Cryptography-Digest Digest #395, Volume #9 Thu, 15 Apr 99 09:13:03 EDT
Contents:
Re: AES Round 1 deadline: 15th April 1999 ("Lassi Hippeläinen")
Re: Guaranteed message authentication faster than MD5 ([EMAIL PROTECTED])
Random Number Displays (James Frey)
Radiation/Random Number question ("R H Braddam")
Re: Simple additive problem ([EMAIL PROTECTED])
Re: Adequacy of FIPS-140 (R. Knauer)
Re: Adequacy of FIPS-140 (R. Knauer)
Re: discreate logarithm problem ([EMAIL PROTECTED])
Re: discreate logarithm problem ([EMAIL PROTECTED])
Re: discreate logarithm problem ([EMAIL PROTECTED])
Re: Adequacy of FIPS-140 (R. Knauer)
Re: Adequacy of FIPS-140 (R. Knauer)
Re: Radiation/Random Number question ("Lassi Hippeläinen")
Re: discreate logarithm problem ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers (R. Knauer)
Re: Adequacy of FIPS-140 (Patrick Juola)
Re: discreate logarithm problem ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Lassi Hippeläinen" <[EMAIL PROTECTED]>
Subject: Re: AES Round 1 deadline: 15th April 1999
Date: Thu, 15 Apr 1999 12:51:49 +0300
> > David Crick <[EMAIL PROTECTED]> wrote, in part:
> >
> > >Just a reminder (as if one's needed) that the deadline for comments
> > >on Round 1 of AES is 15th April 1999.
> >
> > Like the Bulwer-Lytton Contest, they chose a day easy for Americans to
> > remember...
> >
The date didn't ring a bell in my head, so I checked
http://www.historychannel.com/today/
You must be referring to this :-)
-- Lassi
1834 President Jackson Protests Censure
President Andrew Jackson signed a formal
presidential protest of
censure resolutions voted against him by the
U.S. Senate. The
presidential protest and the Senate's censure,
stemming from
Jackson's recent attempt to dissolve the Bank
of the United
States, were both without precedent in U.S.
history. On March
28, the Senate passed a resolution declaring
that President
Andrew Jackson, "in the last executive
proceedings in relation to
the public revenue, has assumed upon himself
authority and
power not conferred by the Constitution and
laws, but in
derogation of both." The censure resolutions,
introduced by
Jackson's arch political rival, Senator Henry
Clay of Kentucky,
were in regard to the president's recent
transfer of funds from the
Bank of the United States to the states. An
ardent supporter of
states' rights, Jackson, assisted by his
treasury secretary, Robert
Taney, who was also censured by the Senate,
gave the federal
money to state institutions. Although Jackson
claimed that the
transfer was a response to the Bank's partisan
position during the
1832 elections, it was clear that the president
was attempting to
use his executive power to do away with the
Bank. On April 15,
1834, the censure resolutions were formally
protested by
President Jackson, and he eventually succeeded
in having them
stripped from the Senate records. Jackson also
successfully
blocked the Bank of the United States from
renewing its charter
and, in early 1841, after several years of
limping along as a state
institution based in Pennsylvania, it was
finally shut down.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Guaranteed message authentication faster than MD5
Date: Thu, 15 Apr 1999 10:01:52 GMT
> Nobody knows how to prove that one can efficiently stretch (say) 256
> uniform random bits into (say) a string of 512 unpredictable random
> bits.
However, is it possible to construct a random function from hash127 that
is unpredictable enough in practice although one cannot prove it?
SURF probably does the job but a single polynomial would look nicer than
a generalized Feistel sequence.
> Secret-key signatures are used in ssh and many other systems. There's no
> need for the public to be able to check the signatures on ssh packets.
