Cryptography-Digest Digest #529, Volume #9 Tue, 11 May 99 17:13:02 EDT
Contents:
Re: Crypto export limits ruled unconstitutional (Mike Eisler)
Re: Lemming and Lemur: New Block and Stream Cipher (Jim Gillogly)
Re: Crypto export limits ruled unconstitutional (wtshaw)
IEEE P1363 meeting June 7-9, Stockholm ([EMAIL PROTECTED])
Re: RSA Chips ([EMAIL PROTECTED])
Re: TOMSTDENIS AND SCOTT ARE THE SAME PERSON-- ([EMAIL PROTECTED])
Re: TwoDeck solution (but it ain't pretty) ([EMAIL PROTECTED])
Re: Roulettes (Ray Girvan)
Re: Lemming and Lemur: New Block and Stream Cipher ([EMAIL PROTECTED])
Re: Roulettes ([EMAIL PROTECTED])
Re: Lemming and Lemur: New Block and Stream Cipher (Jim Gillogly)
Higher order derivatives paper by X. Lai ??? ("Daryl Rauhala")
Re: Lemming and Lemur: New Block and Stream Cipher ([EMAIL PROTECTED])
Re: Lemming and Lemur: New Block and Stream Cipher (Jim Gillogly)
Re: Roulettes ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mike Eisler)
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: 11 May 1999 19:14:00 GMT
Reply-To: [EMAIL PROTECTED] (Mike Eisler)
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>The point I like to make is the following: (1) Given a valid
>program (source code) written in a standard programming language,
>anyone anywhere can use a compiler to obtain from it an executable file
>(object code) to run. So, if an authority permits export of source
>code but forbids export of object code, it is doing the same shear
>nonsense as permitting export of crypto-programs (source code) in
>printed form (books) but not on magnetic media. (2) If publication
I disagree.
The purpose of export control regulations is to limit
proliferation of the use of crypto software.
Compiling large software packages into binary form is
straightforward for a skilled programmer, but time
consuming at best, and non-triival at worst. The probem is
that source for a computer program is rarely in one monothilic file,
and so compiling each source file and combining into a single
binary takes work. Certainly, programs like the UNIX "make" command make
this easier, but in any case there is a lot fo work to
go froma source code to a shrink wrap binary package on
a a CD or a download.
The fact that anyone in the world can download copies of PGP source
code or kerberos source, and the fact that most people in the world
don't use either, proves that export control of binaries is
sufficient to achieve the unstated aims of export control.
--
-Mike Eisler Solaris NFS group
[EMAIL PROTECTED] Sun Microsystems, Inc.
remove the prefix 'NO_' and suffix '_SPAM' to reply.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Lemming and Lemur: New Block and Stream Cipher
Date: Tue, 11 May 1999 12:32:35 -0700
lcs Mixmaster Remailer wrote:
>
> > VARIABLES:
> >
> > block = 128-bit integer
> > block[0] = first byte of block
> > plaintext = array of plaintextLength bytes to encrypt
> > key[0...255] = array of 256 integers, 128 bits each
> > rotate(block) = 8-bit rotation so block[0] moves to block[1]
> >
> > TO LEMMING ENCRYPT A BLOCK:
> >
> > for (i=0; i<32; i++)
> > block = rotate(block ^ key[block[0]]);
>
> How do you decrypt? I can see that you would first un-rotate, but then
> you need to select an element from the key array to xor. The element
> is the one identified by block[0] after you do the xor. But you don't
> know that yet.
>
> Hmmm, let's see. The first byte of the key array is a permutation
> of 0..255. So if we could find an element i of key such that
> key[i][0] (the first byte of key[i]) when xored with block[0] produces
> i, we would have it.
>
> But is this guaranteed to be unique? What if block[0] is 0 before we
> do the decryption XOR. Then what if there is more than one value i
> for which key[i][0] = i. That shouldn't be impossible since key[i][0]
> is a random permutation; it could have more than one fixed point.
