Cryptography-Digest Digest #337, Volume #10 Thu, 30 Sep 99 08:13:03 EDT
Contents:
Re: Irish schoolgirl wins European Young Scientist Award (Eric Hambuch)
Re: RSA-512: Weizmann Institute: London Times ([EMAIL PROTECTED])
Re: Electronic envelopes (Mok-Kong Shen)
Re: Irish schoolgirl wins European Young Scientist Award (Eric Hambuch)
Re: More Comments on ECC (Robert Harley)
Re: want URL for Applied CryptoGraphy Book online ("Anandamoy Roychowdhury")
Re: Irish schoolgirl wins European Young Scientist Award ("Lassi Hippel�inen")
Re: want URL for Applied CryptoGraphy Book online (Eric Hambuch)
Re: Ritter's paper (Johnny Bravo)
Cryptographic bit-length and the meaning ([EMAIL PROTECTED])
Re: Cryptographic bit-length and the meaning (Eric Hambuch)
Re: simple algorithm for hardware device? ("Luigi Funes")
Re: simple algorithm for hardware device? (Volker Hetzer)
Re: Hardest ever ECDL solved by INRIA researcher and 195 volunteers (Bob Silverman)
Re: Hardest ever ECDL solved by INRIA researcher and 195 volunteers (Bob Silverman)
Re: msg for Dave Scott (Tom St Denis)
Re: msg for Dave Scott (Tom St Denis)
----------------------------------------------------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: Irish schoolgirl wins European Young Scientist Award
Date: Thu, 30 Sep 1999 10:15:04 +0200
I found this:
http://www.hfn.sacramento.ca.us/sarah_flannery_from_blarney.htm
http://www.zdnet.com/zdnn/stories/news/0,4586,2189301,00.html
It seems to be a new public key encryption, faster as RSA.
But it has�t been proved to be secure yet.
Eric
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA-512: Weizmann Institute: London Times
Date: Thu, 30 Sep 1999 07:52:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Kem <[EMAIL PROTECTED]> wrote:
> > Could you send the HTML address of this article. thx.
> Every Wednesday they have an interface (computer/internet) section.
> The article appears in yesterdays (29 Sept. 1999) issue.
<URL: http://www.the-times.co.uk/
news/pages/tim/99/09/29/timintint02001.html?999 >
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Electronic envelopes
Date: Thu, 30 Sep 1999 10:30:15 +0200
Anton Stiglic wrote:
>
> If you insist that Bob can no longer communicat with Alice, you could
> just as well consider here as dead (but that would be sad for crypto..
> :(
> But that was not my point, my point is that time is relative to
> something,
> you have to define that something, then we could talk about possible
> solutions.
I suppose that the context has made it very clear that the problem
description is general enough not to place any practical
constraints on time, excepting that events have of course natural
ordering, e.g. the disclosure of the secret is after the deposition,
not before. I don't understand thus your requirement of 'relativity'
or perhaps 'relatived-ness'. The commonly accepted time (at least in
the western culture) is relative to the birth of Christ where the
0 is defined. So your 'something' above is evidently the time of
birth of Christ. I don't suppose you need an exact definition of that.
M. K. Shen
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: Irish schoolgirl wins European Young Scientist Award
Date: Thu, 30 Sep 1999 10:05:02 +0200
"T.P Harte" wrote:
>
> Did anyone read the news that the schoolgirl who came up with
> an algorithm as secure as RSA but faster---or something supposedly
> similar---won the European Young Scientist of the Year award?
>
> I remember that there were several threads on this issue when it first hit the
> news circa last January, but I lost track....
>
> What was the outcome of all this? Presumably the algorithm was shown to be
> bona fide...or rather hasn't been shown to be readily crackable yet?
Yes, I read about it last year (or at the beginning of �99). I tried to
find anything about the algorithm
in the net, but found nothing.
