Cryptography-Digest Digest #875, Volume #9 Tue, 13 Jul 99 14:13:03 EDT
Contents:
Re: I want some encryption algorithms (John Savard)
Re: Standard Hash usage (David P Jablon)
Re: randomness of powerball, was something about one time pads ("Tony T. Warnock")
Re: randomness of powerball, was something about one time pads (Patrick Juola)
Re: Fractal encryption (James Andrews)
Arguement for 'Stream Cipher ~ PRNG' ([EMAIL PROTECTED])
Re: I want some encryption algorithms ([EMAIL PROTECTED])
Re: Arguement for 'Stream Cipher ~ PRNG' (Mok-Kong Shen)
Re: Base encryption (Patrick Juola)
3rd workshop on elliptic curve cryptography (ECC '99) (Alfred John Menezes)
Re: Fractal encryption (Glenn Davis)
Funny News ([EMAIL PROTECTED])
Re: DES permutations ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (fungus)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: I want some encryption algorithms
Date: Tue, 13 Jul 1999 14:42:25 GMT
Sankar Subburathinam <[EMAIL PROTECTED]> wrote, in part:
> I am looking for some algorithms that can be used for
>encryption and at the same time for sompression.
In general, one uses one algorithm for compression, and then
subsequently uses another algorithm for encryption.
However, a limited degree of encryption can be combined with
compression; one can, for example, randomize the equivalents used in a
Huffman code.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Standard Hash usage
Date: Tue, 13 Jul 1999 14:19:42 GMT
In article <7mbl2r$sg3$[EMAIL PROTECTED]>,
David Wagner <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>David P Jablon <[EMAIL PROTECTED]> wrote:
>> In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
>> >David P Jablon wrote:
>> >> That function, hash = sha1(P) || sha1(P || sha1(P)), limits the
>> >> entropy to no more than 160-bits, when P has more than 160-bits
>> >> of entropy.
>> >
>> >I don't see why this is so.
>>
>> Because it's not. In a moment of weakness I presumed that
>> sha1(x) == sha1(y) implied sha1(x||z) == sha1(y||z). Oops.
>
>Actually, I think your last remark is not so far off.
>
>At least in the case where x and y have the same length,
>and where that length is also a multiple of 512 bits,
>the statement holds with high probability, I believe.
>
>[Why? If the collision arises because of an internal
>collision in the internal chaining value, before the padding
>is processed, then indeed sha1(x||z) = sha1(y||z), as is
>easy to check.]
>
>Am I mistaken?
You're right. With the presumption that bitlen(x) == bitlen(y) ==
512 * n, the function does limit the output to no more
than 160 significant bits. And this worst-case scenario alone
may be a good reason to seek a better function.
But the other cases for different lengths of x and y were more
than I cared to analyse at the time, and with the "right" assumptions,
the function might well preserve more than 160 bits.
======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Tue, 13 Jul 1999 08:44:50 -0600
Reply-To: [EMAIL PROTECTED]
Keith A Monahan wrote:
> I have to quote a local right-wing conservative radio talk show host.
>
> "The lottery is a tax on the poor."
>
> Take the same money you spend on the lottery, put it into a savings account,
> a CD, or anything that has a (somewhat) gauranteed return on it. Even if
> the return is low, it will pay out more in the end...
>
> Keith
>
> P.S. http://www.warroom.com is the link for the radio show, fyi.
I always like the phrase: "The lottery is a tax on the innumerate."
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: randomness of powerball, was something about one time pads
Date: 13 Jul 1999 09:18:33 -0400
In article <7mdtns$hf3$[EMAIL PROTECTED]>,
Keith A Monahan <[EMAIL PROTECTED]> wrote:
>I have to quote a local right-wing conservative radio talk show host.
>
>"The lottery is a tax on the poor."
>
>Take the same money you spend on the lottery, put it into a savings account,
>a CD, or anything that has a (somewhat) gauranteed return on it. Even if
>the return is low, it will pay out more in the end...
For "will" read "is expected to", of course.
