Cryptography-Digest Digest #496, Volume #14 Sat, 2 Jun 01 08:13:00 EDT
Contents:
Top Secret Crypto ("awn")
Re: Top Secret Crypto (Mathew Hendry)
Re: Uniciyt distance and compression for AES ("John A. Malley")
Re: And the FBI, too (Re: National Security Nightmare?) (Matthew Montchalin)
Cryptography as a means of self-protection (only for newbies) ("Falissard")
Re: Medical data confidentiality on network comms (Mok-Kong Shen)
Re: Top Secret Crypto ("Tom St Denis")
Re: Question about credit card number ("Tom St Denis")
Re: And the FBI, too (Re: National Security Nightmare?) (Paul Rubin)
----------------------------------------------------------------------------
Reply-To: "awn" <[EMAIL PROTECTED]>
From: "awn" <[EMAIL PROTECTED]>
Subject: Top Secret Crypto
Date: Sat, 2 Jun 2001 08:35:31 +0200
TOP SECRET CRYPTO
The Most Powerful Data Encryption Program in the World
Until now, unbreakable encryption methods have been possessed by only a few
government agencies, such as the National Security Agency (NSA) and the
Soviet KGB. With Top Secret Crypto you now have that ability. Privacy
maintained by mathematical law is now a reality.
THE PROGRAM: Top Secret Crypto uses the RSA Public Key Encryption Algorithm
with a key space, or Modulus n size, of 480 to 8,192 bits. Its conventional
encryption algorithm is based upon the One Time Pad Encryption System, which
is considered Unbreakable in Theory and Practice when used correctly.
The One Time Pad Encryption System can use two types of Session Keys. The
first type is for one or more recipients and seeds 4, 8, 16, 32, or 64
pseudo random number generators with a key space of 325-353, 613-669,
1,189-1,301, 2,341-2,565, and 4,645- 5,093 bits respectively. The number of
pseudo random number generators used depends on the smallest RSA Key used.
The second type of Session Key is for one recipient only, and is a One Time
Pad Key File which is comprised of 1,303 randomly generated numbers between
100,000,001 and 4,294,967,295. 768 of these numbers are randomly chosen to
seed 256 pseudo random number generators with a key space of 18,469 to
20,261 bits. Both sender and recipient must have a copy of the file. See the
Images page for a few screen shots of what the program looks like.
Top Secret Crypto Features
Rsa Key sizes from 480 to 8,192 bits.
The conventional cipher is based upon the One Time Pad Encryption System,
which, if used correctly, is considered unbreakable in theory and practice,
i.e. the One Time Pad Key File is used to encrypt with.
Depending on the type of Session Key used (see above), conventional key
sizes can range from 325 to 20,261 bits.
Full featured Win32 program using the new HTML Help System.
Manage your Key Rings with a friendly and easy to use interface.
Compress one or more files before you encrypt them for transmission. The
provided compression procedures take the Limpel-Ziv-Welch (LZW) data
compression algorithm to new heights. Depending on the amount of memory your
computer has, it can output code sizes starting at 9 bits and go all the way
up to 24 bits.
Specify the number of separation bits between Primes p and q. It can range
from 0 to 64 bits. This makes it very difficult for anyone to mount a
concerted attack on factoring Modulus n.
Specify the validity period for the Public and Secret Keys. It can range
from forever to 65,535 days.
All Public Keys you make are automatically signed by the Secret key, which
ensures the validity of the Public Key to anyone who uses it.
Provides a continuously changing pool of 65,536 random bits used in the
generation of Primes p and q, in the generation of One Time Pad Key Files,
and to construct keys for the pseudo random number generators.
Send an encrypted file to one or many recipients.
Conduct Phi and Chi tests on your encrypted files to see how well the
encryption algorithm really works.
Generate and print One Time Pads for secure hand written correspondence.
Order Online: http://www.topsecretcrypto.com
A. Nobel Denmark.
------------------------------
From: Mathew Hendry <[EMAIL PROTECTED]>
Subject: Re: Top Secret Crypto
Date: Sat, 02 Jun 2001 08:04:13 +0100
On Sat, 2 Jun 2001 08:35:31 +0200, "awn" <[EMAIL PROTECTED]> wrote:
>TOP SECRET CRYPTO
>
>The Most Powerful Data Encryption Program in the World
Posted within one hour of the Snake Oil FAQ, how ironic. :)
>Until now, unbreakable encryption methods have been possessed by only a few
>government agencies, such as the National Security Agency (NSA) and the
>Soviet KGB. With Top Secret Crypto you now have that ability. Privacy
>maintained by mathematical law is now a reality.
Uh huh.
