Cryptography-Digest Digest #98, Volume #9 Wed, 17 Feb 99 22:13:06 EST
Contents:
Re: Block ciphers vs Stream Ciphers (Patrick Juola)
Re: Block ciphers vs Stream Ciphers (Patrick Juola)
Re: encryption debate ("karl malbrain")
Re: encryption debate (Michael Sierchio)
Re: Block ciphers vs Stream Ciphers (John Savard)
Re: encryption debate (R. Knauer)
Current status of Sarah Flannery's New PKC ?? (Seongtaek Chee)
Re: encryption debate (Patrick Juola)
Re: New high-security 56-bit DES: Less-DES ("Trevor Jackson, III")
Re: True Randomness (R. Knauer)
Re: encryption debate ("Trevor Jackson, III")
Re: True Randomness ("Douglas A. Gwyn")
Re: newbie algorithim thoughts (Fibonacci) (Christopher)
Re: encryption debate (R. Knauer)
Re: newbie algorithim thoughts ("Douglas A. Gwyn")
Re: Telephone Encryption (R. Knauer)
Randomness of coin flips (Nicol So)
Another new encryption algorithm... (Bauerda)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ("james d. hunter")
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) ("Dan")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Block ciphers vs Stream Ciphers
Date: 16 Feb 1999 13:33:18 -0500
In article <7acb8g$2vc$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>In article <7abu0j$fke$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Patrick Juola) wrote:
>> In article <7abaol$mtf$[EMAIL PROTECTED]>,
>> Gustavo <[EMAIL PROTECTED]> wrote:
>> >Hi.
>> >It seems that the cryptographic community is
>> >interested almost only in block ciphers and not
>> >in stream ciphers.
>> >What are the advantages of the first ones?
>>
>> Diffusion.
>>
>> Suppose I were to send a message to my broker :
>> please sell $100,000 worth of IBM
>>
>> A sufficiently cunning adversary could change a few bytes
>> and produce
>>
>> please sell $900,000 worth of ATT
>>
>> In fact, he could change the order by simply changing these bytes
>> please sell $100,000 worth of IBM
>> ^ ^^^
>> w/o even understanding what the original order was, and simply hope
>> to get a meaningful message -- which in the case of stock abbreviations
>> is rather likely
>>
>> A good block cypher would require him to unbutton the entire message;
>> it's more or less immune to this sort of byte-by-byte attack.
>
> Sorry but you don't know what you are talking about.
Mr. Scott, you really ought to improve your reading skills.
If you attempt this sort of simple change to a block-cypher
encrypted file, you'll end up with at least one block that's
likely to be gibberish. Changing one byte in a stream-cypher
encrypted file will typically change only one byte in the
received message.
That you can't understand this does not speak well for the
soi-disant security of the snake oil you keep trying to peddle.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Block ciphers vs Stream Ciphers
Date: 16 Feb 1999 13:38:32 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 16 Feb 1999 10:50:17 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>Then the byte-by-byte attack wouldn't work -- but depending on
>>the compression algorithm you used, he could still do a dictionary-entry-
>>by-dictionary entry attack.
>
>What compresion algorithm(s) would be immune to those kinds of
>attacks?
Well, as the dictionary entries get larger and larger, you
essentially re-invent the block cypher. So anything with a
sufficiently powerful compressor would work.
-kitten
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Wed, 17 Feb 1999 15:13:56 -0800
Patrick Juola <[EMAIL PROTECTED]> wrote in message
news:7af6ff$j9c$[EMAIL PROTECTED]...
>But I don't think that anyone would object that a legal arrest on
>the basis of a legitimate warrant is an illegitimate action.
Gee, I thought that the VARIANT on this <<line>> of reasoning was
fought out in the CIVIL RIGHTS MOVEMENT -- that the government was ACTIONING
as to prevent certain citizens from VOTING on election day, etc. People
objected to the illegitimacy of this, and some were killed. Karl M
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Date: Tue, 16 Feb 1999 09:22:12 -0800
Reply-To: [EMAIL PROTECTED]
"R. Knauer" wrote:
> Check out the US Constitution if you do not believe me.
