Cryptography-Digest Digest #918, Volume #8 Sun, 17 Jan 99 09:13:05 EST
Contents:
Re: Metaphysics Of Randomness ("Douglas A. Gwyn")
Re: Sarah Flannery and the "Cayley-Purser" Algorithm ("Douglas A. Gwyn")
Re: Sarah Flannery and the "Cayley-Purser" Algorithm ("Douglas A. Gwyn")
Re: Cayley-Purser algorithm? (David Formosa (aka ? the Platypus))
Re: Too simple to be safe ([EMAIL PROTECTED])
Re: sci.crypt intelligence test. (Jerry Park)
Re: Question on current status of some block ciphers in AC2 ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Metaphysics Of Randomness
Date: Sun, 17 Jan 1999 07:02:48 GMT
"R. Knauer" wrote:
> In simple terms, Chaitin means by the term "reason" a simplifying
> algorithm which reduces the complexity of the number. If you can
> substantially simplify the generation of a number algorithmically, you
> have given a "reason" for its existence. If you cannot, then the
> number happens without a reason, i.e., randomly.
There are also limitations to this point of view.
For example: Given a truly random bit generator,
inevitably *some* finite bit sequences are more
highly ordered (in the Chaitin sense) than others,
but there is no more "reason" behind them than for
the others. While the "laws of nature" appear to
most humans to be highly nonrandom, keep in mind
that evolution has imposed upon us highly selective
sensory/perceptual/conceptual filters, so our
attention is naturally focussed on the orderly
portions of nature. Probably that has something
to do with the difficulty we have in nailing down
the notion of "randomness".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Sarah Flannery and the "Cayley-Purser" Algorithm
Date: Sun, 17 Jan 1999 07:10:00 GMT
[EMAIL PROTECTED] wrote:
> ... She won at
> the weekend and left the judges unable fully to comprehend
> her project. They described her work as "brilliant" ...
>From the quoted press article, it is impossible to determine
anything about the possible merit of this strangely named
algorithm.
There is an overview of the progress made against RSA in the
latest Notices of the AMS. I gather from the Flannery press
article, by omission, that there has been no comparable effort
made against Flannery's algorithm, so the claim that it is as
secure as RSA is surely premature.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Sarah Flannery and the "Cayley-Purser" Algorithm
Date: Sun, 17 Jan 1999 07:23:57 GMT
Bauerda wrote:
> Their have certainly been public key algorithms based on matrices ...
The fact (if it is one) that matrices are involved means nothing,
really. Real numbers can be treated as 1x1 matrices if you wish.
Matrices are merely one of many mathematical tools, and in themselves
don't have any bearing on the security of an algorithm (pro or con).
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Cayley-Purser algorithm?
Date: 17 Jan 1999 04:29:41 GMT
In article <[EMAIL PROTECTED]>, Doug Stell wrote:
>On Fri, 15 Jan 1999 15:16:45 GMT, [EMAIL PROTECTED] wrote:
>
>>Sorry. Once the method has been published, it CAN NOT be patented in
>>the US.
>
>Have the rules changed? Wasn't RSA patented in the U.S. after it was
>published, else publication would have been squashed? Isn't RSA's
>publication also the reason that it isn't patented outside the U.S.?
>At least this is what I thought Ron and Jim both told me.
IIRC the EU doesn't have rules that allow patenting of algorthyums.
--
Please excuse my spelling as I suffer from agraphia. See
http://www.zeta.org.au/~dformosa/Spelling.html to find out more.
How to win arguments on usenet http://www.zeta.org.au/~dformosa/usenet.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Too simple to be safe
Date: Sun, 17 Jan 1999 07:56:48 GMT
In article <[EMAIL PROTECTED]>,
Nathan Kennedy <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
> > The cryptosystem proposed seems to assume that irrational
> > numbers are random enough for cryptographic purposes. This
> > is not always the case. Some irrational numbers can have
>
> On the other hand the conjecture that, say, the digits of pi are normal, is
> probably almost as safe as saying that factoring is hard.
>
> > a long string of zeros, for example. XORing this section
> > of an irrational number with a plaintext would reveal the
> > plaintext. Taking the sqrt(prime) would usually produce a
> > random looking string, but in the 135 bit range, you are
> > in unknown territory as far as that goes. You might rarely
> > pick a poor choice which has a weak sqrt for XOR purposes.
>
> I read somewhere on an irrational site, that PI has been so far been found
> to be normal, whereas sqrt(2) is slightly less random, and sqrt(3) is
> slightly less random still. No evidence or example was offered.
>
> > Also, rational numbers can be contrived which have good
> > properties for XOR encryption, but which are easier to
> > compute.
>
> Excuse me, how is this so? Any p/q for integers P and Q will repeat or
> terminate unless I am very muchly wrong. And we all know repeating is a
> Bad Thing.
Yes rational numbers repeat, but using rationals in the following
way would be faster than finding Primes, never mind calculating
square roots. And it is just as insecure:
Instead of using the square root to make irrational numbers,
consider using division to make rational numbers for OTPs.
