Cryptography-Digest Digest #817, Volume #11 Fri, 19 May 00 06:13:00 EDT
Contents:
Probabilistic Encryption (Claudio Di Flumeri)
Re: More on Pi and randomness ("Douglas A. Gwyn")
Re: what is the status finite automata base cryptosystems? ("Douglas A. Gwyn")
Re: P+1 factorization algorithm (Niclas Karlsson)
comparison of ciphers (Lieven Trappeniers)
Re: Probabilistic Encryption ("Douglas A. Gwyn")
Re: comparison of ciphers (Sébastien SAUVAGE)
Re: Probabilistic Encryption (Claudio Di Flumeri)
Re: Crypto & UNICODE??? (Marcin Jaskolski)
Re: Unbreakable encryption. (Mok-Kong Shen)
Re: More on Pi and randomness (Mok-Kong Shen)
About AES contest ("Karim A")
Re: Matching substrings in a signature (Mok-Kong Shen)
Re: P+1 factorization algorithm (Anders Thulin)
Cipher Challenge Stage 5 (Sisson)
Re: Crypto & UNICODE??? (Mark Wooding)
Re: AES final comment deadline is May 15 ("Sam Simpson")
Re: More on Pi and randomness ("Clive Tooth")
Re: AES final comment deadline is May 15 (Runu Knips)
Re: AES final comment deadline is May 15 (Scott Contini)
----------------------------------------------------------------------------
From: Claudio Di Flumeri <[EMAIL PROTECTED]>
Subject: Probabilistic Encryption
Date: Fri, 19 May 2000 09:08:34 +0200
Reply-To: [EMAIL PROTECTED]
Do you know where can I find an online version of the paper
"Probabilistic Encryption" by Goldwasser and Micali?
Thanks
Claudio
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: Fri, 19 May 2000 07:11:26 GMT
Mike Mccarty Sr wrote:
> This is not something which can be said with our current level of
> knowledge of PI. We can make statements about the first x billion
> digits, but we cannot (as yet) make statements about PI.
Sure we can; the transcendental real number universally denoted
by the symbol pi has a great many exact properties that are
mathematically proven.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: what is the status finite automata base cryptosystems?
Date: Fri, 19 May 2000 07:17:13 GMT
Christopher Pollett wrote:
> Can anyone out there tell me what the current status of finite
> automata based crypto systems?
What do you mean by that term? Practically any cryptosystem can
be thought of as a finite-state automaton. If you mean, cellular
automata, they don't seem to be used very much if at all, perhaps
because they seem to offer no clear advantage over better-understood
cryptosystems.
------------------------------
From: [EMAIL PROTECTED] (Niclas Karlsson)
Subject: Re: P+1 factorization algorithm
Date: 19 May 2000 10:17:47 +0300
[EMAIL PROTECTED] writes:
>In article <8g0tjt$4nv$[EMAIL PROTECTED]>,
> Bob Silverman <[EMAIL PROTECTED]> wrote:
>> The *definitive* article to read is Peter Montgomery's
>> Speeding the Pollard and Elliptic Curve Methods of Factorization
>> Mathematics of Computation, 1987
>Thanks, I'd like to read that, but where can I get hold of a copy? Can
>it be downloaded from anywhere? Or do I have to subscribe to MoC ?
It's available electronically from Journal Storage (www.jstor.org).
Unfortunately jstor is a subscription service aimed mostly at larger
institutions like universities and such, so unless you're affiliated
with one of those you're not likely to get hold of the article from
there.
The license seems to allow only a single copy for personal use.
Nicke
--
"A witty saying proves nothing."
- Voltaire (1694-1778)
------------------------------
From: Lieven Trappeniers <[EMAIL PROTECTED]>
Subject: comparison of ciphers
Date: Fri, 19 May 2000 09:03:56 +0200
Hello All,
is there any survey available that discusses the amount of security
offered by various encryption algorithms ? How do DES and 3DES relate
to blowfish, IDEA, ... concerning intrinsic strength of the algorithm
? (and of course, what is the influence of the key size).
As a non-specialist having to implement encryption, I am looking for
information in order to differentiate between the available algorithms.
I apologize if this question has a rather high degree of FAQness.
Thanks,
Lieven.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Probabilistic Encryption
Date: Fri, 19 May 2000 07:23:49 GMT
Claudio Di Flumeri wrote:
> Do you know where can I find an online version of the paper
> "Probabilistic Encryption" by Goldwasser and Micali?