-kitten
------------------------------
From: James Andrews <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption
Date: Tue, 13 Jul 1999 16:19:49 +0000
Reply-To: [EMAIL PROTECTED]
Surely the answer is no. Chaos defines something of uncontrollable
scope
and content. Something which cannot be controlled, if used for a
process,
cannot be reversed, and wont necessarily occur the same. Fractals and
the study of chaos are linked but not the same. To use a fractal for
encryption you have one fundamental flaw, especially the way you are
defining it:
Either the fractal image would have to be HUGE, or it would be incredibly
simple to find the points which didnt match. If you attempted to
transmit
it formulaically, you'd either have to be a genius to work out how to
encrypt the pattern into the algorithms, and then they'd then become more
easily reverse engineerable anyway, as you could compare the differences
to a standard mandlebrot.
The fractal image compression methods work on a totally different basis
to
encryption, they works by attempting to generate the image "as the sum of
its parts" so to speak. Its not truly a "fractal image" it just employs
the repetitive self construction technique used within fractal
generation.
At the end of the day, by definition, if you could control any chaos
element to the extent that its application could be reversed without
disruption to the data stored, it would cease to be a chaos element. It
would become ordered.
James
PS I apologise for the formatting of this message, my client seems
to be taking the piss.
------------------------------
From: [EMAIL PROTECTED]
Subject: Arguement for 'Stream Cipher ~ PRNG'
Date: Tue, 13 Jul 1999 14:44:36 GMT
If a stream cipher is a time-based permutation (i.e LFSR type ciphers)
of the plaintext to form ciphertext [1], then it should form an ideal
PRNG if the user selects to encrypt a repeating string of plaintexts.
For example if the user takes a 'Stop-and-Go LFSR' stream cipher and
encrypts a never ending stream of zero bits, the resultant ciphertext
should be ideally random. In a block cipher this is obviously not true
therefore this argument applies to stream ciphers only. If this
argument is not true for any particular stream cipher then I conjecture
that the cipher is probably biased or correlated and therefore not
ideally strong (although it may be practically strong).
[1] However additive (fibonacci) generators are also state based.
Where there are 2^((r-1)(w-1)) full length cylces (r = size, w = #
bits). Each cycle will be (2^r - 1)2^(w-1) outputs long. This fact
does not disclude the possibility that a additive generator is a bad
PRNG under my argument.
Thanks for the time,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: I want some encryption algorithms
Date: Tue, 13 Jul 1999 15:03:47 GMT
In article <[EMAIL PROTECTED]>,
Sankar Subburathinam <[EMAIL PROTECTED]> wrote:
> I am looking for some algorithms that can be used for
> encryption and at the same time for sompression.
You mean 'compression' right?
Well the only real functions that satisfy this are hash functions but
they are not reversible. Normally compression then encryption is used,
like in PGP they compress with ZLIB then encrypt with the block
cipher.
I heard of examples of 'keying' splay trees then encrypting the
plaintext. This is vulnerable to chosen plaintext attacks and
generally not really secure.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Arguement for 'Stream Cipher ~ PRNG'
Date: Tue, 13 Jul 1999 17:29:11 +0200
[EMAIL PROTECTED] wrote:
>
> If a stream cipher is a time-based permutation (i.e LFSR type ciphers)
> of the plaintext to form ciphertext [1], then it should form an ideal
> PRNG if the user selects to encrypt a repeating string of plaintexts.
Please elaborate a bit more. I can't capture your sentence. Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Base encryption
Date: 13 Jul 1999 09:28:55 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>wtshaw wrote:
>>
>
>> > Each ideograph is in turn built of a small set of building blocks,
>> > the so-called strokes, e.g. a vertical line, a point, etc.
>> > In the European languages the building blocks of words are the
>> > alphabetical characters. Thus I am not sure that your comparison
>> > of 60000 to 64 is very appropriate.
>
>>
>> How many different strokes are there? Is there anything equivalent to a
>> coordinate system for placement? The big question here is whether a
>> formula for each ideograph is reasonable, such that from it a clear
>> picture for that word could be drawn? If not, why not? Would not such a
>> formula be sufficient to replace the word?
