Cryptography-Digest Digest #851, Volume #9 Thu, 8 Jul 99 15:13:03 EDT
Contents:
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Analysis of DDARNG ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG (Mok-Kong Shen)
Re: Is Stenography legal? (Mok-Kong Shen)
Re: Is Stenography legal? (Patrick Juola)
Re: How to find the period of a sequence (Paul Koning)
Re: US Laws on DES Crypto Distribution? (Paul Koning)
Number Field Sieve, RSA factoring (Nathan Royer)
Re: Properties of Chain Addition? (Medical Electronics Lab)
Re: Properties of Chain Addition? ([EMAIL PROTECTED])
Re: Number Field Sieve, RSA factoring (James Pate Williams, Jr.)
Re: Is Stenography legal? ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG (John Savard)
Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
Re: Stream Cipher != PRNG (Mok-Kong Shen)
Re: Help With Key Algorithm For Software Unlock (Thierry Moreau)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Thu, 08 Jul 1999 19:12:18 +0200
John Savard wrote:
>
>
> Although as a Canadian I recently celebrated our national holiday
> (Canada Day, formerly known as Dominion Day, July 1st) by making my
> first source code post, as my country doesn't go beyond Wassenaar,
My poor English has difficulty to interpret your 'go beyond'. Do you
mean 'act more stringently than'? Anyway, is the Wassenaar agreement
already implemented in Canada or will it shortly be implemented?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Analysis of DDARNG
Date: Thu, 08 Jul 1999 17:23:28 GMT
In article <7m13oe$v4l$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> To show that I am keenly investigating this RNG, I performed a Order-1
> Analysis of the output of RC4 and DDARNG. The test was 8MB of output
> where I tested for (with each unique byte) a) count and b) distance.
Oops this was a ORDER-0 test, I only used 256 element arrays with no
histories (i.e all in the same base). This test is pretty much a
simple statistical test to see if all the possible outputs are evenly
distributed.. etc..
I did do a ORDER-1 test as well. I made a simple frequency based
predictor (ala huffman style) and found that in a 8MB file DDARNG
output was predicted correctly only 2^-8.01 of the time and RC4 was
predicted 2^-7.98 of the time. It should read 2^-8 on truly random
data. Basically this means that ORDER-1 analysis (of this style) is
not effective against either RC4 or DDARNG. Too see if my test worked
I tried it against .EXE and .TXT files, both of which failed (predicted
about 45% of the output...)
If anyone want this test program as well just ask. Basically I am
doing these tests to see if there are any anamolies in the output.
Neither RC4/DDARNG can be compressed. They perform well on both tests
as well.
I recently change my C++ code to make th DDARNG code much faster. I
will upload the changes later today. This means that RC4 and DDARNG
are about on a par speedwise.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Thu, 08 Jul 1999 18:49:30 +0200
[EMAIL PROTECTED] wrote:
>
> In a private email I was told that stream ciphers and PRNGs are
> completely different beasts. Am I missing something? I always thought
> Stream ciphers were PRNGs which are difficult to solve (i.e
> intractable).
For terminology it seems to be very good to consult the Handbook
by Menezes et al.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is Stenography legal?
Date: Thu, 08 Jul 1999 19:35:26 +0200
Patrick Juola wrote:
>
> At the moment, your assumption appears not to hold -- there simply
> *aren't* hundreds of thousands of other harmeless encoded messages.
> Encoded email is rare enough to be worth paying attention to on that
> basis alone. And that's why the cypherpunks are looking so closely into
> steganographic techniques, because mailing bitmaps back and forth
> is more common, and therefore might be expected to attract less
> attention.
You are right. However, if there are sufficient number of people who
regularly encode their e-mails, whatever the nature of the contents
may be, using a diversity of encryption algorithms (primitive as
well as sophisticated ones) then the WWI will not have enough resources
to deal with that. If one only sends sensitive messages with encryption
and ordinary messages in the clear, then they can have a pretty good
chance of success since they can concentrate their work on these low
volume traffic. I am not sure that using steganographic techniques that
hide bits in pictures to send mails is a good counter measure to WWI,
since that's quite resource intensive. If sending coded messages
is allowed, why don't just do that? And, if one takes the trouble,
one can employ an extremely secure encryption to defeat decryption.