I puzzled over decryption also. For definiteness, we've derotated the
final block32, and we're now trying to find the right key to decrypt
block31 ^ key[block31[0]]. The legitimate recipient knows key[*] and
the value of block32, i.e. we know:
block32[1] == block31[0] ^ key[block31[0]][0]. If block31[0] == 0, as
you suggest, we must have block32[1] == key[0][0]. Since key[*][0] is
a permutation, there is only one key with this known value, which we have
presumably stored in an inverse table for lookups and can use for the
rest of the decryption for this round.
> It is doubtful that the cipher provides 32K bits of security. The best
> cryptographers in the world designed the AES candidates, and they are
> hesitant to claim even 256 bits of security.
Definitely a lot of key, but I assume it could be generated from a
smaller seed, as is done in (e.g.) RC6, in which case it's still worth
trying to analyze it as it stands, and strap on a key setup procedure
later if it proves to be secure with a random 32K-bit key.
--
Jim Gillogly
Sterday, 20 Thrimidge S.R. 1999, 19:00
12.19.6.3.5, 8 Chicchan 13 Uo, Second Lord of Night
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Crypto export limits ruled unconstitutional
Date: Tue, 11 May 1999 13:37:07 -0600
In article <[EMAIL PROTECTED]>, cosmo <[EMAIL PROTECTED]> wrote:
> Can a person publish a flowchart for an algorithm ? How about a program
written
> in pseudocode ? How about a general mathematical description of an encryption
> algorithm ? How could anyone say that such is not protected by the first
> ammendment ?
>
Begin with a simple example. Picture a single block that is labeled
"Unexportable Encrytion." Add an line to it called "Plaintext, another
called "Key," and, another called "Ciphertext." No one could rationally
conclude that such a diagram was not exportable.
--
What's HOT: Honesty, Openness, Truth
What's Not: FUD--fear, uncertainty, doubt
------------------------------
From: [EMAIL PROTECTED]
Subject: IEEE P1363 meeting June 7-9, Stockholm
Date: Tue, 11 May 1999 15:18:58 GMT
The IEEE P1363 working group, "Standard Specifications for Public Key
Cryptography," will be meeting June 7-9 in Stockholm. New participants
are welcome.
Please see http://grouper.ieee.org/groups/1363/announcements/Jun99.txt
for more information.
-- Burt Kaliski
Chair, IEEE P1363
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA Chips
Date: Tue, 11 May 1999 19:48:38 GMT
In article <[EMAIL PROTECTED]>,
Oliver Hauck <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I would like to learn about the present state of the art in dedicated
> single-chip VLSI implementations of RSA, specifically: throughput,
> latency, and energy requirements.
>
> Has RSA been implemented on a wireless (inductance powered) crypto
> chipcard yet?
>
As this ties in with my previous post, please address any e-mails to me as
well.
I am looking for roughly the same thing it seems.
Thanks.
>
> --
> ________________________________________________________________________
>
> Oliver Hauck
> [EMAIL PROTECTED] phone: +49 6151 16-3983
> http://www.vlsi.informatik.tu-darmstadt.de/oli fax: -4810
> Darmstadt University of Technology Departments of CS and EE
> Alexanderstrasse 10 Integrated Circuits and Systems Lab
> 64283 Darmstadt Germany
> ________________________________________________________________________
>
--
Douglas Konzuk The Fortress Group of Companies Ltd.
Calgary, Alberta www.thefortressgroup.com
Canada [EMAIL PROTECTED]
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: TOMSTDENIS AND SCOTT ARE THE SAME PERSON--
Date: Tue, 11 May 1999 20:10:58 GMT
Too bad you really suck at computers and math in addition to english.
In article <7h88vg$5rq$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> > [EMAIL PROTECTED] wrote:
> > > I am nothing like Scott (no offense), we work on different areas
and
> > > have different ideas.
> >
> > Aha! Proof positive that you are not Scott. You used a comma
> > splice in this sentence. Although that is a grammatical error
> > (a first-order Scott identification mechanism), he uses commas
> > only in his C programming -- never in his English-like text.
> >
> > If anybody can turn up a Scott article in the archives that
> > contains a comma in text he wrote (rather than quoted), I'll
> > (virtually) eat my words.
> >
> > Must remember to include this identification mechanism in my
> > stylometric analysis program.
>
> Good observation, my, grammar is bad... Sorry I like math and
computers
> not english.
