Cryptography-Digest Digest #73, Volume #10 Thu, 19 Aug 99 00:13:03 EDT
Contents:
Re: CRYPTO DESIGN MY VIEW (John Savard)
Re: I need strongest weak elliptic curve... (David A Molnar)
Re: Decrypted International Crypto inside the US (JPeschel)
Re: Definition of cracked? (Tom St Denis)
Re: VEA - Video Encryption Algorithm (Nicol So)
Re: VEA - Video Encryption Algorithm (Nicol So)
Re: Wrapped PCBC mode (Tom St Denis)
Re: Decrypted International Crypto inside the US (wtshaw)
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: New encryption algorithm (JPeschel)
Re: NIST AES FInalists are.... (JPeschel)
Re: Q. a hash of a hash ... ([EMAIL PROTECTED])
Re: I HOPE AM WRONG ("Douglas A. Gwyn")
Re: Decrypted International Crypto inside the US ("ME")
Re: New encryption algorithm ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: CRYPTO DESIGN MY VIEW
Date: Thu, 19 Aug 1999 00:43:01 GMT
Nicol So <[EMAIL PROTECTED]> wrote, in part:
>With Huffman coding, the best you can do with a high probability symbol
>is to encode it with 1 bit. Arithmetic coding has no such limitation.
>For a very skewed distribution with a high probability symbol,
>arithmetic coding can be significantly better than Huffman coding.
True, but in other cases Huffman coding is quite adequate, and it is
much simpler and faster.
There are other ways to go beyond Huffman coding.
For example, in compressing English text with word spacing, it is
better not to include a symbol for the space character in the same
Huffman code as the letters of the alphabet. Instead, have one Huffman
code for the alphabet, and a separate one based on the distribution of
the lengths of words, and alternate between the two codes.
For a type of object encountered as frequently as text, a hand-tuned
compression algorithm makes sense. One can even combine Huffman coding
with dictionary coding - and save more bits by making the dictionary
of actual space-delimited words instead of arbitrary strings of
characters.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: I need strongest weak elliptic curve...
Date: 19 Aug 1999 00:37:35 GMT
Greg <[EMAIL PROTECTED]> wrote:
> Does anyone know what is the largest Koblitz elliptic curve (using
> polynomial basis) that can be freely exported without an export
> license? If so, can you post the curve parameters? I need to make a
> free downloadable demo of my software, and I would like the stronget
> possible curve that is still weak enough that it would not require an
> export license.
I think you need a license technically no matter what kind of encryption
you use. It's just that this need is overlooked for "trivial" stuff. You
may be thinking of the fact that getting an export license is supposed to
be "easy" for certain bit-lengths of symmetric and asymmetric ciphers. (I
haven't tried it myself). Some info can probably be found at
http://bxa.doc.gov .
-David
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Decrypted International Crypto inside the US
Date: 19 Aug 1999 01:35:39 GMT
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> Joe there are laws about sending encrypted messages out over the
>ham radio airways. Because I remember the Ham teacher saying it
>was illegal since the government wants to know about all messages
>sent over the airwaves. I asked about morse code and he said that
>was not considered encryption. So you might be able to recieve
>such message but the US does have limits on how you send
>encrypted messages in some cases like the Ham example.
>
>
Yeah, Dave, it seems I've read that here concerning ham
radio operators. I also think I remember something about such
a no-no from when I was in grade- or high-school. Someone
explained the reason for the law, as I recall, was post-war hysteria
over people with last names such as mine.
Could it be that we are both just old? Does such a law still exist?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Definition of cracked?
Date: Thu, 19 Aug 1999 01:33:19 GMT
In article <7pe8u6$q5g$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Just to elaborate on what Tom said a little, many, if not all, ciphers
> have been "cracked." The question is how feasible is it. Many times
> the cipher is cracked for a reduced round version or a slight
variation
> of it. Other times it is against the full-strenght algorithm. With
> many attacks, like the one on rc5, the attack will break the
algorithm,
> but the amount of work is enourmous. In these cases, it demonstrates
> that the algorithm does not perform as expected. An example of this
> would be if an attack on an AES cipher were to need 2^127 different
> plaintexts to succeed, yes, the cipher is broken, but the attack is
> infeasible. In my opinion, this does not mean that you cannot use the
> cipher, however it makes me wonder what other attacks will work
better.