>THE PROGRAM: Top Secret Crypto uses the RSA Public Key Encryption Algorithm
>with a key space, or Modulus n size, of 480 to 8,192 bits. Its conventional
>encryption algorithm is based upon the One Time Pad Encryption System, which
>is considered Unbreakable in Theory and Practice when used correctly.
So you send RSA(otp) *and* OTP(message), doubling the size of your message? RSA
is an expensive algorithm, which is why it's generally used only to encrypt
small (64-256 bit) session keys. For OTP the key must be at least as long as the
message...
>The One Time Pad Encryption System can use two types of Session Keys. The
>first type is for one or more recipients and seeds 4, 8, 16, 32, or 64
>pseudo random number generators with a key space of 325-353, 613-669,
>1,189-1,301, 2,341-2,565, and 4,645- 5,093 bits respectively. The number of
>pseudo random number generators used depends on the smallest RSA Key used.
So you're using pseudo-random numbers rather than generating your OTP keys from
a random source? Your system is only as secure as your pseudo-random number
generators, whose form you do not specify.
-- Mat.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Uniciyt distance and compression for AES
Date: Sat, 02 Jun 2001 00:07:29 -0700
"SCOTT19U.ZIP_GUY" wrote:
[...]
> Notive that if compression was used it would
> have to be bijective since for any hope of cipher text to map back
> to a seperate plain text for each key that is the only kind of compression
> that would work.
>
The March 2001 post (from which I now lift liberally) showed a simple
example of a perfect system per Shannon's definition where the key
length in bits is shorter than some of the bit lengths of messages, and
the perfect system is not an OTP:
There are four messages in the set M = { m1, m2, m3 , m4 } and P(m1) =
1/2, P(m2) = 1/4, P(m3) = P(m4) = 1/8 where P(m_i) means probability of
occurrence of m_i.
The uncertainty of M, H(M), is
H(M) = - ( - 1/2 * 1 - 1/4 * 2 - 1/8 * 3 - 1/8 *3 ) = 1.75 bits.
Encode the messages as these bit strings
m1 = 0
m2 = 10
m3 = 110
m4 = 111
Perfect secrecy requires the uncertainty of the key be equal to or
greater than the uncertainty of the messages - so we need a key 1.75
bits or longer. Each key value must be equiprobable. That points to a
2 bit key to encrypt this set of messages with perfect secrecy:
k1 = 00 selects this mapping:
m1 = 0 <-> c1 = 0
m2 = 10 <-> c2 = 10
m3 = 110 <-> c3 = 110
m4 = 111 <-> c4 = 111
k2 = 01 selects this mapping:
m1 = 0 <-> c1 = 10
m2 = 10 <-> c2 = 110
m3 = 110 <-> c3 = 111
m4 = 111 <-> c4 = 0
k3 = 10 selects this mapping:
m1 = 0 <-> c1 = 110
m2 = 10 <-> c2 = 111
m3 = 110 <-> c3 = 0
m4 = 111 <-> c4 = 10
k4 = 11 selects this mapping:
m1 = 0 <-> c1 = 111
m2 = 10 <-> c2 = 0
m3 = 110 <-> c3 = 10
m4 = 111 <-> c4 = 110
Alice and Bob know the four mappings relating m_i to c_i. Alice and Bob
chose a secret key (00, 01, 10 or 11) and exchange it only between
themselves. Alice and Bob send messages m1, m2, m3 and m4 to one
another as ciphertext c1, c2, c3 and c4. They decode them according to
the appropriate mapping as a function of the secret key value.
Eve knows the messages m_i, the probability of message m_i appearing and
the four mappings from m_i to c_i. The only thing Eve doesn't know is
the key k_i shared by Alice and Bob.
I won't repost the explanation of why this cipher has perfect secrecy
and why Eve learns nothing from the ciphertext - that's available in
the referenced post above in this thread.
Let's take this example in a new direction. The strings m1, m2, m3 and
m4 are a Huffman encoding of symbols from a message source producing
four symbols with P(m1) = 1/2, P(m2) = 1/4, P(m3) = P(m4) = 1/8.
Any message source S generating four symbols s1, s2, s3, s4 with P(s1) =
1/2, P(s2) = 1/4, P(s3) = P(s4) = 1/8 can be represented by the Huffman
encodings for the set M.
Given s1 = 0000, s2 = 0010, s3 = 0101, s4 = 0001 for example, and P(s1)
= 1/2, P(s2) = 1/4, P(s3) = P(s4) = 1/8, we can compress the set S to
the set M as
s1 = 0000 <-> m1 = 0
s2 = 0010 <-> m2 = 01
s3 = 0101 <-> m3 = 011
s4 = 0001 <-> m4 = 011
and then Alice can encrypt any message in M with the mapping
(transformation) selected by the key value k_i she secretly shares with
Bob. However, Alice and Bob also need to share this compression mapping
from S to M so Bob can decompress the message m_i to its proper s_i.
