Cryptography-Digest Digest #79, Volume #14 Wed, 4 Apr 01 20:13:01 EDT
Contents:
rc4 without sbox swapping/updating (Ken Savage)
Re: rc4 without sbox swapping/updating (Ken Savage)
REPOST: Re: His cat would love to sodomize sick toilet paper ("Frog2000" [reposted
because of rogue cancel])
REPOST: Re: Winter loves potatoes ("Frog2000" [reposted because of rogue cancel])
Re: rc4 without sbox swapping/updating (Terry Ritter)
Re: AES VS. DES ("Scott Fluhrer")
Re: patent this and patent that (John Savard)
Re: patent this and patent that (Bill Unruh)
Re: AES VS. DES (SCOTT19U.ZIP_GUY)
Re: patent this and patent that ("Henrick Hellström")
Re: rc4 without sbox swapping/updating (Ken Savage)
Re: rc4 without sbox swapping/updating (Ken Savage)
Would dictionary-based data compression violate DynSub? (Ken Savage)
Re: How good are ... ? ("Joseph Ashwood")
----------------------------------------------------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: rc4 without sbox swapping/updating
Date: Wed, 04 Apr 2001 21:48:42 GMT
Recent discussions suggest that the ever-changing sbox in rc4
could violate Ritter's Dynamic Substitution patent. Likewise
any technique using "one or more invertable substitution tables"
**and** "some way to change the arrangement of the values in the
tables".
The following code illustrates a method of coding RC4 so as to:
1) have ONE invertable substitution table and ONE **non-invertable**
non-substitution table
but,
2) having some way to UPDATE the values in the non-invertable table
WITHOUT
3) changing the arrangement of the values in the invertable table.
(It is assumed that the DynSub patent refers to the "invertable
substitution tables" when it uses the term "tables".)
so as to
4) Produce the same bitstream as a swapping-type rc4 implementation.
aka: "There's more than one way to skin a cat"
======
It is important to note that the values in the non-substitution table
are NOT unique, and that the substitution table is NOT dynamic, since
it remains static after the key initialization phase. The non-sub table
is dynamically adjusted, but the DynSub patent does not apply to this
type of update (as far as I can tell.)
Any comments greatly appreciated.
So, without further adieu, the code!!!!
// rc4 implemented without swapping, instead making extensive
// use of 8-bit overflow.
//
void rc4( RC4Info *info, char *data, int len )
{
int i;
unsigned char tmp;
for( i = 0; i < len; i++ )
{
info->x++;
info->y += info->perm[info->x] + info->add[info->x];
tmp = info->add[info->x];
info->add[info->x] = info->perm[info->y] + info->add[info->y] -
info->perm[info->x];
info->add[info->y] = info->perm[info->x] + tmp -
info->perm[info->y];
tmp = info->perm[info->x] + info->perm[info->y] +
info->add[info->x] + info->add[info->y];
data[i] ^= (char)(info->perm[tmp] + info->add[tmp]);
}
}
Cheers,
Ken
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Wed, 04 Apr 2001 21:56:05 GMT
Ken Savage wrote:
>
> It is important to note that the values in the non-substitution table
> are NOT unique, and that the substitution table is NOT dynamic, since
> it remains static after the key initialization phase. The non-sub table
> is dynamically adjusted, but the DynSub patent does not apply to this
> type of update (as far as I can tell.)
