Yes, you can't expect us to come out with a version for all operating
systems right from the start, can you? But we are working hard on it,
there is work being done on Windump NT, and work being done
for a client that runs on a Mac and on Lynux (as our servers do) so
as to please you, me, and a whole lot of other people. :)
> b.) You have to install software
Well yes, you can't provide the functionality Freedom provides without
installing the software.
Note that we are working on getting this software to be open source,
if that is part of your concern, we've got Mike Shaver working on that.
> c.) Freedom doesn't work behind firewalls
Watch out for version 1.2., you might be happily surprised.
> d.) You have to buy it and therefore reveal your name,
> address, email, phone number & your creditcard-number
There is a white paper describing this process, we are honest
about what we do. The existing process will be replaced by an
anonymous credential system that will be built up from Stefan
Brands credential technology. Which is the right way of doing
it. We've got Stefan Brands working on that :)
> So ZKS CAN'T be a good choice ...
>
> FREE, for every Operating System, No installation,
> works behind Firewalls, ready to use in ZERO seconds:
> http://anonymouse.home.pages.de/
This seems to be a rewrite of the Anonymizer. I won't start
comparing the type of privacy and security that Chaum-Ian
type networks provide against Anonymizers, this is already
well known by the crypto community. Other than that, there
are bugs with the Anonymizer protocol in general, such as
the fact that the server has to scan the web contents it receives
back and rewrite it (so you don't actually go to www.yahoo.com,
but go to www.anonyXXX.yyy/http://www.yahoo.com).
There have been security bugs related to this.
For example, I just tried to connect to http://www.thematrix.com
from your anonymouse.home.pages.de and I got an error:
the requested URL could not be retrieved
>While trying to retrieve the URL: http://mainframe.html
>
>The following error was encountered:
>
> Unable to determine IP address from host name for mainframe.html
>
>The dnsserver returned:
>
> DNS Domain 'mainframe.html' is invalid: Host not found
(authoritative).
>
>This means that:
>
> The cache was not able to resolve the hostname presented in the URL.
> Check if the address is correct.
>
>
>
>Generated Fri, 12 May 2000 18:53:36 GMT by proxy.intnet.mu
(Squid/2.2.STABLE4)
My friend beside me couldn't even connect to anonymouse, it gave
him a link that gives him the choice of clicking on Netscape or IE,
he's got the same version of Netscape that I have??
Freedom is the only seriously built privacy device that considered the
best known theoretical results and that truly tries to provide adequate
security and privacy and is always honest to their customers.
Allot of time and effort has been put into the software, and continuous
work is being done.
Anton
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Newbie question about primes
Date: Fri, 12 May 2000 15:37:30 -0400
Ken Oilyram wrote:
> Anton Stiglic <[EMAIL PROTECTED]> wrote:
>
> >So if p is prime, one can write the prime factorization of p as
> > p = p^1
> >
> >This definition provides consistency in the fact that we can state
> >that every positive integer > 1 has a prime factorization.
>
> So the task of factoring a very large prime number is either impossible or
> trivial, depending upon how you look at it. In any case, it's interesting
> how often we see this error. It seems hardly a week goes by that someone
> doesn't mention "the difficulty of factoring large prime numbers".
That is very true.... It should be highlighted in yellow in the crypto
FAQ...
Anton
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 20:01:39 GMT
On Fri, 12 May 2000 10:11:09 -0400, Bernie Cosell
<[EMAIL PROTECTED]> wrote:
>And I'm wondering whether once AES appears if we'll be treated to a decade
>of folks alleging that NSA stuck a trap door into whatever-scheme-wins..:o)
There will always be those that will assert that this is the case, no
matter what happens. The agency always gets a bad rap, just by being a
secretive agency. Personally, I have a lot of respect for the many NSA
people I have met over the years and this includes their motivations.
Besides, times have changed and everyone now realizes that good
security in the commercial sector is much more important than it use
to be. The cost to the public interest of not having good security in
the commercial sector is now greater than the cost of an occasional
misuse of that technology.
I think that the best things the NSA could to w.r.t. AES are the
following.
1. Assert little visable influence over the choice of algorithm. Of
course, behind the scenes influence between the agencies can not be
prevented and will always be suspected.
2. Accept the chosen algorithm as-is and not modify it. Any
modification, even if it strengthens the algorithm, would be cause for
suspect, as it was for DES.
3. Adopt use of the chosen algorithm for Type 1 and/or 2 purposes,
showing their support for and trust in the algorithm. Citing lack of
resources, NSA people have repeatedly said that they are getting out
of the algorithm business and plan to move in this direction.