> Amendment IV
It's been abolished, hasn't it?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Block ciphers vs Stream Ciphers
Date: Wed, 17 Feb 1999 23:24:16 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote, in part:
>Gustavo wrote:
>> It seems that the cryptographic community is
>> interested almost only in block ciphers and not
>> in stream ciphers.
>That depends on which "cryptographic community" you hang out with.
Now, now. He means the open/commercial/academic one, not the one with
deep dark secrets.
One can't just decide to "hang out" with those guys. They have to
trust you first.
John Savard
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: encryption debate
Date: Thu, 18 Feb 1999 00:11:41 GMT
Reply-To: [EMAIL PROTECTED]
On 17 Feb 1999 14:49:03 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>But I don't think that anyone would object that a legal arrest on
>the basis of a legitimate warrant is an illegitimate action.
I have never disclaimed that. That is why I maintain that there is not
a common law right of privacy.
>What you're doing is comparing apples and oranges and discovering
>that -- surprise -- sometimes people's rights come into conflict.
And many more times people's rights come into conflict illegitimately.
But then there is:
http://www4.law.cornell.edu/uscode/42/1983.html
+++++
United States Code TITLE 42
THE PUBLIC HEALTH AND WELFARE
CHAPTER 21 - CIVIL RIGHTS
SUBCHAPTER I - GENERALLY
Sec. 1983. Civil action for deprivation of rights
Every person who, under color of any statute, ordinance, regulation,
custom, or usage, of any State or Territory or the District of
Columbia, subjects, or causes to be subjected, any citizen of the
United States or other person within the jurisdiction thereof to the
deprivation of any rights, privileges, or immunities secured by the
Constitution and laws, shall be liable to the party injured in an
action at law, suit in equity, or other proper proceeding for redress,
except that in any action brought against a judicial officer for an
act or omission taken in such officer's judicial capacity, injunctive
relief shall not be granted unless a declaratory decree was violated
or declaratory relief was unavailable. For the purposes of this
section, any Act of Congress applicable exclusively to the District of
Columbia shall be considered to be a statute of the District of
Columbia.
+++++
Bob Knauer
"No man is good enough to govern another man without that other's consent."
--Abraham Lincoln, Amerika's First Fascist Hypocrite
------------------------------
From: Seongtaek Chee <[EMAIL PROTECTED]>
Subject: Current status of Sarah Flannery's New PKC ??
Date: Thu, 18 Feb 1999 09:17:46 +0900
Anyboy knows current status of Sarah Flannery's New PKC ??
(I could't read this news group for a month.)
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: encryption debate
Date: 17 Feb 1999 14:49:03 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 17 Feb 1999 08:41:36 -0500, [EMAIL PROTECTED] (Patrick Juola)
>wrote:
>
>>The government also has the legitimate means to violate your right to
>>peaceably assemble by arresting and imprisoning you for an unrelated
>>crime.
>
>Just because the govt has the means does not make it legitimate.
But I don't think that anyone would object that a legal arrest on
the basis of a legitimate warrant is an illegitimate action.
What you're doing is comparing apples and oranges and discovering
that -- surprise -- sometimes people's rights come into conflict.
-kitten
------------------------------
Date: Wed, 17 Feb 1999 19:06:28 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: New high-security 56-bit DES: Less-DES
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> DM Lanza <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] wrote:
> >
> > > In article <7a2hpk$cih$[EMAIL PROTECTED]>,
> > > "lyal collins" <[EMAIL PROTECTED]> wrote:
> > > > >For M=14, Alice should take approximately one minute to solve the
> > > > >14-bit problem, while EFF's DES Cracker (a powerful DES cracker in
> > > > >hardware) would take approximately 75 years to solve the 70-bit
> > > > >problem. To compare, the EFF DES Cracker would take approximately 40
> > > > >hours for the usual 56-bit DES key.