BTW, I freely release this concept into the public domain, claiming no
patent against it. (Unfortunately, if some other schmuck has claimed
it before I posted it here today, you're still f'kd, but hey life sucks
somtimes ;)
Ken
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]> [reposted because of rogue cancel]
Subject: REPOST: Re: His cat would love to sodomize sick toilet paper
Crossposted-To: soc.men,alt.security.pgp
Date: Wed, 4 Apr 2001 09:49:37 -0400
Isn't there a talk.crypt.politics, or something like that? :)
--
http://welcome.to/speechsystemsfortheblind
"Anonymous" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Frog loves to burn most of politically correct jews
> [STATS] Austria wants TLA
> [STATS] Cracow needs carrots
> Green wants republicans
> 0,4727682 0,2866326 0,3427811 -2001/03/25 23:59:31-
> Script-Kiddie MASTER of APAS/ADRU/SM/AUK
> For a 21st Century completely REMAILER-FREE
> That CRAP brought to you by request from Thomas J. BOSCHLOO
> [EMAIL PROTECTED]
> TLA requires to write more of pommies
========= WAS CANCELLED BY =======:
Path:
news.sol.net!spool0-nwblwi.newsops.execpc.com!newspump.sol.net!newsfeed.direct.ca!look.ca!newsfeed.icl.net!skynet.be!fr.clara.net!heighliner.fr.clara.net!fr.usenet-edu.net!usenet-edu.net!wanadoo.fr!!AussieRenegade-back-to-rule!cyberspam!not-for-mail
From: Aussie Renegade <[EMAIL PROTECTED]>
Newsgroups:
news.admin.net-abuse.usenet,alt.recovery.aa,alt.recovery.na,alt.fan.tomsq,alt.recovery.dorothy,rec.gardens,alt.support.single-parents,alt.redheads,canb.general,aus.politics,rec.boats,soc.men
Subject: cmsg cancel <[EMAIL PROTECTED]>
Control: cancel <[EMAIL PROTECTED]>
Date: 4 Apr 2001 15:04:51 GMT
Organization: AOL http://www.aol.com
Lines: 40
Approved: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
NNTP-Posting-Host: atuileries-101-1-1-117.abo.wanadoo.fr
X-Trace: wanadoo.fr 986396694 9468 193.251.49.117 (4 Apr 2001 15:04:54 GMT)
X-Complaints-To: [EMAIL PROTECTED]
NNTP-Posting-Date: 4 Apr 2001 15:04:54 GMT
X-Admin: [EMAIL PROTECTED]
X-No-Archive: yes
X-Message: Fuck you, yes you
X-No-Repost: yes
Moderatour Cancel for reckless endangerment of sanity
<remainder snipped>
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]> [reposted because of rogue cancel]
Subject: REPOST: Re: Winter loves potatoes
Crossposted-To: soc.men,alt.security.pgp
Date: Wed, 4 Apr 2001 09:50:47 -0400
--
http://welcome.to/speechsystemsfortheblind
"Anonymous" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Gates probably wants CIA
Nah, they pay well, but he makes better money.
> 0,5851809 0,5951465 0,7299836 -2001/03/25 23:37:34-
> Script-Kiddie MASTER of APAS/ADRU/SM/AUK
> For a 21st Century completely REMAILER-FREE
> That CRAP brought to you by request from Thomas J. BOSCHLOO
> [EMAIL PROTECTED]
> [INFO] Shinn sure used some republicans
> Re: My sister absolutely asks to fist-fuck most of Pangborn
========= WAS CANCELLED BY =======:
Path:
news.sol.net!spool0-nwblwi.newsops.execpc.com!newspump.sol.net!skynet.be!fr.clara.net!heighliner.fr.clara.net!fr.usenet-edu.net!usenet-edu.net!wanadoo.fr!!AussieRenegade-back-to-rule!cyberspam!not-for-mail
From: Aussie Renegade <[EMAIL PROTECTED]>
Newsgroups:
news.admin.net-abuse.usenet,alt.recovery.aa,alt.recovery.na,alt.fan.tomsq,alt.recovery.dorothy,rec.gardens,alt.support.single-parents,alt.redheads,canb.general,aus.politics,rec.boats,soc.men
Subject: cmsg cancel <[EMAIL PROTECTED]>
Control: cancel <[EMAIL PROTECTED]>
Date: 4 Apr 2001 15:04:46 GMT
Organization: AOL http://www.aol.com
Lines: 34
Approved: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
NNTP-Posting-Host: atuileries-101-1-1-117.abo.wanadoo.fr
X-Trace: wanadoo.fr 986396688 9468 193.251.49.117 (4 Apr 2001 15:04:48 GMT)
X-Complaints-To: [EMAIL PROTECTED]
NNTP-Posting-Date: 4 Apr 2001 15:04:48 GMT
X-Admin: [EMAIL PROTECTED]
X-No-Archive: yes
X-Message: Fuck you, yes you
X-No-Repost: yes
Moderatour Cancel for reckless endangerment of sanity
<remainder snipped>
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: rc4 without sbox swapping/updating
Date: Wed, 04 Apr 2001 22:36:06 GMT
On Wed, 04 Apr 2001 21:48:42 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt Ken Savage <[EMAIL PROTECTED]> wrote:
>Recent discussions suggest that the ever-changing sbox in rc4
>could violate Ritter's Dynamic Substitution patent. Likewise
>any technique using "one or more invertable substitution tables"
>**and** "some way to change the arrangement of the values in the
>tables".
