Cryptography-Digest Digest #391, Volume #9 Wed, 14 Apr 99 16:13:03 EDT
Contents:
Re: Is public key crypto just Snake Oil?? (Doug Stell)
Re: Guaranteed message authentication faster than MD5 ([EMAIL PROTECTED])
Re: Adequacy of FIPS-140 (R. Knauer)
CHES CFP (Christof Paar)
Re: Adequacy of FIPS-140 ("Trevor Jackson, III")
UBE98 Broken Again (JPeschel)
Efficient LFSR generators (Was: Re: LFSR polynomial testing) (Terje Mathisen)
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Is public key crypto just Snake Oil??
Date: Wed, 14 Apr 1999 18:18:38 GMT
On Mon, 12 Apr 1999 11:42:53 +0100, Peter Gunn
<[EMAIL PROTECTED]> wrote:
> Is public key crypto just Snake Oil??
Certainly not. It is a very mature field and is in wide-spread use. It
probably even protects our lives and liberty every day. Some of it is
far better than anything we can discuss in this forum, contrary to
what Wired readers have been led to believe.
>Ive now come to the conclusion that it definately is possible to have
>secure point to point network connections based only on a short
>low entropy shared secret, as per EKE, SPEKE, SRP, (and maybe
>even SNAKE ;-)
Passwords are generally bad, because they have to be low entropy
values that us weak-minded humans (compared to a computer) can
remember. A shared secret is even worse. Worse of all, is a plaintext
password sent over the wire for all to read.
Passwords should be kept as closely limited to the human as possible,
such as unlocking an encrypted private key on one's local platform.
Beyond that, it's best to banish passwords from your thinking.
>But the problem of the man-in-the-middle that I came across when
>investigating the Diffie-Hellman key exchange has started me thinking
>(or maybe the beer is wearing off? heehee :-)
We all know that plain, unauthenticated Diffie-Hellman is open to the
MIM attack. However, there are lots of ways to solve that problem,
mainly via authenticated keys. Public-key bearing certificates, signed
by a mutually trusted authority, is the classical model. A published
and trusted list is a simplified version of that model. PGP's web of
trust is another model.
>If this is the case, wouldnt it be simpler to have a traditional
>username/password account with the trusted authority, and
>send them the hash for a document you want to sign, and
>have them return a signature of the hash encrypted using
>some 'private key' unknown even to you. Similarly, people
>could verify the signatures by simply sending off the signature
>and your username, and receive the hash for the document
>which they could then check.
>
>So, as far as I can see, you dont need public key crypto
>to do this?? Just plain old symmetric encryption will do,
>us humans just need to remember a short username &
>password, and signatures are nice and short.
This is a very old concept, from the days when we had only symmetric
encryption. It has been overtaken by events (OBE) with the advent of
public key cryptography. The biggest problem with these, for signature
or encryption, schemes is that they require on on-line third party.
Public key removes that requirement.
>I must be missing something here?? What is it??
No and Yes. You are simply going through evolutionary process that the
discipline as a whole has gone through in the past 25 years.
Cryptography is a huge and complex field. What you are missing is the
knowledge base that comes through experience and study. When you get
up to speed, you will realize that SNAKE is the snake oil.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Guaranteed message authentication faster than MD5
Date: Wed, 14 Apr 1999 18:16:20 GMT
D. J. Bernstein wrote:
> hash127 is the first ``universal hash function'' at this security level
> to break the MD5 speed barrier.
Is it possible to use hash127 or ideas from it to construct a provably
unpredictable random function?
How, exactly, do you prove the safeness of hash127?
I read the abstract but it has no proof.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Wed, 14 Apr 1999 18:07:11 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 14 Apr 1999 08:06:08 -0700, Jim Gillogly <[EMAIL PROTECTED]> wrote:
>Moving that to the Web, guessing the next letter could be
>disastrously simple in many cases using standard search engines.
>Claiming to get a provably secure key is of course ludicrous under
>these conditions.
I can easily find quite ordinary text in many places on the web, text
from all sorts of sources including reproduction of actual printed
material. What difference is there between the text in a physical
newspaper or book and its online version?
>Perhaps he meant "practically" secure key (i.e.
>one that's secure enough for all practical purposes) -- in the sense
>that a 256-bit symmetric system is practically impervious to brute
>force key search.
There is no such thing as a brute force search for the key of an OTP
cipher, assuming that the keystream is truly random and not resued.
Brute force techniques rely on the fact that for messages with a
length considerably larger than the key, there is only one possible
intelligible decryption, and you can find it by trying different keys.
That is not the case with the OTP system, properly implemented.
