Cryptography-Digest Digest #126, Volume #9 Tue, 23 Feb 99 15:13:02 EST
Contents:
Re: Visual Cryptography (Reuben Sumner)
Re: random number generator??? (R. Knauer)
Re: Anyone know of any good stream chipers? (R. Knauer)
Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness Come
From ?!? *** ) (R. Knauer)
Re: Testing Algorithms (Steven Runyeard)
Re: Testing Algorithms (Alan Braggins)
Re: paper on all 15 AES candidates ?? (Somniac)
Re: Testing Algorithms (Coen Visser)
Computer Books: New Browsable Catalog Online ([EMAIL PROTECTED])
Re: Randomness of coin flips ("Tony T. Warnock")
Constructing different random sequences ("Rochus Wessels")
RSA test vectors (Thierry Schneider)
Re: random number generator??? ("karl malbrain")
Re: random number generator??? (R. Knauer)
Re: Where to publish hashes? (Helger Lipmaa)
Re: True Randomness (R. Knauer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Reuben Sumner)
Subject: Re: Visual Cryptography
Date: 23 Feb 1999 14:11:33 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 22 Feb 1999 16:39:47 +0800, alex <[EMAIL PROTECTED]> wrote:
> Anyone can tell me what is visual cryptography? and where do this
>technique is using? Is it useful? if possible, pls points me to other
>web-site as I want to know more.
Take a look at http://www.wisdom.weizmann.ac.il/~naor/
Prof Naor has a number of the papers online there. The basic idea is to use
secret sharing techniques to make slides that when overlapped reveal a hidden
message. The simplest systems is as follows. Use two slides. Having
just one of the slides provides (in a strong information theoretic sense)
no information, but having both allows the eye to reveal a hidden message.
For each pixel in the message map it to "X " or " X" at random in the
first slide. In the second slide, if the pixel is meant to be black use
the opposite choice so that when overlapped you get "XX", solid black.
If it is supposed to be white use the same choice, so that when
overlapped you have 50% black. Example slides are in the original paper
using this scheme (well actually they break each pixel into a 2x2 instead of
a 1x2 block).
Reuben
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: random number generator???
Date: Tue, 23 Feb 1999 15:18:59 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 21 Feb 1999 00:44:01 +0800, Nathan Kennedy
<[EMAIL PROTECTED]> wrote:
>If you have
>this kind of attitude towards protecting the "security (and prosperity)" of
>the free world (viz., deceiving the people, corrupting their personal
>security, then using surveillance againt them),
.... an attitude I never had. The end does not justify the means.
But I remind you that man does not have an inalienable right to
complete privacy, only the right to be free from unreasonable searches
and seizures. Even the US Constitution does not guarantee the right to
be free from all searches and seizures.
Anyway, if the govt abuses their power to search and seize, you can
always sue them in civil court:
+++++
US CODE TITLE 42 - THE PUBLIC HEALTH AND WELFARE
Sec. 1983. Civil action for deprivation of rights
Every person who, under color of any statute, ordinance, regulation,
custom, or usage, of any State or Territory or the District of
Columbia, subjects, or causes to be subjected, any citizen of the
United States or other person within the jurisdiction thereof to the
deprivation of any rights, privileges, or immunities secured by the
Constitution and laws, shall be liable to the party injured in an
action at law, suit in equity, or other proper proceeding for redress,
except that in any action brought against a judicial officer for an
act or omission taken in such officer's judicial capacity, injunctive
relief shall not be granted unless a declaratory decree was violated
or declaratory relief was unavailable.
+++++
Just as every citizen needs to keep and bear arms for self protection,
every citizen needs to keep and utilize bottom-feeding trial lawyers
to sue the govt and make you rich.
>after a while there might
>not be any free world left to protect.
You appear to be an anarchist libertarian, whereas I am a minarchist
libertarian. You appear to hold that all govt is bad and I hold that
minimal govt is needed to protect the rights of individuals is good -
and no more.
