Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #14 Mon, 28 May 01 14:13:00 EDT Contents: Quantum Computers with relation to factoring and BBS (Simon Johnson) Re: Quantum Computers with relation to factoring and BBS (John Savard) Re: How do boomerang attacks work? ([EMAIL PROTECTED]) Re: Quantum Computers with relation to factoring and BBS (Scott Fluhrer) Re: Quantum Computers with relation to factoring and BBS (Roger Schlafly) Re: Good crypto or just good enough? (jlcooke) Re: Break on Schneiers first proposed self-study cipher (jlcooke) Re: Medical data confidentiality on network comms (Anne Lynn Wheeler) Re: Medical data confidentiality on network comms (Roger Fleming) Re: DES Crypto Myth?? ([EMAIL PROTECTED]) Re: Stream Cipher combiners (Mark Wooding) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Essay on The need for a look at real life crypto (jlcooke) Re: RSA keysize doubling techniques (jlcooke) Re: The HDCP Semi Public-Key Algorithm (ammendment) (John Savard) Re: Quantum Computers with relation to factoring and BBS (Bill Unruh) Re: Break on Schneiers first proposed self-study cipher (SCOTT19U.ZIP_GUY) Re: DES Crypto Myth?? (SCOTT19U.ZIP_GUY) Re: Euroean commision will recommend all citizens to use encryption in (Vincent Quesnoit) From: [EMAIL PROTECTED] (Simon Johnson) Subject: Quantum Computers with relation to factoring and BBS Date: 28 May 2001 09:15:22 -0700 I'm thinking of using a BBS construction in one of my summer projects. I picked it because the band-width requirement for my application is low and its provably as difficult as factoring to solve. I now want to establish a few facts based on the assumption that p!=np... 1. Do we know factoring is NP for certain? 2. If factoring is NP then why can a Quantum Computer find factors in polynomial time? (i don't know this for fact, i remember reading that somewhere ehre) 3. Are discrete logarithm problems also breakable with quantum computers? 4. This is not related to quantum computers but a question on BBS, why do the two primes that make up the composite have to satisify 3 mod 4. i.e. what cryptographic significance does it have? -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: Quantum Computers with relation to factoring and BBS Date: Mon, 28 May 2001 16:24:22 GMT On 28 May 2001 09:15:22 -0700, [EMAIL PROTECTED] (Simon Johnson) wrote, in part: 1. Do we know factoring is NP for certain? No. 2. If factoring is NP then why can a Quantum Computer find factors in polynomial time? (i don't know this for fact, i remember reading that somewhere ehre) The defnition of P and NP is based on a model of a computer, called the Turing machine, which is similar to a conventional computer, but not to a quantum computer. However, a quantum computer with a fixed maximum number of qbits would still find factors in super-polynomial time as the size of the numbers to factor increased beyond its natural capacity. 3. Are discrete logarithm problems also breakable with quantum computers? Yes. John Savard http://home.ecn.ab.ca/~jsavard/frhome.htm -- From: [EMAIL PROTECTED] Subject: Re: How do boomerang attacks work? Date: Mon, 28 May 2001 07:28:17 -0800 David Wagner wrote: Yes. You can view slide attacks as being an important motivation for having a good key schedule, if you like. Your paper also mentions (page 3) that the technique requires F (which can include several rounds) to be a weak permutation. Are slide attacks also an important motivation for stronger F permutations, or am I missing the point since F could be reduced to a single round? It seems to me that in order to make the single round F permutation strong it would have to be a cipher in and of itself. Would you mind if I emailed two somewhat off-topic questions to you directly? Thanks. -- From: Scott Fluhrer [EMAIL PROTECTED] Subject: Re: Quantum Computers with relation to factoring and BBS Date: Mon, 28 May 2001 09:25:05 -0700 Simon Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I'm thinking of using a BBS construction in one of my summer projects. I picked it because the band-width requirement for my application is low and its provably as difficult as factoring to solve. I now want to establish a few facts based on the assumption that p!=np... Actually, the below answers do not depend on that assumption... 1. Do we know factoring is NP for certain? Yes, but then again, so is the problem is this integer even?. I suspect what you meant was Do we know factoring is NP-complete?, and the answer is no, we don't. Some definitions [warning: these definitions are intended to be easy to understand, and so they're a bit sloppy with the exact