Or do they? Any symbol set S with P(s1) = 1/2, P(s2) = 1/4, P(s3) =
P(s4) = 1/8 can be represented by M as defined here.
What Alice and Bob can actually do is this:
k1 = 00 selects this mapping:
s1 <-> c1 = 0
s2 <-> c2 = 10
s3 <-> c3 = 110
s4 <-> c4 = 111
k2 = 01 selects this mapping:
s1 <-> c1 = 10
s2 <-> c2 = 110
s3 <-> c3 = 111
s4 <-> c4 = 0
k3 = 10 selects this mapping:
s1 <-> c1 = 110
s2 <-> c2 = 111
s3 <-> c3 = 0
s4 <-> c4 = 10
k4 = 11 selects this mapping:
s1 <-> c1 = 111
s2 <-> c2 = 0
s3 <-> c3 = 10
s4 <-> c4 = 110
These transformation tables apply no matter what value or finite bit
length s1, s2, s3 and s4 have as long as P(s1) = 1/2, P(s2) = 1/4, P(s3)
= P(s4) = 1/8. And since Alice and Bob share these mappings they both
know which ciphertext c_i corresponds to which string s_i for a given
key k_i.
Compression reduces the strings in the set S, s1, s2, s3 and s4 to the
messages in the set M, m1, m2, m3 and m4. Since Alice and Bob know there
are only four messages they can just short-cut compression of s_i to m_i
and use a direct mapping from s_i to c_i as shown above. Assume Eve
knows the messages s_i, the probability of message s_i appearing and the
four mappings from s_i to c_i. The only thing Eve doesn't know is the
key k_i shared by Alice and Bob. The cipher is still perfectly secret.
Eve knows the four strings s1, s2, s3 and s4 that correspond to
ciphertext c_i since she knows the everything about the cipher BUT the
key value. And she still learns nothing more about which message was
sent given the intercepted cryptogram than she knew before the message
was sent.
We don't need to compress s1, s2, s3 or s4 before encipherment with a
cipher with perfect secrecy. Shannon's perfect secrecy is that perfect
- compression prior to its application does nothing to increase security
of the ciphertext against ciphertext-only cryptanalysis.
In the bijective compression model, as I understand past posts, Alice
and Bob would compress s1, s2, s3 and s4 to m1, m2, m3 and m4 and then
encrypt the resulting m_i using the shared secret key k_i:
s1 <-> m1
s2 <-> m2
s3 <-> m3
s4 <-> m4
followed by encipherment of m_i using the transformation tables for m_i
way back up in this post.
So s1 compresses to m1, s2 compresses to m2, s3 compresses to m3 and s4
compresses to m4. What exactly s1, s2 ,s3 and s4 are in exact value is
known to Alice and Bob but not Eve. And since any set S of four finite
strings where P(s1) = 1/2, P(s2) = 1/4, P(s3) = P(s4) = 1/8 can be
represented by M, even if Eve gets the message m_i she doesn't know what
s_i value it corresponds to since Eve doesn't have the compression
mapping.
This is equivalent to Eve NOT knowing the mappings from s_i to c_i since
Eve does not know what the values of S are. But that's the same as
saying Eve does not know the cipher algorithm shared by Alice and Bob,
that Eve has no idea what the four mappings from s_i to c_i for each key
value are.
This threat model is not the same one used in Shannon's paper for his
example of perfect secrecy. In Shannon's model, Eve knows everything BUT
the secret key value - and still there is perfect secrecy.
The Shannon example of a cipher with perfect secrecy does not require
compression at all and does not use the same threat model as that
assumed for bijective compression (as I understand it). Shannon's paper
does not readily support any argument for bijective compression.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,us.misc
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
Date: Sat, 2 Jun 2001 00:12:38 -0700
David Schwartz wrote:
|David Schwartz wrote:
|> In my experience, NSA people aren't too keen about
|> exposing themselves as such outside of DoD facilities.
|
| By the way, I'm talking about civilians employed by
|the NSA, not officers or enlisted personnel assigned to NSA
|divisions. They seem to be less diligent about putting their
|badges away before they walk into, say, a Burger King.
So, how did they get assigned to the NSA divisions in the
first place? What do their working papers look like? How
would one division recognize a new recruit? By 'invitation'
only? What does a typical 'invitation' look like? Is there
a watermark on the paper? How do they secure their ranks
when transferring agents electronically?
Inquiring minds want to know.