M. K. Shen
is quite
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Is Stenography legal?
Date: 8 Jul 1999 12:49:59 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>>
>
>> >> First, I think you mean STEGANOGRAPHY, not STENOGRAPHY. But it is
>> >> legal, and not against EAR. In fact, EAR does NOT apply to sending of coded
>> >> messages, but only to the dissemination of encryption software itself. And
>> >> steganography is not encryption.
>> >
>> >If an encryption software is coded and sent (a coded message), is this
>> >against EAR? Presumably yes. But how is that to be controlled?
>>
>> Well, if The Man is smart enough to think to look for steganographic
>> patterns in Email leaving the country, it's easy enough to find.
>> It becomes a question of your cleverness in hiding against His in
>> finding.
>
>My trouble in understanding is as follows: If sending of coded
>messages is legal, then it is natural to assume that the authority
>is not going to take trouble to control the transmission of these
>messages, not to say to try to decrypt all these messages. Now how
>can an encoded software among hunderd thousands of other harmless
>encoded messages be detected?
And *that's* why the law enforcement agencies want capacities like
the Clipper/Capstone Chip, with its magic button to permit wiretapping.
That's also why current regulations will typically permit 'weak'
encryption to be exported, but not anything strong enough to be annoying.
I agree that a simple fishing trip -- looking for a needle among millions
of haystacks -- is difficult and probably unrewarding. But in conjunction
with other information, specifically information that leads The Man
to believe that you-specifically (or another specific person) might
be intending to export cryptographic software, then you'll be the
target of some unwanted attention.
At the moment, your assumption appears not to hold -- there simply
*aren't* hundreds of thousands of other harmeless encoded messages.
Encoded email is rare enough to be worth paying attention to on that
basis alone. And that's why the cypherpunks are looking so closely into
steganographic techniques, because mailing bitmaps back and forth
is more common, and therefore might be expected to attract less
attention.
-kitten
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: How to find the period of a sequence
Date: Wed, 07 Jul 1999 11:34:18 -0400
Terry Ritter wrote:
>
> On Tue, 06 Jul 1999 17:37:39 -0400, in <[EMAIL PROTECTED]>,
> in sci.crypt Paul Koning <[EMAIL PROTECTED]> wrote:
> ...
> >When I learned that algorithm, in the early 80's, it was attributed
> >to E.W.Dijkstra.
>
> My second edition of Knuth II �3.1.6(b) on p. 7 attributes it to R. W.
> Floyd, but I don't have a better reference.
Neat. Thanks for the pointer.
Come to think of it, it may be that I learned it *from* Dijkstra
and therefore thought of it as his.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: US Laws on DES Crypto Distribution?
Date: Thu, 08 Jul 1999 12:26:08 -0400
David Kessner wrote:
>
> Once upon a time, I thought that I understood the laws
> on distributing crypto hardware/software. But with all
> the talk on capital hill this past year, I have lost track of
> it all.
>
> I designed a hardware DES encryption/decryption engine
> in VHDL, and I would like to make the source code freely
> availble on the Web for anyone to download. But, I would
> not like to be sued, put in jail, audited (the NSA and the IRS
> are in league, right?), etc...
>
> So, what are the laws that apply to this?
Same as software, I believe. Don't send it out of the
country in machine-readable form. Paper should be ok.
You might want to get a copy of the EFF's "Cracking DES"
book, partly because it discusses some of the issues and
partly because it's an interesting piece of design.
paul
------------------------------
Date: Thu, 08 Jul 1999 10:21:24 -0700
From: Nathan Royer <[EMAIL PROTECTED]>
Subject: Number Field Sieve, RSA factoring
Hi... I'm a student at Cal Poly San Luis Obispo. I would like to do my
senior project on the Number Field Sieve Method of Factoring. I hear
that it is the fastest general number factoring algorithm for large
numbers. Yet I am having a really hard time finding information on the
subject. My questions are as follows:
1) is there any existing code available that has it implemented and if
so can I get a copy for analysis.
2) Where can I find documentation describing the algorithm in a way that
an undergraduate could understand.
