Cryptography-Digest Digest #334, Volume #10 Wed, 29 Sep 99 20:13:04 EDT
Contents:
Re: EAR Relaxed? Really? (Bodo Moeller)
Re: Q: Burrows-Wheeler transform (Helger Lipmaa)
Re: Q: Burrows-Wheeler transform (Helger Lipmaa)
Re: Ritter's paper (Johnny Bravo)
Re: Compress before Encryption (Dave Scott Online Translator)
Re: Compress before Encryption (Johnny Bravo)
Re: msg for Dave Scott (JPeschel)
RE: RSA-512: Weizmann Institute: London Times ("Kem")
Re: hidden channel in Peekboo (Johnny Bravo)
Re: newbie ecc ("Steven Alexander")
Re: Q: Burrows-Wheeler transform ("Trevor Jackson, III")
Re: msg for Dave Scott (jerome)
Re: ECDL and distinguished points (jerome)
Re: EAR Relaxed? Really? ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: 29 Sep 1999 21:52:37 GMT
Jim Gillogly <[EMAIL PROTECTED]>:
> "Douglas A. Gwyn":
>> Greg:
>>> .... What market exists today anywhere in the world
>>> for use of 128 bit compromised (by definition of NSA examination)
>>> encryption software?
>> Why is that "compromised"? [...]
> Why else would there be a requirement for a technical review?
> On what other grounds would a product fail to be approved?
Conceivably they could check whether it's a generally useful
application or something tailored to a specific, unacceptable use
(e.g. SAP for terrorists); or use criteria similar to the Wassenaar
definition that roughly describes mass-market software
("software [g]enerally available to the public by being
a. Sold from stock at retail selling points without restriction, by
means of: 1. Over-the-counter transactions;
2. Mail order transactions; or
3. Telephone call transactions; and
b. Designed for installation by the user without further substantial
support by the supplier"). I don't claim that their undisclosed rules
are like that, but it would be possible.
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: Q: Burrows-Wheeler transform
Date: Thu, 30 Sep 1999 00:44:36 +0300
Mok-Kong Shen wrote:
> [EMAIL PROTECTED] wrote:
> >
>
> > coder give a compression algorithm. Simple first-order modeling
> > followed by arithmetic coding is not very good. High-order modeling
> > with blending followed by arithmetic coding is the best compression
> > known (algorithms such as PPMD or PPMZ).
>
> Thanks a lot. I haven't heard of PPM* schemes before. Could you please
> give some literature references?
http://www.cs.waikato.ac.nz/~wjt/ is a good starting place :-)
Helger Lipmaa
http://home.cyber.ee/helger
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: Q: Burrows-Wheeler transform
Date: Thu, 30 Sep 1999 00:55:22 +0300
Helger Lipmaa wrote:
> Mok-Kong Shen wrote:
>
> > [EMAIL PROTECTED] wrote:
> > >
> >
> > > coder give a compression algorithm. Simple first-order modeling
> > > followed by arithmetic coding is not very good. High-order modeling
> > > with blending followed by arithmetic coding is the best compression
> > > known (algorithms such as PPMD or PPMZ).
> >
> > Thanks a lot. I haven't heard of PPM* schemes before. Could you please
> > give some literature references?
>
> http://www.cs.waikato.ac.nz/~wjt/ is a good starting place :-)
>
> Helger Lipmaa
> http://home.cyber.ee/helger
Actually, see http://home.cyber.ee/helger/crypto/link/compression.html -
there are more pointers.
E.g., Charles Bloom (papers and code for PPMZ), Ian Witten, and
"Compression Pointers".
Sorry for double posting.
Helger
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Ritter's paper
Date: Wed, 29 Sep 1999 18:06:04 GMT
On Wed, 29 Sep 1999 15:10:22 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
wrote:
> Mok
> I thought I would anwser this last question for you. The AES contest
>is about finding a WEAK method so that it can be used for all encryption
>in all aplications.
Please post your proof that the AES candidates are weak. You can start with
the ones who were accepted into the second round, since by your logic the strong
ones would have been discarded first. Take all the screens you need.
Johnny Bravo
------------------------------
From: (Dave Scott Online Translator)
Subject: Re: Compress before Encryption
Date: Wed, 29 Sep 1999 18:47:16 GMT
On Wed, 29 Sep 1999 20:03:37 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
wrote:
<DS Translator Engaged>
> Actaully if you would get off your ass and check I have some "one to one"
>conditional huffman compressores that will compress to a binary file and
>then only decompress to the set of symbols of ones choice.
