Cryptography-Digest Digest #163, Volume #9 Sun, 28 Feb 99 19:13:03 EST
Contents:
Re: Testing Algorithms (R. Knauer)
Re: Testing Algorithms (R. Knauer)
Re: My Book "The Unknowable" (R. Knauer)
Re: One-Time-Pad program for Win85/98 or DOS (Jim Dunnett)
Re: Testing Algorithms [moving off-topic] (R. Knauer)
Re: ElGamal key generation (Somniac)
Re: True Randomness - DOES NOT EXIST!!! (BRAD KRANE)
Re: Quantum Computation and Cryptography (R. Knauer)
Re: Define Randomness (R. Knauer)
Re: One-Time-Pad program for Win85/98 or DOS (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: True Randomness - DOES NOT EXIST!!! (R. Knauer)
Re: Testing Algorithms (Withheld)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Sun, 28 Feb 1999 20:13:21 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Feb 1999 19:54:45 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>False. Gravity stretches objects along an axis parallel to the gravity vector and
>compresses them in the plane normal to the gravity vector. These relative forces are
>called tides.
You are talking about the gravitational field that comes from general
relativity. I was talking about the Newtonian gravitational field that
applies to a point mass.
>The irreversibilty and comcomitant loss of energy is the internal friction that
>resists
>the deformation of the object by the tidal forces. Only a tidally locked object
>(whose
>rotation matches its revolution) avoids tidal frictions.
The assumption is that all entities are frictionless, so any energy
that is stored in internal states will be reversibly returned when the
cycle is complete.
>Note that even the case of mutually locked bodies the system eventually degenerates
>due
>to loss of orbital energy during interactions with the cosmic background radiation.
That is hardly an example of a Newtonian conservative force field.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Sun, 28 Feb 1999 20:16:01 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 08:34:01 +0100, fungus
<[EMAIL PROTECTED]> wrote:
>We're talking
>about a computer CPU which needs to be controlled in some way.
>You can't just let the electrons (or whatever) float around in
>space. They have to be pushed back and forth at predefined
>intervals or chaos will follow.
>How do you push them without using energy?
You use energy to push them around, but in one complete cycle the
system returns to the energy level from which it started which means
that whatever energy you used to push it was returned to the source of
that energy. Therefore the *NET* energy expenditure is zero.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Crossposted-To: sci.math,sci.physics,sci.logic
Subject: Re: My Book "The Unknowable"
Date: Sun, 28 Feb 1999 20:35:40 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 27 Feb 1999 20:46:21 GMT, Neil Nelson <[EMAIL PROTECTED]>
wrote:
>G. J. Chaitin wrote
>(http://www.umcs.maine.edu/~chaitin/unknowable/):
>[ In a nutshell, G�del discovered incompleteness, Turing discovered
>[ uncomputability, and I discovered randomness--
Chaitin's algorithmic prefix complexity randomness is not the true
randomness of quantum mechanics, and it so weak that it cannot even be
used for a crypto-grade OTP system.
Prefix complexity randomness is a very profound concept but it gets
its thrust by distinguishing description regularity from description
irregularity, and thereby discards regularity from consideration. Such
exclusions in a cryptosystem would cause a weakness in that system
since now the attacker knows that a certain class of sequences are
excluded.
One extraordinary thing about prefix complexity randomness is that it
is a property of the number itself and not the generation process per
se. This is in stark contrast to the notion of true randomness, which
is not a characteristic of the number per se but of the generation
process.
For example the sequence 101010...10 is not prefix complexity random,
although it is a true random number by virtue of its generation by a
TRNG.
However, prefix complexity randomness can be used to generate
indeterminant sequences, as Chaitin's Omega attests. Because of the
unsolvability of the halting problem, which can be mapped into a
system of integer equations that cannot be determined to provide a
finite or an infinite number of solutions, the bits of Omega are
random in the sense that that are completely indeterminant and
equidistributed (because Omega is Borel normal). But then Chaitin's
Omega is also infinite, which doesn't help much in building a
practical cryptosystem.
Only quantum mechanical processes are truly random in a practical
sense.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Crossposted-To: alt.security,alt.privacy
Subject: Re: One-Time-Pad program for Win85/98 or DOS
Date: Sun, 28 Feb 1999 21:40:25 GMT
Reply-To: Jim Dunnett
On 27 Feb 1999 21:08:23 -0000, [EMAIL PROTECTED] (Gretchen Anonymous
Remailer) wrote:
>On Sat, 27 Feb 1999 21:24:49 +0100 Helmut Kreft
><[EMAIL PROTECTED]> wrote:
>
>>Daniel Kinnaer wrote:
>>>
>>>
>>> I would like to know why you think a OneTimeKey is cryptographically
>>> weak. Or is it just this implementation?