> > > >
> > > > These would seem to impose an upper limit of around 60 decrypted received
> > > > messages per hour - provided that machine isn't used for anything else.
> > >
> > > This is true. Note however that the expected Pentium run-time is perhaps
> > > one-tenth of that (8,000 DES one-block decryptions). Further, as I wrote in
> > > the message, Less-DES is a special case of the M-DES protocol -- which
> allows
> > > the definition of an "unknown-key" for those 14-bits and does not impose a
> > > new "key-discovery" task for every message. Please, see the M-DES protocol
> > > definition and key-reusage discussion in
> > > http://www.mcg.org.br/unicity.htm#5.2
> > >
> > > An important point is that (56+M)-bit key-lifetime in M-DES does not depend
> > > on usage (ie, number or length of messages sent) but on time, so that Bob
> and
> > > Alice can leverage Alice's discovery burden over many messages (not just
> > > one).
> > >
> >
> > This leverage principle applies to the attacker as well.
>
> No -- not at all. The attacker has NO leverage because he does NOT know the
> 56-bit shared-secret.
>
> This defines different time scales to discover the full (56+M)-bit key --
> even considering widely different resources. In essence the key-lifetime,
> where you consider a threat model and define how long can a key will "live"
> in that situation for a given probability of discovery. For the EFF DES
> Cracker, the key half-life (ie, 50% probability of discovery) is 75 years for
> M=14 in M-DES.
>
None of that matters. The 56-bit secret key establishes an constant ratio of work
factors between the recipient of a message and an interceptor of the message. If
the message is one of a set sharing the non-disclosed extension to the key, the
work required of the recipient is reduced. So is that of an attacker.
By encoding multiple messages with the key extension you may increase the value of
cracking the first message so much that it is worth the trouble. Of course once
the first message is cracked, the rest fall trivially.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Thu, 18 Feb 1999 00:28:40 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 18 Feb 1999 00:15:26 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>I did -- there are tools that can detect the slight patterns found
>in actual coin-flipping experiments.
I love staying on the cutting edge - care to tell us exactly what
those tools are.
>> You have read Li & Vitanyi's book, haven't you?
>No,
Then it is highly recommended that you do.
Bob Knauer
"No man is good enough to govern another man without that other's consent."
--Abraham Lincoln, Amerika's First Fascist Hypocrite
------------------------------
Date: Wed, 17 Feb 1999 19:13:37 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: encryption debate
Patrick Juola wrote:
> In article <[EMAIL PROTECTED]>,
> R. Knauer <[EMAIL PROTECTED]> wrote:
> >On 17 Feb 1999 08:41:36 -0500, [EMAIL PROTECTED] (Patrick Juola)
> >wrote:
> >
> >>The government also has the legitimate means to violate your right to
> >>peaceably assemble by arresting and imprisoning you for an unrelated
> >>crime.
> >
> >Just because the govt has the means does not make it legitimate.
>
> But I don't think that anyone would object that a legal arrest on
> the basis of a legitimate warrant is an illegitimate action.
I would. It depends on the nature of the law being enforced. The Supreme
Court has held that unconstitional law confers no power. Thus, by
definition, acts that violate the constitution are illegitimate. The may
be *legal*, but they are not legitimate.
>
>
> What you're doing is comparing apples and oranges and discovering
> that -- surprise -- sometimes people's rights come into conflict.
>
> -kitten
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness
Date: Thu, 18 Feb 1999 00:15:26 GMT
"R. Knauer" wrote:
> On Wed, 17 Feb 1999 08:23:55 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> wrote:
> >> >NSA cryptographers are aware that coin flipping is not perfectly
> >> >random, and have tools that can detect that.
> >> All finite sequences are at best pseudo-random, that is, they can be
> >> tested by pseuo-random statistical tests - but that does not make them
> >> truly random. It is the generation process that is either truly random
> >> or not, and that cannot be determined algorithmically from finite
> >> outputs.