The irony is that we do not have legitimate govt at this juncture in
our history. All we have is a cabal of criminals masquerading as
politicians. The unfortunate thing is that we can no longer tolerate
criminals running govt - there is too much at stake in the next
millennium to entrust our peace and security to cheap, petty
criminals.
>The NSA should stick to cracking
>intercepted military transmissions, an occupation that they are afraid may
>(and probably will) become obsolete unless they revert to these draconian
>means of defending it.
Don't worry - the NSA is working on quantum computers right now, and
will be able to break any breakable cipher before you know it.
Bob Knauer
"If experience teaches us anything at all, it teaches us this: That a good
politician, under democracy, is quite as unthinkable as an honest burglar."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Anyone know of any good stream chipers?
Date: Tue, 23 Feb 1999 15:22:17 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 23 Feb 1999 04:36:53 GMT, "Bruce Christensen"
<[EMAIL PROTECTED]> wrote:
>Swapping two letters is a common mistake with typing on a keyboard, not need
>for the nasty reply to a honest question.
>>>A chiper that would require at least a $10,000 investment to crack
>>Please learn how to spell in English. The word is "cipher", not
>>"chiper".
I did not mean to be nasty. If I had wanted to be nasty, it would have
been unmistakable. I just spotted those inverted letters more than
once, and assumed that your keyboard was miswired. :-)
BTW, I know better than to criticize other people's typing - I am the
world's worst typist myself, so bad in fact that I have to proof read
my posts before I can send them out.
Bob Knauer
"If experience teaches us anything at all, it teaches us this: That a good
politician, under democracy, is quite as unthinkable as an honest burglar."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Crossposted-To:
sci.skeptic,sci.philosophy.meta,sci.psychology.theory,alt.hypnosis,sci.logic
Subject: Re: Randomness based consciousness?. (Was: Re: *** Where Does The Randomness
Come From ?!? *** )
Date: Tue, 23 Feb 1999 15:27:50 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 22 Feb 1999 15:17:29 GMT, [EMAIL PROTECTED] (tiger9) wrote:
>> I can agree with that, except that I as far I know
>> there is no real known reason for anything to exist.
>Nor does anyone else know the "reason" no matter how hard they try
>with the most eloquent words!
I would not go that far. There are well-developed metaphysical systems
which attempt to give reasons for existence. The one developed by
Thomas Aquinas comes to mind.
Bob Knauer
"If experience teaches us anything at all, it teaches us this: That a good
politician, under democracy, is quite as unthinkable as an honest burglar."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (Steven Runyeard)
Subject: Re: Testing Algorithms
Date: Tue, 23 Feb 1999 15:22:18 GMT
>There's no garantee that this growth rate will continue. In fact
>everything points to the opposite.
No, there is no quarantee of this. There is also no quarantee that the
speed of light will be a barrier.
You are basing your calculations on the assumption that CPU speeds
will stop increasting. So far the trend has been a doubling around
every 1.5 years. I remember back in 1985 being told that my 1 MIP CPU
is about as fast as we can possible get because of 'physical
barriers'. Today we have CPUs that can run 2,000 times faster. Have we
got to that barrier yet? No, I don't think so.
This whole thing comes down to speculation. As far as you're concerned
we are going to reach a ceiling in computer performance. I, on the
other hand think we will not. If there is money in it Intel will find
a way of making a faster CPU.
It's your guess that we won't crack a 256 bit key. It's my guess that
we will. Each guess is just as valid.
Steve
------------------------------
From: Alan Braggins <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: 23 Feb 1999 11:50:08 +0000
Safuat Hamdy <[EMAIL PROTECTED]> writes:
> if one bit operation would require one elementary energy unit (this is a
> hard, insurmountable limit)
Not necessarily. It might be possible to use reversible logic which
has no fundamental minimum energy requirement.
http://nano.xerox.com/nanotech/reversible.html
http://www.cwi.nl/~paulv/physics.html
http://www.ai.mit.edu/~cvieri/reversible.html
http://www.computer.org/conferen/proceed/ccc96/abstract.htm
("Examples of reversible algorithms are algorithms for quantum computers.")