------------------------------
From: "Falissard" <[EMAIL PROTECTED]>
Subject: Cryptography as a means of self-protection (only for newbies)
Date: Sat, 02 Jun 2001 07:22:37 GMT
Once in a while, european bureaucracy has good aspects,
here is a good overview that "they" have written :
http://os390-mvs.hypermart.net/encryption.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Sat, 02 Jun 2001 10:51:43 +0200
Barry Margolin wrote:
>
> What if someone who has legitimate need to access the information
> (e.g. your doctor) decides to use it for personal gain? The system can't
> tell *why* someone is accessing data, and it can't control what they do
> with it once they have it. So a doctor could get the information while
> he's treating you, which most people feel is justified, and then publish
> details of your condition in a journal article. There's nothing that
> technology can do to prevent that.
I believe you are right. There is nothing in that issue
to achieve extreme security and yet be practically useful.
An emergency doctor may need some data while the patient
isn't in a position to give authorization and the like.
Once he gets that, it's difficult to prevent him to
secretly use it in illegal ways. It's basically a trust
that the patients have on the doctors in general. Note
also that there are other persons that help them, e.g.
the nurses etc. It would be extremely costly to absolutely
block possibility of leaking of informations in all
situations, if that were technically possible at all. Thus
an ideal tight protection is imfeasible in my humble view.
There are on the other hand ethical committees of
organizations of doctors which deal with cases where some
of them behave in bad ways. That takes care of the issues
like the one you mentioned about publishing, if I don't err.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Top Secret Crypto
Date: Sat, 02 Jun 2001 10:20:57 GMT
"awn" <[EMAIL PROTECTED]> wrote in message
news:WO%R6.16028$[EMAIL PROTECTED]...
> TOP SECRET CRYPTO
>
> The Most Powerful Data Encryption Program in the World
This is a joke right?
> Until now, unbreakable encryption methods have been possessed by only a
few
> government agencies, such as the National Security Agency (NSA) and the
> Soviet KGB. With Top Secret Crypto you now have that ability. Privacy
> maintained by mathematical law is now a reality.
Until now? Unbreakable crypto was invented in the early 20th century.
> THE PROGRAM: Top Secret Crypto uses the RSA Public Key Encryption
Algorithm
> with a key space, or Modulus n size, of 480 to 8,192 bits. Its
conventional
> encryption algorithm is based upon the One Time Pad Encryption System,
which
> is considered Unbreakable in Theory and Practice when used correctly.
Which you are not doing.
<snip>
You obviously are either joking or are a crank. Either way smarten up!
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Question about credit card number
Date: Sat, 02 Jun 2001 10:22:15 GMT
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:3b186060$0$[EMAIL PROTECTED]...
> : What the heck does that mean? asymmetric ciphers solve different
> problems
> : then symmetric ones.
>
> I knew I was going to get flamed for that.
>
> See Schneier, Applied Cryptography, Chapter 7, Section 3 on page 165 and
> the accompanying table 7.9.
And Schneier should be ashamed of himself too. The comparaison is
meaningless.
Tom
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
Date: 02 Jun 2001 04:19:16 -0700
Matthew Montchalin <[EMAIL PROTECTED]> writes:
> So, how did they get assigned to the NSA divisions in the
> first place? What do their working papers look like? How
> would one division recognize a new recruit? By 'invitation'
> only? What does a typical 'invitation' look like? Is there
> a watermark on the paper? How do they secure their ranks
> when transferring agents electronically?
>
> Inquiring minds want to know.
Well, you could read "Body of Secrets" as mentioned earlier. But the
NSA is a military agency where a lot of civilians work. They recruit
a lot of math and languages graduates from universities among other
things. Informally when I've chatted with NSA techies, they've
mentioned a few times that they had openings, just as you might
mention that their company had openings.
I have one anecdote from long before I got interested in cryptography.
I knew a hippie-ish guy who was a grad student in Turkish Literature.
He wore purple-tinted eyeglasses and went to a lot of Grateful Dead
shows. Apparently sometime early in his studies, someone from the
Defense department (looking back, I think that has to mean NSA)
approached him and said that the DoD had determined that Turkish was a
strategic language and there was a shortage of US nationals who could
read or speak it, so they wanted to pay his tuition and give him a
stipend so he could continue studying it, just like that. They didn't
mind that he was a peacenik and didn't seem to attach any strings--a
very sweet deal in his opinion. He said that once or twice a year
they would send him some short document or another written in Turkish
and ask him to translate it. It was always something innocuous so he
shrugged his shoulders and did the translation and sent it back. He
thinks they didn't care about the translation itself and they simply
sent him stuff every now and then to check whether they had his
cooperation. I lost touch with him and don't have any idea what
eventually became of his arrangement, but I wonder about it sometimes.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
