Cryptography-Digest Digest #275, Volume #10 Sun, 19 Sep 99 20:13:04 EDT
Contents:
Re: (US) Administration Updates Encryption Export Policy ("rosi")
Homophones (John)
Re: Mystery inc. (Beale cyphers) (Curt Welch)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Ian)
Download Ia.n.i.!!! It's free! (madQ)
Re: Ritter's paper
Schrodinger's Cat and *really* good compression
Re: Abelian varieties/F_p references (Alex)
Re: ECC (again...) (Eric Lee Green)
Re: unix clippers that implement strong crypto. (Terry Ritter)
----------------------------------------------------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: (US) Administration Updates Encryption Export Policy
Date: Sun, 19 Sep 1999 11:32:47 -0400
A couple of questions, maybe quite off.
First, Dr. Bernstein did not break the law. He challenged and wanted
'publishing' his algorimths (in source code form) as legal. Am I right?
(Noticed the subjunctive (??) mode, just to make sure people and I do
not get confused here. If my English wasn't faulting me, I should have
had: 'had Bernstein been in violation'. Again, not trying to perfect the
English, just want to make sure.)
Since the lower court ruling permits such publication (for academic
purposes?), can or did Dr. Bernstein publish? Or does he have to
wait till it reaches the supreme court (be that the case)? (Am quite
ignorant)
Assuming the old law or regulations, my understanding is that it will
be a case by case mess. How can one confidently determine that
another case will be 'enwrapped' by the Bernstein's case (meaning
that if in the end, the lower court ruling would be upheld and another
person publishes)? It may be hard to determine in some cases, and
in most cases IMO for an individual who has no life or interest for
legal profession, if his publication would be ok. Therefore, in 'generic'
terms, I am not sure if B-case (if upheld) would help in what fashion.
I could somehow imagine that the deterrance is scarcely less. But I
can be wrong. I am fully aware of the 'fact' that, if this can go to court,
it is no easy matter for legal experts, let alone for an individual who
is devoted to seeking the relationships between formal structures and
such.
Sorry that I perhaps should direct the questions elsewhere.
--- (My Signature)
Douglas A. Gwyn wrote in message <[EMAIL PROTECTED]>...
>Anthony Stephen Szopa wrote:
>> 3) If this is anything to be concerned about then tell me, has the
>> US government withdrawn its appeal in the Bernstein case? I doubt
>> it because the government is not sincere and full of beans.
>
>No doubt, the government is healthy (full of beans). :-)
>
>The Bernstein case is a different matter. If in fact Bernstein was
>in violation of a law that was current when he violated it, then a
>later change in the law does not prevent prosecution for the earlier
>crime, unless the new law specifically states that (which is rare).
>But it seems we're now talking about an administrative policy, not
>a law.
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Homophones
Date: Sun, 19 Sep 1999 19:23:22 +0100
Hey there!
Does anyone have any information/can point me in the direction of some
good information, regarding the decryption of a monoalphabetic cipher
with homophones?
Can be mailed here, or to my e-mail [EMAIL PROTECTED]
Thanks
John
------------------------------
Subject: Re: Mystery inc. (Beale cyphers)
From: [EMAIL PROTECTED] (Curt Welch)
Date: 19 Sep 1999 18:42:52 GMT
[EMAIL PROTECTED] wrote:
> In article <19990918124924.449$[EMAIL PROTECTED]>,
>
> > Niteowl <[EMAIL PROTECTED]> wrote:
> > > Dr. Matyas wrote a paper after much apparent research and thinks the
> > > version of the DOI used was from "An Historical, Geographical,
> > > Commercial, and Philosophical View of the American United States"
> > > published in 1795 by W. Winterbotham. The version of the DOI there
> > > does 'correct' many of the numbering errors seen in B2.
>
> I compared Dr. Matyas' copy of the Winterbotham DOI to the version
> in doi.doc. As far as B2 is concerned, the only significant difference
> occurs at position 519 where "meantime" is spelled as two words instead
> of one word. Since Beale's numbers are already off by +10 at that
> point and are off by +9 after this point, separating meantime into two
> words doesn't provide much of a correction to the document as a whole.
No, that doesn't sound significant at all.
If you assume numbering errors, then finding a version of the DOI where
the "errors" happen at significant places, like line breaks, or page
breaks might also server as an indication of which DOI was used.
But combining your comments about _one_ word counted as two with the
other post which said only versions published before 1812 were examined
(when there's a good chance this was encoded after that -- like around
the time it was published in 1885), and it adds up to very weak evidence
in my mind.