>>>
>>I do not say OTPs are cryptographically weak in general. A correct
>>implementation is provably secure. In fact - it is guaranteed to be
>>unbreakable. But a strong implementation must meet at least the
>>following requirements:
>>1.) A hardware random number generator must be used for key generation.
>>2.) The key (pad) will have to be transmitted over a secure channel.
>>3.) The key (pad) may be used only one time.
>>V-OTP fails completely.
>>
>> Helmut
>
>I tend to disagree:
>
>item 2: That has nothing to do with V-OTP or any other one-time-pad.
>The program does not dictact how the pad will be transmitted.
If the pad has been transmitted in clear, then the key must be
considered compromised. Secure exchange of key is absolutely
essential to an OTP system.
>item 3: Again the program does not control how many times the pad gets
>used.
'One-time' means just that. Re-use key and your unbreakable system
becomes breakable. It's no longer a one-time-pad.
>item 1: If one does not know the source of the pad, then to him it is
>random.
Arguable. Keys which are sufficiently random will do. There are lots
of ways of generating them other than with a hardware device.
--
Regards, Jim. | An atheist is a man who has
olympus%jimdee.prestel.co.uk | no invisible means of support.
dynastic%cwcom.net |
nordland%aol.com | - John Buchan 1875 - 1940.
marula%zdnetmail.com |
Pgp key: pgpkeys.mit.edu:11371
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms [moving off-topic]
Date: Sat, 27 Feb 1999 13:41:27 GMT
Reply-To: [EMAIL PROTECTED]
On 26 Feb 1999 15:46:36 -0500, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>I built dozens of J/K flip flops and
>their friends and have long-since forgotten the details.
I recall building those from transistors for use in research, back
when the first ICs based LS-logic design were becoming popular.
IIRC, the essence of the design of the J-K flipflop is symmetric
feedback, where the output of one transister is connected to the input
of the other and vice versa. Overriding the bias on an input causes
the flipflop to snap to the other state, if it were different to begin
with. I recall something about emitter-followers too. It was a very
long time ago.
>Of course,
>at every time step, the computer will be announcing the current situation
>of every memory cell via one of the "ignorable" outputs such as 'c' in
>the AND gate above, but presumably someone will be keeping track of them
>and make them available when you decide to reverse the procedure.
For each memory unit that keeps track of what is going on, so that the
procedure can be reversed, there is a further requirement for memory.
So it sounds like this gets into an infinite regress when it comes
time to implement it.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you dosn't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: Somniac <[EMAIL PROTECTED]>
Subject: Re: ElGamal key generation
Date: Sat, 27 Feb 1999 07:03:53 -1000
Wei Dai wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > 768 bits is secure. Prove me wrong, or give some reason to believe your
> > 1024 bit number as a minimum.
>
> p of 768 bits give you at most 72 bits of security (i.e. best known
> attack takes about 2^72 operations),
What is the best known attack?
Please give me a reference book title or website I can read which can
explain in greater detail where you reached the conclusion that it takes
2^72 operations to solve the discrete log problem over a finite field for
a 768 bit modulus.
Is each "operation" a multiplication or some other operation which is
much more expensive?
With a workstation with 100 mega operations per second it takes 4*10^15
seconds to do 2^72 operations. That is 1 million years, or one year, if
you have a million workstations.
>and less if your attacker knows
> some algorithmic improvements in factoring that is not yet public. I
> suppose this can be considered secure for some applications, and if you
> really need the time or space saving 768 bits buys you, it is your
> choice. But for most applications there is no reason not to use 1024
> bits. So I would say 1024 bits minimum unless you have some special
> needs that forces you to go down to 768 bits.
------------------------------
From: BRAD KRANE <[EMAIL PROTECTED]>
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Sun, 28 Feb 1999 23:22:35 GMT
"R. Knauer" wrote:
> On Sat, 27 Feb 1999 20:01:23 -0500, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> >> I have no religin.
>
> >Grumble. 'nother o' those pesky Lapsed Atheists!
>
> Not atheist - agnostic. An atheist claims he can prove the
> nonexistence of God, whereas an agnostic claims that he cannot kow one
> way or the other.
>
> Since it is impossible to prove the non-existence of God under the
> worldview of Realism, there are no atheists under that worldview.
>
> One has to reject Realism in order to build a consistent argument that
> God does not exist. The only problem is that then nothing exists.
> Bertrand Russell tried it once and concluded that nothing could exist.
>
> That is why God is called the Necessary Being, because without the
> existence of God, nothing would exist under any system of rational
> thought.
You cant think about the creation of the universe rationaly. It doesn't make any
sence at all. The only rational way you could look at the cration of the universe is
that it was all there to begin with
>
>
> Bob Knauer
>
> "If you want to build a robust universe, one that will never go wrong, then
> you don't want to build it like a clock, for the smallest bit of grit will
> cause it to go awry. However, if things at the base are utterly random, nothing
> can make them more disordered. Complete randomness at the heart of things is the
> most stable situation imaginable - a divinely clever way to build a universe."
