Cryptography-Digest Digest #533, Volume #13 Tue, 23 Jan 01 18:13:00 EST
Contents:
Re: Some Enigma Questions ("Douglas A. Gwyn")
Re: cryptographic tourism in Russia (Jim)
Re: Some Enigma Questions (Jim)
Re: Some Enigma Questions ("Robert Reynard")
Re: Dynamic Transposition Revisited (long) (John Savard)
Re: Some Enigma Questions ("Douglas A. Gwyn")
Re:O.T. Corpspeak was (Why Microsoft's Product...) ("Paul Pires")
Re: Why Microsoft's Product Activation Stinks (phil hunt)
Creating a self extracting encrypted exe? ("Ernst")
Re: Dynamic Transposition Revisited (long) (Terry Ritter)
Re: Some Enigma Questions ("Douglas A. Gwyn")
Re: Creating a self extracting encrypted exe? ("Paul Pires")
Re: JPEG infidelity for crypto (wtshaw)
KASUMI Analysis? (Was: Re: 3G crypto algorithms) (Kenneth Almquist)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Some Enigma Questions
Date: Tue, 23 Jan 2001 20:02:32 GMT
"David C. Barber" wrote:
> ... why doesn't the plug board remove, or at least greatly
> reduce this vulnerability e.g. A->R->plug board->A?
Because the plugboard accomplishes just a relabeling of the keys.
> Q2: How did the plug board disconnect the previous straight through
> mapping? Did the process of inserting the plug disconnect the previous
> wiring in the same manner that inserting headphone plugs in some stereo
> systems automatically disconnects the main speakers?
Yes; the jacks are "normally closed" and were quite common in
telephone switchboards.
> Q3: The plugs interchanged pairs of characters, hence there were two plugs
> at each end. Were these plugs keyed to prevent improper insertation?
No need to; they're symmetrical.
> Q4: Is there still a commercial version of the Enigma for sale that is
> essentially the WW II machine?
Not unless somebody is manufacturing them specially for collectors.
> Q5: If properly used (e.g. few messages, good mixing of rotor settings, no
> obvious rotor settings (e.g. QWE), varying messages to avoid obvious cribs,
> having all rotor increment the next rotor at the same position, not sending
> the same message in more than one cipher system, changing of rotors more
> often than once a war, etc), say along the lines of the German Navy, would
> an Enigma today be reasonably secure? Put another way, would it be easily
> crackable today by a single person with some cracking tools and a computer,
> or would it require a high level team like that assembled during the war?
It depends on who is doing the work. A *lot* more is now known
about cryptanalysis of rotor systems in the classified crypto
community than was known when Bletchley Park was operating.
> Q6: How critical is the rotor wiring? While there are some obvious weak
> rotors (e.g. a straight through design, a Caesar cipher rotor, or
> duplicating the same wiring on the second 13 positions of the rotor), is it
> easy or hard to create weak rotors?
This requires a long discussion of cycles, Good diagrams, etc.
which I am not in a position to explain.
> Q7: Did the German Navy's creation of a 4th rotor position that included a
> rotor that in one position made the machine act like 3 rotor machine result
> in a weakened 4th rotor -- even if it hadn't already been compromised
> otherwise? Seems to me what the 4th rotor did was simply create a 3 rotor
> machine with 26 possible reflecting rotors, instead of the previous 1 fixed
> rotor. Right or wrong?
I was under the impression that the additional rotor was a true rotor.
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: cryptographic tourism in Russia
Reply-To: Jim
Date: Tue, 23 Jan 2001 21:02:25 GMT
On Tue, 23 Jan 2001 10:54:23 +0300, "Vladimir Katalov" <[EMAIL PROTECTED]>
wrote:
>
>Eric Lee Green wrote in message ...
>>Hmm... a point there, given that the government there is now run by a
>>former intelligence officer and that they've a nasty habit of
>>imprisoning Americans that they think are nosing around in the wrong
>>place...