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #13 Sat, 13 Jan 01 05:13:00 EST Contents: Re: Different DES (John Myre) Re: 16bit collision resistance hash function? (John Myre) Re: 16bit collision resistance hash function? (Jim Gillogly) Re: Electronic resources for cryptology? (RoceKiller) On cryptographic proofs and their (lack) of concreteness ("Joseph Ashwood") Documentation on encrypting routines (RoceKiller) that security proof for ECDSA ?? (David A Molnar) Re: that security proof for ECDSA ?? (Paul Rubin) A Small Challnge ("rosi") Security proof (Benjamin Goldberg) Re: A Small Challnge (Mok-Kong Shen) Re: On cryptographic proofs and their (lack) of concreteness (Mok-Kong Shen) Re: Need of very simple algorithms? (Shawn Willden) Re: Need of very simple algorithms? (Shawn Willden) From: John Myre [EMAIL PROTECTED] Subject: Re: Different DES Date: Fri, 12 Jan 2001 15:09:20 -0700 I was going to apologize profusely for the wrong URL but it appears that NIST has just now moved and redesigned their FIPS site. The DES document is now: http://csrc.nist.gov/publications/fips/fip46-3/fips46-3.pdf The FIPS page is: http://csrc.nist.gov/publications/fips/index.html Oh, well. I guess I'll go fix my bookmarks now. JM -- From: John Myre [EMAIL PROTECTED] Subject: Re: 16bit collision resistance hash function? Date: Fri, 12 Jan 2001 15:18:18 -0700 "[Basic]" wrote: snip In fact I calculate the hash value over a 64bit long value and my problem is that while transmitting the last few bits can get lost. As the 16bit hash value is also transmitted the receiver should be able to reconstruct the last few (up to ~25) bits by brute forcing and setting up a list of possible solutions. This list should be as short as possible. This is starting to sound like a failure to communicate the requirements. The question you actually posted has been answered. If what you really want is to solve a real problem, the best way to proceed is to describe the problem. It is possible that a "hash" isn't even the right tool in the first place. JM -- From: Jim Gillogly [EMAIL PROTECTED] Subject: Re: 16bit collision resistance hash function? Date: Fri, 12 Jan 2001 14:23:02 -0800 "[Basic]" wrote: In fact I calculate the hash value over a 64bit long value and my problem is that while transmitting the last few bits can get lost. As the 16bit hash value is also transmitted the receiver should be able to reconstruct the last few (up to ~25) bits by brute forcing and setting up a list of possible solutions. This list should be as short as possible. Then perhaps you should be looking at "error-correcting codes" rather than hashes. -- Jim Gillogly Sterday, 21 Afteryule S.R. 2001, 22:22 12.19.7.15.17, 9 Caban 20 Kankin, Second Lord of Night -- From: RoceKiller [EMAIL PROTECTED] Subject: Re: Electronic resources for cryptology? Date: Fri, 12 Jan 2001 23:30:01 +0100 On Sat, 6 Jan 2001 11:29:45 -, "Mark Hellewell" [EMAIL PROTECTED] used 20 lines to tell us: "Richard Cavell" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... It's difficult to buy specialist books in Australia. The FAQ lists two websites which have both disappeared. Does anyone have any recommended online cryptology resources? There are tons of resources, all you have to do is search for them. Right, but there's a lot of junk too, and it's hard to find the good stuff, between the bad stuff. Greetings RoceKiller -- {E-Mail: RoceKiller(at)trashcan.dk UIN: #36155647 IRC: #RK at Undernet} "Facts ophører ikke med at eksistere, fordi man ignorerer dem." Aldous Huxley -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: On cryptographic proofs and their (lack) of concreteness Date: Fri, 12 Jan 2001 15:18:31 -0800 Recently on sci.crypt there has been a lot of discussion regarding mathematical proofs, and their validity. These are my thoughts, and hopefully some answers for some people. (Almost) Every mathematical proof makes some assumptions. These assumptions range in assuredness from the mundane (1+1=2), to things that we know are fundamentally flawed but we use regardless (the random oracle model). Each of these has varying uses. The main use of these security proofs is in reducing the specifics that must be examined. The common assumptions are things like: The RSA problem is hard The Discrete Log problem is hard SHA-1 acts as a random oracle Given a short list of these assumptions it is possible to make it far easier to determine if the algorithm in question suits the needs of the situation. For most purposes, SHA-1 is effectively a Random Oracle, and the RSA problem is hard. Ho