3) Any help or advice with implementing the GNFS (general number field
sieve) in C or C++
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Properties of Chain Addition?
Date: Thu, 08 Jul 1999 12:04:37 -0500
[EMAIL PROTECTED] wrote:
> Only in counter mode. It is possible to have
>
> x = EK(y) and y = EK(x)
> (period = 2)
>
> x = EK(y), y = EK(z) and z = EK(x)
> (period = 3)
>
> And so on. This requires for a SINGLE key to have des-weak keys, semi-
> weak (and possibly quasi-weak)
>
> However.... This limits the period to 2^64 (64-bit blocks) but the
> entropy degrades as the outputs occur. In total for each output in
> counter mode there is only log2(!2^64) instead of 2^70 possible
> outputs. Basically the entropy degrades as the number of outputs
> increases.
Tom, you misunderstood Doug's reply. Stream ciphers don't have to
work on 1 bit at a time with XOR. They are not "just PRNG's" in
some designs. Stream ciphers can work on nibbles and bytes too.
In general the output of any cipher should look like a PRNG, but
saying that every cipher is "just a PRNG" isn't the whole picture.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Properties of Chain Addition?
Date: Thu, 08 Jul 1999 18:32:10 GMT
In article <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
> Tom, you misunderstood Doug's reply. Stream ciphers don't have to
> work on 1 bit at a time with XOR. They are not "just PRNG's" in
> some designs. Stream ciphers can work on nibbles and bytes too.
I know but in PRNGs you should not be able to predict the next output
with success rate greater then 1/2^n (n = num of bits). This holds
true for RC4 and my DDARNG (probably many others as well) but not
against block ciphers.
When used as a simple block cipher (i.e CBC or ECB mode) they are
essentially random mappings but there is some info leaked.
I.e in CBC mode if you have ABC as an input, the output is going to be
A'B'C' (each letter is a block). You know from examining the
ciphertext that if A' != B' then A != B. This is hindered somewhat in
CBC mode though...
> In general the output of any cipher should look like a PRNG, but
> saying that every cipher is "just a PRNG" isn't the whole picture.
Look like and actually being is different. Against PRNG the period and
linearness are strong concerns but otherwise PRNGs (such as LFSRs and
Additive Generators) are better PRNGs then block ciphers.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Number Field Sieve, RSA factoring
Date: Thu, 08 Jul 1999 17:50:32 GMT
On Thu, 08 Jul 1999 10:21:24 -0700, Nathan Royer
<[EMAIL PROTECTED]> wrote:
>Hi... I'm a student at Cal Poly San Luis Obispo. I would like to do my
>senior project on the Number Field Sieve Method of Factoring. I hear
>that it is the fastest general number factoring algorithm for large
>numbers. Yet I am having a really hard time finding information on the
>subject. My questions are as follows:
>
>1) is there any existing code available that has it implemented and if
>so can I get a copy for analysis.
>2) Where can I find documentation describing the algorithm in a way that
>an undergraduate could understand.
>3) Any help or advice with implementing the GNFS (general number field
>sieve) in C or C++
>
A good but out of date place to start is _The Development of the
Number Field Sieve_ by A. K. Lenstra and H. W. Lenstra, Jr.
Lecture Notes in Mathematics 1554 Springer-Verlag 1993
ISBN 0-540-57013-6 and ISBN 0-387-57013-6. I would try to
implement the special number field sieve first.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is Stenography legal?
Date: Thu, 08 Jul 1999 17:45:42 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Government is not reason. Government is force. -- George Washington
>
Here is a relevant question. How many u.s citizens actually want
crypto control? It seems people are in favor of envelops on snail
mail, why would they be against crypto on email? Do these same people
want the government to read their letters to grandma?
Hmm, it seems that most governments (espescially canadian and us) have
a hard time trying to figure out what the people really want.
In that A&E special they said about 75% of all u.s citizens believe in
gun control, yet their is still no functional laws about it. This is
ot, but it's kinda the reverse of the crypto situation.
One last question, how does controlling export of crypto technology or
it's use stop a criminal from using it? Really I mean if a criminal
can program in C they can write their OWN programs to use a relatively
strong algorithm. It's not productive.
