Cryptography-Digest Digest #417, Volume #9 Sun, 18 Apr 99 19:13:03 EDT
Contents:
Re: Thought question: why do public ciphers use only simple ops like (Uri
Blumenthal)
dumb question on releasing source code ("Chris Cavitt")
Re: AES Competition (Jerry Coffin)
Re: Thought question: why do public ciphers use only simple ops like shift and XOR?
(John Savard)
Re: SNAKE#13 (Peter Gunn)
Re: Comments on Boomerang Attack Sought (John Savard)
Re: dumb question on releasing source code ("Roger Schlafly")
----------------------------------------------------------------------------
From: Uri Blumenthal <[EMAIL PROTECTED]>
Subject: Re: Thought question: why do public ciphers use only simple ops like
Date: Sun, 18 Apr 1999 16:49:26 -0400
Reply-To: [EMAIL PROTECTED]
At least one publicly known cipher (GOST) uses ADD (a more
complex operation)...
--
Regards,
Uri
-=-=-==-=-=-
<Disclaimer>
------------------------------
From: "Chris Cavitt" <[EMAIL PROTECTED]>
Subject: dumb question on releasing source code
Date: Sun, 18 Apr 1999 17:01:05 -0400
I'm a college student at a US University, and I have several small crypto
programs(GoldWasser-Micalli, Blum-Goldwasser, etc) which use keys ranging
from 8 to 16bits. Is it legal under US law for me to post the source code to
these programs on my web page given the small key sizes, or is that illegal?
I thought I remembered a professor saying it was legal to post anything with
keys <56bits, but I wanted to see if anyone else knew offhand before I did
it.
Thanks for any help.
--
Chris Cavitt
([EMAIL PROTECTED])
Senior Computer Engineering Major,
Clarkson University
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: AES Competition
Date: Sun, 18 Apr 1999 15:35:40 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> What would you call AES when it is renamed?
I think the convention usually used with programming languages is
probably perfectly reasonable -- DES-2000 (or perhaps DES-00).
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Thought question: why do public ciphers use only simple ops like shift
and XOR?
Date: Sun, 18 Apr 1999 22:09:10 GMT
"Steven Alexander" <[EMAIL PROTECTED]> wrote, in part:
>If I try to build a cipher and do
>not understand cryptanalysis I will not ahve any idea how to protect my
>cipher. If you have a better way to design ciphers, please share.
You are right that avoiding known weaknesses is important, and
understanding cryptanalysis is important.
However, I think that there is a "better way to design ciphers" than to
place too much faith in the _present_ knowledge of cryptanalysis. A cipher
should be designed conservatively: not just in the sense of having a few
extra rounds, but in the sense of having extra complexities in its design
_far beyond_ those needed (nonlinear S-boxes, irregularities in the key
schedule) to frustrate _known_ methods of attack.
John Savard ( teenerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Subject: Re: SNAKE#13
Date: Sun, 18 Apr 1999 22:45:18 +0100
Here is my latest and greatest idea for a "probabalistic"
SNAKE version... SNAKE#13-1...
A,B are random numbers
R,T are s bit random numbers with n bits set to 1
p is a large safe prime
H() is a one way hash (SHA or similar)
P=H(password)
h(x,y) is a function which creates a s bit value
by XORing H(x,y) split into s bit quantities
U is the user identifier
1) A->B: (g^A)%p, U, T
2) B->A: (g^B)%p, R
3) A->B: E[H(g^AB)](h(g^AB,P,R) xor V)
if B is MITM he cant solve 'h(g^AB,P,R) xor V' for P
by brute force since he doesnt know V.
The real B accepts client if h(g^AB,P,R) XORed with
the value from the client results in a number with n
bits set to 1. Otherwise it disconnects.
4) B->A: E[H(g^AB)](h(g^AB,P,T) xor S)
similarly the client accepts the server if
h(g^AB,P,R) XORed with the value from the
server results in a number with n bits set to 1.
Otherwise it disconnects.
Problem is I dont know how to work out how much
information is being leaked and therefore how
long the lifespan of a password would be for different
values of s and n.
How can I work out how many s bit numbers contain
n bits set to 1??
:-)
PG.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Comments on Boomerang Attack Sought
Date: Sun, 18 Apr 1999 22:16:43 GMT
James Frey <[EMAIL PROTECTED]> wrote, in part:
>I looked at you diagram, but it is labeled "butterfly attack"
>instead of boomerang attack. Is that an error
Yes, it certainly is.
>To make this work the pairs P Q and P' Q' have a certain characteristic.
>This explanation is just to give the flavor of the paper, and I realize
>it may seem unintelligible without having the text in front of you.
>I only want to convey the 3-D diagram's usefulness.
Fortunately, I found his paper intelligible enough to draw my diagram -
doubtless, a lot like his, even though I hadn't had the chance to see it.
John Savard ( teenerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: dumb question on releasing source code
Date: Sun, 18 Apr 1999 14:22:21 -0700
Chris Cavitt wrote in message <7fdh2m$gp0$[EMAIL PROTECTED]>...
>I'm a college student at a US University, and I have several small crypto
>programs(GoldWasser-Micalli, Blum-Goldwasser, etc) which use keys ranging
>from 8 to 16bits. Is it legal under US law for me to post the source code
to
>these programs on my web page given the small key sizes, or is that
illegal?
>I thought I remembered a professor saying it was legal to post anything
with
>keys <56bits, but I wanted to see if anyone else knew offhand before I did
>it.
Your professor gave bad advice, but anything with 8 to 16 bit keys
would be just a toy implementation. Go ahead and post.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