4. Promote the use of AES by other government agencies will lower
security concerns.
5. Generally act with good faith and as open as the situation permits.
6. Pursue other avenues to meet their national security and law
enforcement objectives.
As for being ignored, I don't think it will be ignored for long and
its adoption may resemble the adoption of DSA. Many industries rely on
use of a "standard" algorithm for liability reasons. DES and now 3-DES
are the only candidate algorithms. DES has been overtaken by progress
and 3-DES is slow. AES will be the only alternative. Adoption by other
government agencies will hasten its adoption in other sectors, as was
the case with DSA.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 20:42:23 GMT
Mok-Kong Shen wrote:
> Maybe I am wrong, but I have the impression that AES has
> somehow attracted much less attention than it evidently
> deserves.
I tend to disagree. I'm not convinced the mailing lists
and newsgroups are where the AES action is.
[...]
> As I noted earlier, I first learned of the patent issue
> from discussion in this group.
The patent issue applies to any technology less than 20
years old. There's no reason to single out AES. We've been
using NBS/NIST crypto for many years, and patent problems
have amounted to at most a lot of talk.
[...]
> Isn't AES destined to be T H E encryption
> algorithm of the 21st century?
Sort of. It's destined to be T H E symmetric block cipher
of the next few decades, and probably T H E symmetric
cipher. But sci.crypt's obsession with secret key encryption
is out of touch with both modern cryptology and the
cryptographic market. AES is not among the "New Directions
in Cryptography". It's a replacement for DES.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 17:00:42 -0400
Bernie Cosell wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> } DJohn37050 wrote:
> }
> } > This is just a reminder that the AES final comment deadline is May 15. See
> } > http://www.nist.gov/aes for details.
> }
> } Maybe I am wrong, but I have the impression that AES has
> } somehow attracted much less attention than it evidently
> } deserves.
>
> And I'm wondering whether once AES appears if we'll be treated to a decade
> of folks alleging that NSA stuck a trap door into whatever-scheme-wins..:o)
Probably by a few people. But unlike DES, the reasoning for
the design of each of the candidates is public. So you don't
have to go around saying "I wonder why S4 looks the way it does"
as happened with DES.
paul
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: Cipher contest analysis [several]
Date: Fri, 12 May 2000 16:19:25 -0500
Ihate to say this, but source code does NOT speak as far as the Subkey
Generation goes. I am fairly certian that I could figure it out given
time, but I would prefer a clear explanation instead. Commented code
might not be a bad thing to ask for either.( It would help imensley if you
intend to "let the code speak"). PIKACHU looks like a relative of
Twofish -- very similar transforms, and the rotation is also similar.
Just a question though. In a round you Xor with k(i) on the way in and
k(i+1) on the way out., then you start the next round by XOring it with
K(i+2) on the way in and K(i+3) on the way out. This puts 2 XOR in a row
as (X<<<1) XOR k(i+1) XOR k(i+2) is the input into the second round's
mixing-- and that strikes me as an inefficiency -- you should be able to
omit one or the other XOR and still get equivalent security -- or am I
missing something here? ( Or maybe put some of your mixing ops before the
first XOR or after the second?)
Just some random thoughts.
Jim
Tom St Denis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mark Wooding) wrote:
> > Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > > expressions like 'a = 2a + b' are not technically valid
> >
> > Yes, they are; they just mean different things from what a C
> > programmer would expect. The above implies simply that a = -b,
> > which is a
> > completely reasonable thing to assert, although not what's actually
> > intended.
>
> I was just trying to be a bit mathematically correct.
>
> > > The key schedule is too simple to explain, just look at the
> > > supplied source code.
> >
> > You should aim to make your textual description detailed and
> > precise enough for someone to be able to make a compatible
> > implementation given no other information. `Look at the source',
> > in my opinion, doesn't cut it.
>
> Well I was kinda rushing to get it out there... but I can describe
> it... I also found acouple of spelling errors... hehe
>
> Anyways, what does the group think of the cipher anyways?
>
> Tom
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> Comment: Public Key at http://www.tomstdenis.com
>
> iQCVAwUBORwjYXDaq5QeLg0RAQGBLAQAtey5+fUm5Ab0A6bmXUFctfOs9ZgJ3kJU
> JEiP+W3hmE4l8RUFSxSVEJx2GISnP9kek4uHGspdjux/OQWOHcZkF4HiePmXN4+5
> 8SgUbZYLUBACaEsasnGyVsba/60pssGHN4cY1JqbcC7W+0n+/dpM+7KLN55iMVch
> 2i3Fk3hXU+4=
> =BmLj
> -----END PGP SIGNATURE-----
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