>
> :)
>
> Tom
> --
> PGP public keys. SPARE key is for daily work, WORK key is for
> published work. The spare is at
> 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
> 'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
>
> --== Sent via Deja.com http://www.deja.com/ ==--
> ---Share what you know. Learn what you don't.---
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: TwoDeck solution (but it ain't pretty)
Date: Tue, 11 May 1999 20:13:08 GMT
Nobody wants a look at your pathetic "TwoDeck" piece of crap because
despite your ability to use html->ps/pdf converters, what you say is
still shit.
In article <7h9beb$2d$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I have found a (one of possibly many) solutions for TwoDeck. The
> required effort can be found on
>
> http://members.tripod.com/~tomstdenis/solution.ps
>
> I will write a brief paper on how to actually perform it later
tonight.
> The required effort to find S many solutions is on the page (it's a
> single page document).
>
> Please have a look.
>
> Tom
> --
> PGP public keys. SPARE key is for daily work, WORK key is for
> published work. The spare is at
> 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
> 'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
>
> --== Sent via Deja.com http://www.deja.com/ ==--
> ---Share what you know. Learn what you don't.---
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
Date: Tue, 11 May 1999 21:17:25 +0100
From: Ray Girvan <[EMAIL PROTECTED]>
Subject: Re: Roulettes
[EMAIL PROTECTED] writes:
> I was talking about a board that you just push a button. If you had to
> roll the device, use a real dice!!!
Oh, but woudn't it be wonderfully pointless! Seven-segment displays
on *all* faces, mercury sensors inside to detect which face is up
when it lands ... and so on.
Ray
--
[EMAIL PROTECTED] +++ Technical Author +++ Topsham, Devon, UK
http://www.users.zetnet.co.uk/rgirvan/ +++ The Apothecary's Drawer
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Lemming and Lemur: New Block and Stream Cipher
Date: Tue, 11 May 1999 20:21:17 GMT
In article <7h8966$65s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> <snip>
>
> Sounds interesting, try to document your publication in a .PS or .TXT
> file so we can further read/study your idea. Try to explain why you
What does the format of the file have to do with an algorithm
description.
> made the decision you did
I don't see you doing this in your "difficult to break" TC1, TC2, SHIT-
4000 or whatever the hell it is algorithm you make.
, and how it is a new/better idea. Try to
> analyze the algorithm, suggesting starting points for an attack.
You can use fancy symbols and big words, but I would like to suggest a
simple challenge in the Thread: "A simple challenge for Tomstdenis".
>
> Above all feel free to ask for help!!!
You certainly seem to avail yourself of this...
>
> Tom
>
> --== Sent via Deja.com http://www.deja.com/ ==--
> ---Share what you know. Learn what you don't.---
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Roulettes
Date: Tue, 11 May 1999 20:17:56 GMT
In article <7guqgs$69o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> > Mmm. You need at least a palmtop. Wouldn't dice be more handy
> > for you?
> >
> Given the money, I could build a large stamp size computerized dice
(for about
> 100 dollars)
You probably couldn't build a screwdriver, you moron.
... Using a small AVR cpu and some leds...
>
> Of course my method (bisecting) outputs 16 values at once, and
requires a long
> RNG (probably a LFSR of at least 2**128 complexity).
You probably couldn't even explain why a LFSR works, much less how to
choose a primative polynomial. "complexity"...stop trying to use big
words that you don't have the slightest fucking clue mean. It's a PRNG,
and not even a very good one. Read another book than _Applied
Cryptography_ (no disrespect intended for Schiener, who writes an
excellent book) and get a clue.
>
> Alas poor york :), you are right. Thine method of using a dice would
most
> likely be 'random' enough. Of course you can always use more then
one die at
> a time. You would have to check to make suer the dies are weighted
> correctly... Hmm reminds me of a game of monopoly which I cheated in
by
> putting extra 'paint' on the dies... :)
>
You're so fucking stupid. If you put paint on the dies, don't your
other "friends" roll the same dice too? You idiot.
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Lemming and Lemur: New Block and Stream Cipher
Date: Tue, 11 May 1999 13:42:40 -0700
> In Lemur,
> for (i=0; i<plaintextLength; i++)
> {
> output (block[8] ^ plaintext[i]);
> block = rotate(block ^ key[block[0]]);
> }
> There is no block[8], you probably meant block[7]?
