Cryptography-Digest Digest #787, Volume #11 Tue, 16 May 00 07:13:00 EDT
Contents:
Re: Definition of "Broken" Cipher (Tom St Denis)
Re: Yet another sci.crypt cipher (Tom St Denis)
Re: Q: Searching for multiparty authentication protocols (=?iso-8859-1?Q?Tom=E1s?=
Perlines Hormann)
Re: (May 11, 2000) Cipher Contest Update (Tom St Denis)
Re: Unbreakable encryption. ([EMAIL PROTECTED])
Re: Notes on the "Vortex" block cipher (Mok-Kong Shen)
Re: Is OTP unbreakable? (Simon Johnson)
Re: Unbreakable encryption. (Tom St Denis)
Re: Notes on the "Vortex" block cipher (Tom St Denis)
Re: Notes on the "Vortex" block cipher (Mok-Kong Shen)
Re: Unbreakable encryption. (Mok-Kong Shen)
Re: Unbreakable encryption. (David Formosa (aka ? the Platypus))
Re: Unbreakable encryption. (Paul Waserbrot)
Re: Notes on the "Vortex" block cipher (David Formosa (aka ? the Platypus))
Re: Notes on the "Vortex" block cipher (Mok-Kong Shen)
Re: AES Comment: the Hitachi patent (Mok-Kong Shen)
Re: Is OTP unbreakable? ("Will Critchlow")
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Definition of "Broken" Cipher
Date: Tue, 16 May 2000 08:12:21 GMT
In article <#weKTGvv$GA.232@cpmsnbbsa04>,
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> Funny, just a couple messages ago you said 2^50 was a good
> security margin.
>
> "Let's be realistic, getting 2^50 pairs of
> plaintext/ciphertext is not
> possible for two reasons. a) Bandwidth, b) smart people
> re-key their
> ciphers."
> versus
> > No you are wrong, single des is hopelessly useless now.
> The key is
> > much too small, it's an ugly algorithm, not to mention
> slow.
>
> So somehow miraculously 2^50 is more secure than 2^56?
> Perhaps you should rethink your stand.
Hmm? There is a difference between getting 2^50 pairs, and searching a
56 bit key.
I don't know what you are talking about ... really.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Yet another sci.crypt cipher
Date: Tue, 16 May 2000 08:11:05 GMT
In article <[EMAIL PROTECTED]>,
Runu Knips <[EMAIL PROTECTED]> wrote:
> > Well the F function is nifty, but the original 'x + y + j mod 16'
> > sucked the big time. It didn't use the key bytes evenly...
>
> Oh sorry I only checked your new version.
Any comments? I haven't had any feedback yet...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: =?iso-8859-1?Q?Tom=E1s?= Perlines Hormann <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Q: Searching for multiparty authentication protocols
Date: Tue, 16 May 2000 10:20:20 +0200
Tom St Denis wrote:
> In applied crypto there is a description of multi-party DH, it requires
> alot of inter communication though..
Is there any study about processing time and resources needed for
multiparty-DH??? I am quite interested in the amount of processing
depending on the # of parties.
--
Quick answering: mailto:[EMAIL PROTECTED]
Check it out: http://www.weh.rwth-aachen.de/~tomas
Do it Now!
:o) Tomás Perlines (o:
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: (May 11, 2000) Cipher Contest Update
Date: Tue, 16 May 2000 08:16:01 GMT
In article <eLEhovuv$GA.249@cpmsnbbsa03>,
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> Actually, the problem as I see it, comes from two very
> important problems, for absolute security of the block size
> the following MUST be true:
> 1) The key space must be large enough to generate ALL
> permutations of the block space, simply put the output space
> factorial. (Otherwise not all blocks can be generated form a
> single input)
The cipher is a permutation of the input, whether all keys make all
permutations is another thing. To be realistic for 1/10th of a second
you would need a log2(2^64!) key which would be too huge to be
useseable.
> 2) The key space must be an exact multiple of the output
> space.(otherwise blocks would not be equally likely given an
> input)
> Give these it is a simple observation to note that (2^n)*m
> != k! for any values of n > 1, m > 3, k>3.
