Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #14 Mon, 28 May 01 14:13:00 EDT Contents: Quantum Computers with relation to factoring and BBS (Simon Johnson) Re: Quantum Computers with relation to factoring and BBS (John Savard) Re: How do boomerang attacks work? ([EMAIL PROTECTED]) Re: Quantum Computers with relation to factoring and BBS (Scott Fluhrer) Re: Quantum Computers with relation to factoring and BBS (Roger Schlafly) Re: Good crypto or just good enough? (jlcooke) Re: Break on Schneiers first proposed self-study cipher (jlcooke) Re: Medical data confidentiality on network comms (Anne Lynn Wheeler) Re: Medical data confidentiality on network comms (Roger Fleming) Re: DES Crypto Myth?? ([EMAIL PROTECTED]) Re: Stream Cipher combiners (Mark Wooding) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Essay on The need for a look at real life crypto (jlcooke) Re: RSA keysize doubling techniques (jlcooke) Re: The HDCP Semi Public-Key Algorithm (ammendment) (John Savard) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Break on Schneiers first proposed self-study cipher (SCOTT19U.ZIP_GUY) Re: DES Crypto Myth?? (SCOTT19U.ZIP_GUY) Re: Euroean commision will recommend all citizens to use encryption in (Vincent Quesnoit) From: [EMAIL PROTECTED] (Simon Johnson) Subject: Quantum Computers with relation to factoring and BBS Date: 28 May 2001 09:15:22 -0700 I'm thinking of using a BBS construction in one of my summer projects. I picked it because the band-width requirement for my application is low and its provably as difficult as factoring to solve. I now want to establish a few facts based on the assumption that p!=np... 1. Do we know factoring is NP for certain? 2. If factoring is NP then why can a Quantum Computer find factors in polynomial time? (i don't know this for fact, i remember reading that somewhere ehre) 3. Are discrete logarithm problems also breakable with quantum computers? 4. This is not related to quantum computers but a question on BBS, why do the two primes that make up the composite have to satisify 3 mod 4. i.e. what cryptographic significance does it have? -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: Quantum Computers with relation to factoring and BBS Date: Mon, 28 May 2001 16:24:22 GMT On 28 May 2001 09:15:22 -0700, [EMAIL PROTECTED] (Simon Johnson) wrote, in part: 1. Do we know factoring is NP for certain? No. 2. If factoring is NP then why can a Quantum Computer find factors in polynomial time? (i don't know this for fact, i remember reading that somewhere ehre) The defnition of P and NP is based on a model of a computer, called the Turing machine, which is similar to a conventional computer, but not to a quantum computer. However, a quantum computer with a fixed maximum number of qbits would still find factors in super-polynomial time as the size of the numbers to factor increased beyond its natural capacity. 3. Are discrete logarithm problems also breakable with quantum computers? Yes. John Savard http://home.ecn.ab.ca/~jsavard/frhome.htm -- From: [EMAIL PROTECTED] Subject: Re: How do boomerang attacks work? Date: Mon, 28 May 2001 07:28:17 -0800 David Wagner wrote: Yes. You can view slide attacks as being an important motivation for having a good key schedule, if you like. Your paper also mentions (page 3) that the technique requires F (which can include several rounds) to be a weak permutation. Are slide attacks also an important motivation for stronger F permutations, or am I missing the point since F could be reduced to a single round? It seems to me that in order to make the single round F permutation strong it would have to be a cipher in and of itself. Would you mind if I emailed two somewhat off-topic questions to you directly? Thanks. -- From: Scott Fluhrer [EMAIL PROTECTED] Subject: Re: Quantum Computers with relation to factoring and BBS Date: Mon, 28 May 2001 09:25:05 -0700 Simon Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I'm thinking of using a BBS construction in one of my summer projects. I picked it because the band-width requirement for my application is low and its provably as difficult as factoring to solve. I now want to establish a few facts based on the assumption that p!=np... Actually, the below answers do not depend on that assumption... 1. Do we know factoring is NP for certain? Yes, but then again, so is the problem is this integer even?. I suspect what you meant was Do we know factoring is NP-complete?, and the answer is no, we don't. Some definitions [warning: these definitions are intended to be easy to understand, and so they're a bit sloppy with the exact
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #13 Sat, 13 Jan 01 05:13:00 EST
Contents:
Re: Different DES (John Myre)
Re: 16bit collision resistance hash function? (John Myre)
Re: 16bit collision resistance hash function? (Jim Gillogly)
Re: Electronic resources for cryptology? (RoceKiller)
On cryptographic proofs and their (lack) of concreteness ("Joseph Ashwood")
Documentation on encrypting routines (RoceKiller)
that security proof for ECDSA ?? (David A Molnar)
Re: that security proof for ECDSA ?? (Paul Rubin)
A Small Challnge ("rosi")
Security proof (Benjamin Goldberg)
Re: A Small Challnge (Mok-Kong Shen)
Re: On cryptographic proofs and their (lack) of concreteness (Mok-Kong Shen)
Re: Need of very simple algorithms? (Shawn Willden)
Re: Need of very simple algorithms? (Shawn Willden)
From: John Myre [EMAIL PROTECTED]
Subject: Re: Different DES
Date: Fri, 12 Jan 2001 15:09:20 -0700
I was going to apologize profusely for the wrong URL but
it appears that NIST has just now moved and redesigned
their FIPS site. The DES document is now:
http://csrc.nist.gov/publications/fips/fip46-3/fips46-3.pdf
The FIPS page is:
http://csrc.nist.gov/publications/fips/index.html
Oh, well. I guess I'll go fix my bookmarks now.