>>
>>A friend of a friend spends time in Russia from time to time (he
>>supposedly is a school teacher, but has this strange habit of turning
>>up wherever things are heating up... e.g. Columbia during the worst of
>>the drug wars, Poland when Solidarity kicked out the Communist
>>government, Russia during the failed coup, ...). The stories I hear
>>are pretty bad -- things apparently got pretty lawless for a while,
>>the old government had virtually collapsed into meaninglessness, and
>>the new government apparently is overreacting by attempting to clamp
>>down harshly on all the lawlessness. I'm not sure I'd be adventurous
>>enough to plan a trip to Russia right now.
>
>Exactly. A trip to Russia might be really dangerous nowadays... I don't
>want to scare you, but the situation here looks very similar to Chicago
>in 30's.
No more dangerous than going to America now that the arsehole
Bush has been 'elected'!
--
___________________________________________
Posted by Jim Dunnett
dynastic at cwcom.net
nordland at lineone.net
George W. Bush-isms No 3:
' Is or children learning? '
___________________________________________
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Some Enigma Questions
Reply-To: Jim
Date: Tue, 23 Jan 2001 21:02:27 GMT
On Tue, 23 Jan 2001 11:11:55 -0700, "David C. Barber" <[EMAIL PROTECTED]>
wrote:
>Q5: If properly used (e.g. few messages, good mixing of rotor settings, no
>obvious rotor settings (e.g. QWE), varying messages to avoid obvious cribs,
>having all rotor increment the next rotor at the same position, not sending
>the same message in more than one cipher system, changing of rotors more
>often than once a war, etc), say along the lines of the German Navy, would
>an Enigma today be reasonably secure? Put another way, would it be easily
>crackable today by a single person with some cracking tools and a computer,
>or would it require a high level team like that assembled during the war?
Use a four-rotor machine. Change the rotor wirings, say, weekly. Change
everything else with every message, section your messages and you have
a secure system. (Easily done with a computer).
But secure against whom? Your sister or business rival? Yes. The NSA? maybe,
for a time, maybe forever if you don't give them too much material to
work with.
--
___________________________________________
Posted by Jim Dunnett
dynastic at cwcom.net
nordland at lineone.net
George W. Bush-isms No 3:
' Is or children learning? '
___________________________________________
------------------------------
From: "Robert Reynard" <[EMAIL PROTECTED]>
Subject: Re: Some Enigma Questions
Date: Tue, 23 Jan 2001 16:07:29 -0500
"David C. Barber" <[EMAIL PROTECTED]> wrote in message
news:94khfd$222v$[EMAIL PROTECTED]...
> Hi.
>
> Just finished Kahn's "Seizing the Enigma". Have also read "Codebreakers"
in
> the past and "Applied Cryptography" as well as seen the Nova presentation
on
> PBS.
>
The Free Press published Stephan Budiansky's "Battle of Wits" last year. It
is 'The Complete Story of Codebreaking in World War II' with an emphasis on
complete.
I recommend it as the very best book on the subject. With the detail
provided in the Appendices by Budiansky (who is a mathematician in addition
to being an excellent writer), an amateur cryptanalyst should be able to
learn how to 'break' an Enigma message in the same manner as they did at BP
during the war.
Robert Reynard
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dynamic Transposition Revisited (long)
Date: Tue, 23 Jan 2001 20:52:52 GMT
On Tue, 23 Jan 2001 20:19:18 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
in part:
>I think you should first plainly describe what you see as the
>weakness, before rushing on to try to fix it.
I will do so. In fact, however, I already did so, I thought, in
another post to which you have just replied, but it looks as though my
point didn't get across.
The "weakness" is:
The set of permutations of n bits
considered as a subset of the set of one-to-one and onto mappings from
the set of bit-balanced blocks of n bits to itself
is a subgroup of those mappings, and therefore is not a generator of
the entire set of mappings.
My "fix", therefore, is to propose another operation that can be
applied to a bit-balanced block to yield a bit-balanced block, so as
to allow a cipher acting on these blocks to produce a wider assortment
of mappings.