Why not make an ssh replacement using hash127, Snuffle/SURF or SEOC,
ucspi-tcp, ptyget and some key-exhange software? Is key-exhange the
only missing piece?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: James Frey <[EMAIL PROTECTED]>
Subject: Random Number Displays
Date: Thu, 15 Apr 1999 03:21:16 -1000
6C5804BE1DC3491C75776CC4F9AEF1682C74F86F068A783D0AF50340C4C7906F
088B58564E4DC6986966C0D9C343EE2F9E1654A0A475F8CCBA72D04371C52DD6
37F3D98E1BC6E8FF7F13104107D8D61C22014CF32AA630636C6E0895CFDACC70
71EAE55E6F960B8A1416BA98439C3770DB2FE69A0DCA36C720136D897077A6D4
BCA86BD707667F5F2B2F882B1045D539EB5F447CD1F55CFE54E213CDD0003A9E
A6DCBDAB9F6CFAC3D42E1F7EBB90146E78EF2050182D28DDEC42E04DECB8A2D8
2BD66902A9162FA4650FE924F6B2261531B196101F88C162F036ED771089A631
A5D8BF12FD62F449950839CB5BD65C55B83AA4C41DC5E73E56F343CB2E9ADB58
C14404204FB2A748167B5DEA57A769CEDA9D49044C92A7F2B72AA7CE2A7DC2A8
5C90992BDD1104E6955A827DFF5EBCD8521C1B33FF35FE007590D838AD469170
3291A3870D5939F770F32CDD70D373F517BD18B10979E05A981CF39DB8726A7A
00D5D3E03F91EC12ED4D1FA2F7892AE819528A31BCC0BDC4693C94289435C211
5D7C84A3350A5C7860B9D20B12A622B3871A6DDEFE288D92FE8BEEA338306F78
2847668DFDE6B9997CBD77B20D40A31EC92BADC46585C52E1EE6583570C0645D
378E3AA539C1741C48785ACE59E2B2489CDA5B5C48AB727BA74977D63F165AB2
CDF5C8A22093C07F0F049D5FFDC26644B6880E1A5852E14DD4827BA13FA662B7
B57BC2083BC0102E23EE24B83A3537246A3FBDC73937CE91A39FFFC3BFFA6569
828C13B26FFDC9C3BCF98C9160E96594CAE99F7C770E955B9B1F4F9806083FA6
6491A0280BEF43FDAD9EB2AD5B71C866140FA37D682692FF3BF742F2F2FAA7B0
33BCF3FBC3950922147C48FCE214E58B299A9008D7C2F0BD5C8AC2B3C5CA9B65
5D3839D16B6DD272CB4BE377D2833C517C5D12DC5C8285F74FEF1FB90F31F7B9
FF47CFE933CA9B2AF9D9D2E8D8A09478FEDE583AC387163640CAA8B6F7F56732
40C20DC11206FE7297F7E01D818C749CA029C522D2109D8395168318B4C6FE9A
6224BADBA2BB03D6847AA22EF17EE7C11F1F1D251AF3467F02B31EB69245CCE1
12CF264CB5A3CA080DDFD9677EA38114800DEF448EC627F1B521BD3767E6726C
13082CD398682553294DCBF4E7E7B2597B49C36E0B6351C182A2D5C307362ED8
D59C7FFB9573BA69A739C11C878A660A2230B0907B76A5EC19363A1B2E51FED6
DF14A2DF9F66657DFE83F2F8EE91715A50047F6BC330C7261028565F76611AFF
F3F1B56C784C6980E3A8665D2908A8106A1B62228799F36BD03DF429F58F972D
718109FEE2BEF0779704CA235A5644623ACBD7EC6552AD648D7034FA25E9A2ED
5F33AA992623630379DBD14F97753DEB16D208A9B688CFC9EDFDB4483C65F1D8
1A1E75D06F135957A4BA9424530FA718B72CD0B34A0CC4426307533B49321E02
Given a set of numbers and a list of sources, people may try
to match the numbers to the sources.
Sources: a computer program, a geiger counter, diode circuit,
resistor circuit, coin toss. Contributions are welcome in
1024 byte groups.
Tomorrow a different source will be posted. Today was a geiger counter.