>
>The following code illustrates a method of coding RC4 so as to:
>
>1) have ONE invertable substitution table and ONE **non-invertable**
>non-substitution table
>
>but,
>
>2) having some way to UPDATE the values in the non-invertable table
>
>WITHOUT
>
>3) changing the arrangement of the values in the invertable table.
>(It is assumed that the DynSub patent refers to the "invertable
>substitution tables" when it uses the term "tables".)
An assumption is clearly false, from the evidence in the patent
itself.
>so as to
>
>4) Produce the same bitstream as a swapping-type rc4 implementation.
>
>aka: "There's more than one way to skin a cat"
>
>------
>
>It is important to note that the values in the non-substitution table
>are NOT unique, and that the substitution table is NOT dynamic, since
>it remains static after the key initialization phase. The non-sub table
>is dynamically adjusted, but the DynSub patent does not apply to this
>type of update (as far as I can tell.)
"As far as you can tell?"
Well, as far as *I* can tell, you have trouble reading. Here it is,
right from the Abstract:
"The combiner can also be used to combine two pseudo-random confusion
streams into a more-complex confusion stream. In this case,
extraction may be unnecessary and so the combiner substitution tables
need not be invertible. Thus, the translation changes need not be
limited to permutations."
Claim 1 has been presented verbatim many times. That claim does not
include a requirement that the "substitution means" must be
invertible. Instead, that comes in Claim 2:
"
2. The combining mechanism of claim 1 wherein said substitution means
is initialized to contain at most one occurrence of any particular
translation.
"
Obviously, if "substitution means" had to be invertible in the first
place, there would be no need for claim 2, and yet we do have claim 2.
Claim 1 does read on tables which are non-invertible.
>Any comments greatly appreciated.
I bet.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: AES VS. DES
Date: Wed, 4 Apr 2001 15:33:10 -0700
Paul Schlyter <[EMAIL PROTECTED]> wrote in message
news:9aa2er$ojh$[EMAIL PROTECTED]...
> In article <HGXx6.5181$I5.10267@stones>,
> Brian Gladman <[EMAIL PROTECTED]> wrote:
> > "Pascal Junod" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> >> On Sun, 1 Apr 2001, Brian Gladman wrote:
> >>
> >> [snip]
> >>
> >>> DES is still a very good cipher that has not been broken but increases
> >>> in ... [snip]
> >>
> >> Do you ever read about linear cryptanalysis, differential cryptanalysis
?
> > > I'm not quite sure one can claim that DES is "unbroken"...
> >
> > The issue here is one of definition.
> >
> > In principle all keyed block ciphers can be attacked by undertaking an
> > exhaustive search of their key space so it makes limited sense to claim
that
> > an algorithm is broken if it is vulnerable to this form of attack.
> >
> > But I agree that you can choose to use this as your definition of
'broken'
> > if you so wish.