One crucial example though.
It might be able to break RC5 with 2^53 chosen plaintext, this would be
faster then searching the entire key. However if you send less then
that, you have to use more effort. In fact you will probably have to
search the key.
For example you send a file (say 300 bytes) encrypted with RC5 that is
not enough (even if you know the message) to attack 12-round RC5 ...
So it depends on how the attack work.
For example all block ciphers of n bits are vulnerable to dictionary
attacks of 2^n known plaintexts. it is however not gonna happend.
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: VEA - Video Encryption Algorithm
Date: Wed, 18 Aug 1999 21:42:56 -0400
Stefan Lucks wrote:
>
> > Here's a link to a description of VEA, an encryption algorithm designed
> > to work within the MPEG compression/decompression process. It is noted
> > in the text that it is not very secure against real cryptographers,
> > however it can be useful for privacy and securing pay-per-view.
> >
> > http://www.acm.org/sigmm/MM98/electronic_proceedings/shi/
>
> I had a look at that paper some time ago, and was quite disappointed (to
> say the least):
> ...
In response to Stefan Lucks's messsage, [EMAIL PROTECTED] wrote:
>
> I won't say it's snake oil. They never claimed it to be great. To me
> at least, it looked like simple XOR cipher. There's not even a key
> setup. They use a 128 bit key, thus it has a period of 128. I was
> mainly trying to sum up or quote the article in my description. Anyway,
> thought someone might be interested to know about it.
Stefan was justifiably disappointed. Based on what they wrote, it seems
that the authors were not in the industry and they did not understand
the conditional access requirements of a cable/satellite TV system.
> P.S. As for all the cable pirates out there, you have to remember this.
> This algorithm probably uses the same principle as the lock on your
> door: it was designed to keep honest people out. If you really want it,
> you will get in with this.
This kind of security is unacceptable for the application.
Nicol
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: VEA - Video Encryption Algorithm
Date: Wed, 18 Aug 1999 21:53:46 -0400
First of One wrote:
>
> The number of cable users accounts for a neglible percentage of the
> entire population, and not all cable users pirate videos. So just
> how many people will be really affected by the VEA?
In the US, the fraction of the population living in a cable household is
very substantial. It is true that most cable users are not pirates, but
that's because of the security built into the deployed systems. If
there is little or no technical protection, piracy will be a widespread
problem. As far as I can tell, no deployed systems use VEA. Anyone
proposing to use VEA in a real system will receive serious objections
from multiple sources.
Nicol
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Wrapped PCBC mode
Date: Thu, 19 Aug 1999 01:29:08 GMT
In article <7pf891$2rfe$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Well Mr BS likes to attack many people. Yes there are many weak
> student ciphers. He even has attacked my method along wiht his Buddy
> Wagner. Wagner said he stated mine was dead and the Slide attack
> would show so. Well he was full of shit. Know he is to busy to
susposedly
> look at it. Yet these Phony Crpyto Gods can point to a few bad student
> ciphers and they use that fact to bash everyone else. With out the
open
> honesty of actually looking at it. Mr BS has stated numerous times
that
> he is to busy to look at student ciphers. So how the hell can he make
> statements about them.
Broken record or what? Can someone give ds a clue as to why nobody
uses his method?
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: Decrypted International Crypto inside the US
Date: Wed, 18 Aug 1999 21:14:32 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Doug Stell) wrote:
>
> I have heard in personal discussions with the powers in control words
> to the effect that if strong crypto is used off shore, it is presumed
> that someone, possibly the recipient, had previously violated the
> export regulations. How else would they obtain it?
> I believe that the
> same would be true for sending a strongly encrypted message to a
> foreign party.