It took me only a couple of minutes of Web searching to turn up
the reference: Shafi Goldwasser, and Silvio Micali "Probablilistic
Encryption," Journal of Computer and Systems Sciences, vol. 28
issue 2 (April 1984) 270-299. Unless the JCSS has digitized back
issues, the paper is probably not available on line. Why don't
you send e-mail to [EMAIL PROTECTED] asking about
availability of the paper; perhaps he'll send you a hard copy.
------------------------------
Subject: Re: comparison of ciphers
From: [EMAIL PROTECTED] (Sébastien SAUVAGE)
Date: Fri, 19 May 2000 07:33:51 GMT
This book is definitly a must-read:
"Applied Cryptography" - Bruce Schneier
It details several algorithms and their weaknesses.
[EMAIL PROTECTED] (Lieven Trappeniers) wrote in
<[EMAIL PROTECTED]>:
>Hello All,
>
>is there any survey available that discusses the amount of security
>offered by various encryption algorithms ? How do DES and 3DES relate
>to blowfish, IDEA, ... concerning intrinsic strength of the algorithm
>? (and of course, what is the influence of the key size).
>
>As a non-specialist having to implement encryption, I am looking for
>information in order to differentiate between the available algorithms.
>
>I apologize if this question has a rather high degree of FAQness.
>
>Thanks,
>
>Lieven.
>
>
>
--
==================================
Sébastien SAUVAGE
[EMAIL PROTECTED]
http://www.bigfoot.com/~sebsauvage
==================================
------------------------------
From: Claudio Di Flumeri <[EMAIL PROTECTED]>
Subject: Re: Probabilistic Encryption
Date: Fri, 19 May 2000 09:39:41 +0200
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
>
> It took me only a couple of minutes of Web searching to turn up
> the reference: Shafi Goldwasser, and Silvio Micali "Probablilistic
> Encryption," Journal of Computer and Systems Sciences, vol. 28
> issue 2 (April 1984) 270-299. Unless the JCSS has digitized back
> issues, the paper is probably not available on line. Why don't
> you send e-mail to [EMAIL PROTECTED] asking about
> availability of the paper; perhaps he'll send you a hard copy.
Thanks for the help. I knew that the paper was on Journal of Computer
and Systems Sciences, but I can't access to this periodic. I've followed
your advice ad I've sent an e-mail to Shafi Goldwasser: I hope that he
can help me ...
Claudio
------------------------------
From: Marcin Jaskolski <[EMAIL PROTECTED]>
Subject: Re: Crypto & UNICODE???
Date: Fri, 19 May 2000 09:57:21 +0200
On Wed, 17 May 2000, Mok-Kong Shen wrote:
> I am afraid that you misunderstood what I meant (and probably also
> what the original poster meant). It is not an issue of what encryption
> algorithm to use!
>
> Let me formulate the two cases of the original poster (as I understand
> them):
>
> Case 1: The given plaintext is in Hex: 41424343454647 (7 bytes).
>
> Case 2: The (transformed) given plaintest is in Hex:
> 4100420043004400450046004700 (14 bytes)
>
> It is assumed that the opponent knows the scheme, i.e. the transformation
> from case 1 to case 2 (it wouldn't also be hard for him to infer that).
> If any trick, including known plaintext, works well when a certain
> encryption algorithm is applied in case 2, why shouldn't it work 'equally'
> well in case 1? That was my question.
thanks, now i can understand the question. I'm certainly not a crypto
expert, but i think breaking the case 2 can be easier. Let's imagine we
are just guessing the key (ok, not very practical) and ve have a a very
fast way of computing (decrypting) just the last byte . Then, we can say
the key is wrong, if we don't get zero as a result.
> M. K. Shen
Have a nice day
Marcin Jaskolski
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Unbreakable encryption.
Date: Fri, 19 May 2000 10:18:04 +0200
"Douglas A. Gwyn" wrote:
> Mok-Kong Shen wrote:
> > It is yet 'entirely' not clear to me why do you need real arithemtics
> > of infinite precisions in encryption at all. Could you show an example?
>
> People who base their cryptosystem's theoretical security on properties
> of the real number system require absolute precision in implementation.
I was questioning in the context of base conversion (and encryption).