> >
> > But I choose a different definition - namely that an algorithm is broken
if
> > it is possible, on average, to recover the plaintext without the key
with
> > significantly less effort than would be expected in a brute force key
> > search.
> >
> > And it in this sense that I claim that DES is unbroken.
>
> By that definition, a simple XOR cipher where each byte of the
> plaintext is XOR'ed with one constant value - the 1-byte key - isn't
> "broken" either, since the fastest way to break it is to do an
> exhaustive search of the 256 possible different keys....
>
> If an exhaustive key search is computationally feasible, then the
> cipher has too small a key space, and is broken becuase of that.
> 1-DES is on the limit of being broken in this respect: while an
> exhaustive key search within a reasonable time is possible, it
> requires a lot of resources. The fix (for now at least) is to use
> 3-DES instead.
>
> Therefore a (symmetric) cipher isn't broken if both these conditions
> apply:
>
> 1. The key space is large enough to make exhaustive search
> computationally infeasible within a reasonable amount of time.
>
> 2. No other method is known which breaks the cipher significantly
> faster than an exhaustive key search.
I would like to point out that, by the above definition, 3AES (yes, 3
iterations of AES with independently chosen 256 bit) is broken, because it
is possible to recover then key "significantly" faster than in O(2**768)
time. For one, with a standard meet-in-the-middle, and with O(2**k) memory,
you can break it in O(2**(768-k)) time (for k<=256). For another, Stefan
Luck's attack on 3DES might be fruitfully applied.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: patent this and patent that
Date: Wed, 04 Apr 2001 22:45:47 GMT
On 4 Apr 2001 15:17:00 -0600, [EMAIL PROTECTED] (Vernon
Schryver) wrote, in part:
>In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
>>As far as I am aware, no patents on actual software were allowed until
>>recently. So the idea of "a history of software patents" must mean
>>something else.
>Contrary to that statement, Mr. Ritter knows that there is nothing ill
>defined about the changes that have allowed patents on computer programs.
>20 years ago it was generally agreed that they were impossible and wrong.
>Today most professional programmers deal with patents either to avoid them
>or to help the local lawyers file them.
It is sufficient to say that what "a history of software patents"
means to most people is a history of the applicability of patents on
processes or devices to computers carrying out the patented processes,
or performing the same operations as the patented devices.
>>One thing the term "software patents" conveniently overlooks is that
>>patents are about doing something. Software is a name we give to
>>customizing a machine to do something ...
>That might be well and good, but as I'm sure Mr. Ritter knows,
>it's irrelevant.
Actually, it's highly relevant. If the statement "software is a name
we give to customizing a machine to do something" is held to be
literally and fully true, then including computer software within the
reach of the patent law is a natural and proper outgrowth of the prior
functioning of the patent law, and is not an illegitimate extension
thereof.
On the other hand, if one views a computer program as primarily an
_algorithm_, a mathematical procedure for doing something, like the
set of rules for long division, that can be used by a human to perform
calculations - and the fact that the algorithm might be performed
automatically by a computer instead is a trivial detail - then the
objections to "software patents", real and so-called, become apparent.
So it actually addresses the central issue of this controversy.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: patent this and patent that
Date: 4 Apr 2001 23:05:04 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Terry Ritter) writes:
>But when a digital computer functions, there is no software there,
>only hardware voltages and parts, and patents have long applied to
>just that sort of hardware. So if "software" causes the hardware to
>function as a patented thing, I would think that courts in any country
>would find it difficult to prohibit patent enforcement, given the
>unarguable fact of hardware doing exactly what the patent describes.