It might be important to target traffic of international encrypted
messages, knowing who is sending them to who, and restricting or
preventing such in time of war is not unknown. It might be acceptable to
limit such traffic between us and unfreiendly countries. But, it would be
tough sledding to sell the idea that all communications between citizens
of various countries at peace with one another should be tightly
controlled.
> There seemed to be little or no recognition that a
> foreign party could develop a compatible implementation without U.S.
> involvement (their words).
While export regulations may have some effect in limiting the export of
crypto, they are insufficient to completely do the job. It is perfectly
acceptable to export printed source code and/or elaborate non-source code
type instructions and descriptions for writing source code, including test
vectors. The older regulations forbade all of these, but, functionally
and because of court rulings, only source code and actual software seems
to remain within the realm of things that export regulations can address.
> "without U.S. envolvement" = "clean room implementation"
Once you know how to do it, not really a trade secret, crypto applications
are relatively easy to write. So make things difficult and esoteric in
attempts to preserve such abilities to themselves. There are always
alternatives that are much better than what is commonly recognized.
--
All's fair in love, war, and crypto. ERACE
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 19 Aug 1999 02:38:12 GMT
JPeschel wrote:
> Does that 90 per cent apply to both of us, too?
"Present company excepted".
Actually, we may exhibit some bias if we rate ourselves.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: New encryption algorithm
Date: 19 Aug 1999 03:03:38 GMT
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> Joe I am not sure I really belive it is as easy as you say.
I didn't say it was easy. I said it was tough but possible
for a newcomer, an unknown, or a revolutionary to break
into print no matter the genre: scientific or popular.
>Suspose I wanted to submit my scott16u with a few pactches
>such as array sizes to a Journal Where the write up is short but that
>would contain the full source code with operation examples.
> I would rather do examples than write. But do you honestly
>know of one that I can do this. And would not the office have to
>be in the US since I could not export it out legally. I would
>be willing to do this but I don't want to pay for something
>phony.
Don't pay for publication! Generally a popluar magazine pays
you. The Dobbs Journal, or something similar, might offer
payment, but I've never written for them, and you've insulted
the one fellow I know who has.
Other academic or scientific journals might pay little, or nothing
at all, except for contributor copies or a subscription, and prestige.
You're going to have to decide who your target audience is, and
where you want to get published. You'll need to read the
publication, and, request, if available, author's guidelines about
format and style. Could be just MLA, but you better ask.
> If you like you could proof read the writting part for any errors
>in grammer and use your name as co-writer or what ever.
> Or if you wish go all the way and do scott19u instead
>
I would consider re-writing a short of description scott16u, but
that re-write is going to entail translating it into English from the
original Scott-ish :-)
Kidding aside -- if you send me a good description of scott16u to
re-write for you, I'll do it under a few conditions. First, lay-off
the personal attacks. They do you and your ciphers absolutely
no good. That means no attacks under an alias, either. :-) You should
also make an apology to Bruce and others, here, too. Perhaps
doing those things will help restore your credibility.
I know this is asking a lot, but it's cheaper than paying my rates
for a re-write. You can still be a flamboyant maverick, if you
want, but you don't need to insult folks, especially those in
a position to help you or to publish your stuff.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: NIST AES FInalists are....
Date: 19 Aug 1999 02:09:22 GMT
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>Since that information is already public knowledge,
>I can use it as an example without compromising
>national security.
>
>Suppose, and I'm inventing *this* example,
>that I knew that IDA-CRD had decades ago developed
>an algorithm for efficient factoring of certain
>common classes of products-of-primes that worked
>in most, but not all, cases. It might be in
>routine use in attacks against systems based on
>RSA or similar schemes. The fact that public
>cryptographers have no clue about this would be
>one of the things that would lead me to conclude
>that they are way behind the state of the art.
>I can say that they are behind the state of the
>art, but I can't explain how I know that without
>risking damage to intelligence production.
>
>> But some your of comments in this thread, for
>> instance, knowing "at most a dozen
>> cryptomathematicians" that the NSA would
>> want to hire [that they don't already have
>> on tap] look like show-boating.