Yes, they repeat, but a few experiments using 1000 digit
precision math shows that small primes create large strings
of random looking numbers before they repeat. I am not
recommending this as a secure method, but you may find the
results to be surprisingly good. Try it yourself.
Start with a small prime p and divide it by p-1.
84127/84126 does not repeat in 1000 digits.
58889/58888 repeats after 400 digits.
(Strip off the first 10 digits).
31237/31236 repeats after 70 digits.
23087/23086 repeats after 95 digits.
But primes are no better than quasi-normal numbers that are
quickly constructed by hand. For example:
85419/85418 does not repeat in 1000 digits.
58921/58920 repeats after 480 digits.
36852/36851 does not repeat in 1000 digits.
So here is the proposed method, faster than the square root
of prime that I propose for generating a pseudo-random
bit stream:
Make up a quasi-normal number q with 6 digits:
Begin LOOPSTART
divide by q-1
Find where it repeats 6 digits and stop the stream.
As a new starting point, use the 6 digits before the
repeating point as q.
Goto LOOPSTART
This will provide over two gigabytes of bits that seem
to be pseudo-random.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Thu, 14 Jan 1999 20:26:20 -0600
From: Jerry Park <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: sci.crypt intelligence test.
Anthony Stephen Szopa wrote:
> sci.crypt intelligence test.
>
> #1)
>
> 10110001 (XOR) 01111101 = 11001100. Is this a legal operation? Is it
> against the law to perform this operation using a general purpose
> computer in most countries? Know of any exceptions?
>
> The software to execute this logical operation is exported in and out of
> every country in the world. It is part of every computer operating
> system / compiler in the world.
>
> So, I certainly can write a program that performs this operation and
> import it and export it legally, certainly in and out of the US and most
> other countries. Anyone know of any laws restricting such software?
> (This is all the software does: XORs one data file with another and
> writes the output to a file. And it does some file management chores,
> also.)
>
> I plan to make a software program available very soon.
>
> #2)
>
> Is there any law restricting the creation and use of any random number
> generator? These come in many different forms and are included in every
> computer operating system / compiler in the world.
>
> I emailed the Commerce Dept. and the BXA and they said that there are
> restrictions on encryption software. (Like: dah.) But they never did
> reply when I asked them if there were any import / export restrictions
> on random number generation software. Very interesting.
>
> So, I certainly can write a program that generates pseudo random numbers
> and import it and export it legally, certainly in and out of the US and
> most other countries. Anyone know of any laws restricting such
> software? (This is all the software does: generates pseudo random
> numbers and writes them to output files. And it does some file
> management chores, also.)
>
> I plan to make a software program available very soon.
>
> One separate stand alone program only XORs two files and provides some
> management housekeeping for these files. The other separate stand alone
> program generates (technically) pseudo random numbers and provides some
> management housekeeping for these files. (This process is patent
> pending.)
>
> As far as I can tell there are no export restrictions of any kind on
> either types of stand alone software.
>
> Here is the intelligence test part.
>
> True or false?
>
> Windows GUI version of Ciphile Software's Original Absolute Privacy -
> Level3 encryption software available very soon.
>
> http://www.ciphile.com
Wish you luck. Hope it works too. Unfortunately, I think you will need luck.
All controlled encryption systems consist of innocuous computer operations.
I think the government regulates the export of combinations of computer
operations which result in encryption capability.
--
Jerry Park
Affordable Production Tools
web site: http://www.apt.simplenet.com/
javascript utilities: http://www.apt.simplenet.com/javascript/
* Easiest email encryption system
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Question on current status of some block ciphers in AC2
Date: Sun, 17 Jan 1999 12:14:39 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Hamilton) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I'm reading Applied Cryptography 2nd edition by Bruce Schneier. In chapters
> 13 and 14 he gives views on a number of block ciphers. I'm wondering if
> anything 'ever became' of the following half a dozen:-
> Madryga;
> Redoc II;
> Loki191 (LOKI-97 is an AES candidate now though);
> Khufu;
> CA-1.1;
> Gost.
>
> There is nothing specific behind my question, it's just general interest.
> I've checked my usual first ports of call (Bruce Schneier/Counterpane site,
> Terry Ritter's site, RSA FAQ, Bill Unruh's site, John Savard's site, Peter
> Gutmann's site, and now Sam Simpson's FAQ) but all I can see is Peter Gutmann
> saying that Gost is incompletely specified and Sam referring to Gost in a
> non-internet reference.
>
> Presumably interest has dwindled in non-AES ciphers?
>
> Any current opinions or up to date internet references welcome. Thanks.
It was our original intention to implement GOST in ScramDisk, but we were
advised (by a well known cryptographer) that GOST is only of interest because
of "its pedigree". In the latest ScramDisk document I have thus removed the
reference to GOST.
For now use IDEA, Blowfish, 3DES etc - and wait for a couple of years until
people are happier with some of the AES candidates (I assume people will have
some confidence in the selected AES, but also some of the other candidates
will probably loose the "contest" looking fairly good too).
Cheers,
Sam Simpson
Comms Analyst
-- http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