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #12 Wed, 16 Aug 00 22:13:01 EDT Contents: New Stream Cipher like SEAL ([EMAIL PROTECTED]) Re: 1-time pad is not secure... (Tim Tyler) Re: 1-time pad is not secure... (Tim Tyler) Re: Quick Question (Part Two) (Steve Rush) Re: New Stream Cipher like SEAL (Paul Rubin) ("John") Paradoxes, off-topic (was Re: 215 Hz five-qubit quantum processor) (David Hopwood) Re: 215 Hz five-qubit quantum processor (David Hopwood) Re: OTP using BBS generator? (David Hopwood) Re: OTP using BBS generator? (Tim Tyler) Re: Quick Question (Part Two) (David A Molnar) Re: WAP gateway to WWW - Will this configuration really fly from a security perspective ? ("Tor Rustad") Re: New Stream Cipher like SEAL ([EMAIL PROTECTED]) Re: OTP using BBS generator? ("Paul Pires") Re: OTP using BBS generator? (Tim Tyler) Re: The quick brown fox... (Benjamin Goldberg) From: [EMAIL PROTECTED] Subject: New Stream Cipher like SEAL Date: Thu, 17 Aug 2000 00:15:10 GMT This is a stream cipher like SEAL where it stretches a 32-bit value into a larger value. I don't see any obvious flaws in it so I figured someone here may want to beat at it before I actually write up a report on it. The C source (really easy to read) is at http://www.geocities.com/tomstdenis/files/sc1.c On my K6-2 I get 15 cycles per byte with the C code which is really kinda cool. Please comment if possible. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: 1-time pad is not secure... Reply-To: [EMAIL PROTECTED] Date: Thu, 17 Aug 2000 00:07:35 GMT Darren New [EMAIL PROTECTED] wrote: : Tim Tyler wrote: : Except that it doesn't say any such thing. Completely deterministic : interpretations of quantum theory exist, namely - for example - the MWI. : Just out of curiousity, what determines which branchs "you" have taken in : the MWI? That would be a meaningless question ;-) : [...] By "you" I mean the person reading this post. [...] If following a MWI, there are many "me"s and many "post"s. All have equal rights and status. By saying "this" post, you haven't uniquely identified anything, since there are many posts which are all claiming to be "this" post. -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ Namaste. -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: 1-time pad is not secure... Reply-To: [EMAIL PROTECTED] Date: Wed, 16 Aug 2000 23:59:27 GMT Sniggerfardimungus ronb.cc@usu@edu wrote: : In article [EMAIL PROTECTED], Tim Tyler [EMAIL PROTECTED] writes: : ``There is a branch of theology that seems to be influencing people : who don't know the root source of the ideas they hold.'' : : This looks more like psychoanalysis than memetics to me. : : Also, there's no need to patronise me. I'm quite aware of the : similarities and differences between psychoanalysis and memetics. : Evidently you don't. [...] Blah, blah, blah... -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ Namaste. -- From: [EMAIL PROTECTED] (Steve Rush) Subject: Re: Quick Question (Part Two) Date: 17 Aug 2000 00:46:40 GMT ...every aspiring computer scientist should own the three volumes by Professor Knuth even though he perists to use assembly language to exemplify (implement) his algorithms. Professor Knuth explains why he uses assembly language (for the hypothetical MIX machine, so as not to favor any real machine). He wants to make clear what the machine actually does. He also states each algorithm in prose pseudocode and flowchart form, so you can implement it in whatever language you happen to be working in. == == If it's spam, it's a scam. Don't do business with Net abusers. -- From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: New Stream Cipher like SEAL Date: 17 Aug 2000 00:54:09 GMT In article 8nfapv$4r1$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: On my K6-2 I get 15 cycles per byte with the C code which is really kinda cool. Please comment if possible. This is unimpressive for a 32-bit stream cipher. I think you can get more speed than that with 8-bit RC4. Do you have an estimated speed for an asm implementation? That said, it's nice to hear you've gotten interested in stream ciphers. More block ciphers are the last thing this newsgroup needs. -- From: "John" [EMAIL PROTECTED] Subject: Date: Wed, 16 Aug 2000 19:46:30 -0400 testing. Trying to figure out why I co
Cryptography-Digest Digest #463