Base conversion may, for exact results, under circumstances need
infinite precision, but only when converting numbers with digits behind
the decimal point. One knows that well when converting between the
decimal and the binary system. However, for whole numbers, which
is likely to be the only case interesting for encryption (that's why I
asked for a counter-example), no such problem arises, since any
representation in any base must be finite.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: Fri, 19 May 2000 10:17:54 +0200
"Douglas A. Gwyn" wrote:
> Mike Mccarty Sr wrote:
> > This is not something which can be said with our current level of
> > knowledge of PI. We can make statements about the first x billion
> > digits, but we cannot (as yet) make statements about PI.
>
> Sure we can; the transcendental real number universally denoted
> by the symbol pi has a great many exact properties that are
> mathematically proven.
But what is desired presently is about randomness and it appears
extremely difficult to obtain theoretical results that are exact and
at the same time useful for the practice, I am afraid.
M. K. Shen
------------------------------
From: "Karim A" <[EMAIL PROTECTED]>
Subject: About AES contest
Date: Fri, 19 May 2000 10:21:45 +0200
Reply-To: "Karim A" <[EMAIL PROTECTED]>
I all,
I've read a lot of paper about AES contest and the 5 famous algorithms.
I wonder myself, which is the best algorithm ?
And which algo will be selected ?
I'd like to have your opinion about it ?
Sure, you've already implemented one of them on your machine, and according
to you, which algo is the best in terms of security, fast encryption, and
easy software and hardware implementations.
Best regards,
Karim
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Matching substrings in a signature
Date: Fri, 19 May 2000 10:32:40 +0200
Anders Thulin wrote:
> Wasn't that one a Bloom filter?
Could you please give a pointer?
M. K. Shen
------------------------------
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: P+1 factorization algorithm
Date: Fri, 19 May 2000 08:19:00 GMT
[EMAIL PROTECTED] wrote:
> Thanks, I'd like to read that, but where can I get hold of a copy? Can
> it be downloaded from anywhere? Or do I have to subscribe to MoC ?
Your local library should be able to help you to get a Xerox copy of it
for a small fee.
If you have any university math department nearby, chances are pretty
good you'll find it in the university library.
The full reference is:
P.L. Montgomery: Speeding up the Pollard and Elliptic Curve Methods of Factorization.
Mathematics of Computation 48 (1987), pp. 243-264
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia Prosoft AB, Hjälmaregatan 3B, 212 19 Malmö, Sweden
------------------------------
From: Sisson <[EMAIL PROTECTED]>
Subject: Cipher Challenge Stage 5
Date: Fri, 19 May 2000 08:39:10 GMT
if anyone wants to have hints on Singh's Cipher Challenge, i've just
updated my website to include Stage5
Its @ http://users.bigpond.net.au/spendabuck/cipher/
>From Spendabuck
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Crypto & UNICODE???
Date: 19 May 2000 09:07:46 GMT
Marcin Jaskolski <[EMAIL PROTECTED]> wrote:
> thanks, now i can understand the question. I'm certainly not a crypto
> expert, but i think breaking the case 2 can be easier. Let's imagine
> we are just guessing the key (ok, not very practical) and ve have a a
> very fast way of computing (decrypting) just the last byte . Then, we
> can say the key is wrong, if we don't get zero as a result.
No. Life's not like that.
The only problem is if you use a 64-bit (or smaller) block cipher in ECB
mode, because the ciphertext space size gets reduced to 2^32 or less,
which is well within the bounds of possibility for codebook recovery.
Use a chaining mode and all should be hunky-dory.
-- [mdw]
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 19 May 2000 09:15:02 +0100
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:8g13t6$chq$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mark Wooding) wrote:
> > Michael Scott <[EMAIL PROTECTED]> wrote:
<SNIP>
> > The Twofish team had a good point when they said that cipher
design
> is a
> > mixture of mathematics and mess. RC6 doesn't have any mess; MARS
is
> > almost all mess -- even the submission document was ugly! The
issue
> of
> > the RSA patent on RC5 applying to MARS is also cause for
concern --
> I've
> > not seen this resolved one way or the other yet.
>
> The RC5 patent covers the strict usage of rotations in a cipher
> designed like RC5 only. Not rotations. Therefore MARS is not a
patent
> issue with RC5.
>
> RC6 is a fairly strong cipher as well, and the fastest in software.
Depends on your platform. It's slow on some current platforms (Sun
UltraSPARC) as well as some future platforms (Intel's IA64).
> It's also the easiest to implement and conceptually the simplest as
> well.