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: Christof Paar <[EMAIL PROTECTED]>
Subject: CHES CFP
Date: Wed, 14 Apr 1999 14:20:11 -0400
This the the last and final CFP for CHES. A registration form is at the
end of this mail.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Workshop on Cryptographic Hardware and Embedded Systems
(CHES)
http://ece.WPI.EDU/Research/crypt/ches
Worcester Polytechnic Institute
Worcester, Massachusetts, USA
August 12 & 13, 1999
Third and Final Call for Papers
General Information
The focus of this workshop is on all aspects of cryptographic hardware and
embedded system design. The workshop will be a forum of new results from
the research community as well as from the industry. Of special interest
are contributions that describe new methods for efficient hardware
implementations and high-speed software for embedded systems, e.g., smart
cards, microprocessors, DSPs, etc. We hope that the workshop will help to
fill the gap between the cryptography research community and the
application areas of cryptography. Consequently, we encourage submission
from academia, industry, and other organizations. All submitted papers
will be reviewed.
The topics of interest include but are not limited to:
* Computer architectures for public-key cryptosystems
* Computer architectures for secret-key cryptosystems
* Reconfigurable computing and applications in cryptography
* Cryptographic processors and co-processors
* Modular and Galois field arithmetic architectures
* Tamper resistance on the chip and board level
* Architectures for smart cards
* Tamper resistance for smart cards
* Efficient algorithms for embedded processors
* Special-purpose hardware for cryptanalysis
* Fast network encryption
* True and pseudo random number generators
Mailing List
If you want to receive emails with subsequent Call for Papers and
registration information, please send a brief mail to [EMAIL PROTECTED]
Instructions for Authors
Authors are invited to submit original papers. The preferred submission
form is by electronic mail to [EMAIL PROTECTED] Papers should be
formatted in 12pt type and not exceed 12 pages (not including the title
page and the bibliography). The title page should contain the author's
name, address (including email address and an indication of the
corresponding author), an abstract, and a small list of key words. Please
submit the paper in Postscript or PDF. We recommend that you generate the
PS or PDF file using LaTeX, however, MS Word is also acceptable. All
submissions will be refereed.
Only original research contributions will be considered. Submissions must
not substantially duplicate work that any of the authors have published
elsewhere or have submitted in parallel to any other conferences or
workshops that have proceedings.
Workshop Proceedings
The post-proceedings will be published in Springer-Verlag's Lecture Notes
in Computer Science (LNCS) series. Notice that in order to be included in
the proceedings, the authors of an accepted paper must guarantee to
present their contribution at the workshop.
Important Dates
Submission Deadline: April 30th, 1999.
Acceptance Notification: June 15th, 1999.
Final Version due: July 15th, 1999.
Workshop: August 12th & 13th, 1999.
=20
NOTES: The CHES dates August 12 & 13 are the Thursday & Friday preceding
CRYPTO '99 which starts on August 15.
Invited Speakers
Dale Hopkins, Compaq - Atalla, USA.
=09 "Design of Hardware Encryption Systems for e-Commerce Applications.=
"
David Naccache, Gemplus, France.
=09 "Significance Tests and Hardware Leakage."
Brian Snow, National Security Agency, USA.
=09 "We Need Assurance."
Eberhard von Faber, Debis IT Security Services, Germany.
=09 "Security Evaluation Schemes for the Public and Private=20
=09=09 Market with a Focus on Smart Card Systems."
Colin D. Walter, Computation Department - UMIST, U.K.
"An Overview of Montgomery's Multiplication Technique:=20
How to make it Smaller and Faster."
Program Chairs
All correspondence and/or questions should be directed to either of the
Program Chairs:
Cetin Kaya Koc Christof Paar
Dept. of Electrical & Computer Dept. of Electrical & Computer
Engineering Engineering
Oregon State University Worcester Polytechnic Institute
Corvallis, Oregon 97331, USA Worcester, MA 01609, USA
Phone: +1 541 737 4853 Phone: +1 508 831 5061
Fax: +1 541 737 1300 Fax: +1 508 831 5491
Email: [EMAIL PROTECTED] Email: [EMAIL PROTECTED]
Program Committee
Gordon Agnew, University of Waterloo, Canada
David Aucsmith, Intel Corporation, USA
Ernie Brickell, CertCo, USA
Wayne Burleson, University of Massachusetts at Amherst, USA
Burt Kaliski, RSA Laboratories, USA
Jean-Jacques Quisquater, Universit=E9 Catholique de Louvain, Belgium
Christoph Ruland, University of Siegen, Germany
Victor Shoup, IBM Research, Switzerland
Michael Wiener, Entrust Technologies, Canada
Location
WPI is in Worcester, the second largest city in New England. The city is
80 km (50 miles) West of Boston and 280 km (175 miles) North-East of New
York City.
Worcester is home to a wealth of cultural treasures, many of which are
just a short distance from WPI. These include the historic Higgins Armory
Museum, which houses one of the world's largest collections of armor; the
EcoTarium (formerly New England Science Center), one of the only museums
in the country dedicated to environmental education; and the beautifully
restored Mechanics Hall, one of America's finest concert halls. The
Worcester Art Museum, holding one of the nation's finest collections, and
the world-renowned American Antiquarian Society, with the largest
collection of items printed during the nation's colonial period, are
within two blocks of the WPI campus. Worcester is also well known for its
ten colleges, which cooperate through the Colleges of Worcester
Consortium.
Recreation areas within easy driving distance include Boston and Cape Cod
to the east, the White and Green mountains to the north, and the
Berkshires to the west.