Essentially, I quite agree that transposition as applied to
bit-balanced blocks is *better* than XOR. But since there already are
substitutions that are considerably better than XOR, the fact that DT
is a fixed amount better than XOR is not terribly attractive,
considering that substitutions can be made as complex as desired.
Essentially, therefore, I see DT as similar to, say, DES with subkeys
that are generated by a stream cipher. Yes, DES, even with arbitrary
subkeys, can't produce all (2^64)! mappings of blocks to blocks; but
transposing bits can't produce all mappings of the entire set of
bit-balanced blocks to itself _either_.
So my point is: DT is not as bad as XOR, but it is not as good as what
people can, and do, do with substitution. Although perhaps saying they
really do make such use of substitution is perhaps an exaggeration;
except for some of your advanced designs, there isn't that much out
there which approaches my "large-key brainstorm" - which, I think, in
the substitution world, strongly resembles what Dynamic Transposition
achieves.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Some Enigma Questions
Date: Tue, 23 Jan 2001 21:04:14 GMT
John Savard wrote:
> <[EMAIL PROTECTED]> wrote, in part:
> >Seems to me what the 4th rotor did was simply create a 3 rotor
> >machine with 26 possible reflecting rotors, instead of the previous 1 fixed
> >rotor. Right or wrong?
> Yes, since that rotor was only moved by hand.
But Enigma used an odometer-like arrangement, so this was
no different from using the additional rotor in the "slow"
position; it would be most unlikely to need to "step" in
the course of a message.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re:O.T. Corpspeak was (Why Microsoft's Product...)
Date: Tue, 23 Jan 2001 13:57:48 -0800
> Can anyone tell me if I have a case with MS? Has MS attempted to
> patent their anti-piracy feature they hope the industry will adopt?
> I will have to check to see if I even applied for a patent on this.
> I may have but I can tell you that if I did that the provisional
> patent has certainly expired. What about a trade secret case?
>
> Did I blow it or what? MAYBE BIG TIME???!!!
Maybe. Maybe you are being paranoid and this was an independent
developement. The LEAST likely way to get a big company to
evaluate a concept is to submit it to their Outside Concepts Evaluation
Department. This is less likely to work than triple encrypting it with
128 bit keys, loosing the keys and not mailing them the ciphertext.
You have to talk corpspeak. Do you think "Accounts Payable" is there
to make sure every account gets paid on time? More like "Accounts
Avoidable".
Trade Secret is a contract not a grant. Read your contract and see if
A, they violated it.
B, you can prove it.
C, it is damaging.
You do have a contract, don't you?
Just because they were in possesion of Your stuff, doesn't make it
"Prior Art" and a bar to thier filing. The requirement is for it to
be "Publically Known" in the legal sense, not a Biblical sense.
Go ahead if you have the free time. File suit. Maybe they will
offer a small settlement just to avoid the cost of plane tickets for their
legal staff (Got to be a large figure). If it nets you anything over
expenses, TAKE IT.
By The way, I read your response to Richard Heathfield.
If this is the basis for your Ire, well, you play a mean air guitar
too. If it starts to run low, just plug it into your head.
Paul
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Tue, 23 Jan 2001 21:33:40 +0000
On Mon, 22 Jan 2001 23:30:18 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>Here is a guy who spits on the souls of anyone for no damned reason.
>
>I told you that I am the inventor that will save people tens or
>hundreds of billions of dollars in lost revenue and you verbally
>shit on me with your sarcasm.
Just ignore him, some people are like that on Usenet.
>Did you develope an anti-piracy computer software module that will
>prevent perhaps half at a minimum of the illegal copying of
>computer software in the world? Do you know how important a
>contribution this is?
To be honest, I consider it unimportant, in the sense that it
doesn't significantly help society. I prefet to use open source
software, where there are no arbitrary restrictions, dongles, or
(in your case) using the Internet as a dongle.