The question is whether the patent claims to cover "software" which can
run on any computer, or whether the very specific aspects of the
hardware form a crucial part o fthe patent. In the latter case, I am
sure that that crucial harware component could be patented. However one
could well demand that any patent on software able to run on any
"computer" not be patentable. So Say RSA which claims a patent on the
process of using modular arthmetic to encrypt would be invalid while a
specific gate array programmed in a specific manner to impliment RSA
could be patented. Just because a patent describes something clearly
does not mean that it is patentable.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES VS. DES
Date: 4 Apr 2001 23:02:56 GMT
[EMAIL PROTECTED] (Scott Fluhrer) wrote in
<9ag839$lq3$[EMAIL PROTECTED]>:
>
>Paul Schlyter <[EMAIL PROTECTED]> wrote in message
>news:9aa2er$ojh$[EMAIL PROTECTED]...
>> In article <HGXx6.5181$I5.10267@stones>,
>> Brian Gladman <[EMAIL PROTECTED]> wrote:
>> > "Pascal Junod" <[EMAIL PROTECTED]> wrote in message
>> > news:[EMAIL PROTECTED]...
>> >> On Sun, 1 Apr 2001, Brian Gladman wrote:
>> >>
>> >> [snip]
>> >>
>> >>> DES is still a very good cipher that has not been broken but
>> >>> increases in ... [snip]
>> >>
>> >> Do you ever read about linear cryptanalysis, differential
>> >> cryptanalysis
>?
>> > > I'm not quite sure one can claim that DES is "unbroken"...
>> >
>> > The issue here is one of definition.
>> >
>> > In principle all keyed block ciphers can be attacked by undertaking
>> > an exhaustive search of their key space so it makes limited sense to
>> > claim
>that
>> > an algorithm is broken if it is vulnerable to this form of attack.
>> >
>> > But I agree that you can choose to use this as your definition of
>'broken'
>> > if you so wish.
>> >
>> > But I choose a different definition - namely that an algorithm is
>> > broken
>if
>> > it is possible, on average, to recover the plaintext without the key
>with
>> > significantly less effort than would be expected in a brute force
>> > key search.
>> >
>> > And it in this sense that I claim that DES is unbroken.
>>
>> By that definition, a simple XOR cipher where each byte of the
>> plaintext is XOR'ed with one constant value - the 1-byte key - isn't
>> "broken" either, since the fastest way to break it is to do an
>> exhaustive search of the 256 possible different keys....
>>
>> If an exhaustive key search is computationally feasible, then the
>> cipher has too small a key space, and is broken becuase of that.
>> 1-DES is on the limit of being broken in this respect: while an
>> exhaustive key search within a reasonable time is possible, it
>> requires a lot of resources. The fix (for now at least) is to use
>> 3-DES instead.
>>
>> Therefore a (symmetric) cipher isn't broken if both these conditions
>> apply:
>>
>> 1. The key space is large enough to make exhaustive search
>> computationally infeasible within a reasonable amount of time.
>>
>> 2. No other method is known which breaks the cipher significantly
>> faster than an exhaustive key search.
>
>I would like to point out that, by the above definition, 3AES (yes, 3
>iterations of AES with independently chosen 256 bit) is broken, because
>it is possible to recover then key "significantly" faster than in
>O(2**768) time. For one, with a standard meet-in-the-middle, and with
>O(2**k) memory, you can break it in O(2**(768-k)) time (for k<=256).
>For another, Stefan Luck's attack on 3DES might be fruitfully applied.
>
>--
>poncho
>
Maybe the defination of a break should be changed. Such that an
upper limit on strengh that would relate to key size. That way and
attack on a thousad bit key cipher that reduces it to 300 bits. One
could still say it appears stronger than a 256 bit key cipher. And not
use the term break. Instead use the term possible effective key length.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.nbci.com/ecil/index.htm
Scott LATEST UPDATED sources for scott*u.zip
http://radiusnet.net/crypto/archive/scott/
Scott famous Compression Page
http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
A final thought from President Bill: "The road to tyranny,
we must never forget, begins with the destruction of the truth."