> This gives us an output space of exactly 3 values, far fewer
> than the 2^64 for even a minimal cipher. Therefore, if the
> current rules stand, I would ask that any submissions be
> removed, based on the fact that it has been proven that
> there is an attack better than brute force. If you would
> like to change the rules, go ahead, I'm basically just here
> as stress relief, I may yet fully implement my algorithm.
#2 is hardly a requirement, since you won't get enough blocks to get
good statistics... That's what itterative attacks are my friend.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Unbreakable encryption.
Date: Tue, 16 May 2000 08:43:46 GMT
> Dear aspiring cryptographer!
> Will you please stop this verbal diarrhea and give people
> some information about your algorithm.
> 1. If your algorithm is _intractable_ and defies any
> program description, how do you implement it?
> 2. More important, in absense of firm orderly rules,
> how is the recepient supposed to decrypt? Dynamically,
> based on his own intuition and high fantasy? Ho-Ho...
> 3. If a program and rules exist, publish them for
> us to look at, then we will express our opinions.
>
> Best wishes BNK
>
Dear BNK,
Thank you for your aspiring complements!
Virtual Calc 2000 already can be used for encryption and decryption!
I've posted plaintext and cyphertext already! And shown you
simple routines to encrypt and decrypt. (although this is manually
done, you can simple use cut and paste for the algorithms)
I mean if I were to sit down and make a nice automated program
and publish the rules here along with the internals and source,
would you help me patent it? or publish it? I mean this thing
would be so powerful even NSA can't
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Notes on the "Vortex" block cipher
Date: Tue, 16 May 2000 11:10:01 +0200
Terry Ritter wrote:
> <[EMAIL PROTECTED]> wrote:
>
> >Tom St Denis wrote:
> >> There is some science behind cryptography whether you want to believe
> >> it or not.
> >
> >And I think his dislike of Blowfish is only instinctive. I would trust
> >Blowfish, too. It only requires a little bit too much resources for
> >some applications.
>
> That particular answer of mine would have been the same for any other
> cipher. The problem is not a particular cipher, the problem is in
> trusting something which cannot be tested to see how closely it comes
> to doing what we want it to do.
It's really for me astonishing that this kind of dispute recur
time and again and again in the group. I like to repeat one
point that I stated long time ago: In engineering or fields like
pharmacy, the authorities and the common people are on one
and the SAME side (we neglect lobbying here), i.e. attempting
to attain the best security possible within the framework of
economical constraints and state of the art. There are diverse
controlling organizations to oversee what is being done in
practice and effect corrective measures, if necessary. In
crypto, the situation is fundamentally different. One has only
to look at issues of export regulations, Wassenaar Arrangements,
key escrows, Echelons, special regulations concerning
telecommunication providers, etc. etc. in order to convince
oneself of that. Thus it is a better stategy to risk to err
having too little trust than to err having too much trust
in crypto in general.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Tue, 16 May 2000 09:23:22 GMT
The OTP uses a non-bias function to combine the totally random pad with
the plain-text, because the combining function is no-bias, the
uncertianty of the random stream is exactly reflected in to the
resultant cipher-text. Therefore the cipher-text is just as random as
the PAD.
The only information that can be recovered from the cipher-text is the
length. The fact the output is random means it contains no information,
therefore it has no redudancies that can be analyised.
So the OTP is unbreakable, but isn't very useful. For a start the key
can only be used once:
(Cipher-text one) = (text 1) XOR (Key)
(Cipher-Text two) = (text 2) XOR (key)
:. solving simulatneously.
(Cipher-text One) XOR (text 1) = (text 2) xor (Cipher-Text two)
It is clear from this that you can solve the two cipher-texts without a
key, making it easily breakable.
Moreover, the key has to be the same length as the text you want to
encrypt (repeating a key over the plain-text falls to an attack related
to the one obove). Encrypting with a OTP is pointless simply because
now you now have to figure out a way to secure the OTP key!!!!!!!
I hope this clears stuff up for u.
=======
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Unbreakable encryption.
Date: Tue, 16 May 2000 09:31:02 GMT
In article <8fr1nv$gmj$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Thank you for your aspiring complements!
> Virtual Calc 2000 already can be used for encryption and decryption!
> I've posted plaintext and cyphertext already! And shown you
> simple routines to encrypt and decrypt. (although this is manually
> done, you can simple use cut and paste for the algorithms)
Cutting and pasting algorithms? Seems like a bad idea to me.