> -- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Quantum Computation and Cryptography
Date: Sun, 28 Feb 1999 23:41:05 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 08:24:45 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>Defend your claim that it has already been done, or do we have to take your word for
>it? Please explain.
I do not know exactly what you want me to defend. If you are referring
to quantum crypto, I gave you the references already, but in case you
missed them they can be found in that book I have been citing called
"Explorations In Quantum Computing". Check amazon.com for details.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Define Randomness
Date: Sun, 28 Feb 1999 23:46:23 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 09:41:44 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Experiment is irrelevant to theoretical proofs. Note that experimental
>evidence may lead us to have more or less confidence in a theory, but it is
>not proof.
I do not know where you are getting this from, because it is certainly
not from contemporary physics. Almost all important theories arose and
were confirmed by experiment.
Physics is an empirical science which by definition infers theoretical
constructs from direct observations. The fact that theories work so
well is a mystery, possible tied up in pac-learning induction. Occam's
Razor is widely used and it is a form of pac-learning.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Crossposted-To: alt.security,alt.privacy
Subject: Re: One-Time-Pad program for Win85/98 or DOS
Date: Sun, 28 Feb 1999 23:53:27 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 21:40:25 GMT, [EMAIL PROTECTED] (Jim
Dunnett) wrote:
>Keys which are sufficiently random will do. There are lots
>of ways of generating them other than with a hardware device.
Define "sufficiently random".
The only way I can define it is to subject the ciphers to a concerted
attack which has the prospect of decrypting the worst case messages,
those that leak the most information. A random message is unlikely to
leak any significant information, whereas a highly regular message is
expected to leak some information if the key is not truly random.
There is no way to test the keys directly, even for "sufficient
randomness". The *appearance* of randomness that is revealed by
statistical tests is not sufficient in any way, not even for
"sufficiently random".
Tied up in the notion of "sufficient randomness" is the volume of
message traffic. The more message volume, the more random the
keystream must be. Therefore there is no absolute notion of
"sufficiently random" - it is crucially dependent on your intended
use.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Sun, 28 Feb 1999 23:54:59 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 23:22:35 GMT, BRAD KRANE <[EMAIL PROTECTED]>
wrote:
> You cant think about the creation of the universe rationaly. It doesn't make any
>sence at all. The only rational way you could look at the cration of the universe is
>that it was all there to begin with
The Supreme Being is that eternal entity.
If you accept that, then the creation of the Universe follows
rationally.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Sun, 28 Feb 1999 23:59:24 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 28 Feb 1999 23:16:48 GMT, BRAD KRANE <[EMAIL PROTECTED]>
wrote:
> Quantum Physics is only 100 years old or so and like all sciences the odds that
>there theories
>of why things happen are usually wrong.
Not wrong, just limited in their application. Relativity and QM did
not cause classical physics to be *wrong*, just limited in its scope.
IOW, each new theory is an extention of the previous theories.
For example, relativity turns into classical physics in the limit of
velocities small compared to the speed of light. And QM turns into
classical physics in the limit of large quantum numbers (that's the
famous Correspondence Principle of Neils Bohr).
Newtons classical laws are contained in both relativity and QM as
limiting cases.
>Take theories on heat for example, people used to think
>that it was an invisible liquid that flowed in and out of things making them hot.
The Phlogisten theory was not a serious scientific theory any more
than alchemy or astrology. Serious science superceded mystical
constructs.
You are confusing two completely different things.
Bob Knauer
"If you want to build a robust universe, one that will never go wrong, then
you don't want to build it like a clock, for the smallest bit of grit will
cause it to go awry. However, if things at the base are utterly random, nothing
can make them more disordered. Complete randomness at the heart of things is the
most stable situation imaginable - a divinely clever way to build a universe."
-- Heinz Pagels
------------------------------
From: Withheld <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
Date: Fri, 26 Feb 1999 16:22:26 +0000
Reply-To: Withheld <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>, Darren New
<[EMAIL PROTECTED]> writes
>> What I meant to say was that computing power at the time was
>> insufficient for a brute-force crack to be viable, rather than any
>> implication that DES was claimed to be unbreakable forever.
>
>Well, of course it's viable, no matter how weak your computer is. You
>could crack a DES key on a single Apple-II, if you wanted to wait long
>enough. With a 256-bit key, you can't brute-force it no matter how fast
>your computers run, quantum computing tentatively excluded.
I think you meant to say "possible" there. Theoretically, yes a 1MHz
Apple II could crack it if you gave it a few billion years. For most
purposes the information would be of academic interest after that, hence
the term "not viable" rather than "not possible"
As to whether or not we will ever have the computing power available to
brute force a 256-bit key, take a guess - who knows what breakthroughs
are around the corner?
--
Withheld
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