JM
--
From: John Myre [EMAIL PROTECTED]
Subject: Re: 16bit collision resistance hash function?
Date: Fri, 12 Jan 2001 15:18:18 -0700
"[Basic]" wrote:
snip
In fact I calculate the hash value over a 64bit long value and my problem is
that while transmitting the last few bits can get lost. As the 16bit hash
value is also transmitted the receiver should be able to reconstruct the
last few (up to ~25) bits by brute forcing and setting up a list of possible
solutions. This list should be as short as possible.
This is starting to sound like a failure to communicate
the requirements. The question you actually posted has
been answered. If what you really want is to solve a
real problem, the best way to proceed is to describe
the problem. It is possible that a "hash" isn't even
the right tool in the first place.
JM
--
From: Jim Gillogly [EMAIL PROTECTED]
Subject: Re: 16bit collision resistance hash function?
Date: Fri, 12 Jan 2001 14:23:02 -0800
"[Basic]" wrote:
In fact I calculate the hash value over a 64bit long value and my problem is
that while transmitting the last few bits can get lost. As the 16bit hash
value is also transmitted the receiver should be able to reconstruct the
last few (up to ~25) bits by brute forcing and setting up a list of possible
solutions. This list should be as short as possible.
Then perhaps you should be looking at "error-correcting codes" rather
than hashes.
--
Jim Gillogly
Sterday, 21 Afteryule S.R. 2001, 22:22
12.19.7.15.17, 9 Caban 20 Kankin, Second Lord of Night
--
From: RoceKiller [EMAIL PROTECTED]
Subject: Re: Electronic resources for cryptology?
Date: Fri, 12 Jan 2001 23:30:01 +0100
On Sat, 6 Jan 2001 11:29:45 -,
"Mark Hellewell" [EMAIL PROTECTED]
used 20 lines to tell us:
"Richard Cavell" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
It's difficult to buy specialist books in Australia.
The FAQ lists two websites which have both disappeared.
Does anyone have any recommended online cryptology resources?
There are tons of resources, all you have to do is search for them.
Right, but there's a lot of junk too, and it's hard to find the good
stuff, between the bad stuff.
Greetings
RoceKiller
--
{E-Mail: RoceKiller(at)trashcan.dk UIN: #36155647 IRC: #RK at Undernet}
"Facts ophører ikke med at eksistere, fordi man ignorerer dem."
Aldous Huxley
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: On cryptographic proofs and their (lack) of concreteness
Date: Fri, 12 Jan 2001 15:18:31 -0800
Recently on sci.crypt there has been a lot of discussion regarding
mathematical proofs, and their validity. These are my thoughts, and
hopefully some answers for some people.
(Almost) Every mathematical proof makes some assumptions. These assumptions
range in assuredness from the mundane (1+1=2), to things that we know are
fundamentally flawed but we use regardless (the random oracle model). Each
of these has varying uses. The main use of these security proofs is in
reducing the specifics that must be examined.
The common assumptions are things like:
The RSA problem is hard
The Discrete Log problem is hard
SHA-1 acts as a random oracle
Given a short list of these assumptions it is possible to make it far easier
to determine if the algorithm in question suits the needs of the situation.