> I mean if I were to sit down and make a nice automated program
> and publish the rules here along with the internals and source,
> would you help me patent it? or publish it? I mean this thing
> would be so powerful even NSA can't
You have yet to even suggest your method is secure, as compared to a
modern symmetric cipher. Your wild speculations and incomprehensible
explanations are very amusing but hardly usefull.
Why not just explain your algorithm a bit clearer as in
Encrypt(input, output, key): ...
Instead of saying "dynamic augmentative algorithms are applied to the
input which has been converted from one base to another".
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Notes on the "Vortex" block cipher
Date: Tue, 16 May 2000 09:32:32 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Terry Ritter wrote:
>
> > <[EMAIL PROTECTED]> wrote:
> >
> > >Tom St Denis wrote:
> > >> There is some science behind cryptography whether you want to
believe
> > >> it or not.
> > >
> > >And I think his dislike of Blowfish is only instinctive. I would
trust
> > >Blowfish, too. It only requires a little bit too much resources for
> > >some applications.
> >
> > That particular answer of mine would have been the same for any
other
> > cipher. The problem is not a particular cipher, the problem is in
> > trusting something which cannot be tested to see how closely it
comes
> > to doing what we want it to do.
>
> It's really for me astonishing that this kind of dispute recur
> time and again and again in the group. I like to repeat one
> point that I stated long time ago: In engineering or fields like
> pharmacy, the authorities and the common people are on one
> and the SAME side (we neglect lobbying here)
You are kidding right? And how many new drugs have "acceptable" side
effects because these scientists just want to push their drugs?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Notes on the "Vortex" block cipher
Date: Tue, 16 May 2000 11:54:06 +0200
David A Molnar wrote:
> The nasty bit about both of these is that they require a public source of
> random bits. Your mileage may vary as to whether that's more realistic
> assumption than "RSA is hard" or "DES is hard."
I don't understand why it must be 'public'? Couldn't it be something
that Bob sends 'privately' and it is however assumed that Eve could
tape on? The real problem is probably obtaining really 'random' bits.
On the other hand, wouldn't some very good approximation of
'random' stuffs be useful nonetheless with the scheme mentioned (in
case one doesn't need absolute security but only sufficiently high
security)?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Unbreakable encryption.
Date: Tue, 16 May 2000 11:54:12 +0200
[EMAIL PROTECTED] wrote:
> The Virtual Calc 2000 supports infinite precision for floating
> points of ANY base you choose. So 3.333333333333... may be
> a number in one base, but after you convert it, it will be
> totally different (especially using floating point arithmetic).
> It might go into infinity, it might not (if it isn't representable
> as a finite number of digits).
I am afraid that this is at the very root of your errors. A real
computer is a finite device. How can it do arbitrary infinite
precision arithmetics??? Before going further with any arguments
of crypto, you have to demonstrate how the implementation can
be done. Note that there are software to do arbitrary precision
arithmetics, but that means the precision can go up to a certain
bound limited by the (finite) computer on which it runs. Or are
you assuming the availability of an infinite machine???
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Unbreakable encryption.
Date: 16 May 2000 09:54:36 GMT
Reply-To: dformosa@[202.7.69.25]
On Mon, 15 May 2000 19:54:14 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
[...]
>Encrypt(ct, pt, key)
>
>Where ct[1..n] and pt[1..n] is the output/input and key[1..x] is the 'x-
>byte' key.
Wouldn't that be more standard as
ct = Encrypt(pt, key)
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Interested in drawing platypie for money? Email me.
Crack my Hash win$200 http://dformosa.zeta.org.au/~dformosa/PlatyMAC.txt
------------------------------
From: Paul Waserbrot <[EMAIL PROTECTED]>
Subject: Re: Unbreakable encryption.
Date: 16 May 2000 10:05:30 GMT
[EMAIL PROTECTED] wrote:
> Dear BNK,
> Thank you for your aspiring complements!
> Virtual Calc 2000 already can be used for encryption and decryption!
> I've posted plaintext and cyphertext already! And shown you
> simple routines to encrypt and decrypt. (although this is manually
> done, you can simple use cut and paste for the algorithms)
Oh, i must have missed them, since all i have seen is a bunch of crap...