Block is 128 bits, or 16 bytes. Byte 8 is near the
middle. Yes, I did a double-take on it also. We both
did too much DES in the 70's, eh?
--
Jim Gillogly
Sterday, 20 Thrimidge S.R. 1999, 20:39
12.19.6.3.5, 8 Chicchan 13 Uo, Second Lord of Night
------------------------------
From: "Daryl Rauhala" <[EMAIL PROTECTED]>
Subject: Higher order derivatives paper by X. Lai ???
Date: Tue, 11 May 1999 16:35:44 -0400
If anyone has an electronic copy of the following paper I would appreciate a
copy or a link to it. I can't find it anywhere on the net or in my school
library. I have found five or six papers on higher order differential
attacks but can't find this one, the paper that started it all.
X.Lai, Higher Order Derivatives and Differential Cryptanalysis,
Communications and Cryptography, pp.
227-233, Kluwer Academic Publishers, 1994.
Thanks,
Daryl Rauhala
Queen's University
Kingston, Ontario, Canada
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Lemming and Lemur: New Block and Stream Cipher
Date: Tue, 11 May 1999 20:42:21 GMT
> What does the format of the file have to do with an algorithm
> description.
So we can view it offline of course. It makes it easier and cheaper to
view. Of course you don't care do you?
> I don't see you doing this in your "difficult to break" TC1, TC2,
SHIT-
> 4000 or whatever the hell it is algorithm you make.
Let's see those were my first algorithms, which I wrote with zero
experience. I never claimed they were good, I just started with them.
I am getting better, for example TwoDeck includes more detailed
descriptions of the design (I am to improve it) and some analysis. As
I posted in private I am adding the two forms of analysis I performed
to the paper.
> You can use fancy symbols and big words, but I would like to suggest a
> simple challenge in the Thread: "A simple challenge for Tomstdenis".
Big words? Where I really don't see them. I use terms, such as
complexity, but that's a real word.
> > Above all feel free to ask for help!!!
>
> You certainly seem to avail yourself of this...
Hmm... Well you seem very rude.
Look here is some info about me. I am in grade 11, I am 17 years old,
I have had no formal training. So if I make a mistake please inform
me, but your raving mad postings do not acheive anything.
What do you know other then this raving crap. You are a very mean
person, and I kinda wish this group was moderated...
Please stop picking on me, if you have something to say, say it in
private. If you want to help, how about help with TwoDeck. I could
use some analysis of it, although I have done some myself.
Tom
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Lemming and Lemur: New Block and Stream Cipher
Date: Tue, 11 May 1999 14:01:50 -0700
lcs Mixmaster Remailer wrote:
> > TO LEMMING ENCRYPT A BLOCK:
> >
> > for (i=0; i<32; i++)
> > block = rotate(block ^ key[block[0]]);
> But is this guaranteed to be unique? What if block[0] is 0 before we
> do the decryption XOR. Then what if there is more than one value i
> for which key[i][0] = i. That shouldn't be impossible since key[i][0]
> is a random permutation; it could have more than one fixed point.
You're right -- in my first response I assumed key[*][0] is a permutation,
but it isn't after all : perm[*] is a permutation, and key[*][0] is
generated by key[i][0] = i ^ perm[i], which, as you say, need not give
unique key[*][0] values.
I misread the key construction step as key[i][0] = perm[i], which I think
should allow unambiguous decryption.
--
Jim Gillogly
Sterday, 20 Thrimidge S.R. 1999, 20:54
12.19.6.3.5, 8 Chicchan 13 Uo, Second Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Roulettes
Date: Tue, 11 May 1999 20:56:14 GMT
<snip>
Actually I have worked with the following cpus 8096, 8051, 8032 (same
thing), 8086, 6809, 68hc12, 68hc11, avr, avr-mega. So yes, I know
controllers well.
Hmm, the 128-bit lfsr with a proper polynomial will have a cycle length
of 2**128 - 1, not 2**128 as I posted. Sorry...
The dice thing was a joke, I don't actually cheat such silly games :)
Please stop posting your nonsense.
Tom
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