I don'y have anything to say, but I'll imply that I do have something if you
would just to look for where I supposedly said it.
>But you
>would have to get off your ass to check.
I'm not going to say where, but it's out there, trust me.
>It may be possible that there
>is a form of LZSS that is one to one. But I have tested many routines
>and have not found any.
So such a routine can not possibly exist,otherwise I would have found it
already. Don't you know how perfect I am? How dare you not understand this
already.
>IF you know of some can you point to source code
>and an executable that does such a thing. It is what I have asked for dozens
>of times. You say it is there but where ASSHOLE.
I'm out of actual argument so I'll resort to name calling. It works for other
trolls, it should work for me too.
>>Hey Dave, if you have any papers lying around I wouldn't mind reading them.
>>I would like to see what ACM/AES turned down (if there really si anything at
>>all).
> I don't think you can read.
There is no such paper, but I can't have you knowing what an idiot I am, I'll
just insult you instead. If such a thing actually existed I'd be more than
happy to show off, but it doesn't, so I can't. You'll just have to take my word
that they rejected it because it was too perfect.
>>Please drop this insane benine arguement. You talk the talk but you never
>>walk the walk. You say alot is weak, why not prove it? Your insane
>>arguments are not proof. I would like to see a deterministic process for
>>breaking modern cryptosystems like PGP (maybe even Peekboo) that use 'weak'
>>deflate code (well peekboo doesn't use compression but I would like to see
>>you break a 'kids' cryptosystem, since I am really stupid...).
>>
> You don't know the meaning of the word proof.
I sure don't and if I don't know it, neither can anyone else. Don't you know
how perfect I am?
>Your just an obnious
>creep who does not know anything. You commit on every thing but you
>don't know shit.
Yeah, how DARE you use my tactics against me. I can't understand what you are
saying, but since it isn't praise of my ONETRUEPERFECTKRYPT(tm), you are
obviously an idiot who is to be insulted at every opportunity.
>>Anyways, seriously can we drop this? Please? I am begging you... just don't
>>reply to this message and NEVER ever start another compress/encrypt thread...
>>
>>Tom
> Tell you what ASSHOLE you drop the insane rantings.
Don't you know I'm the only one allowed to do insane ranting in here?
>Your the one full of crap. I can start an compress/encrypt thread any time I like
>just because your to stupid to understand the concept does not mean
>every one else does.
Stop picking on me.
>David A. Scott
That's MR. DS. to you inferior beings.
<translator off>
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Compress before Encryption
Date: Wed, 29 Sep 1999 18:34:16 GMT
On Wed, 29 Sep 1999 18:06:28 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
wrote:
>But then again maybe I over estimate Mr B.S.'s crypto ability
>after all his Cohort Wagner can't even decrypt the source code
>of scott19u written in C that compiles on DJGGP GNU C.
>David A. Scott
But then again maybe you over estimate your ability to write coherent C code.
Just because the compiler can easily understand it doesn't mean another person
can.
#include <ctype.h>
#include <stdio.h>
#define _ define
#_ A putchar
#_ B return
#_ C index
char*r,c[300001],*d=">=<=!===||&&->++-->><<",*i,*l,*j,*m,*k,*n,*h,*y;e,u=1,v,w,
f=1,p,s,x;main(a,b)char**b;{p=a>1?atoi(b[1]):79;r=c+read(0,j=l=i=c,300000);v=g(
j,&m);for(k=m;v!=2;j=k,m=n,v=w,k=m){w=g(k,&n);if(v==1&&m-j==1&&*j==35)e&&A(10),
e=f=0;if(!f&&v==3&&(char*)C(j,10)<m)A(10),e=0,f=1;else if(v>2&&(u||w)&&(f||u)&&
(l-i>1||*i!=61||n-k>1||!C("-*&",*k)))continue;else if(v==3)if(f&&e+1+n-k>p&&e)A
(10),e=0;else A(32),e++;else{if(f&&e+m-j>p&&e)A(10),e=0;e+=m-j;k=j;while(k<m)A(
*k++);}i=j;l=m;u=v;}e&&A(10);}g(j,m)char*j,**m;{if(j>=r)B*m=j,2;s=isdigit(*j)||
*j==46&&isdigit(j[1]);for(h=j;h<r;h++)if(!isalnum(*h)&&*h!=95&&(!s||*h!=46)&&(!