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: patent this and patent that
Date: Thu, 5 Apr 2001 01:17:00 +0200
"Terry Ritter" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
> On Wed, 04 Apr 2001 21:20:42 +0200, in
> <[EMAIL PROTECTED]>, in sci.crypt Ichinin
> <[EMAIL PROTECTED]> wrote:
> >As a Swedish Citisen - I have
> >that right, as long as i dont use the idea
> >commercially.
> >
> >I've been twiddling around with selfmodifying S-Boxes
> >(OFB) myself and only for research, and i do not have
> >to give a crap about patents - Mainly because we also
> >have no software patents, but that's another story.
>
> I think that must be an odd story indeed. I suspect that by "software
> patent" you mean any patent which applies to software. But by
> "software" you mean something which functions in a digital computer
> which is *hardware*. Software, by itself, does not function at all.
> Nobody cares about software that just sits there and never runs.
>
> But when a digital computer functions, there is no software there,
> only hardware voltages and parts, and patents have long applied to
> just that sort of hardware. So if "software" causes the hardware to
> function as a patented thing, I would think that courts in any country
> would find it difficult to prohibit patent enforcement, given the
> unarguable fact of hardware doing exactly what the patent describes.
True, but your patent claims describes a mathematical method. A claim that
consists only of a description of a mathematical method is not valid in
Europe. A valid set of claims must include some distinguishing physical
manifestation, either in the means or in the end of the method. More
precisely, you could claim to have invented a specific family of "hardware
voltages and parts", which might be doable, but would at best limit your
claims to a specific hardware configuration. Perhaps you should try to
formulate such claims, e.g. by listing all possible combinations of
"hardware voltages and parts" that might correspond to each CPU instruction
one might use in an implementation of your method and to each possible state
of the substitution table, then recreate your original claims on that basis,
and finally check what kinds of hardware states would "read on" your claims.
You would probably find that your claims would cover pretty much any
possible state of any computer running any software. But that's not all, of
course. Even European patents might have "soft" concepts in the claims, so
you might get lucky and successfully limit the scope of your claims by
adding terms such as "cryptographic method", "data diffusion" etc in the
description of the context your invention is intended to be used in.
But what do I know? ;-)
--
Henrick Hellström [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Wed, 04 Apr 2001 23:23:26 GMT
Terry Ritter wrote:
> "The combiner can also be used to combine two pseudo-random confusion
> streams into a more-complex confusion stream. In this case,
> extraction may be unnecessary and so the combiner substitution tables
> need not be invertible. Thus, the translation changes need not be
> limited to permutations."
In the case of rc4, extraction *IS* necessary. The above paragraph
misses the case where extraction is required, yet the tables are not
invertible.
I'm finding that the PRECISE definitions of what is meant by "first
data source", "second data source", "extraction", "invertible", etc
are not clear.
For instance, consider the sequence:
0, 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3, ...
>From an information-theoretic sense, this sequence is completely
predictable, thus it has zero entropy, zero information and thus
is not a data source. It's a "modulo-4 counter initialized to zero".
Yet I suspect that any patent holder would gladly consider it a
"data source" if it were profitable/advantageous for them to do so.
> Claim 1 has been presented verbatim many times. That claim does not
> include a requirement that the "substitution means" must be
> invertible. Instead, that comes in Claim 2:
Definitions (from Webster's 9th new collegiate)
Permutation: an ordered arrangement of a set of objects
Permute: to change the order or arrangement of
arrange: to put into a proper order or suitable sequence (note:
SUITABLE)
re-arrange: to arrange anew
Claim 1b: "... for permuting or re-arranging ... within said
substitution means"
To be noted:
1) The code presented does not permute any values
2) No ordering is done on add[], nor is any suitability determined.
3) Since no permutation is done, nor any suitability determined,
it is not a re-arrangement.
In more layman's terms, to "rearrange your furniture" means to take
your furniture, and reposition them about your house. You still have
the same furniture. If I was asked to "rearrange the elements in
this array", I would shuffle the array ---- KEEPING THE SAME VALUES
AS WAS IN THE ARRAY, instead ** PERMUTING ** them. Synonym.