> It does suggest that in whatever document Beale was using, meantime was
> printed as two words, but that is hardly enough to prove that
> Winterbotham's document was the one used by Beale.
>
> There were other differences that would not have effected the
> numbering in B2. Some words such as "time" at position 639 are spelled
> with plural endings, i.e. "times". Some of these differences are
> already noted in doi.doc. I also found "shown" at position 205
> spelled as "shewn" by Winterbotham. Plural endings would affect letter
> counts, but not word counts.
>
> [EMAIL PROTECTED] (Curt Welch) wrote:
> > So I guess this means that Dr. Matyas examined many different versions
> > of the DOI and _only_ that publication was found to contain a version
> > of the DOI which so closely matched the errors?
>
> I don't think that Winterbotham's DOI is a better match in any
> significant sense. I think that Matyas applied other criteria, such
> as "availability". Winterbotham's book would have had a wide
> circulation and would thus have been more likely available to Beale in
> 1822, compared to the other DOI's that Matyas found.
So instead of some type of stong evidence that this DOI was the one
actually used, all he has done is identified which DOI is the mostly
likely (out of 700+ versions all of which are about equal in likelyhood)
to have been used _if_ you assume the cipher was created in the 1822
timeframe. That's of limited value...
> Matyas published a booklet in 1996 titled, The Beale Ciphers, which
> contained the Winterbotham document and Matyas' own Cipher Table
> theory. This was available from him directly by writing to:
>
> Dr. Stephen M. Matyas
> 25 Valkill Drive
> Poughkeepsie, NY 12601
Thanks for the reference...
> I no longer know the exact price he was charging.
You know, if this is just a hoax designed to sell pamphlets it sure
was a good one. Here it is 100+ years later and people are still
making money selling it. :)
> > I actually find it surprising that anyone would publish a modified
> > version of the DOI. Do you know what the differences were (in the
> > 1795 publication) and have any understanding of why it was changed?
> > i.e., just sloppy work (typos etc) or some type of intentional
> > editing?
>
> As far as the 1795 publication, the differences are noted above.
> Actual word changes seem to be fairly rare, as you would expect for
> such a document. The most common source of variant DOI's are those
> that have been shortened to fit into available space. I see one of
> these every 4th of July in the local newspaper.
Yeah, it's strikes me that some hacked publication like a newspaper
re-print (long since lost to history) would be a very possible candidate
as the "real" DOI used to encode B2.
--
Curt Welch http://CurtWelch.Com/
[EMAIL PROTECTED] Webmaster for http://NewsReader.Com/
------------------------------
From: Ian <[EMAIL PROTECTED]>
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Sun, 19 Sep 1999 15:09:13 -0300
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>I find myself oddly sympathetic to Schear's sentiments here. Terrible
>genocides like what's going on in East Timor make my blood boil, and
>the fantasy of being able to email a few dollars to an anonymous kitty
>dedicated to identifying and setting bounties on the industrial and
>military leaders organizing the slaughter is powerful. But at some
>point, the cycle of violence has to end not with more violence but with
>reconciliation, dialogue, and as much forgiveness as the victims can
>muster up. Politics and democracy in other words, not killing. The
>quotes around 'democracy' in Schear's post are significant.
>Assasination Politics is not democracy, but another nerdly cop-out.
>
>Still, I must disagree with Ian that that the political-leader
>assasination market wouldn't change much with anonymous ecash.
>Schear's real assertion isn't that the anonymous payout changes things,
>but the collection of the kitty. Right now, only the ultra-wealthy can
>come up with enough money to finance assasinations that have a
>reasonable hope of succeeding. If a "grassroots assasinator" could
>somehow establish itself with a reputation of really carrying out the
>assasinations it advertises with money anonymously contributed by
>ordinary folk, this would shift the balance of power of who is ordering
>assasinations in the first place.
Problem is that this won't happen (not to imply you really think it can,
but I've some comments on the idea). Privately assassinating a
well-protected political leader (as truly nasty leaders invariably are, to
avoid being killed by the many people who don't like them) has little
chance of success unless you're dealing with one of the following:
1. An inside job - someone who is supposedly "loyal" and knows the
situation, but is tempted for some reason.
2. Someone who is willing to sacrifice their own life to kill the target,
or at least is not primarily worried about loss of their own lives.
This is the real world, not "The Jackal". Ultracompetent professional
assassins capable of taking out arbitrary well-protected political leaders
aren't lurking around every corner. Any professional willing to do such a
thing would do it as a one-time job, not a career. If you go and form
"Assassins, incorporated" then you soon get a high profile which is not
particularly compatible with success against paranoid targets.