s||h[-1]!=101&&h[-1]!=69||!C("+-",*h)))break;if(h>j)B*m=h,0;x=1;for(h=j;h<r&&C(
" \t\n",*h);h++);if(h>j)h--,x=3;if(*j==34||*j==39)for(h=j+1;h<r&&*h!=*j;h++)if(
*h==92)h++;for(y=d;*y&&strncmp(y,j,2);y+=2);if(*y)h=j+1;if(!strncmp("/*",j,2)){
h=j+2;while(*++h!=42||*++h!=47);x=4;}*m=h+1;B x;}
This is a simple program and clearly legible to a compiler. Guessing what it
does without actually compiling it is more of a challenge, much less trying to
make sure that it actually does what it is supposed to be doing without running
it. Quite functional as well, it does it's job better than the BSD tool it
emulates.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: msg for Dave Scott
Date: 28 Sep 1999 17:12:51 GMT
>Tom St Denis [EMAIL PROTECTED] writes:
>In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>> Tom St Denis wrote:
>> > So generally a 'blind' keysearch is the only way.
>>
>> Not even close.
>
>Ok name one popular symmetric algorithm that can be solved without using
>brute force?
Caesar cipher -- you did say one popular symmetric algorithm.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Kem" <[EMAIL PROTECTED]>
Subject: RE: RSA-512: Weizmann Institute: London Times
Date: Wed, 29 Sep 1999 12:27:28 +0200
Could you send the HTML address of this article. thx.
<[EMAIL PROTECTED]> escribi� en el mensaje de noticias
[EMAIL PROTECTED]
> [from the London Times:]
>
> After an Israeli research institute said it could break Europe's
> banking codes in less than a second, a initiative has been launched
> that could result in unbreakable codes.
>
> The European Institute of Quantum Computing Network was launched on
> Monday, to bring companies and research labs throughout Europe
> together in the hope that the new technology - Quantum Computing - can
> be taken from the theory to the high street.
>
> The institute was founded a few weeks after news leaked from the
> Israel's Weizmann Institute that it was using a mixture of quantum
> computing and special optical technology to break the RSA-512 code,
> the system used by the European banking system. It claims it has
> developed a hand-held device that can break the code in
> 12 microseconds....
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: hidden channel in Peekboo
Date: Wed, 29 Sep 1999 19:08:50 GMT
On Wed, 29 Sep 1999 12:34:49 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>It is an unfortunate condition that someone who just wants to get
>encrypted information from point A to B must become a programming guru.
Nah, most encryption algorithms are very simple to implement. RC4 comes to
mind. Given a basic understanding of any programming language you could
implement it based on a hand written description that fits on the back of an
index card. This is the basis of the CipherSabre project, to teach people how
easy it is to write your own crypto and have you actually do it yourself.
And given test vectors it is very easy to know if you did it correctly or not,
tracking down a problem for some algorithms might be harder, but the actual
coding is relatively simple. CipherSabre can fit in 16 lines of QBasic,
in C it would easily fit into a sig file of 11 lines of 70 chars each, though it
wouldn't be pretty. :)
Johnny Bravo
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: newbie ecc
Date: Wed, 29 Sep 1999 16:33:41 -0700
There are three types of elliptic curves, those over real numbers, those
over F (sub)p and those over F (sub)2**m . (sub) denotes that what follows
is a subscript.
An elliptic curve is the set of points that satisy an equation of the form:
y**2 = x**3 + ax + b
For real numbers y,x,a, and b are real numbers. Over Fp a and b must be
chosen so that they are in Fp. The elliptic curve is graphed across all
points (x,y) who are members of Fp that satisfy the equation mod p.
For elliptic curves over F2**m, a and b must again be in the field F2**m and
b cannot be zero. The curve is all of the points (x, y) who are members of
F2**m and satisy the the following equation(adjusted for binary
representation because m is the bit length of the field F2**m).
y2 + xy = x3 + ax2 + b
For more information go to www.certicom.com/ecc/ . It is where I
originally gathered the previous information.
------------------------------
Date: Wed, 29 Sep 1999 19:46:37 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Q: Burrows-Wheeler transform
[EMAIL PROTECTED] wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > While compression is, as far as I am aware, generally regarded
> > as orthogonal to encryption, it is nontheless an aid to information
> > security, I suppose. Recently I read somewhere a claim that the
> > Burrows-Wheeler transform is a better compression technique than
> > Huffman or arithmetic encoding. Could some person having knowledge
> > and experience with that say whether this is true and whether the
> > advantage passes on to encryption? (Could it be that it is slower?)