But maybe I'm biased by the objectionable way that some closed
source software companies, like Microsoft, behave.
>I can prove that I did this.
Certainly MS make a habit of ripping off companies that
collaborate with them. I know I would be *very* wary of doing
business with MS.
--
*****[ Phil Hunt ***** [EMAIL PROTECTED] ]*****
"An unforseen issue has arisen with your computer. Don't worry your
silly little head about what has gone wrong; here's a pretty animation
of a paperclip to look at instead." -- Windows2007 error message
------------------------------
From: "Ernst" <[EMAIL PROTECTED]>
Subject: Creating a self extracting encrypted exe?
Date: Tue, 23 Jan 2001 23:05:01 +0100
I'd like to automatically send encrypted self extractinc exe files via
email. Does anyone know a tool which can automatically (batch) create self
extracting exe files (secure protection). The (printed) public key or
password could be sent via registered mail to customers.
Does anyone know a maufacturer of such a software?
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Dynamic Transposition Revisited (long)
Date: Tue, 23 Jan 2001 22:12:41 GMT
On Tue, 23 Jan 2001 20:52:52 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (John Savard) wrote:
>On Tue, 23 Jan 2001 20:19:18 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
>in part:
>
>>I think you should first plainly describe what you see as the
>>weakness, before rushing on to try to fix it.
>
>I will do so. In fact, however, I already did so, I thought, in
>another post to which you have just replied, but it looks as though my
>point didn't get across.
>
>The "weakness" is:
>
>The set of permutations of n bits
>
>considered as a subset of the set of one-to-one and onto mappings from
>the set of bit-balanced blocks of n bits to itself
>
>is a subgroup of those mappings, and therefore is not a generator of
>the entire set of mappings.
All of which is not a problem, because the actual permutation which
encrypted the data is hidden in that clump. There is no information
to distinguish the correct one.
You might as well say there is a problem because one could read the
RNG state and thus know the keying of the cipher. We assume that
state is kept secure.
There is no way to distinguish the correct permutation from the huge
group which can generate the same transformation. And it is only the
correct permutation which leads back (eventually) to the shuffling
sequence.
A weakness which cannot be exploited is no weakness at all.
>My "fix", therefore, is to propose another operation that can be
>applied to a bit-balanced block to yield a bit-balanced block, so as
>to allow a cipher acting on these blocks to produce a wider assortment
>of mappings.
>
>Essentially, I quite agree that transposition as applied to
>bit-balanced blocks is *better* than XOR. But since there already are
>substitutions that are considerably better than XOR, the fact that DT
>is a fixed amount better than XOR is not terribly attractive,
>considering that substitutions can be made as complex as desired.
Substitution complexity is limited by the size of the substitution,
and the size of the substitution is limited to the size of the table
one wants to use. That is why conventional block ciphers can only
*emulate* a huge substitution.
>Essentially, therefore, I see DT as similar to, say, DES with subkeys
>that are generated by a stream cipher. Yes, DES, even with arbitrary
>subkeys, can't produce all (2^64)! mappings of blocks to blocks; but
>transposing bits can't produce all mappings of the entire set of
>bit-balanced blocks to itself _either_.
All of which is of no significance whatsoever.
>So my point is: DT is not as bad as XOR, but it is not as good as what
>people can, and do, do with substitution.
Well, that would seem to be hard to dispute, since I know no limit to
what "can be done."
However, there is ample reason to believe that the Dynamic
Transposition cipher, as described, is substantially stronger than any
conventional block cipher, for example.
Moreover, this strength is not dependent upon some complex internal
structure of small substitutions which essentially has no basis in
arguable strength.
>Although perhaps saying they
>really do make such use of substitution is perhaps an exaggeration;
>except for some of your advanced designs, there isn't that much out
>there which approaches my "large-key brainstorm" - which, I think, in
>the substitution world, strongly resembles what Dynamic Transposition
>achieves.