As such, I don't see my code passing (1b).
> 2. The combining mechanism of claim 1 wherein said substitution means
> is initialized to contain at most one occurrence of any particular
> translation.
My code doesn't pass (2).
> Claim 1 does read on tables which are non-invertible.
Provided they are permuted.
Ken
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Wed, 04 Apr 2001 23:45:27 GMT
Terry Ritter wrote:
> >is dynamically adjusted, but the DynSub patent does not apply to this
> >type of update (as far as I can tell.)
>
> "As far as you can tell?"
>
> Well, as far as *I* can tell, you have trouble reading. [...]
> >Any comments greatly appreciated.
>
> I bet.
As far as I can tell, I'm well able to read. While we may have
different interpretations of what we're reading, it distracts from
the DISCUSSION when snide comments find their way into replies.
As my previous message indicates, there is an alternate way to
interpret the claims in the patent. English, unfortunately, is
not mathematics, which is the very reason these alternatives
exist.
I will admit that we both have different goals here; I am actively
seeking a way to produce an rc4-compatible output stream without
seemingly violating the Dynamic Substitution patent. Hopefully, the
same techniques used in this endeavour can be used in other ciphers
or realms. You, knowing that rc4 involves sbox updates, and being the
holder of the DynSub patent, probably aren't too happy about these
attempts :) I wouldn't blame you.
For me, it's not personal; I'm just doing my job (quite literally).
I hope in the future this sentiment is reciprocated.
Ken
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Would dictionary-based data compression violate DynSub?
Date: Wed, 04 Apr 2001 23:54:22 GMT
Hate to think about it, but why would dynamic dictionary (LZW, LZH,
deflate)
data compression techniques NOT violate DynSub?
You have a table (containing strings of chars), which determines
the output (position, len).
As you compress more data, the table (dictionary) updates itself,
removing some elements, adding others (a LOOSE term for "re-arrangement"
???).
It's invertible. You're combining one data stream (uncompressed text)
with
another (possibly a password??)
Ken
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: How good are ... ?
Date: Mon, 2 Apr 2001 12:23:37 -0700
Crossposted-To: sci.crypt.random-numbers
"Peter Engehausen" <[EMAIL PROTECTED]> wrote in message
> How strong are chiphers who work *only* with pseudorandom numbers...?
That depends on numerous factors. In the case of OTP it is perfect (although
this doesn't take pseudorandom number, only true random numbers), in other
cases it is not perfect but good, and can be extremely bad.
> It surely depends on the generator, but if it's an average one,
> initialized by a good pass phrase?
It depends not only on the generator but how it is used. You said using only
a pRNG, but that is simply never the case, most likely what you are
referring to is the common way of using a stream cipher, XORing it with the
plaintext. However there are other ways involving keying block ciphers
(other than the XOR based block cipher) with a pRNG, and each of these has
various methods has different abilities. Assuming you mean the XOR-based
encryption, it can be very strong (although many stronger methods come to
mind). However using an average generator generally gives very poor results
for cryptography. I assume an average generator is one marginally better or
equivalent to the recommended C rand() function.
> How can they be broken? Any usefull links or papers known?
There are two basic methodologies for attacking them, and several types of
attacks. The two methodologies are finding complete determination, and
finding correlations. The most obvious attack of the complete determination
type is the period, the point where the stream will repeat, other options
include things like when you can compute the next value (or previous value)
by knowing a certain number of values. The correlations are a bit more
difficult to explain so briefly, they are linear and differential
cryptanalysis, this is related to the second type of determination attack I
listed, but can be uncertain. It is possible to find potential correlations,
or correlations that cannot exist, combinations that always occur, occur
with some probability, or never occur. From these it is possible to compute
the key, either through elimination or through construction. The attacks
based on the second methology are generally much more interesting
cryptographically because they represent inherent flaws in the system.
Joe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