...sorry.
> I mean if I were to sit down and make a nice automated program
> and publish the rules here along with the internals and source,
> would you help me patent it? or publish it? I mean this thing
> would be so powerful even NSA can't
Aha, so if you want a patent, why not just wait until you get it and then
publish the algorithm? In the mean time, we can focus on something more
interesting... ...unless you give us some code or pseudocode,
"Go away, you don't exists!".
// Paul
--
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Notes on the "Vortex" block cipher
Date: 16 May 2000 10:26:36 GMT
Reply-To: dformosa@[202.7.69.25]
On Mon, 15 May 2000 02:11:27 GMT, Terry Ritter <[EMAIL PROTECTED]> wrote:
>
>On Sun, 14 May 2000 21:14:48 GMT, in <8fn500$82o$[EMAIL PROTECTED]>, in
>sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
[...]
>>There has been some scrutiny of blowfish. I would trust it.
>
>You can wish and hope and believe what you want, but there still is no
>scientific basis for such trust.
Excluding the one time pad (which is useless for most practical
perposes) is there any encrytion anlogrythum that there is a
scientific basis for such trust.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Interested in drawing platypie for money? Email me.
Crack my Hash win$200 http://dformosa.zeta.org.au/~dformosa/PlatyMAC.txt
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Notes on the "Vortex" block cipher
Date: Tue, 16 May 2000 12:43:03 +0200
Tom St Denis wrote:
> You are kidding right? And how many new drugs have "acceptable" side
> effects because these scientists just want to push their drugs?
No. The real world is certainly not perfect. There are scientists who
do frauds. But there are also judges who are corrupt. But on the whole
it is true that the diverse controlling organizations are assuring security
in the real interest of the common people. Before your house is built,
its construction plan has to be examined and approved by a local
authority. Do you suspect that any guy there has the motivation of
intentionally doing something such that the building crashs when the
wind comes for the first time?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AES Comment: the Hitachi patent
Date: Tue, 16 May 2000 12:43:09 +0200
Anton Stiglic wrote:
> The papers you will be interested in are under "AES Issues" Panel.
> Your ideas has been presented before, notably at the 3rd round of
> AES, and directly stated in an article from Ian Harvey.
> When they presented the idea, most of the audience members seemed
> against it, for some reasons such as the one I posted as I reply to
> your post on May 7th.
> Bruce just gave another good reason in his post, it seems like the idea
> of multiple AES ciphers just gets counter-argued all the time..
Some people apparently don't like multiple encryptions (though recently
Terry Ritter has aptly argued for multiple encryptions). Having multiple
AES winners would facilitate/support use of multiple encryptions. This
I suspect is one of the motivations against having multiple AES winners.
But the patent issue, while favouring having multiple AES winners, is
one that has to be faced and adequately resolved as such in ANY case.
I am surprised that , before the letter of Schneier now, apparently no
effort whatsoever has been done by the AES submitters or by NIST
in that direction. As I indicated elsewhere, it is strange that on the one
side academics seem to neglect patents, in that patents are not cited
in their publications (according to information I got in the past), and
on the other side some academics are apparently nonetheless very
very eager in applying and maintaining patents. Hopefully, the present
case of involvement of patents in AES will help in the long run some
developments in a direction favourable to (in the benefit of) the
common (and financially humble) people who need strong encryption
algorithms to protect their information privacy.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Will Critchlow" <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Tue, 16 May 2000 11:36:45 +0100
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:8fr420$j1o$[EMAIL PROTECTED]...
> The only information that can be recovered from the cipher-text is the
> length. The fact the output is random means it contains no information,
> therefore it has no redudancies that can be analyised.
Kind of irrelevant (I find it interesting). In information theory, a random
sequence actually contains *the most possible* information for a string of
that length (see for example, Feynman's Lectures on Computation).
Information is defined in terms of the 'surprise' that you experience in
receiving the next bit given all the ones that have gone before (or in other
words, how well you can predict what's coming next).
In English, for example, you will almost always see a q followed by a u
whereas in a random sequence you are as likely to see a q followed by a t...
As I said, not relevant....
W
--
========================================
B5 New Court, St. John's College
Cambridge. CB2 1TP
01223 522561
ICQ: 51747953
========================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