> >That misses my point
> What was your point?
> >(as well as being wrong anyway).
> And just exactly what is wrong, anyway?
> >Coin flipping is not even asymptotically random.
> Oh, really? Perhaps you can tell us why.
I did -- there are tools that can detect the slight patterns found
in actual coin-flipping experiments.
> >It has nothing to do with algorithmic complexity etc.
> That's interesting - Li & Vitanyi use it as an example of a Bernoulli
> Process all throughout their book on Kolmogorov Complexity.
> You have read Li & Vitanyi's book, haven't you?
No, but undoubtedly those authors use *idealized* coin-tossing in
their examples. I was responding to a suggestion concerning use
of *actual* coin tossing to generate "random" bit streams.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: newbie algorithim thoughts (Fibonacci)
Date: Thu, 18 Feb 1999 00:29:48 GMT
You're not the only one new around here - simply put, a Fibonacci sequence
is found by adding the last two numbers in the sequence to get the next,
or:
F[k] = F[k-1] + F[k-2]
Here's a link to Fibonacci sequences, look around, there's great resources
here on alot of other topics as well.
http://www.astro.virginia.edu/~eww6n/math/FibonacciNumber.html
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: encryption debate
Date: Thu, 18 Feb 1999 00:36:39 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 17 Feb 1999 19:13:37 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>> But I don't think that anyone would object that a legal arrest on
>> the basis of a legitimate warrant is an illegitimate action.
>I would. It depends on the nature of the law being enforced.
There is no such thing as a legitimate warrant based on an
illegitimate law. Therefore we both agree.
>The Supreme
>Court has held that unconstitional law confers no power.
Oh really? When did the Nine Asses (i.e., ass-o-nine) ever agree on
anything that has to do with the Constitution?
Please tell us about this miracle of jurisprudence, preferably by
citing the Cornell Law Library. And then show us the case law where
actual people successfully prosecuted the govt based on that.
BTW, the Branch Davidians rotting away in a federal prison on trumped
up charges stemming from their defending their inalienable rights at
the Waco Massacre might want to know about this.
>Thus, by
>definition, acts that violate the constitution are illegitimate. The may
>be *legal*, but they are not legitimate.
Bad laws are not legal. That is the essence of common law.
Bob Knauer
"No man is good enough to govern another man without that other's consent."
--Abraham Lincoln, Amerika's First Fascist Hypocrite
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: newbie algorithim thoughts
Date: Thu, 18 Feb 1999 00:30:55 GMT
DarkKnght0 wrote:
> ... direct me to any chronicles or literature that could help me at
> least figure out what a "fibonacci sequence" is...
My advice is to learn how to do research on your own -- without
even trying it, I'm sure that that information is readily available
on the Web, for example by searching for "Fibonacci" at Yahoo!
The simplest form of Fibonacci sequence starts with two terms,
e.g. 23 and 40, then generates as many terms as you want with each
new term being the sum of the previous two: 23 40 63 103 166 269 ...
The properties of Fibonacci-like sequences are well understood by
mathematicians who have studied them.
According to an encyclopedia article on cryptology I once found on
the Web, Fibonacci sequences were at the heart of some actual stream
cipher systems employed in the past.
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Telephone Encryption
Date: Thu, 18 Feb 1999 00:12:59 GMT
Reply-To: [EMAIL PROTECTED]
On 17 Feb 1999 14:26:40 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>PGPfone.
>Runs through the modem port of your laptop. You also need to buy
>a good mike and a speaker if you want good quality sound.
>Plug it into the wall and you're there, man.
Yes. And I could not help but notice that you were a contributor.
Blood good show, dude.
Bob Knauer
"No man is good enough to govern another man without that other's consent."
--Abraham Lincoln, Amerika's First Fascist Hypocrite
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Randomness of coin flips
Date: Wed, 17 Feb 1999 20:06:05 -0500
Douglas A. Gwyn wrote:
>
> "R. Knauer" wrote:
>
> > On Wed, 17 Feb 1999 08:23:55 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> > wrote:
> > >Coin flipping is not even asymptotically random.