>
>There are basically 8 different types of strokes (units). But these
>are put in different loactions of an ideograph and can be of
>different size (e.g. a horizontal line may be short or long). It
>could theoretically be possible to describe an ideograph with
>sophisticated techniques of computer science, I believe, for instance
>graph grammars.
In point of fact, this is how some Japanese word processing systems
that I've seen work; you build a character stroke-by-stroke based on
a set of strokes overlayed on a semi-standard keyboard. *Hideously*
inefficient; more modern systems simply have you type phonetically, so
you type the keystrokes 'k' 'i' and the system determines which of
the dozen or so characters pronounced "ki" you wanted. Nice application
of NLP.
>> > On the other hand, the Chinese telegraphic code maps a subset of
>> > the words to 4 decimal digits. Via Unicode every Chinese ideograph
>> > has a 2 byte binary value.
>>
>> Could this be the answer for the above.
>>
>> > This has no correspondce for the words
>> > in the European languages. I said a couple of times previously that
>> > if there were a commonly accepted (quasi-standard) numerical encoding
>> > of English words, e.g. if a publisher of a big dictionary would
>> > associate a number to each word, then in the thus numerically
>> > encoded plaintext frequency analysis would be comparatively much
>> > more difficult to perform than in the case with the alphabets.
>>
>> Letters and numbers are simply to different bases, which are easily
>> converted to each other.
>
>But the character frequencies, become lost when numerically encoded
>(e.g. 'e' would not always, in fact rarely, be mapped to, say, '9').
>The same applies to digrams, trigrams etc. If one now scrambles the
>digits obtained, it is clear that one can do much less with the
>techniques of frequency analysis compared to the case where one
>scrambles the characters.
On the other hand, one can easily determine an expected frequency for
the the character '9' in the numerically encoded text; large-corpus
linguistics is something of a cottage industry. I would be *extremely*
surprised to find that this encoding step flattened out the various
N-gram probabilities in a way that significantly increased the
difficulty of plaintext analysis.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: 3rd workshop on elliptic curve cryptography (ECC '99)
Date: 13 Jul 1999 15:40:31 GMT
The 3rd workshop on Elliptic Curve Cryptography (ECC '99)
University of Waterloo, Waterloo, Ontario, Canada
November 1, 2 & 3, 1999
Second Announcement July 12, 1999
ECC '99 is the third in a series of annual workshops dedicated to the
study of elliptic curve cryptography. ECC '99 will have a broader
scope than ECC '98 and ECC '97, which focussed primarily on the
elliptic curve discrete logarithm problem. The main themes of
ECC '99 will be:
- Provably secure discrete log-based cryptographic protocols for
encryption, signatures and key agreement.
- Efficient software and hardware implementation of elliptic curve
cryptosystems.
- The discrete logarithm and elliptic curve discrete logarithm problems.
It is hoped that the meeting will encourage and stimulate further
research on the security and implementation of elliptic curve
cryptosystems and related areas, and encourage collaboration between
mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
There will be approximately 15 invited lectures (and no contributed
talks), with the remaining time used for informal discussions.
Sponsors:
Certicom Corp.
Communications and Information Technology Ontario (CITO, Canada)
MasterCard International
Mondex International Limited
University of Waterloo
Organizers:
Alfred Menezes (University of Waterloo)
Scott Vanstone (University of Waterloo)
Confirmed Speakers:
Mihir Bellare (University of California at San Diego, USA)
Dan Boneh (Stanford University, USA)
Robert Gallant (Certicom Corp., Canada)
Philippe Golle (Stanford University, USA)
Dan Gordon (Centre for Communications Research, USA)
Reynald Lercier (Centre d'Electronique de L'Armement, France)
Michele Mosca (Oxford University, UK)
Christof Paar (Worcester Polytechnic Institute, USA)
Andreas Stein (University of Waterloo, Canada)
Jacques Stern (Ecole Normale Superieure, France)
Edlyn Teske (University of Waterloo, Canada)
Stefan Wolf (ETH Zurich, Switzerland)
======================================================================
Preliminary Arrangements
REGISTRATION
There will be a registration fee this year of $250 Cdn or $180 US
($100 Cdn or $70 US for students). PLEASE REGISTER AS SOON AS POSSIBLE
AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS ON A
FIRST-COME FIRST-SERVE BASIS. We cannot process a registration
until all fees are paid in full. The deadline for all fees to be
paid and registration completed has been set for the 12th of
October, 1999. To register, complete, in full, the attached
REGISTRATION FORM and return it along with your payment to:
Mrs. Frances Hannigan, C&O Dept., University of Waterloo, Waterloo,
Ontario, Canada N2L 3G1. Confirmation of your registration will be
sent by email when payment is received in full.