For most purposes, SHA-1 is effectively a Random Oracle, and the RSA problem
is hard. Ho
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #12 Wed, 16 Aug 00 22:13:01 EDT
Contents:
New Stream Cipher like SEAL ([EMAIL PROTECTED])
Re: 1-time pad is not secure... (Tim Tyler)
Re: 1-time pad is not secure... (Tim Tyler)
Re: Quick Question (Part Two) (Steve Rush)
Re: New Stream Cipher like SEAL (Paul Rubin)
("John")
Paradoxes, off-topic (was Re: 215 Hz five-qubit quantum processor) (David Hopwood)
Re: 215 Hz five-qubit quantum processor (David Hopwood)
Re: OTP using BBS generator? (David Hopwood)
Re: OTP using BBS generator? (Tim Tyler)
Re: Quick Question (Part Two) (David A Molnar)
Re: WAP gateway to WWW - Will this configuration really fly from a security
perspective ? ("Tor Rustad")
Re: New Stream Cipher like SEAL ([EMAIL PROTECTED])
Re: OTP using BBS generator? ("Paul Pires")
Re: OTP using BBS generator? (Tim Tyler)
Re: The quick brown fox... (Benjamin Goldberg)
From: [EMAIL PROTECTED]
Subject: New Stream Cipher like SEAL
Date: Thu, 17 Aug 2000 00:15:10 GMT
This is a stream cipher like SEAL where it stretches a 32-bit value
into a larger value. I don't see any obvious flaws in it so I figured
someone here may want to beat at it before I actually write up a report
on it.
The C source (really easy to read) is at
http://www.geocities.com/tomstdenis/files/sc1.c
On my K6-2 I get 15 cycles per byte with the C code which is really
kinda cool.
Please comment if possible.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Tim Tyler [EMAIL PROTECTED]
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Thu, 17 Aug 2000 00:07:35 GMT
Darren New [EMAIL PROTECTED] wrote:
: Tim Tyler wrote:
: Except that it doesn't say any such thing. Completely deterministic
: interpretations of quantum theory exist, namely - for example - the MWI.
: Just out of curiousity, what determines which branchs "you" have taken in
: the MWI?
That would be a meaningless question ;-)
: [...] By "you" I mean the person reading this post. [...]
If following a MWI, there are many "me"s and many "post"s. All have
equal rights and status. By saying "this" post, you haven't uniquely
identified anything, since there are many posts which are all claiming
to be "this" post.
--
__ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
--
From: Tim Tyler [EMAIL PROTECTED]
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Wed, 16 Aug 2000 23:59:27 GMT
Sniggerfardimungus ronb.cc@usu@edu wrote:
: In article [EMAIL PROTECTED], Tim Tyler [EMAIL PROTECTED] writes:
: ``There is a branch of theology that seems to be influencing people
: who don't know the root source of the ideas they hold.''
:
: This looks more like psychoanalysis than memetics to me.
:
: Also, there's no need to patronise me. I'm quite aware of the
: similarities and differences between psychoanalysis and memetics.
: Evidently you don't. [...]
Blah, blah, blah...
--
__ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
--
From: [EMAIL PROTECTED] (Steve Rush)
Subject: Re: Quick Question (Part Two)
Date: 17 Aug 2000 00:46:40 GMT
...every aspiring
computer scientist should own the three volumes by Professor Knuth
even though he perists to use assembly language to exemplify
(implement) his algorithms.
Professor Knuth explains why he uses assembly language (for the hypothetical
MIX machine, so as not to favor any real machine). He wants to make clear what
the machine actually does. He also states each algorithm in prose pseudocode
and flowchart form, so you can implement it in whatever language you happen to
be working in.
==
==
If it's spam, it's a scam. Don't do business with Net abusers.
--
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: New Stream Cipher like SEAL
Date: 17 Aug 2000 00:54:09 GMT
In article 8nfapv$4r1$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
On my K6-2 I get 15 cycles per byte with the C code which is really
kinda cool.
Please comment if possible.
This is unimpressive for a 32-bit stream cipher. I think you can get
more speed than that with 8-bit RC4. Do you have an estimated speed
for an asm implementation?
That said, it's nice to hear you've gotten interested in stream ciphers.
More block ciphers are the last thing this newsgroup needs.
