Cryptography-Digest Digest #362, Volume #13 Mon, 18 Dec 00 21:13:01 EST
Contents:
Re: Why primes? (Bob Silverman)
Re: Q: Result of an old thread? (Mok-Kong Shen)
Re: Q: Result of an old thread? (Mok-Kong Shen)
Re: Result of an old thread? (Mok-Kong Shen)
AES (Rijndael) DLL ("Brian Gladman")
Re: Why primes? (John Savard)
Re: Unguessable sequence of unique integers? (AllanW)
Re: Q: Result of an old thread? (Simon Best)
Bayesian Attack ("John Feth")
RE: Q: Result of an old thread? ("Manuel Pancorbo")
Re: Q: Result of an old thread? (Simon Best)
Re: Visual Basic Source Code (AllanW)
Re: Use of multiplexing (Simon Best)
Python, math curriculum, RSA, Miller-Rabin... (Kirby Urner)
Re: Bayesian Attack (John Savard)
----------------------------------------------------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Why primes?
Date: Mon, 18 Dec 2000 21:15:59 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> [The irritating little gnome is
> back with new silly questions. :)]
>
> I've understood it that in public/private
> key ciphering one uses quite big prime numbers.
>
> Well, why use primes? Why can't any two quite
> big numbers (QBN [tm]) be used?
In a nutshell. The integers modulo a prime form a cyclic group;
all elements except 0 have an inverse.
This is not true modulo a composite.
May I suggest reading a basic primer on the subject?
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Mon, 18 Dec 2000 22:45:57 +0100
Simon Best wrote:
>
> Mok-Kong Shen wrote:
> >
> >
> > The message is in a singular matrix S (e.g. one with a zero
> > column).
>
> Such as:
>
> S0,0 S0,1 S0,2 0
> S1,0 S1,1 S1,2 0
> S2,0 S2,1 S2,2 0
> S3,0 S3,1 S3,2 0
>
> ?
>
> > Alice chooses an arbitrary non-singluar matrix A and sends AS to Bob.
>
> So, AS also has four columns, and has only 0s in the right most
> column...
>
> > Bob chooses an arbitrary non-singular matrix B and sends ASB to Alice.
>
> ASB? Is that matrix multiplication the right way round? The column of
> 0s in AS will just eliminate the corresponding row of B. It'll just be
> like matrix multiplication with two, smaller, nonsingular matrices.
> Just take out the 0s columns in AS, remove the corresponding rows of B,
> and you can then find the inverse for the reduced AS easily. That gives
> you a reduced B, but this reduced B doesn't miss anything from the
> original B that's used in ASB or SB.
>
> > Alice multiplies it with A^(-1) and sends SB to Bob, who can multiply it with
> > B^(-1) to obtain S.
>
> And, having something that does the same job as B, I can also extract S
> from SB?
>
[snip]
> I badly need to revise matrix stuff!
Try a small example, say 2*2, and see whether what you said
actually works. It would be very fine, if it indeed worked.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Result of an old thread?
Date: Mon, 18 Dec 2000 22:45:44 +0100
Walter Hofmann wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> >If I understand you claim, your procedure is applicable to
> >any singlular matrix, isn't it?
>
> How could this ever work? The algorithms I gave obviously works only in
> the situation of the proposed cipher.
>
> > In that case one would
> >be able to 'define' an inverse of any singular matrix,
> >namely via the (supposedly unique) limit obtained from
> >your procedure. Do you want to claim that?
>
> No, there is no connection with the algorithm I gave.
>
> You can, however, do something similar to what you proposed:
>
> Let A be a (singular) matrix over a algebraically closed field. Lets
> assume that the algebraic multiplicites of A equal the geometric
> multiplicites of A.
>
> Let A = T^-1 . D . T with a diagonal matrix D and an invertible matrix T.
> Let l_1, . . . , l_n be the elements on the diagonal of D.
> Define m_i = 1/l_i where l_i!=0 and m_i = 0 otherwise.
> Let D' be a diagonal matrix with the m_i on the diagonal.
> Define A' = T^-1 . D' . T
>
> Then A' behaves like a multiplicatice inverse of A (as far as possible).
> I.e.
> (*) A' has the same kernel as A, and for all vectors v which are
> not in the kernel of A the relation v=A'.A.v=A.A'.v holds.
>
> A' is uniquely determined by A and (*) (this is obvious).
Let me quote a previous follow-up of yours to be sure that
I understand you:
So you can change the coefficiants of AS by a sufficiently
small epsilon>0 to get an invertible matrix, then you can
calculate (AS')^-1. Go on to calculate B'=(AS')^-1.ASB
then S(epsilon)=SB.B'^-1. In the limit epsilon->0 the
matrix S(epsilon) will converge to S as all operations
involved are continuous.