This is something that is inherently difficult enough that the economic
problem is the rare supply of capable assassination attempts, much more
than insufficient demand.
>As I think Ian tangentially implies, however, hits against ordinary
>folk might well be significantly facilitated.
Yes. Governments, large corporations, etc. have the resources to directly
negate many of the supposed advantages of e-cash, and would tend to have a
remarkable ability to live with or sneakily get around the others. (For
example, one musn't forget that even if your money is anonymous, YOU are
not, and your person can certainly be surveyed).
It would have the biggest impact on those who don't have large amounts of
resources, the ability to write laws, and so on. The average corporation
trying to prevent financial mismanagement, the local police trying to track
down the finances of criminal activity, the ordinary person trying to deal
with some form of extortion, and so on.
In general, I think the idea of extreme anonymity is often quite harmful to
human society. The supposed "strength" of extreme anonymity (where it's
really hard to track something down period, as opposed to just allowing the
average person to retain their reasonable privacy) is that the nasty guys
can't track down the good guys. The problem is that the "good guys" more
typically have the approval of law, order, and society and can operate in
the open anyway. The bad guys love to hide, and benefit disproportionately
from it. Additionally, humans rely on social ties to preserve their
ability to get along well. Relationships of anonymity tend to result in
the individuals involved acting much more selfishly than they would in
interactions when there was even the reasonable possibility of a dispute
ending up resolved in person.
Anyone who doubts this phenomenon merely needs to compare human behavior in
face to face interactions with that on Usenet.
I think that a lot of advocates of total anonymity tend to perceive
themselves as being victims of oppression by the government and society.
>From their perspective, anonymity would directly benefit them by allowing
them to hide, and they are too ready to extent this to a general good. But
not only would the majority of people (who have much more positive, or at
least neutral, opinions of government and society) be unlikely to agree,
they don't perceive themselves as in such need to hide from the Powers that
Be and thus are more aware of how anonymity allows more disreputable sorts
to hide.
>Forget Assasination
>Politics, where masses of virtual normal humble folk scrape together
>their pennies to get rid of nasty immoral political leaders. How about
>nasty immoral political leaders call on their backers (same guys who
>fund their political campaigns) to put together anonymous bounties on
>journalists who write muckracking articles about them. And the nasty
>political leaders maintain plausible deniability: "Though I disagree
>with such-and-such journalist's attacks on my integrity, I deplore the
>tactics of the cowardly parties who have posted the bounty on him and
>beg them to retract it." A world of Salman Rushdies. Heaven forbid.
Indeed.
------------------------------
From: madQ <[EMAIL PROTECTED]>
Subject: Download Ia.n.i.!!! It's free!
Date: 19 Sep 1999 17:59:24 GMT
Download Ia.n.i. RemoteControlSystem 1.2 beta. It's free!!!
New site: http://jump.to/IaniProject
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Ritter's paper
Date: 19 Sep 99 20:25:50 GMT
Terry Ritter ([EMAIL PROTECTED]) wrote:
: But in crypto, we cannot realistically hope to know the probability of
: failure, and extrapolating that from cryptanalytic experience is just
: flat wrong and bad Science. Moreover, the value being risked here is
: not just one person or one company, but nothing less than the entire
: content of our information society: the simple selection of a single
: standard cipher thus becomes a threat instead of an advantage.
: I not only imply, I directly state that the claim that a cipher is
: strong because it survives cryptanalysis is simply false. The idea
: that we would bet our information society on any particular opinion
: about strength is frankly appalling.
The best we can conclude, using Bayesian statistics, from the fact that a
cipher has withstood X man-hours of analysis by qualified academics is
that our best estimate of the probability that a given man-hour of
analysis by other academics of similar qualification will uncover its
crack is 1/(2X). (This assumes the man-hours are cumulative, not
independent.)
It is in this sense that I say "if it's lasted five years, we can expect
it to last another five". That expectation isn't a certain one, and the
apparent probability of a break is not reduced to an acceptably low level.
Thus I can't deny that you are basically right.
I think, though, that there are other reasons for some degree of
confidence in a well-designed cipher besides raw Bayesian statistical
evidence: one can extrapolate, for example, on the large volumes of known
plaintext required to perform differential cryptanalysis, or on the
general state of mathematical knowledge in this area.