--
From: "John" [EMAIL PROTECTED]
Subject:
Date: Wed, 16 Aug 2000 19:46:30 -0400
testing. Trying to figure out why I co
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #11 Sat, 1 Apr 00 23:13:01 EST
Contents:
Re: NSA (Jerry Coffin)
Re: Implementation of Blowfish (Tom St Denis)
Re: Implementation of Blowfish (lordcow77)
Re: Chronometric Cryptography ("Joseph Ashwood")
Re: Hash/Mixing SPRN ("Joseph Ashwood")
Re: Implementation of Blowfish ("Joseph Ashwood")
Re: Algorithm to decypher ENIGMA? (Jim Gillogly)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (NFN NMI L.)
Re: Newbie Question: What is a Hash Method? (K. O. Marinely)
Postdoctoral Position at KIAS, Korea (Saebock)
Re: Implementation of Blowfish (Tom St Denis)
Re: Implementation of Blowfish (Tom St Denis)
Re: NSA ("Trevor L. Jackson, III")
Re: I will make ANY software for ANYBODY (Guy Macon)
Re: Using Am-241 to generate random numbers (Guy Macon)
Re: NSA ("Stou Sandalski")
Re: Blowfish (David Hopwood)
From: Jerry Coffin [EMAIL PROTECTED]
Subject: Re: NSA
Date: Sat, 1 Apr 2000 16:16:03 -0700
In article 8c5pm6$cc2$[EMAIL PROTECTED], [EMAIL PROTECTED] says...
[ ... ]
Myself and others have posted seemingly
original ideas in sci.crypt. Of course, some of
these notions may be too speculative, vague or
useless but, collectively, we might teach an
old dog (the NSA) a new trick or two.
While I agree that it's possible, I suspect you'd have more
difficulty convincing most of the NSA of the idea. In any case,
given their manpower constraints, I'd expect them to have difficulty
even keeping track of things that have relatively high S/N ratios, so
I doubt they'd spend a lot of time on newsgroups where the ratio is
much lower.
To return
the favor, the least the NSA could do is
contribute to the crypto humor thread I
started (it might not be illegal for them to do
this).
It's illegal for them to even _have_ a sense of humor (sorry, but it
was too obvious to resist).
--
Later,
Jerry.
The universe is a figment of its own imagination.
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: Implementation of Blowfish
Date: Sat, 01 Apr 2000 23:25:37 GMT
I heard CB is a cool Crypto API, it includes Blowfish among it's other
symmetric ciphers.
http://24.42.86.123/cb.html
Tom
Jan Krumsiek wrote:
Does anybody know where to get the (c++) source code of an
implementation of blowfish that supports the encryption of variable
size strings.
i don't really know how to correctly encapsulate the core functions.
Jan
Sent via Deja.com http://www.deja.com/
Before you buy.
--
Subject: Re: Implementation of Blowfish
From: lordcow77 [EMAIL PROTECTED]
Date: Sat, 01 Apr 2000 16:16:48 -0800
This is intellectually dishonest, implying an unbiased
observation or judgement when in fact, CB is your own API. While
I am fairly certain that you have no underhanded motives, fully
disclosing your relationship to a product that you suggest to
others is a standard ethical practice.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Chronometric Cryptography
Date: Sat, 1 Apr 2000 16:32:04 -
You are correct in pointing out that if the attacker knew
how many
iterations the message had been encrypted for, it would
provide a few bits
of extended security, but since an attacker would have to
guess at the
number of iterations, and if he/she were to guess low,
they would never
decipher the message, I think that would add another layer
of security on
top of it.
No, if the attacker knew the number of iterations, there is
absolutely no additional protection. However it is safe to
assume that an attacker knows approximately how long you
will take to encrypt, and know approximately what computing
power. I have never met you and I made an estimate on the
computing power in front of you, was I correct? If so then
based on effectively no information I have reduced the
maximum impact of the variable rounds function to an
addition 2 bits if I chose to attack something you
encrypted, and remember an attacker is likely to know more
about you than I do. Also by storing the XOR of all the keys
you supply additional information about the key that I could
use to speed up an attack, simply by computing the cheap
function you use for verification. The likelihood of a
collision is very small, and you have effectively eliminated
even more of the protection.
Looking at it, I think it is best to view it as a tree
search, where the tree depth is infinite, but knowledge of
what depth in the tree the answer will be found is known.
Given that information, only that depth in the tree needs to
be searched, so insted of searching an infinite tree, you
are searching only