You defined B'=(AS')^-1.ASB. But ASB is singular, so B'
can't be inverted. Or do you want to apply the epsilon to
ASB also?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Result of an old thread?
Date: Mon, 18 Dec 2000 22:45:53 +0100
Jakob Jonsson wrote:
>
> The scheme is insecure because there is only one solution S:
>
> Put
>
> X = AS,
> Y = SB,
> Z = ASB.
>
> To determine S, find any nonsingular W such that
>
> X*W = Z (i.e., ASW = ASB).
>
> [This is an equation system with n^2 equations and n^2 variables (all
> elements in W), but the equations are dependent since X is singular, so we
> will have many solutions.]
Sorry for my ignorance. How do you 'algorithmically'
determine a nonsinglular W? (Or do you have to depend on
your luck?) Since X is singular, the Gaussian elimination
process operating on X will get stuck before reaching the
last row, if I don't err.
M. K. Shen
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: AES (Rijndael) DLL
Date: Mon, 18 Dec 2000 21:59:03 -0000
For those who wish to play with AES (Rijndael) from Visual Basic, I have now
updated my code at:
http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
to produce a DLL version at:
http://fp.gladman.plus.com/cryptography_technology/rijndael/aes_dll.dll
The code has also been updated and will now compile in either C or C++ and
as a normal linked object file or as a DLL. The testing code will test
either the static or the DLL version.
I don't use Visual Basic so I have no idea what will need to be done to
interface to this DLL from VB - the interface in C is contained in aes.h.
If anyone does get a VB interface to this DLL working perhaps they could let
me have a copy so I can offer it to others.
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Why primes?
Date: Mon, 18 Dec 2000 22:45:51 GMT
On Mon, 18 Dec 2000 13:54:31 +0100, Jorgen Hedlund
<[EMAIL PROTECTED]> wrote, in part:
>Well, why use primes? Why can't any two quite
>big numbers (QBN [tm]) be used?
The two exponents, e and d, are related for a modulus M that equals
the product of two prime numbers, p and q, by a formula involving
(p-1)(q-1).
But if M was itself a prime number, (M-1) would be used in that same
formula.
So the formula is affected by the specific details of how M is
factored.
If M is the product of p, q, r, s, and t, then the number going into
the formula is (p-1)(q-1)(r-1)(s-1)(t-1).
So you have to know how M is built up _from prime numbers_ to have
both the private key e and the public key d.
Now, if M is the product of two large prime numbers, p and q, it is
hard for someone just knowing M to find p and q.
But if M is the product of two big numbers made up of many small
factors, it would be easy to find all those small factors through
trial division, and therefore obtain the information to obtain e from
d.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Mon, 18 Dec 2000 23:11:41 GMT
moc.qit@nahoj wrote:
> I am looking for an algorithm for a generator of a sequence
> of unique and unguessable 32-bit integers.
> The number of integers created by the sequence must be
> very large, i.e. in the 32-bit range and no two values
> in the sequence must overlap until a fairly large number
> (a minimum of 2^24 or so) of values have been found.
2^24 is only 16Meg. On a machine with virtual memory (or any machine
with well over 2MB of RAM) you can do this with a 2MB bit-array.
You'll also need a 32-bit Pseudo-Random Number Generator, and also
a (custom) function that converts 32-bit integers into 24-bit
integers by selecting the same bits every time. (Important:
any given 32-bit integer fed into this algorithm must always
generate the same 24-bit integer. Obviously it's okay if two
different 32-bit integers return the same 24-bit integer, but this
should be as rare as possible.) One way to do this is:
CONVERT(X) = (X AND 0xFFFFFF)
You'll also need:
a counter C, to count the number of bits set in B
an item-number I
an index X
These are unsigned integers at least 24 bits, or else signed
integers at least 25 bits.
Here's my idea in pseudo-code
First, initialize the bit array to all FALSE
FOR C = 0 to (2^24-1) inclusive
I = PRNG(0 to 2^24-1-C inclusive)
FOR X = 0 TO (2^24-1) inclusive
IF B(X) IS FALSE THEN
IF I = 0 THEN
EXIT THE "FOR X" LOOP
ELSE
I = I-1
END IF
END IF
NEXT X
B(X) = TRUE
The next number in the sequence is X
IF you don't want any more numbers THEN
EXIT WHILE
END IF
NEXT C
This logic is NOT tested, but it's worth every penny you paid for it.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Q: Result of an old thread?