For 5 days in a row, a different source will be displayed. Then
statistical results will be shown. Acceptance and rejection criteria
will be used. Conclusions will be drawn.
------------------------------
From: "R H Braddam" <[EMAIL PROTECTED]>
Subject: Radiation/Random Number question
Date: Thu, 15 Apr 1999 06:12:10 -0500
Actually, questions, plural.
Since radiation-hardened ICs are available it follows that standard ICs are
affected by radiation. A quick web search finds that soft and hard errors
can occur in ICs because of radiation.
Does anyone here know of any efforts to make *more* sensitive ICs for the
purpose of detecting radiation?
Can anyone here tell me if currently produced static RAM or ROM experiences
soft errors caused by radiation?
Can anyone here tell me if the Americium 241 (1 microcurie) source used in
smoke detectors would cause soft (or hard) errors in chips if placed in
contact with RAM or ROM chips?
What if the chips were obtained as dice, or as dice bonded to the bottom
half of the package and pin connections made... would the passivation layer
block alpha radiation?
If radiation causes picking or dropping of bits in RAM or ROM chips and
doesn't cause catastrophic failure of the chip, wouldn't this be a useable
bit source for desktop computers for generating random numbers?
I'm not asking for a schematic diagram, just discussion of the feasibility.
--
Murphy's Law is the only sure thing in the Universe.
Rick
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Simple additive problem
Date: Thu, 15 Apr 1999 10:58:27 GMT
> What is the *goal* of all that?
> How can the "other user" "verify this"?
> What is the "this" that he is verifying?
Well they can verify they both got the same answer, without giving out A or B
(generated at random by the NG).
>
> If A,B are n-bit uniform, uncorrelated random then so is A+B(mod 2^n),
> but why throw away n bits?
Because you don't want to actually give A or B away.
>
> If you have to send {A,B} to the other user,
> how are you going to protect them against an eavesdropper?
>
You don't. They both generate A and B in private, they send a+b mod 2^n.
> No, given A+B(mod 2^n), subtract A (mod 2^n) and you recover B.
> Given A+B(mod 2^n), for each of the 2^n possible As, there is a
> unique B. (Proof by contradiction: if B!=B'(mod 2^n) but
> A+B=A+B'(mod 2^n), add A(mod 2^n) to that to get B=B'(mod 2^n); QED.)
> Thus, for a given sum there are 2^n combinations {A,B} having that
> sum. A sum of zero is not special in this regard.
Well what if I gave you, 8402, what numbers did I use to contruct this? The
challenge is that the attacker has to now respond (in the next round) with a n
bit number. Only if they have the same shared secret random number seed will
they pass the tests. It is possible with other seeds to generate numbers that
will pass, that is why you do a lot of tests. And since this is just addition
in GF(2^n) it is really quick.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Thu, 15 Apr 1999 12:14:07 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 14 Apr 1999 02:58:46 -0400, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>> >I take it that he understands the law of diminishing returns, something
>> >very basic to expert analysis.
>
>> Quantum computation is not a matter of any dimishing returns
>He wasn't talking about QM.
Originally, I was.
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Thu, 15 Apr 1999 12:15:21 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 14 Apr 1999 03:01:12 -0400, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>No. Only secret text is suitable. Secret text is NOT cheap.
OK, I'll go along with this.
If the text is unknown to the cryptanalyist, what makes it not secret?
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: discreate logarithm problem
Date: Thu, 15 Apr 1999 12:10:31 GMT
In article <7f28th$9gf$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <7f1ttq$vr8$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> >
> So? We will assume that g is a primitive root, so that it generates the
> entire group. Your "(almost)" comment is wrong. g^x is the Frobenius
> automorphism. It generates all elements exactly once as x varies from 1 to
> n-1.
Notational Correction!!!!
g^x should be x^p above. x' --> g^x is a different map than the Frobenius
one.
Bob
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: discreate logarithm problem
Date: Thu, 15 Apr 1999 12:14:56 GMT
In article <7f3301$1lm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Here is my solution.
>
> How about you answer the original question, so I and the poster can learn
> something. Obviously I need to learn more about the DL problem.