August weather in New England is usually very pleasant with average
temperatures of 20 C (70 F).
Workshop Sponsors
This workshop has received generous support from Assured Communications
Inc., Compaq - Atalla Security Products, Intel, SECUNET, SITI, and
Technical Communications Corporation. The organizers express their sincere
thanks.
***************************************************************************
WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES)
Worcester Polytechnic Institute
Worcester, Massachusetts, USA
August 12 & 13, 1999
REGISTRATION FORM
Please type or print clearly in CAPITAL letters.
Only one registrant per registration form.
__Dr. __Mr. __Ms.
First Name_________________________________________________
Last Name__________________________________________________
Company/Org._______________________________________________
Street Address_____________________________________________
City_____________________ Prov/State________ ZIP___________
Country____________________________________________________
Telephone Number___________________________________________
Fax Number_________________________________________________
E-mail_____________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Before July 15 After July 15
=20
CHES Registration Fee (Normal Rate) $265 $290 $________
This includes:
=09pre-proceedings at the workshop
post-proceedings in Springer Verlag's LNCS Series
(to be mailed about 2 months after the workshop)
Thursday evening banquet
Thursday and Friday lunches
Refreshments during the breaks
CHES Registration Fee (Student Discount) $135 $160 $________
This includes:
=09pre-proceedings at the workshop
Thursday evening banquet
Thursday and Friday lunches
Refreshments during the breaks
ADDITIONAL OPTIONS
Extra post-proceedings in Springer Verlag's=20
LNCS Series $35 $35 $________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Total Amount $_____________
Please charge my: __VISA __MasterCard __Discover __American Express
Cardholder's Name_________________________________________________
Card Number_______________________________________________________
Expiration Date___________________________________________________
Date_______________________ Signature_____________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Email or Fax completed form to:
Prof. Christof Paar
Fax:=09+508 831 5491
Email:[EMAIL PROTECTED]
Registration will be completed only upon receipt of payment.=20
No refunds after July 15, 1998.
Substitutes are permitted.=20
$50 cancelation fee for cancelations received before July 15, 1998.
For information regarding the workshop, see the CHES web site:
http://ece.wpi.edu/Research/crypt/ches
=20
***************************************************************************
------------------------------
Date: Wed, 14 Apr 1999 02:58:46 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Adequacy of FIPS-140
R. Knauer wrote:
>
> On Wed, 14 Apr 1999 01:39:26 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>
> >I take it that he understands the law of diminishing returns, something
> >very basic to expert analysis.
>
> Quantum computation is not a matter of any dimishing returns
He wasn't talking about QM.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: UBE98 Broken Again
Date: 14 Apr 1999 17:14:15 GMT
Castork's essay, "UBE 98 Redux" on breaking version 2.1 of UBE98
is now up on my site.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Subject: Efficient LFSR generators (Was: Re: LFSR polynomial testing)
Date: Wed, 14 Apr 1999 21:23:20 +0200
Trevor Jackson, III wrote:
[huge snip]
> If you want a more mundane algorithm I can show you a mechanism for
> generating LFSRs using word-wide operations rather than single bits at
> at time.
The obvious idea would seem to be to AND the current state of the shift
register with the tap mask, XOR together the results into a single
register and then merge that into a single bit, using either a parity or
bitcount operator if available (if not, merge down to a single byte and
use a 256-byte lookup table).
However, it seems like it should be possible to do N iterations at once,
by using a few lookup tables, indexed by parts of the current shift
register state.
For a very long LFSR this might lead to an excessive number of table
lookups, but if the number of tap points (T) is small, you would never
need more than T tables.
So, what does your mechanism look like?
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Wed, 14 Apr 1999 17:18:46 GMT
"R. Knauer" wrote:
> On 12 Apr 1999 15:52:24 -0400, [EMAIL PROTECTED] (Patrick Juola)
> wrote:
> >>And Big Al was wrong, too. The Universe is just one big crap shoot at
> >>the quantum level when it comes to measurement. There are no hidden
> >>variables. Locality is not observed. Systems do become entangled over
> >>super-luminal distances.
> >Must be really convenient to have All The Answers when none of the
> >real, Ph.D. equipped, physicists have that kind of confidence.
> Actually most of the real physicists accept the standard model of QM.
So did Einstein, insofar as computation is concerned.
But he understood that there were unanswered questions about
the foundations of the subject, many of which have not been
satisfactorily answered to this day.
The "God playing dice" question is, why would a basic
phenomenon have to be expressed as a distribution?
Another important issue is, QM is a strictly linear theory,
but nonlinearity is essential for interactions;
typically, quantum field theories are set up with ad-hoc
interaction terms rather than deriving interactions from
something more fundamental.
And there are several open issues about the interaction of
relativity and QM.
> ... And it is not clear that these new theories about the
> Physics Of Information are going to do any damage to standard QM.
Actually, it is clear from Cerf & Adami that quantum information
theory does not predict anything different from the Copenhagen
interpretation, although it has some conceptual advantages.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