On the other hand it's likely to trade energy requirements for memory
requirements, and if we need more than the observable universe for
storage to search for a key, it might be safe. Unless we get into
things like computers which operate in hyperspace so they aren't
constrained by light speed or only using one universe for storage,
in which case you have to wonder whether anyone will still care about
today's secrets...
------------------------------
From: Somniac <[EMAIL PROTECTED]>
Subject: Re: paper on all 15 AES candidates ??
Date: Tue, 23 Feb 1999 08:18:55 -1000
Christopher Jobmann wrote:
>
> Hello !
> I'm looking for a paper (or any other information) giving a brief
> overview over all the 15 AES candidates, considering underlying
> structure (Feistel-Network, SP-Network and such), Numbers of Rounds, as
> well as safety (I heard a couple of the candidates are already broken -
> is that true ??).
>
> At the moment I am not interested in speed comparisons that much since I
> found the paper from Bruce Schneier (<- and others) and a couple of web
> sides addressing that topic.
>
> What I'm looking for is a way to get a basic idea of the 15 algorithms
> without going through the whole documentation on the CD1.
>
> Any idea where I could get that ??
>
> thanks in advance, any help is appreciated !
>
> Chris
Yes. There are papers already written that answer your questions. You
will have to wait until March 22, 1999 when they will be made public.
Most of these papers will not be published before that date for reasons
which are involved with marketing, advertising, proprietary interests,
expectations of rejection upon pre-publication, bureaucratic approval
processes, and a desire to maximize profit. It will only be 4 weeks to
wait, so try to enjoy this quiet period for the AES process with other
pursuits.
------------------------------
From: [EMAIL PROTECTED] (Coen Visser)
Subject: Re: Testing Algorithms
Date: 23 Feb 1999 16:31:46 GMT
fungus <[EMAIL PROTECTED]> writes:
>According to Steven Runyeard <[EMAIL PROTECTED]>:
>> Go back 10 years and the best you would have got from an average
>> desktop computer was around 10 MIPs. Now we are seeing Pentium
>> processors which can almost do 2,000 MIPs.
>There's no garantee that this growth rate will continue. In fact
>everything points to the opposite.
[...]
>My maths goes like this:
>Assuming (let's be generous here) that Intel can make chips a million
>times faster than they can today (which they can't - the speed of light
>will limit them well before they get to the Teraherz range - but let's
>go with it for now...) Let's also assume (optimistically) that Intel
[...]
Have you done the maths with a computer running on vacuum tubes? Why not?
you'll reach limits far sooner! My guess is that the heat dissipation from
such a computer would burn the earth before you could crack DES with brute
force. So if you did your maths in the 50's, before the transistor you
would say: look we can not brute force 56 bits because the heat from a
computer would burn the earth and there is not enough matter in the universe
to make enough vacuum tubes et cetera et cetera. The same story goes for
silicon now. But who knows what other computing principles can be thought
of in the future?
Regards,
Coen Visser
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.programming,comp.jobs,comp.theory
Subject: Computer Books: New Browsable Catalog Online
Date: Tue, 23 Feb 1999 15:59:44 GMT
I work for Springer-Verlag, and I just wanted to announce that our new online
catalog is now up and running. We have many new books in programming,
cryptography, graphics, theoretical computer science, Web design and
development, AI & Neural Nets, and a lot more.
Our URL is: http://www.springer-ny.com/compsci/
At the site, you can also find information on subscribing to a monthly e-mail
bulletin, which offers subscriber-only news and discounts.
The catalog is easy to use, and a PDF version is also available. Hope you can
take a look!
Best regards,
Jason Roth
Product Manager
Computer Science
Springer-Verlag NY
[EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Randomness of coin flips
Date: Mon, 22 Feb 1999 08:36:25 -0700
Reply-To: [EMAIL PROTECTED]
One thing (among others) should be pointed out. The "comfort level" or
tolerance for failure in statistics is not a mathematical quantity. The
statement: "The probability that a string could be biased as badly as the one
we are looking at is 1/1000," is a mathematical statement. Whether or not
1/1000 is tolerable is not. Often, 5%, 1%, and .1% levels are chosen for
convenience. I personally think this is because there were tables of various
distributions at this level, normal, chi-square, F, t, etc.