Date: Mon, 18 Dec 2000 23:52:02 +0000
Mok-Kong Shen wrote:
>
> Bryan Olson wrote:
[...]
> > Your "just knowing..." quote seems to be in _favor_ of long
> > searches. Did you mean it would _not_ solve the problem? Why
> > would you think the searches are long? All you need are
> > linearly independent vectors. And this is just for an answer
> > that we can plug into Simon Best's solution which requires an
> > invertible B'.
> >
> > If AS is n by n with rank m < n, then you can express AS as
> > an n by m times an m by n. Call then C and D respectively.
> > There exists some S' such that S = S'*D. After the second
> > pass solve for D*B instead of B. In the third pass we get
> > S'*D*B with D and D*B known and S = S'*D.
>
> I don't think that the above constitute a proof of either
> a one-shot getting of S or with only very few trials. We
> need a clear proof, don't we?
I disagree. A clear proof of insecurity in the suggested system isn't
necessary. What is necessary is either a proof that the suggested
security system in secure (like with the one-time pad), or an exposition
of what the security is founded upon (like how RSA is based on the
factoring problem).
At the moment, it seems that the security is supposed to rely on
difficulties with effectively 'dividing' matrices when one or more is
singular. (Okay, I know, there's no such thing as matrix division, but
I'm sure you all know what I mean in this context.)
> (Same as we need a proof of the amount of work to crack a cipher or
> termination/non-termination of some process.)
I don't think I've seen any proof at all of the amount of work to break
the suggested cipher. How much work is it supposed to take? Is it
supposed to be brute force? Brute forcing what? Brute forcing A? B?
AS?
> In particular I don't yet understand
> your first sentence. Could you illustrate with a tiny
> example? (Note that we known only the product AS.) Thanks.
>
> M. K. Shen
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: "John Feth" <[EMAIL PROTECTED]>
Subject: Bayesian Attack
Date: 18 Dec 2000 23:56:45 GMT
How is a Bayesian Attack run on the output of a putative Random Number
Generator?
Thanks,
John Feth
------------------------------
From: "Manuel Pancorbo" <[EMAIL PROTECTED]>
Subject: RE: Q: Result of an old thread?
Date: Tue, 19 Dec 2000 01:31:16 +0100
"Walter Hofmann"
> On Mon, 18 Dec 2000 18:55:43 +0100, Manuel Pancorbo <[EMAIL PROTECTED]>
wrote:
> >
> >Well, I propose a slightly different scheme.
> >
[snip]
> >
> >If you don't know {p,q} you can't perform the attack you described.
>
>
> You don't need p,q to do any of the computations above.
>
Alice needs p,q to compute A^-1, because (det A)^-1 mod N is needed.
If you are talking about your epsilon-attack, you will need p,q in order to
obtain (AS')^-1. Also because you will need (det AS')^-1 mod N, and, without
p,q, this is quite difficult.
> It still isn't secure: By comaring the (1-dimensional) image of SB
> (=image of S) and ASB you can find out how A operates on the image of
> S. This is enough to calculate S from AS.
Uhmm, this is worthy to think about.
--
____________________________________________________________________
Manuel Pancorbo
[EMAIL PROTECTED] (Apply ROT13)
____________________________________________________________________
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Q: Result of an old thread?
Date: Tue, 19 Dec 2000 00:45:35 +0000
Mok-Kong Shen wrote:
>
> Simon Best wrote:
[...]
> Try a small example, say 2*2, and see whether what you said
> actually works. It would be very fine, if it indeed worked.
>
> M. K. Shen
Okay...
(I'll mention here that I'll use multiplications to get relevant
results, rather than inversions with multiplications, as the
multiplications are enough to show it, and I'm too rusty on inversions!)
S = A = B=
[ S0,0 0 ] [ A0,0 A0,1 ] [ B0,0 B0,1 ]
[ S1,0 0 ] [ A1,0 A1,1 ] [ B1,0 B1,1 ]
So...
AS =
[ A0,0 A0,1 ][ S0,0 0 ]
[ A1,0 A1,1 ][ S1,0 0 ]
=
[ (A0,0)(S0,0)+(A0,1)(S1,0) 0 ]
[ (A1,0)(S0,0)+(A1,1)(S1,0) 0 ]
which I'll type as:
AS =
[ AS0,0 0 ]
[ AS1,0 0 ]
for the time being.
Then...