My personal perspective is that selecting from a large pool of ciphers
does produce some benefit, but using a few at once is more important and
less risky. One thing obviously lacking in the well-analyzed designs
(Bruce Schneier's own Blowfish being the conspicuous exception) is a large
key size and things like large key-dependent S-boxes. Another thing I
think we need is steps with extra complexity and indirection, so as to
make the prospects of a way to even begin analyzing the cipher for
weakness seem dim. The FROG design submitted to the AES process was an
attempt to do this, and I've been trying to suggest other ways of
achieving this in my own designs in the Quadibloc series.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Schrodinger's Cat and *really* good compression
Date: 19 Sep 99 20:33:54 GMT
It's recently been noted that because there is still a problem with
collapsing the wave function once one has found the right key, instead of
solving for all 2^N keys in the time required for a single encryption, a
quantum computer might *merely* reduce the time required to the order of
2^(N/2), based on a particular searching algorithm.
I am not sure about that.
However, there's been a discussion about how the difficulty of a
brute-force search attack on a cipher could be improved if a compression
scheme is used such that every possible sequence of bits can uncompress in
a valid fashion.
While I wasn't too impressed by the specific scheme proposed, that is a
valid point. And now I'm going to take it a bit further.
If one uses a compression scheme beyond the current state of the art, say
using a dictionary of words organized by parts of speech, and a Huffman
code for common sentence patterns (noun verb, noun verb noun, et cetera),
one could achieve a situation where any sequence of bits would uncompress
to something so close to English text that only an _intelligent, conscious
being_ could distinguish whether or not it was really English text.
And here we come to Schrodinger's cat. One of the interpretations of
quantum mechanics held that a superposed quantum state did not resolve
itself into one state until it was exposed to the gaze of a *human
observer*. If we are forced to put a sentient program inside our quantum
computers, they would therefore stop working, according to this
observation!
John Savard
------------------------------
From: Alex <[EMAIL PROTECTED]>
Subject: Re: Abelian varieties/F_p references
Date: 19 Sep 1999 18:15:42 -0400
> are there any good papers to read introducing key techniques for
> studying Jacobians over a finite field?
Actually, I found some other references in the LNCS volume you
recommended that will probably help me there.
Alex.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: ECC (again...)
Date: Thu, 16 Sep 1999 11:41:31 -0700
Emmanuel Drouet wrote:
> I'm looking for elliptic curves algorithms :
> a public key cryptosystem which doesn't derive from Diffie-hellman.
http://grouper.ieee.org/groups/1363/
Enjoy.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Crossposted-To: comp.security.unix
Subject: Re: unix clippers that implement strong crypto.
Date: Sun, 19 Sep 1999 22:25:38 GMT
On Sun, 19 Sep 1999 04:23:19 GMT, in <7s1kvo$pfu$[EMAIL PROTECTED]>, in
sci.crypt [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry Ritter) wrote:
>>[...] Damages are at the
>>heart of patent infringement litigation.
>>
>>Specific damages include lost royalty income and profits made from
>>infringement. In "cases of flagrant and willful infringement," one
>>could recover attorney fees with *triple* damages. Deliberately
>>breaking a cipher well-known to be patented is clearly willful and
>>might be flagrant.
>>
>
> Terry this seems to conflict with what you just anwsered in my
>message you just wrote:
>
>Maybe you have the wrong idea about patents: The whole point of a
>patent is to *reveal* information, not protect it. It is trade
>secrecy which hides information. A patent protects the particular
>*use* of particular information, not learning about it.
I stand by it, with the provision that I am not a patent lawyer and am
not even trying to speak in precise legal terms. This is also an area
rich with "terms of art," where ordinary words have been re-defined by
laws and decisions over centuries.
But let's try to break this up:
>The above is what you just wrote on another thread. If the whole
>point of a patent is to "reveal" information to advance the art
>of cryptograohy
To get people to reveal their private information, an issued patent
grants to the holder the sole right to make, sell and use what is
described in the patent. This is a motivation and compensation for
publishing what is inherently private information. Typically these
rights are licensed to manufacturers for a fee.
>who could breaking a cipher that is well-known to
>be patented be clearly some sort of flagrant violation when you just
>stated you want to advance cryptography.
The issue is damages. In practice, a patent is an economic right to
recover damages from people who have infringed the patent (and to
prevent further use, or course). Now, if the sole "use" of the patent
was simply as an academic exercise to provide a basis for a break, it
is my understanding that that would be difficult to see as "damage."
But if the break were then used to exploit the information in a broken
cipher, that *would* be use and damage, and the damage should be
recoverable if the patented thing was being "used" without license for
economic gain.
>I think I am missing something
>in what you mean. Since the above seem like opposites to me.
Since I am unable to see the conflict, you may want to be more
explicit about what you see.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