========================cut from here=================================
ECC '99 CONFERENCE REGISTRATION FORM
Fullname:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Circle Your Choice:
Registration Fee: $ 250 Cdn / $ 180 US
Student Registration Fee: $ 100 Cdn / $ 70 US
(Registration Fee Includes Banquet)
Attending Banquet: Yes / No Vegetarian: Yes / No
Extra Guest Banquet Fee: $ 50 Cdn / $ 35 US
Guest Vegetarian: Yes / No
TOTAL REGISTRATION FEE: $___________________
**Make Cheque/Money Order Payable in Cdn or US funds only to:
ECC '99
Credit Card payments cannot be accepted
Additional Information:
=========================cut from here===============================
TRAVEL
Kitchener-Waterloo is approximately 100km/60miles from Pearson
International Airport in Toronto. Ground transportation to Kitchener-
Waterloo can be pre-arranged with Airways Transit.
TRANSPORTATION TO AND FROM TORONTO AIRPORT
PROVIDED BY AIRWAYS TRANSIT
It is advisable to book your transportation between the Pearson Airport,
Toronto, and Waterloo in advance to receive the advance booking rate of
$29 Cdn per person, one way, with Airways Transit (open 24 hours a day).
This is a door-to-door service; they accept cash (Cdn or US funds),
MasterCard, Visa and American Express.
Upon arrival:
Terminal 1: proceed to Ground Transportation Booth, Arrivals Level,
Area 2.
Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E.
Terminal 3: proceed to Ground Transportation Booth, Arrivals Level,
under domestic area escalators.
Complete the form below and send by mail or fax well in advance of your
arrival to Airways Transit. They will not fax confirmations: your fax
transmission record is confirmation of your reservation.
=========================cut from here=================================
AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC '99
ARRIVAL INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Arrival Date Airline Flight #
____________________________________________________________
Arrival Time Arriving From
____________________________________________________________
Destination in Kitchener/Waterloo No. in party
DEPARTURE INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Departure Date Airline Flight #
____________________________________________________________
Departure Time Flight # Destination
____________________________________________________________
Pickup From No. in party
____________________________________________________________
Signature Date
Send or Fax to:
Airways Transit
99A Northland Road
Waterloo, Ontario
Canada, N2V 1Y8
Fax: (519) 886-2141
Telephone: (519) 886-2121
=============================cut form here================================
ACCOMMODATIONS
There is a limited block of rooms set aside on a first-come first-serve
basis at the Waterloo Inn and the Comfort Inn for the evenings of
October 31, Nov 1, Nov 2 and Nov 3. Please make your reservations prior
to September 20, 1999, directly with the hotel.
Waterloo Inn
475 King Street North
Waterloo, Ontario
Canada N2J 2Z5
Phone: (519) 884-0222
Fax: (519) 884-0321
Toll Free: 1-800-361-4708
Website: www.waterlooinn.com
- $88 Cdn plus taxes/night for a single or double room
- please quote "ECC '99 Conference" when making your reservation.
Comfort Inn
190 Weber Street North
Waterloo, Ontario
Canada N2J 3H4
Phone: (519) 747-9400
- $78 Cdn plus taxes/night for a single or double room
- please quote "Group #11612" when making your reservation.