I thought that I had answered the question.
The Number Field Sieve solves the DL problem with time complexity
exp( (c+o(1)) (log n)^1/3 (loglog n)^2/3)
with c = (64/9)^1/3
I *know* I had posted the above answer! What I left out was:
and space complexity equal to sqrt(time complexity)
One does not solve DL problems by direct search.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: discreate logarithm problem
Date: Thu, 15 Apr 1999 12:14:46 GMT
In article <7f3301$1lm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Here is my solution.
>
> How about you answer the original question, so I and the poster can learn
> something. Obviously I need to learn more about the DL problem.
I thought that I had answered the question.
The Number Field Sieve solves the DL problem with time complexity
exp( (c+o(1)) (log n)^1/3 (loglog n)^2/3)
with c = (64/9)^1/3
I *know* I had posted the above answer! What I left out was:
and space complexity equal to sqrt(time complexity)
One does not solve DL problems by direct search.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Thu, 15 Apr 1999 12:22:05 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 15 Apr 1999 02:21:15 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>I think you missed the point of my comment....
Very possibly. What was it?
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Adequacy of FIPS-140
Date: Thu, 15 Apr 1999 12:20:50 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 14 Apr 1999 18:50:13 GMT, [EMAIL PROTECTED] wrote:
>Mr. Knauer, you make no sense.
Coming from you, I can understand why you would say that.
>First you expresss ignorance re purple unicorns.
Did it ever occur to you that I don't care to indulge your straw man
nonsense.
>Then you assert they aren't quantum computers.
You gotta let us know where you get your weed from, because it looks
to be some very powerful stuff.
>Presumably you can justify yourself?
Presumably I don't care to indulge someone who is obviously stoned
like you.
>Perhaps even offer some proof for your assertion that "quantum computer" != "purple
>unicorn"?
Pleasant dreams. It will wear off by tomorrow, I am sure.
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: "Lassi Hippeläinen" <[EMAIL PROTECTED]>
Subject: Re: Radiation/Random Number question
Date: Thu, 15 Apr 1999 15:22:09 +0300
Since I happened to be involved in space engineering a few years ago, I still
remember something. But that was a few years ago, I don't have any reference
manuals at my elbow, so please don't take the answers as final truth.
R H Braddam wrote:
> Actually, questions, plural.
>
> Since radiation-hardened ICs are available it follows that standard ICs are
> affected by radiation. A quick web search finds that soft and hard errors
> can occur in ICs because of radiation.
Rad-hard components are mainly made for aerospace environments. The problem is
not just single errors (SEDs, IIRC), but also cumulative radiation. At ground
level the ordinary components are good enough.
> Does anyone here know of any efforts to make *more* sensitive ICs for the
> purpose of detecting radiation?
Not me. Not much business potential :-)
> Can anyone here tell me if currently produced static RAM or ROM experiences
> soft errors caused by radiation?
Very, very seldom. Parity checked memory is out of fashion, even though RAMs
are bigger that ever. The SEDs in ground level electronics seemed to be a
result of alpha emitters in the casing of the chips. When materials were fine
tuned, errors disappeared. It had nothing to do with cosmic radiation.
> Can anyone here tell me if the Americium 241 (1 microcurie) source used in
> smoke detectors would cause soft (or hard) errors in chips if placed in
> contact with RAM or ROM chips?
Hard to say, should be tested. The range of the alpha particles is pretty low
even in free air, so they probably don't penetrate the casing.
> What if the chips were obtained as dice, or as dice bonded to the bottom
> half of the package and pin connections made... would the passivation layer
> block alpha radiation?
??? It depends on how much energy the alpha particles have, and I really don't
remember how hot stuff Am241 sends.
> If radiation causes picking or dropping of bits in RAM or ROM chips and
> doesn't cause catastrophic failure of the chip, wouldn't this be a useable
> bit source for desktop computers for generating random numbers?