ASB =
[ AS0,0 0 ][ B0,0 B0,1 ]
[ AS1,0 0 ][ B1,0 B1,1 ]
=
[ (AS0,0)(B0,0) (AS0,0)(B0,1) ]
[ (AS1,0)(B0,0) (AS1,0)(B0,1) ]
Notice that ASB is independent of B1,0 and B1,1! The second row of B
plays no part in producing ASB. This is very important, as this is the
only opportunity B gets to add its elements to the encryption, but its
bottom row plays no part. What's more, if we define:
AS' = B' =
[ AS0,0 ] [ B0,0 B0,1 ]
[ AS1,0 ]
by chopping out the empty column of AS and the corresponding row of B,
then we can do:
ASB' =
[ AS0,0 ][ B0,0 B0,1 ]
[ AS1,0 ]
=
[ (AS0,0)(B0,0) (AS0,0)(B0,1) ]
[ (AS1,0)(B0,0) (AS1,0)(B0,1) ]
= ASB
Let's now consider some matrix S', which is identical to S except that
it's got the empty columns left out:
S' = A =
[ S0,0 ] [ A0,0 A0,1 ]
[ S1,0 ] [ A1,0 A1,1 ]
A(S') =
[ (A0,0)(S0,0)+(A0,1)(S1,0) ]
[ (A1,0)(S0,0)+(A1,1)(S1,0) ]
=
[ AS0,0 ]
[ AS1,0 ]
= AS'
So, the AS' that I've trivially obtained from AS is what AS would have
been if S had not had those empty columns in in the first place.
Furthermore, my ASB' is what ASB would have been if B had not included
the rows discarded by the empty columns in AS.
The important thing here is that AS' is invertible, and can trivially be
used to derive a matrix B'. B' will just be B without the discarded
rows. Is that enough to get S from SB? Looking at SB in terms of S and
B:
S = B =
[ S0,0 0 ] [ B0,0 B0,1 ]
[ S1,0 0 ] [ B1,0 B1,1 ]
SB =
[ (S0,0)(B0,0) (S0,0)(B0,1) ]
[ (S1,0)(B0,0) (S1,0)(B0,1) ]
Again, the bottom row of B is discarded. Comparing with using B':
S' = B' =
[ S0,0 ] [ B0,0 B0,1 ]
[ S1,0 ]
S'B' =
[ (S0,0)(B0,0) (S0,0)(B0,1) ]
[ (S1,0)(B0,0) (S1,0)(B0,1) ]
= SB
Now, is B' invertible? It certainly looks like it! Can the inverse of
B' be used with SB to get S? It's certainly looking that way! After
all, SB is both the product of S with B and S' with B', and S' contains
the whole message!
This method can be applied to larger matrices. The important thing is
that the empty columns of S just end up effectively discarding rows of B
and other matrices, such that the whole thing's equivalent to not
bothering with empty columns in S in the first place. Those empty
columns don't add any security after all, and the system is trivially
defeated.
So, is there any reason why this method would not work?
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Visual Basic Source Code
Date: Tue, 19 Dec 2000 00:44:14 GMT
> [EMAIL PROTECTED] wrote:
> > Does anyone know where i can get GOOD source code for MD4,
> > MD5, SHA1, DES, IDEA, and CAST in VB??
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Why is everyone interested in VB? Arrg!
Because well-written VB code can be understood by any computer
programmer, no matter which computer language they normally use.
COBOL also has this property. I don't claim that you can't write
VB crap or COBOL crap, of course -- just that well-written code
is easy to understand, because keywords like IF, THEN, ELSE,
END IF, FOR, NEXT, and so on can easily be translated to similar
concepts in other languages.
By contrast, if you were to write it in good FORTRAN or good
APL, there would be many programmers that couldn't follow the
code and would have to give up.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Simon Best <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Use of multiplexing
Date: Tue, 19 Dec 2000 01:12:25 +0000
Mok-Kong Shen wrote:
>
> Simon Best schrieb:
[...]
> > Is this a user level thing, then?
[...]
> > So it's not at the user level, but at a network level.
[...]
> You central question was whether my suggestion is at
> the user level. The answer is, as stated in the post,
> yes. The user (or the message centre of a firm) collects
> a number of messages and can e.g. mix them, say in bytes,
> then encrypt the whole and send that. The receiver
> decrypts and de-mixes.
>
> M. K. Shen
Um, do you mean 'user level' in the Unix sense of servers running as
user level processes?
Simon
--
_______________________________________________________________________________
Personal: [EMAIL PROTECTED]
Yellow Skies: [EMAIL PROTECTED] http://www.yellowskies.com
Everyone does their own signature to be different. How does that work?
------------------------------
From: Kirby Urner <[EMAIL PROTECTED]>
Subject: Python, math curriculum, RSA, Miller-Rabin...
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Dec 2000 17:22:35 -0800
Repost from [EMAIL PROTECTED] elist -- one typo/URL fixed.