>
>Maybe you should instead be happy that I'm sure
>there are some that they would love to hire.
>
>Remember that Sturgeon's law applies to nearly
>everything, including academic researchers.
Does that 90 per cent apply to both of us, too?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q. a hash of a hash ...
Date: Thu, 19 Aug 1999 02:13:32 GMT
Anton Stiglic wrote:
(after Brian McKeever had written:)
> > Is your position that a problem that's, say, twice
> > as easy as an intractible one is still intractible
> > (based on the "half of infinity is
> > still infinity" argument?
>
> Yes, something like that. Say I have a problem that
> can only be resolved in exponential time, if I cut
> that time in half, or in 3, or in any constant, the
> problem still stays exponential, and still difficult
> to resolve.
I think it's worth pointing out that the difference
in computation here is not a factor of two. If we
can find a collision in H^2, it only takes two more
more hashing operations and a comparison to find a
collision if H^2. So really it's "Two easy
operations less than an intractable amount of
computation is still intractable".
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: I HOPE AM WRONG
Date: Thu, 19 Aug 1999 03:12:31 GMT
Come on, Greg, David is a lot more civil than he used to be.
Occasionally one of his posts results in some fairly interesting
discussion.
Try to ignore the "dark side" of David and encourage the light.
------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: Decrypted International Crypto inside the US
Date: Thu, 19 Aug 1999 13:20:43 +1000
Australia, and I beleive the US have ham radio-related regulations requiring
morse code transmissions to be in english.
As an "amateur" hobby, encryption or any other form of non-plain text
message encoding suggested a non-hobby activity, and hence contravened the
licence conditions.
Yes, I know "plain text message encoding " gets hairy if you are a stickler
for definition, considering packet radio, SSTV etc.
I mean no secret values are needed to encode or decode the messages.
So it seems law = no, regulation = yes.
Lyal
JPeschel wrote in message <[EMAIL PROTECTED]>...
>>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>
>
>> Joe there are laws about sending encrypted messages out over the
>>ham radio airways. Because I remember the Ham teacher saying it
>>was illegal since the government wants to know about all messages
>>sent over the airwaves. I asked about morse code and he said that
>>was not considered encryption. So you might be able to recieve
>>such message but the US does have limits on how you send
>>encrypted messages in some cases like the Ham example.
>>
>>
>
>Yeah, Dave, it seems I've read that here concerning ham
>radio operators. I also think I remember something about such
>a no-no from when I was in grade- or high-school. Someone
>explained the reason for the law, as I recall, was post-war hysteria
>over people with last names such as mine.
>
>Could it be that we are both just old? Does such a law still exist?
>
>Joe
>__________________________________________
>
>Joe Peschel
>D.O.E. SysWorks
>http://members.aol.com/jpeschel/index.htm
>__________________________________________
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: New encryption algorithm
Date: Thu, 19 Aug 1999 03:23:56 GMT
JPeschel wrote:
> ... The Dobbs Journal, or something similar, ...
So far as I know all major magazines pay the authors,
although not usually very much. Besides Dr. Dobbs,
there is at least one other C/C++ journal you can find
on newsstands that publishes complete source code along
with the text of the article. I've seen occasional
articles on cryptography in these magazines. So it
does sound like a likely outlet for David's article.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 19 Aug 1999 03:03:33 GMT
[EMAIL PROTECTED] wrote:
> A number of people who post here have, or previously
> had, security clearances.
I have of course never posted information about any
clearances I may have or not have. People who need
to know that have ways to check up on it.
> To lie you'd actually have to say something.
What I have said, which you contradicted, is that I
have a basis for judging whether Agency cryptanalysts
have an edge over outside cryptographers; there are
several ways I could have obtained such information,
and I am not obliged to disclose them to you. There
have been posts by other people making reasonable
arguments that agree with what I said on this topic.
Feel free to ignore my opinions, then, if you think
they're baseless. But you have no evidence to
support your claim that I cannot possibly have
relevant information. It seems to be an emotional
reaction from thinking that someone is saying you're
not the best.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