Radiation also changes the electrical characteristics of the circuit. Each
event a little more. The distribution of events would not be constant during
the lifetime of the system. As mentioned in the beginning, rad-hard ICs
tolerate _cumulative_ effects of radiation.
Even with rad-hard ICs, if the rate of radiation induced events is high enough
for a random number generator, the chip won't live long :-(
> I'm not asking for a schematic diagram, just discussion of the feasibility.
> --
> Murphy's Law is the only sure thing in the Universe.
>
> Rick
-- Lassi
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: discreate logarithm problem
Date: Thu, 15 Apr 1999 12:15:31 GMT
In article <7f3301$1lm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Here is my solution.
>
> How about you answer the original question, so I and the poster can learn
> something. Obviously I need to learn more about the DL problem.
I thought that I had answered the question.
The Number Field Sieve solves the DL problem with time complexity
exp( (c+o(1)) (log n)^1/3 (loglog n)^2/3)
with c = (64/9)^1/3
I *know* I had posted the above answer! What I left out was:
and space complexity equal to sqrt(time complexity)
One does not solve DL problems by direct search.
Start by reading the discussion in the HAC.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Thu, 15 Apr 1999 12:34:33 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 15 Apr 1999 05:55:29 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>It's not circular reasoning, and you don't seem to understand what
>modeling is about.
You are sure of that, eh. You know everything about my understanding
of modeling, eh.
Why not share with us the source of your infinite wisdom that allows
you to make such sweeping statements about people you know nothing
about. You must be one of those swamis - we seem to have a few of them
around here.
>A model isn't meant to be a precise description
>of the actual process, which is usually unknowable.
I never said anything about a "precise" description. You are, once
again, putting words in my mouth. And you claim to know my level of
understanding about modeling. <jeez>
Hell, you don't even know what I say when I say it in clear English.
>In particular, a statistical model is not deterministic. What a model is about is
>that it allows *prediction*, normally mathematical or computational,
>probabilistic in the case of a statistical model.
How on earth can the UBP model of a fair coin toss "predict" the
outcome of the next trial? And if a statistical model is not
deterministic, as you say above, then how can you expect it to predict
anything, as you say above?
I guess now you are going to tell us that, if a fair coin is tossed 10
times and it comes up heads all 10 times, the probability for the 11th
toss is much more favorable to tails, since on the average you expect
the same number of heads as tails. Is that your notion of
"prediction"?
>Actual systems
>may behave in a way that is close to models for them, or not.
What are you babbling about, you poor man. I mean, take a look at what
you just wrote - it is complete nonsense.
[snip]
Bob Knauer
"I read a funny story about how the Republicans freed the slaves. The
Republicans are the ones who created slavery by law in the 1600's.
Abraham Lincoln freed the slaves and he was not a Republican."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Adequacy of FIPS-140
Date: 15 Apr 1999 08:53:07 -0400
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Wed, 14 Apr 1999 03:01:12 -0400, "Trevor Jackson, III"
><[EMAIL PROTECTED]> wrote:
>
>>No. Only secret text is suitable. Secret text is NOT cheap.
>
>OK, I'll go along with this.
>
>If the text is unknown to the cryptanalyist, what makes it not secret?
If you're pulling the text off the web, *and the cryptanalyst knows it*,
then it's not secret as he has the same access to the Web that you do.
Even if the cryptanalyst doesn't know it, he's likely to guess that
the most likely source of a large block of text is *somewhere* on the
Web. So he fires up AltaVista....
-kitten
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: discreate logarithm problem
Date: Thu, 15 Apr 1999 12:14:50 GMT
In article <7f3301$1lm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Here is my solution.
>
> How about you answer the original question, so I and the poster can learn
> something. Obviously I need to learn more about the DL problem.
I thought that I had answered the question.
The Number Field Sieve solves the DL problem with time complexity
exp( (c+o(1)) (log n)^1/3 (loglog n)^2/3)
with c = (64/9)^1/3
I *know* I had posted the above answer! What I left out was:
and space complexity equal to sqrt(time complexity)
One does not solve DL problems by direct search.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