Anyways my two cents. I just thought it's interesting their is no laws
against stengagraphy (spelling?) but there are against cryptography...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Stream Cipher != PRNG
Date: Thu, 08 Jul 1999 19:00:56 GMT
[EMAIL PROTECTED] wrote, in part:
>In a private email I was told that stream ciphers and PRNGs are
>completely different beasts. Am I missing something? I always thought
>Stream ciphers were PRNGs which are difficult to solve (i.e
>intractable).
Well, most of the stream ciphers you will read about in Applied
Cryptography are exactly that.
Here are two kinds of ciphers:
a) The plaintext is taken in blocks of 64 or 128 bits, and enciphered
by a method that doesn't change from block to block, but is always the
same for every block enciphered with a given key.
b) The plaintext is taken bit by bit, and each bit either stays the
same or is inverted, as determined in a way that changes from bit to
bit in a complicated fashion.
(a) is a block cipher, and (b) is the kind of stream cipher you're
talking about.
But there are other kinds of cipher which are in between (a) and (b),
and they're usually also called stream ciphers (although some are also
called special modes - other than ECB, electronic codebook mode - of
block ciphers).
For example, the plaintext can be taken in chunks of eight bits, and
the fate of each byte in the plaintext can change from byte to byte,
perhaps with more than 256 possibilities for the rule to be applied to
each byte. For example, a rotor machine, which might produce
26*26*26*26*26 different alphabets with five movable rotors, produces
a stream cipher applied to letters.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Thu, 08 Jul 1999 17:51:50 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >
> > In a private email I was told that stream ciphers and PRNGs are
> > completely different beasts. Am I missing something? I always
thought
> > Stream ciphers were PRNGs which are difficult to solve (i.e
> > intractable).
>
> For terminology it seems to be very good to consult the Handbook
> by Menezes et al.
For those without the book....
Are they or are they not functionally equivelent? Is a stream cipher a
PRNG?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Thu, 08 Jul 1999 20:53:32 +0200
[EMAIL PROTECTED] wrote:
>
> > For terminology it seems to be very good to consult the Handbook
> > by Menezes et al.
>
> For those without the book....
>
> Are they or are they not functionally equivelent? Is a stream cipher a
> PRNG?
Several chapters of the Handbook can be downloaded. I am not sure
at the moment whether these chapters contain the materials you need.
M. K. Shen
------------------------------
From: Thierry Moreau <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Help With Key Algorithm For Software Unlock
Date: Thu, 08 Jul 1999 14:22:46 -0400
CanoeDad wrote:
>
> The market for this product
> is legal, that is it will be purchased by lawyers.
>
> I definitely don't trust lawyers to pay for software that they are
> using.
>
> The software is not shareware but demo ware. After a number of uses
> they will be urged to pay for it, that's all. If they don't want to
> then the uninstall option will be present for them to use.
>
> For niche products in which the customer base is not generous (such as
> law) some method is necessary or you won't eat!
>
For your purpose, the following scheme is being proposed:
1 A demo version of the software is distributed freely.
2 If the potential customer likes it, he registers basic
information on a registration screen, followed by a (file,
e-mail) transmission to your customer service site. At this
step, a reference number is displayed for step 3, and a
secret key linked to your customer is created. (Tell your
customers that "It's an enforceable click-through
contract!". Some of them might be impressed, because it
shouldn't be too far from the truth.)
3 A trade document (purchase order, pre-payment, or whatever)
is made to you, using the reference number from step 2.
4 You send back an electronic "something" that is
"personalized" with the secret key. This "something" turns
the demo version into production version. Typically,
"personalized" means encrypted with.
You may make it attractive for your customers to go back to
your site (for sake of customer loyalty), in which case the
secret key from step 2 serves as a basis for customer
identification (and overuse detection). Or you may tie the
secret key to your customer's system configuration, so that the
electronic "something" can not be reused in other systems, but
this is the very annoying part for your users (e.g. whenever
they upgrade their system).
You should contact me for details. It's not all public domain.
- Thierry Moreau
President
CONNOTECH Experts-Conseils Inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: +1-514-385-5691
Fax: +1-514-385-5900
e-mail: [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