=============================
List-Archive: <http://www.python.org/pipermail/edu-sig/>
Date: Mon, 18 Dec 2000 01:08:01 -0800
I've upgraded http://www.inetarena.com/~pdx4d/ocn/clubhouse.html
to include some RSA stuff. I think that page is finally
close to done and I plan to give it a rest.[1]
In exploring the web for relevant input, it became clear
to me that I'm venturing in territory typically covered
in college computer science courses.
That doesn't need to change, but I remain persuaded that
by adopting a "computer at your elbow" approach to math
teaching, we could have a lot more segues between K-12
and what's now considered college-level material.
Awhile back, Tim Peters recommended 'Concrete Mathematics'
(Knuth a co-author) as a good example of a "math through
programming" text book. I subsequently bought it, and
had to agree. So how do we "lower a ladder" to middle
and high schoolers starting from there? I think Python
is part of the answer.
In sum, none of the content I'm covering in my curriculum
writing is really new. All that I'm doing is wiring up
the topics in a somewhat different way, changing the mix,
reorganizing the hyperlinks. This is a fairly conservative
approach, in other words.[2]
However, I think the result could be a much higher level
of math appreciation for younger students (or for adults
returning for more), plus better segues into computer
science, for those wishing to go that route.
>"We have to reinvent the wheel every once in a while,
>not because we need a lot of wheels; but because
>we need a lot of inventors." - Bruce Joyce
>
>I've always loved that quote (and the book in which I found it,
>for that matter ;-) so I greatly appreciated these comments
>by Kirby.
>
>jeff
That's a great quote jeff, hadn't seen it before. Thanks
for posting it.
Kirby
Notes:
[1]
The Miller-Rabin stuff was confusing because I think some
web authors don't communicate it properly. Fortunately,
Knuth includes it in 'The Art of Programming' vol 2 (took
me awhile to realize that) and his Algorithm P on pg. 395
seems pretty clear -- helped me streamline the gist of the
test:
Given candidate prime n, random base b < n, and m,s such
that m*(2**s) = n-1:
def algP(m,s,b,n):
"""
based on Algorithm P in Donald Knuth's 'Art of
Computer Programming' v.2 pg. 395
"""
result = 0
y = pow(b,m,n)
for j in range(s):
if (y==1 and j==0) or (y==n-1):
result = 1
break
y = pow(y,2,n)
return result
If this spits back a 1, your candidate n passes the test
for base b. The idea is to test a number of random bases
(except I go with low primes in sequence, as per Paul
Emerson's thesis, an OK alternative, yes?) -- the more
bases you test, the higher chance a number still passing
is prime; with the chance of being wrong equal to
(1./4)**(number of tests) -- gets small quickly.
Anyway, the above source is quite a bit more succinct
than before.
[2]
Probably the one thing I include that's controversial is
mention of Bucky Fuller's concentric hierarchy of polyhedra
-- a way of scaling/organizing common polys which brings
out some whole-number relationships and morph-relationships
which geometers haven't traditionally focussed on (even
though they've always been there). I think Fuller's
approach is a pedagogic advance and makes polys more
friendly to younger people (a thesis I've empirically
tested in the field, with good results). Plus it phases
in sphere packing in tandem with the polys, and that's
highly useful as well. (Note: Alexander Graham Bell was
also obsessed with the tetrahedron, not just Bucky).
With more polyhedra earlier in the curriculum, we have
more opportunities to use them later (say in high school)
as objects subjected to transformations (scaling, translation,
rotation), using object-oriented programming techniques.
Lots of intro-to-OOP books use polygons as example objects,
(e.g. triangle as a subclass of polygon), but I'd go with
full-fledged polyhedra instead (e.g. tetrahedron as a
subclass of polyhedron). With polyhedra, your Python can
be about manipulating 3-tuple vectors (x,y,z), not just
planar (x,y) vectors, and the graphics/animations will
be far more interesting. Plus you might want to explore
with quadrays -- another wrinkle/feature in my curriculum
writing: see http://www.teleport.com/~pdx4d/quadrays.html
for more info.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Bayesian Attack
Date: Tue, 19 Dec 2000 01:42:53 GMT
On 18 Dec 2000 23:56:45 GMT, "John Feth" <[EMAIL PROTECTED]>
wrote, in part:
>How is a Bayesian Attack run on the output of a putative Random Number
>Generator?
It isn't really a kind of attack.
The "Bayesian opponent" is a cryptanalyst who does not have any part
of the key, or any known plaintext, but who does know the encryption
system used, according to "Cryptography: A Primer" by Konheim.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
