Re: Cryptographic privacy protection in TCPA
Nomen Nescio wrote: Some of the claims seem a little broad, like this first one: 1. A method for establishing a pseudonym system by having a certificate authority accepting a user as a new participant in said pseudonym system, the method comprising the steps of: receiving a first public key provided by said user; verifying that said user is allowed to join the system; computing a credential by signing the first public key using a secret key owned by said certificate authority; publishing said first public key and said credential. Wouldn't this general description cover most proposed credential systems in the past, such as those by Chaum or Brands? Or, indeed, X.509. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptographic privacy protection in TCPA
Nomen Nescio wrote: It looks like Camenisch Lysyanskaya are patenting their credential system. This is from the online patent applications database: http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u=/netahtml/PTO/search-bool.htmlr=1f=Gl=50co1=ANDd=PG01s1=camenischOS=camenischRS=camenisch Hmmm. I see they've made the usual mistake with the rest of the world, though. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum computers inch closer?
At 08:56 PM 8/30/02 -0700, AARG!Anonymous wrote: Bear writes: In this case you'd need to set up the wires-and-gates model in the QC for two ciphertext blocks, each attached to an identical plaintext-recognizer function and attached to the same key register. Then you set up the entangled state, and collapse the eigenvector on the eigenstate where the ciphertext for block A and block B is produced, and the plaintext recognizer for both block A and block B return 1, and then you'd read the plaintext and key out of the appropriate locations (dots?) in the qchip. The problem is that you can't forcibly collapse the state vector into your wished-for eigenstate, the one where the plaintext recognizer returns a 1. Instead, it will collapse into a random state, associated with a random key, and it is overwhelmingly likely that this key is one for which the recognizer returns 0. I thought the whole point of quantum-computer design is to build systems where you *do* impose your arbitrary constraints on the system. The whole difficult part of q-computer design is getting enough qubits to sit still to q-search the space of solutions (to Bear's Feistel-gates-machine), subject to your specific constraints (eg., here's a chunk of ciphertext; here's a function which discriminates noise from likely plaintext, or a set of likely plaintexts). The *whole problem* is calculating/enforcing your problem constraints on the q-system. No different from a sim annealing or evolution run, where all the domain-tricks are in the eval function. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum computers inch closer?
David Honig wrote: At 08:56 PM 8/30/02 -0700, AARG!Anonymous wrote: The problem is that you can't forcibly collapse the state vector into your wished-for eigenstate, the one where the plaintext recognizer returns a 1. Instead, it will collapse into a random state, associated with a random key, and it is overwhelmingly likely that this key is one for which the recognizer returns 0. I thought the whole point of quantum-computer design is to build systems where you *do* impose your arbitrary constraints on the system. Look again at those quantum texts. AARG! is absolutely correct. Quantum doesn't work like the original poster seemed to wish it would; state vectors collapse into a random state, not into that one magic needle-in-a-haystack state you wish it could find. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum computers inch closer?
AARG!Anonymous wrote: The problem is that you can't forcibly collapse the state vector into your wished-for eigenstate, the one where the plaintext recognizer returns a 1. Instead, it will collapse into a random state, Sorry, that's a severe mis-characterization. David Honig wrote: I thought the whole point of quantum-computer design is to build systems where you *do* impose your arbitrary constraints on the system. David Wagner wrote: Look again at those quantum texts. That's good advice. Quantum doesn't work like the original poster seemed to wish it would; state vectors collapse into a random state, Random is not the right word. not into that one magic needle-in-a-haystack state you wish it could find. C'mon folks, let's cut down on extreme statements like the-whole-point-is-this or the-whole-point-is-that and using words like magic to describe finding the right answer. 1) Computer design has many points that must be taken into consideration. Quantum computer design is in some ways more powerful but in other ways more constrained than classical computer design. 2) One of the points is that yes, the computer should compute what you want it to compute. OTOH it takes more than wishing to bring such a computer into existence. 3) A sufficiently well designed quantum computer can, in principle, find some needles in some haystacks, precisely because the structure of the machine, acting according to the laws of quantum mechanics, does in fact collapse the wave-function into a representation of the wished-for answer. (PS most of what has been written about collapse of wave-functions is baloney, but we need not pursue that tangent just now.) = A general remark about parallel computing: For every parallel algorithm (running on P processors) there exists a corresponding uniprocessor algorithm: just set P=1 and turn the crank. The converse does not hold. The existence of a uni- processor algorithm may or may not be a guide to the creation of a parallel algorithm. As Brooks famously said, creating a baby requires nine months, no matter how many mothers are assigned to the task. The same applies even more strongly to quantum computing: It would be nice if you could take a classical circuit, automatically convert it to the corresponding quantum circuit, with the property that when presented with a superposition of questions it would produce the corresponding superposition of answers. But that cannot be. For starters, there will be some phase relationships between the various components of the superposition of answers, and the classical circuit provides no guidance as to what the phase relationships should be. So let's not guess about what quantum algorithms exist. It is possible to construct such algorithms, but it requires highly specialized skills. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum computers inch closer?
Ed Gerck wrote: The original poster is correct, however, in that a metric function can be defined and used by a QC to calculate the distance between a random state and an eigenstate with some desired properties, and thereby allow the QC to define when that distance is zero -- which provides the needle-in-the-haystack solution, even though each random state vector can be seen as a mixed state and will, with higher probability, be representable by a linear combination of eigenvectors with random coefficients, rather than by a single eigenvector. I must admit I can't for the life of me figure out what this paragraph was supposed to mean. Maybe that's quantum for you. But I take it we agree: The original poster's suggested scheme for cracking Feistel ciphers doesn't work, because quantum computers don't work like that. Agreed? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]