I can see no basis for such belief.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Some Enigma Questions
Date: Tue, 23 Jan 2001 21:08:35 GMT
"David C. Barber" wrote:
> Of course, the Germans kept thinking the machine was unbreakable
> because they couldn't break it themselves.
More accurately, they didn't see any way of breaking it
short of exhaustive key search (including steckering),
and thus were lulled by the vast number of combinations
into a (false) sense of security. Much like people who
think any old 1024-bit-keyed block cipher is just fine.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Creating a self extracting encrypted exe?
Date: Tue, 23 Jan 2001 14:18:49 -0800
Ernst <[EMAIL PROTECTED]> wrote in message
news:94kv69$u0d$05$[EMAIL PROTECTED]...
> I'd like to automatically send encrypted self extractinc exe files via
> email. Does anyone know a tool which can automatically (batch) create self
> extracting exe files (secure protection). The (printed) public key or
> password could be sent via registered mail to customers.
> Does anyone know a maufacturer of such a software?
Something to think about. If there is enough mutual trust between
the two of you, that they would run any software so potentially
dangerous, why not send it in the clear? If you are worried about third
parties, perhaps you should just mail the data instead.
There are uses for this type of software but this ain't one of them.
That being said, check out Kent Brigs' site (Brigsoft)? Watch out for
snake oil even if they say they have a known & trusted algorithm like
DES or Blowfish.
Paul
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: JPEG infidelity for crypto
Date: Tue, 23 Jan 2001 16:06:11 -0600
In article <94kog7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Kenneth Almquist) wrote:
> JPEG images would be a good choice for hiding messages precisely because
> it is common for multiple compressions of the same scan to appear on the
> internet....
> If an evesdropper observes multiple copies of the same image being
> sent, that might provide a clue that steganography is being used, so
> you would want a fairly large number of pictures for this purpose.
> The alt.binaries.pictures newsgroups provide a good supply.
>
Surely, a single image can be near-cloned, then, stegnographically used as
you suggest. Looking for image changes to catch encrypted messages might
indeed indicate something funny is going on, or it might not, just that
natural processing variations are involved. I figure that exploding use
of graphics techniques and exploding use of stegnography doom dragnet
detection efforts per what we have seen with text.
...
>
> By "small" changes, I mean changes that are not visually obvious. The
> example that started this thread was one where the JPEG compression
> created visible artifacts. Since these artifacts were not specificly
> chosen to obscure a watermark, I suppose the odds are that they would
> not affect a typical watermark system.
Then, what is typical? If poor, it is easily twarted. If good, it is
perhaps still twartable with additional effort. Survivability seems to
separate methods for stegnographic purposes as well; some methods,
counting petals or ears of corn tend to be survivable, but low bit may
not.
>
> Note that converting a typical color image to GIF format also loses
> information. In a GIF image, each pixel must have a color which
> appears in the color map, and the color map is limited to 256 colors.
> This typically creates signficant visual artifacts throughout the
> image. Of course artificially constructed images (as opposed to
> photographic images) can be designed to contain no more than 256
> colors. I suspect that a watermark applied to such an image could
> be obscured by reducing the watermarked image to 256 colors, and
> then fiddling with the low order bits of the color map.
While some techiques fiddle with raw graphics souce data, putting
something on a screen with limited resolution, then, grabbing that
displayed image does away with fine graphics code differences in a low
tech manner. With less resolution as a starting point, the lesser data
can be productively added to, with its base image easily retrieved via the
display.
So, the division of stegnographic/watermarking information between what
you cannot see in a given display with another category, what you and
screen operating utilities can see, is made. If marked data is easily
filtered out, as a watermarking process, it is of little value. On the
other hand, if not, it may also be detected visually and neutralized if
worth the effort.
One attack to be used to twart stegnography is to say that such and such
image is copyrighted, and it cannot be used for any purpose, surely not
for crypto, and not be changed, even for artistic purposes . Surely my
image of Greta is art, perhaps not as she or CNN would liken or allow, but
as I see it, flattering and essence catching. In using it for
stegnographic purposes, have I abused it? How about artistic purposes?