> > Oh, really? Perhaps you can tell us why.
>
> I did -- there are tools that can detect the slight patterns found
> in actual coin-flipping experiments.
Without divulging anything you're not supposed to, could you explain why
coin flips are not as random as they are commonly assumed?
I've always suspected that the way *I* flip coins, successive coin flips
are not truly independent, but I didn't try very hard to confirm or
disconfirm my suspicion. I'm under the impression that the way *I* flip
coins, the result of a flip is somewhat correlated to the initial side
up before the flip. Since I usually just pick up the coin the way it
was from the last flip and flip again, the distribution of runs don't
seem to be the way it would be were successive coin flips truly
independent of one another.
Does anyone have the same experience?
Nicol
------------------------------
From: [EMAIL PROTECTED] (Bauerda)
Subject: Another new encryption algorithm...
Date: 18 Feb 1999 02:22:29 GMT
After running into problems with pipeling stalls when trying to optimize RC4
and Blowfish in assembly, I decided to try and write an encryption algorithm
which would take advantage of pipelining and 32 bit operations. The algorithm
in (very) pseudo code:
Divide the 128 bit block into four parts, a,b,c,d.
Prewhiten all four blocks (by addition mod 2^32, not xor).
For i = 1 to rounds
Add b to a.
Left rotate b by 25.
Xor d to c.
Left rotate d by 19.
Xor Round key 1 to a. (Don't if it is the last round)
Add Round key 2 to c. (Don't if it is the last round)
Rotate the whole 128 bit block to the left 32 bits.
Next i.
Post whitening all four blocks (by addition again).
Unfortunetly, while encryption will by fairly fast, decryption will be much
slower due to constant pipeline stalls. I have done some testing of this
algorithm which is why the pre/post whitening is added and not xored, and why
the rotate values are what they are. I measured the diffusion with method
similar to that on Brian Gladman's page. I encrypted two blocks with only one
bit different and counted the number of bits that changed. I recorded both
total change and the change for each position. I found that variable rotates
increased the total diffusion count, but lowered the diffusion counts for some
of the individual positions. Because my actual implementation unrolls the loop
and uses registers, variable rotates can only be done once every four rounds.
The algorithm as stated needs 16 to 17 rounds to get the 'every byte in the
input affects every byte in the output' effect, but this isn't too horrible
considering how fast the individual rounds are. But this leads to my question:
I know that there are forms of differential crytanalysis which are more
effective against ciphers with a small number of rounds, are there any forms
which are good against ciphers with bad diffusion but a whole lot ( I would
recomend about 48 to 72 for this cipher) of rounds?
David Bauer
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 17 Feb 1999 21:49:12 -0500
Reply-To: [EMAIL PROTECTED]
Dan wrote:
>
> In reply, not quite about randomness, but:
>
> Lately, I've encountered problems with people
> recognizing hypothetical situations, questions,
> and dialogues.
>
> Have any of you been experiencing problems with others
> recognizing hypotheticals?
>
> If-then-else is such a simple and effective way to dialogue,
> but in the recent past, I've encountered some "resistance".
> It really sucks, and makes other people appear
> quite stupid, although I know they aren't.
There are two different types of if-then-else.
The problems that I've encountered have to
do with people who only do computer programming
forgetting that there is such a thing as a time
component in a machine.
There is a logic if-then-else
and there is a logistic if-then-else.
The logistic "if-then-else" has a non-removable random component.
---
Jim
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Wed, 17 Feb 1999 16:54:52 -0800
In reply, not quite about randomness, but:
Lately, I've encountered problems with people
recognizing hypothetical situations, questions,
and dialogues.
Have any of you been experiencing problems with others
recognizing hypotheticals?
If-then-else is such a simple and effective way to dialogue,
but in the recent past, I've encountered some "resistance".
It really sucks, and makes other people appear
quite stupid, although I know they aren't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