Tony
------------------------------
From: "Rochus Wessels" <[EMAIL PROTECTED]>
Subject: Constructing different random sequences
Date: 23 Feb 1999 17:59:52 +0100
Without hardware support, the only source of randomness are the inputs.
However, sometimes a server doesn't have users at the console, so every
input comes from the network, which is monitored by the adversary.
Hence it is essential to have the RNG depend not only upon the inputs,
but also some secret value. The secret must be carefully protected.
One obvious construction to do this, is the HMAC-construction:
random=HMAC(secret,RNG(inputs))
I am paranoid enough to use different random sequences for different
purposes. Two constructions from the above are possible:
a) random_k=HMAC(secret,RNG(inputs_k))
b) random_k=HMAC(secret_k,RNG(inputs))
Method (a) has the advantage, that it may generate truly independent
sequences, but the disadvantages, that it uses less amount of randomness
for each sequence and it might be possible for the adversary to mirror
inputs_i to inputs_j for i!=j, clearly a vulnerability.
So I would use method (b). Do I miss any possible attack on (b)?
------------------------------
From: Thierry Schneider <[EMAIL PROTECTED]>
Subject: RSA test vectors
Date: Tue, 23 Feb 1999 18:42:34 +0100
Does anybody know where I could find some test vectors (input and outputs) for
the RSA
encryption.
I will try to write a RSA code and I need to verify the result but I have
nothing to compare
to !
Thanks a lot
Bye
Thierry
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: random number generator???
Date: Tue, 23 Feb 1999 09:46:41 -0800
R. Knauer <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>.... an attitude I never had. The end does not justify the means.
(. . .)
>Anyway, if the govt abuses their power to search and seize, you can
>always sue them in civil court:
I fail to see the LEAP you take from statement 1 to statement 2. Try
telling statement 2 to the other HALF of those people who were at WACO and
are now sitting in jail --which was the end that JUSTIFIED the means taken
there (by the FBI, etc).
NO the resultant products were NOT <<randomly obtained>> from the
perspective of LAW (those killed just happened by choice/chance to be in the
path of those bullets, that fire, etc). Karl M
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: random number generator???
Date: Tue, 23 Feb 1999 18:22:31 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 23 Feb 1999 09:46:41 -0800, "karl malbrain" <[EMAIL PROTECTED]>
wrote:
>>Anyway, if the govt abuses their power to search and seize, you can
>>always sue them in civil court:
>I fail to see the LEAP you take from statement 1 to statement 2.
It is not all that much of a leap as it seems. Cf. Kalina vs.
Fletcher: http://supct.law.cornell.edu/supct/html/96-792.ZS.html
Our system of govt was originally based on Common Law, something that
is uniquely Anglo-American. Under that system, laws are constantly
challenged by We, The People, who are governed by them, and the
results of court trials are incorporated into the interpretation of
those laws. If juries continually nullify a law, then it has
effectively been repealed by The People.
A law is legitimate only by the Consent Of The Governed (not by Mob
Rule as in a Tyranny). If The Governed (i.e., The People) do not
consent to a law, it gets nullified by juries. But most people do not
undertand that, so the system has degenerated into the Fascist
Dictatorship that we have now - a first rate tyranny if there ever was
one.
We cannot enter the new millennium, with all its challenges in front
of us, being ruled by a cadre of petty criminals parading around as
politicians. There is simply too much at stake to let them take care
of their self interest at our expense. If this continues much longer,
deprived countries will become desperate, and as you know, desperate
people do desperate things - things that nowadays could lead to the
end of life on Earth literally.
It is no consolation that, as you gasp your last breath, you realize
that you believed in the wrong system of govt. You must do something
about it now before it is too late.
For one thing, you must vote even if it is the most disgusting thing
you have to do - choosing between one cadre of blatant criminals
versus another. The reason that you must vote is that you must tell
these criminals that you are concerned and that you will be active if
they don't stay in line. As it is now, only 30% of eligible voters
actually vote, which tells the criminals in govt that they can get by
with anything they want because 70% of the people don't care what they
do.