Perhaps I drew the image with paint as I watched her wit, and scanned it;
perhaps, I did too good of a job. I mention this because one sure method
to frustrate crypto is to use copyright law as a censorship method, but I
gather everyone knows what I feel about that.
Note that many of the images I use are ones I actually took. For
stegnographic purposes, the choice is always there to work from your own
photos/captures or those of others. To quibble here is to limit free
expression, crypto or not, but some see control as their bag. And some
would wish to be part of a paint roller briggade to purify the nations art
museums, but I add some prude-bait artistic images of as a statement that
life is dynamic, humerous, and God-pleasing in spite of pea brains that
want to censor anything they don't like for spurious reasons, art, crypto,
literature, happiness, even define worship as protected if done with
approved and politically correct hypocritics. Prunes.
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: [EMAIL PROTECTED] (Kenneth Almquist)
Subject: KASUMI Analysis? (Was: Re: 3G crypto algorithms)
Date: 23 Jan 2001 22:39:02 GMT
"Sam Simpson" <[EMAIL PROTECTED]> queried:
> Has anyone had a look at KASUMI, the 'new' block cipher to be used with
> 3GPP? Any comments or critical appraisal?
I've looked at it briefly. It's a 64 bit block cipher with a 128 bit
key. It's overall structure is an 8 round Feistal cipher. The F
function in turn consists of a 5 rounds operating on two 16 bit blocks.
Two of the rounds are Feistal rounds consisting of a one bit rotate
followed by an "and" or "or" operation with a round key. The other
three rounds involve splitting a 16 bit block into a 9 bit block and
a 7 bit block, and applying four rounds using a 9x9 S-box and a 7x7
S-box. These rounds look like:
<L, R> := <L, R> xor round_key_1
L := S9[L] xor R
R := S7[R] xor L
<L, R> := <L, R> xor round_key_2
L := S9[L] xor R
R := S7[R] xor L
This variant on the Feistal structure means that the S-box lookups can
be performed in parallel (although the xor operations cannot). The
S-boxes are defined in terms of "xor" and "and" operations, with the
intention that they be implemented in combinatorial logic rather than
using a table lookup.
The cipher requires eight 16-bit round keys for each round, making
a total of 64 round keys. The cipher key is viewed as consisting of
eight 16-bit words. To construct a particular round key, we either
apply a constant rotation to one of these words, or compute the xor
of one of these words and one of 8 constants.
Kasumi looks like it should be cheaper than Rijndael to implement
in hardware. It also has a reasonable software implementation.
This leaves the question of security.
The S-boxes are designed to be simple to implement in hardware. I
haven't tried typing them in and analyzing them, but the relatively
simple description in terms of "and" and "xor" operations raises the
question of whether they have an exploitable weakness.
The key schedule is simpler than that of any of the AES finalists,
which suggests another area where weaknesses might be found. The
designers clearly considered related key attacks. The key schedule
can be thought of as rotating the cipher key one position for each
round. However, each word of the key is either rotated or xor-ed
with a constant before being used. The xor constants rotate along
with the cipher key, but the bit rotation amounts do not. This
should place a large obsticle in the path of related key attacks
which work by rotating the cipher key. I do note that one of the
words of the key is combined with input data using "and", so that
it is possible to ensure that flipping certain bits of the key
will not affect the first round. (This is done by setting the
corresponding bit of the data being encrypted to zero.) This
allows one round of the cipher to be largely ignored when mounting
a related key attack involving flipping key bits.
One use of Kasumi is to construct a stream cipher. This is is done
by a variant of OFB where what is encrypted is an xor of
1) The output of the previous block (or zero for the first block),
2) A value resulting from encrypting some information about the
connection, and
3) A block number.
This last is used to avoid the risk of hitting a short cycle (which
is a risk, albeit minor, of normal OFB mode).
Kenneth Almquist
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