Cryptography-Digest Digest #463, Volume #11 Sat, 1 Apr 00 23:13:01 EST Contents: Re: NSA (Jerry Coffin) Re: Implementation of Blowfish (Tom St Denis) Re: Implementation of Blowfish (lordcow77) Re: Chronometric Cryptography ("Joseph Ashwood") Re: Hash/Mixing SPRN ("Joseph Ashwood") Re: Implementation of Blowfish ("Joseph Ashwood") Re: Algorithm to decypher ENIGMA? (Jim Gillogly) Re: OAP-L3: Semester 1 / Class #1 All are invited. (NFN NMI L.) Re: Newbie Question: What is a Hash Method? (K. O. Marinely) Postdoctoral Position at KIAS, Korea (Saebock) Re: Implementation of Blowfish (Tom St Denis) Re: Implementation of Blowfish (Tom St Denis) Re: NSA ("Trevor L. Jackson, III") Re: I will make ANY software for ANYBODY (Guy Macon) Re: Using Am-241 to generate random numbers (Guy Macon) Re: NSA ("Stou Sandalski") Re: Blowfish (David Hopwood) From: Jerry Coffin [EMAIL PROTECTED] Subject: Re: NSA Date: Sat, 1 Apr 2000 16:16:03 -0700 In article 8c5pm6$cc2$[EMAIL PROTECTED], [EMAIL PROTECTED] says... [ ... ] Myself and others have posted seemingly original ideas in sci.crypt. Of course, some of these notions may be too speculative, vague or useless but, collectively, we might teach an old dog (the NSA) a new trick or two. While I agree that it's possible, I suspect you'd have more difficulty convincing most of the NSA of the idea. In any case, given their manpower constraints, I'd expect them to have difficulty even keeping track of things that have relatively high S/N ratios, so I doubt they'd spend a lot of time on newsgroups where the ratio is much lower. To return the favor, the least the NSA could do is contribute to the crypto humor thread I started (it might not be illegal for them to do this). It's illegal for them to even _have_ a sense of humor (sorry, but it was too obvious to resist). -- Later, Jerry. The universe is a figment of its own imagination. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Implementation of Blowfish Date: Sat, 01 Apr 2000 23:25:37 GMT I heard CB is a cool Crypto API, it includes Blowfish among it's other symmetric ciphers. http://24.42.86.123/cb.html Tom Jan Krumsiek wrote: Does anybody know where to get the (c++) source code of an implementation of blowfish that supports the encryption of variable size strings. i don't really know how to correctly encapsulate the core functions. Jan Sent via Deja.com http://www.deja.com/ Before you buy. -- Subject: Re: Implementation of Blowfish From: lordcow77 [EMAIL PROTECTED] Date: Sat, 01 Apr 2000 16:16:48 -0800 This is intellectually dishonest, implying an unbiased observation or judgement when in fact, CB is your own API. While I am fairly certain that you have no underhanded motives, fully disclosing your relationship to a product that you suggest to others is a standard ethical practice. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: "Joseph Ashwood" [EMAIL PROTECTED] Subject: Re: Chronometric Cryptography Date: Sat, 1 Apr 2000 16:32:04 - You are correct in pointing out that if the attacker knew how many iterations the message had been encrypted for, it would provide a few bits of extended security, but since an attacker would have to guess at the number of iterations, and if he/she were to guess low, they would never decipher the message, I think that would add another layer of security on top of it. No, if the attacker knew the number of iterations, there is absolutely no additional protection. However it is safe to assume that an attacker knows approximately how long you will take to encrypt, and know approximately what computing power. I have never met you and I made an estimate on the computing power in front of you, was I correct? If so then based on effectively no information I have reduced the maximum impact of the variable rounds function to an addition 2 bits if I chose to attack something you encrypted, and remember an attacker is likely to know more about you than I do. Also by storing the XOR of all the keys you supply additional information about the key that I could use to speed up an attack, simply by computing the cheap function you use for verification. The likelihood of a collision is very small, and you have effectively eliminated even more of the protection. Looking at it, I think it is best to view it as a tree search, where the tree depth is infinite, but knowledge of what depth in the tree the answer will be found is known. Given that information, only that depth in the tree needs to be searched, so insted of searching an infinite tree, you are searching only