> Those are some good plusses for it too.
And minuses....Lack of key agility, hard to defend against
operational attacks on smartcards, inability to run at all on small
smartcards, security appears to solely rest upon DDRs.
I agree that RC6 is by far the most elegant cipher, but I don't think
this should be a high-priority selection criteria.
> > The other three all have their good points, and I'm not sure I
can
> > really decide between them. My suspicion, cynical as it is, is
that
> > Twofish will win not because of its merits but because it's an
> American
> > design. That would be a shame, because there are good reasons to
> choose
> > Twofish without having to look at designers' nationalities.
>
> I have yet to see nationality as an issue. Plus RC6 is ammerican
as
> well that means only Serpent can win?
Or Rijndael....
> Not likely.
>
> Personally I still feel twofish, rc6, serpent should be part of the
AES
> standard. They are all good ciphers.
And Rijndael isn't? ;)
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
------------------------------
From: "Clive Tooth" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: Fri, 19 May 2000 10:34:04 +0100
Mike Mccarty Sr wrote in message <8g1kd5$7qf$[EMAIL PROTECTED]>...
>In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>)In sci.crypt JCA <[EMAIL PROTECTED]> wrote:
>)
>): If I tell you the decimal in position N in the expansion of Pi
>): you won't be able to tell me anything about the following decimal
>): sequence short of doing the computation yourself.
>)
>)Even if you *don't* tell me N, it's still possible to make positive
>)statements about the sequence. This was discussed on the other thread:
>)according to mathmaticians, PI doesn't behave randomly.
>
>This is not something which can be said with our current level of
>knowledge of PI. We can make statements about the first x billion
>digits, but we cannot (as yet) make statements about PI.
Some things are known about the decimal digits of pi in general. For
example, for no positive integer n are the digits n thru 100*n all equal to
zero.
--
Clive Tooth
http://www.pisquaredoversix.force9.co.uk/
End of document
------------------------------
Date: Fri, 19 May 2000 11:45:33 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Mok-Kong Shen wrote:
> Question: What is the acronym 'JIT'? Just in time? Could you name
> any compiler of that sort for a general purpose programming language?
There are several JIT compilers for Java.
However, JIT has nothing to do with self-modifying code. There is NO
self-modifying code, that technique is absolutely forbidden now !
For modern processors can't handle that well anymore. You would have
to disable the first and second level cache to make that work.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: AES final comment deadline is May 15
Date: 19 May 2000 09:50:26 GMT
In article <[EMAIL PROTECTED]>,
Sam Simpson <[EMAIL PROTECTED]> wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote in message
>news:8g13t6$chq$[EMAIL PROTECTED]...
>> In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (Mark Wooding) wrote:
>> > Michael Scott <[EMAIL PROTECTED]> wrote:
>
><SNIP>
>
>> > The Twofish team had a good point when they said that cipher
>design
>> is a
>> > mixture of mathematics and mess. RC6 doesn't have any mess; MARS
>is
>> > almost all mess -- even the submission document was ugly! The
>issue
>> of
>> > the RSA patent on RC5 applying to MARS is also cause for
>concern --
>> I've
>> > not seen this resolved one way or the other yet.
>>
>> The RC5 patent covers the strict usage of rotations in a cipher
>> designed like RC5 only. Not rotations. Therefore MARS is not a
>patent
>> issue with RC5.
>>
>> RC6 is a fairly strong cipher as well, and the fastest in software.
>
>Depends on your platform. It's slow on some current platforms (Sun
>UltraSPARC) as well as some future platforms (Intel's IA64).
You ought to read the comments that Robshaw, Rivest, and Yin mailed
into NIST. RC6 does pretty well on the IA64 if you take advantage
of simultaneous encryption of multiple blocks. I imagine the same
is true for the UltraSPARC. Comparing speed of algorithms based
on single block encryption can often be misleading!
>
>> It's also the easiest to implement and conceptually the simplest as
>> well.
>> Those are some good plusses for it too.
>
>And minuses....Lack of key agility, hard to defend against
>operational attacks on smartcards, inability to run at all on small
I think all the AES candidates have difficulty defending against
power analysis!
>smartcards, security appears to solely rest upon DDRs.
RC6 can run on smart cards having as little as 128 bytes of RAM.
Keating showed this at the 2nd AES conference. Certainly it doesn't
perform great on such smart cards, but for many applications it is
good enough.
Scott
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