Other hotels close to the University of Waterloo are:
Destination Inn
547 King Street North
Waterloo, Ontario
Canada N2L 5Z7
Phone: (519) 884-0100
Fax: (519) 746-8638
Approx rate: $75 Cdn plus taxes/night
Best Western
St. Jacobs Country Inn
50 Benjamin Road, East
Waterloo, Ontario
Canada N2V 2J9
Phone: (519) 884-9295
Approx rate: $109-$119 Cdn plus taxes/night
The Waterloo Hotel
2-4 King Street North
Waterloo, Ontario
Canada N2J 1N8
Phone: (519) 885-2626
Approx rate: $112-$130 Cdn plus taxes/night
HOTEL TO CONFERENCE TRANSPORTATION
A shuttle to/from the campus will be available each day of the
conference from the Waterloo Inn only. Times for pickup and
drop-off will be given in the third announcement.
For further information or to return your Registration, please contact:
Mrs. Frances Hannigan
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: [EMAIL PROTECTED]
Fax: (519) 725-5441
Phone: (519) 888-4027
http://www.cacr.math.uwaterloo.ca/
===========================================================================
------------------------------
From: Glenn Davis <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption
Date: Tue, 13 Jul 1999 09:18:13 -1000
Plan B: Mandelbrot steganography
Two people share a key composed of:
1 coordinates for the area of the Mandelbrot set (50 bits)
2 limit of iterations (20 bits)
3 color mapping from iteration count to color code (30 bits)
4 scaling (10 bits)
The message is coded as color changes anywhere on the area
of the Madelbrot set. The resulting image can then be printed
on posters or on paper. Without the key, people cannot see
the coded color areas.
With the key, a person scans in the image from paper.
Use the key to produce the area of the Mandelbrot set
used as background. Overlay 2 images to recover difference areas.
Variable fineness would allow single pixel coding, OR large
blocks of pixels used for one bit so scanning and rough printing would
preserve the message.
------------------------------
From: [EMAIL PROTECTED]
Subject: Funny News
Date: Tue, 13 Jul 1999 16:16:12 GMT
Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
dress?) and I semi-quote
" Terroists can use encryption technologies making wiretaps effectively
useless and crime prevention much harder ... "
Basically she was advocating the restrictions.
My question is (this is an open question), What good do these
regulations ACTUALLY provide? If a criminal breaks the law won't logic
dictate they won't follow this law as well?
I think EFF is a good source for anyone interested. See it
at 'http://www.eff.org'. Are there any other good sites?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES permutations
Date: Tue, 13 Jul 1999 16:17:30 GMT
In article <7k51r0$gjr$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> > >DES;
> > >1 That initial permutation; is it actualy worth
> anything cryptograpicaly?
> >
> > No. They were put there to support the hardware
> implementation of DES that was popular in the mid-1970s.
> I've heard and read this several times but while
> being from a hardware background I cannot see how
> the initial permutation could speed up the
> hardware implementation. Does anyone know how it
> helps the hardware?
It doesn't help hardware. It doesn't take any
time in hardware. (No *extra* time beyond normal wiring
delays)
What it *does* do is royally slow down any software implementation.
*That* was the point.
Fabs are like the treasury's mints: there aren't that many and they are
easily monitored. Programmers are less readily herded.
DES's critical path involves two xors and Sbox logic, which
is simply a (fixed!) 6-input 4-output boolean function, ie, one layer
of combo logic.
Since each round uses only a few thousand gates, you can
unroll the loop, and voila, you have a fully pipelined
DES engine that cranks out a block per clock. A govt
lab just went public with a design along these lines.
You also need key-scheduling logic, which typically uses
sequential shifts, but can be computed all at once in
an unrolled version.
DES really is primitive, lightweight, and readily
brute forced in hardware compared to say Blowfish.
A 1-hour full 2^56 keysearcher engine fits on your
desktop in 1999 chip & packaging tech, although it
is probably easier to have a 1-minute engine in a machine room in
Maryland or Moscow, and do the cracking remotely.
========
What are you going to do, classify prime numbers? --Jodie Foster's char
to NSA director in _Contact_
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Tue, 13 Jul 1999 20:02:46 +0200
Dennis Ritchie <[EMAIL PROTECTED]> wrote:
>
..."Dennis Ritchie", from "Bell Labs" ???
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