If a person does not vote, as far as I am concerned they are a
parasite, a non-citizen. In fact, that person should be made to pay a
surtax to cover the lousy two-bit govt the rest of us have to put up
with just because they don't bother to vote.
>Try telling statement 2 to the other HALF of those people who were at WACO and
>are now sitting in jail --which was the end that JUSTIFIED the means taken
>there (by the FBI, etc).
I am quite familiar with the Waco Massacre, since I live in Texas and
I watched the entire House Hearings on Waco. For those not familiar
with the truth about Waco, see "Waco: Rules Of Engagement", the award
willing documentary film that led the Washington Post to call Waco
"America's My Lai Massacre". I can tell you that here in Texas the
Waco incident is not over by any means.
BTW, the people rotting in prison unjustly were not the "other half".
And nobody who understands what really happened at Waco believes for
one minute that the govt was justified in what it did. It was a rogue
operation by a criminal element inside the govt, similar to the kinds
of things that went on in Nazi Germany.
Bob Knauer
"If experience teaches us anything at all, it teaches us this: That a good
politician, under democracy, is quite as unthinkable as an honest burglar."
--H.L. Mencken
------------------------------
From: [EMAIL PROTECTED] (Helger Lipmaa)
Subject: Re: Where to publish hashes?
Date: 23 Feb 1999 17:01:21 GMT
dan schwartz ([EMAIL PROTECTED]) wrote:
: Let's say I want to publish a secure hash of a document, so I can
: later prove that I possessed that document on or before the date
: that the hash was published.
: Any ideas for the best places to publish the hash? The publishing
: method should have the following characteristics:
: 1 - Visible to the public.
: 2 - Not subject to manipulation after publication.
: 3 - Available for viewing for a long time after publication.
: 4 - Inexpensive.
: 5 - Convenient.
: Placing an ad in a major newspaper satisfies 1 - 3, but probably
: not 4 and 5. Is there a method that satisfies all of them?
: Dan Schwartz
This is one of the non-mathematical parts of the general time-stamping
problem (I'd suggest to look at http://home.cyber.ee/helger/cuculus for
information about time-stamping). Being a non-mathematical part, there are
no optimal solutions. All depends on the requirements you place on the
system. If the hashes are _really_ of great importance (as in the case of
time-stamping), I would personally publish them on several different media
at the same time, including:
* Financial Times
* "CD: Hit's of the week - the megacollection"
* keeping the hash in the archive under the control of certified
organizations (FBI? :-))
One of these methods does not satisfy all your desiderata. But ordering a
weekly update of the CD is very convinient and you can keep it for 'viewing
for a long time.' You can also show it to others :-). It's not very
expensive (if you think it is, you can obtain a "CD: Hit's of the month -
the megacollection" once a month and a FT every week). And if you keep it in
safe, its not manipulable by anyone but you. At the same time, FBI (or
American Bank or whomever most of the people trust, Supreme Court? --- in
the case of U.S.; ideal case would be if such database would be mirrored, in
several geographic locations under control of different groups of people)
should have official copies.
As I said, there are no optimal methods. It depends on the level of paranoia
you have. Mine is high. You even may go as far as to carve at least one hash
every year in some locations were only pushing some buttons would enable to
erase them. Of course, those same buttons would also start the atomic war.
--
Helger Lipmaa
http://home.cyber.ee/helger
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness
Date: Tue, 23 Feb 1999 18:43:51 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 22 Feb 1999 09:19:37 -0700, "Tony T. Warnock"
<[EMAIL PROTECTED]> wrote:
>If they don't know these terms, they could look them up. They are rather common.
That's strange - I do not recall seeing either term in Li & Vitanyi's
book. I wonder if it is in Feller's book.
Bob Knauer
"If experience teaches us anything at all, it teaches us this: That a good
politician, under democracy, is quite as unthinkable as an honest burglar."
--H.L. Mencken
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