>
> As I'm sure you'd suspect, the answer is much more complex than simply
> saying one algorithm is "better" than another. And it's even more
> complex because you're not clear what you're comparing against. There
> is no compression scheme called an "arithmetic coder". There are
> different modeling algorithms that when combined with an arithmetic
> coder give a compression algorithm. Simple first-order modeling
> followed by arithmetic coding is not very good. High-order modeling
> with blending followed by arithmetic coding is the best compression
> known (algorithms such as PPMD or PPMZ).
Could you please mention some references for these algorithms?
>
>
> The problem is that these best-compression algorithms are not terribly
> fast. In particular, they're considerably slower than LZ (dictionary)
> based schemes, which form the basis for things like "compress" and
> "gzip". That's why PPM* schemes weren't used a whole lot except in
> compression research.
Is the poor performance related to multi-pass processing of the input?
>
>
> Enter BWT: it's a pre-processing transformation that is usually
> followed by move-to-front coding and arithmetic coding (so BWT-based
> compression usually includes arithmetic coding!). This scheme is
> moderately fast at compression, and very fast at uncompression. And
> the performance rivals the PPM* schemes, although it's still not quite
> as good. Programs like "bzip" and "szip" use BWT (although the widely
> used "bzip2" uses Huffman coding rather than arithmetic coding,
> because there are some questionable patent issues with arithmetic
> coding).
>
> So in summary: Burrows-Wheeler does not give the best compression,
> but it's close to the best, and the time-performance trade-off is
> quite good. That's why you're seeing bzip2 replacing gzip in a lot of
> places (like large software distributions).
>
> As for it's use in an encryption setting, I don't really know how it
> would fare...
>
> --
> Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
> Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
> University of North Texas | or better,' so I installed Linux."
> Denton, TX 76201 |
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: msg for Dave Scott
Reply-To: [EMAIL PROTECTED]
Date: Wed, 29 Sep 1999 21:28:00 GMT
tom, please, do read the sci.crypt.research faq about how to present a
new cypher.
>My point is modern cryptosystem for sending private messages (like pgp and
>peekboo) will not send more then say 1kb avg. of data.... So.... is there
>another way other then brute force? Most likely not. I think I made my
>point.
indeed, you show you have a lot to learn.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: ECDL and distinguished points
Reply-To: [EMAIL PROTECTED]
Date: Wed, 29 Sep 1999 22:54:58 GMT
On Wed, 29 Sep 1999 12:07:30 -0500, Medical Electronics Lab wrote:
>>
>> 1. am i right to think that the collisions are more probable ? if so, how
>> much more probable ?
>
>No, we only need one collision. The estimate of 10^14 EC ops
>doesn't change (for ECC2-97 for example).
ok so i will read more about it to understand that :)
------------------------------
Date: Wed, 29 Sep 1999 19:43:12 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Bodo Moeller wrote:
> Jim Gillogly <[EMAIL PROTECTED]>:
> > "Douglas A. Gwyn":
> >> Greg:
>
> >>> .... What market exists today anywhere in the world
> >>> for use of 128 bit compromised (by definition of NSA examination)
> >>> encryption software?
>
> >> Why is that "compromised"? [...]
>
> > Why else would there be a requirement for a technical review?
> > On what other grounds would a product fail to be approved?
>
> Conceivably they could check whether it's a generally useful
> application or something tailored to a specific, unacceptable use
> (e.g. SAP for terrorists); or use criteria similar to the Wassenaar
> definition that roughly describes mass-market software
> ("software [g]enerally available to the public by being
> a. Sold from stock at retail selling points without restriction, by
> means of: 1. Over-the-counter transactions;
> 2. Mail order transactions; or
> 3. Telephone call transactions; and
> b. Designed for installation by the user without further substantial
> support by the supplier"). I don't claim that their undisclosed rules
> are like that, but it would be possible.
Can I get some of whatever you are smoking? It must be really great
stuff.
Conceivably the technical review is a Quality Assurance inspection to make
sure no buggy software taints the reputation of the United States as the
technological leader. I don't claim that their undiscloed purpose is like
that, but it is conceivable. If I had some really great stuff to smoke.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