I wonder, why the algorithm has�t made public yet - as far as I know she
stated that it should be published for
free use.
Eric
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: More Comments on ECC
Date: 30 Sep 1999 10:06:41 +0200
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> While I oppose crypto export restrictions, the quotation
> exaggerates. A 15-bit margin of safety against the best known
> attack using massive resources is hardly "a wholly inadequate
> level of security".
The next Certicom challenge is only 4 or 5 times harder than ECC2-97.
It uses 109 bits. Neither 110, nor 111, nor 112 is prime so you can't
go right up to the limit, at least in characteristic two.
The margin is small and about to disappear (watch this space).
Rob.
------------------------------
From: "Anandamoy Roychowdhury" <[EMAIL PROTECTED]>
Subject: Re: want URL for Applied CryptoGraphy Book online
Date: Thu, 30 Sep 1999 14:15:07 +0530
could you give me the URL for the Handbook of Applied Crytography ?
Keith A Monahan <[EMAIL PROTECTED]> wrote in message
news:7st8fq$kno$[EMAIL PROTECTED]...
> Well I don't believe there is an online version of Applied Cryptography.
>
> I believe, however, there is a Dr. Dobb's collection on CDROM for purchase
> of around US$100 which includes (amongst a few others) Applied Crypto. A
CD
> certainly is lighter.
>
> I would hope, as Handbook of Applied Cryptgraphy did, that other
publishers
> will take the same steps in putting their books online. One can hope,
> anyways. :)
>
> Keith
>
> Anandamoy Roychowdhury ([EMAIL PROTECTED]) wrote:
> : I already possess a copy of the book ... but it is not the easiest book
to
> : carry around , so i would really appreciate it if someone could post
the
> : URL for the Applied Cryptography book
>
>
------------------------------
From: "Lassi Hippel�inen" <"lahippel$does-not-eat-canned-food"@ieee.org>
Subject: Re: Irish schoolgirl wins European Young Scientist Award
Date: Thu, 30 Sep 1999 11:34:39 +0300
[EMAIL PROTECTED] wrote:
> Her name was Sarah Flannery, but no one has yet posted here that the firm
> she was working for when she developed this had gotten their patent yet,
> so the algorithm hasn't been revealed as far as we know here.
>
> John Savard
Stinks a bit. You get the patent protection as soon as the application has been
_filed_. No need to delay publication till it's granted.
In fact, you'd better publish the application as soon as the papers have been filed,
because it makes the idea "previous art" for competitors. It guarantees that noone
else in any other country can file an application, even if they had invented it
independently.
European countries publish the applications after 18 months anyway, even if the
process is still going on. You can't delay the publication forever, like in the USA.
-- Lassi
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: want URL for Applied CryptoGraphy Book online
Date: Thu, 30 Sep 1999 10:57:04 +0200
Anandamoy Roychowdhury wrote:
>
> could you give me the URL for the Handbook of Applied Crytography ?
>
http://cacr.math.uwaterloo.ca/hac/
Eric
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Ritter's paper
Date: Thu, 30 Sep 1999 06:22:48 GMT
On 30 Sep 99 03:38:21 GMT, [EMAIL PROTECTED] () wrote:
>Johnny Bravo ([EMAIL PROTECTED]) wrote:
>: On Wed, 29 Sep 1999 15:10:22 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
>: wrote:
>
>: > I thought I would anwser this last question for you. The AES contest
>: >is about finding a WEAK method so that it can be used for all encryption
>: >in all aplications.
>
>: Please post your proof that the AES candidates are weak. You can start with
>: the ones who were accepted into the second round, since by your logic the strong
>: ones would have been discarded first. Take all the screens you need.
>
>Actually, he is *half* right.
How is he even 1/2 right, he claims that AES is nothing but a scam to get
people to accept a weak crypto method.
>A 56-bit key, and (more theoretically) a 64-bit blocksize are weak.
No AES candidate is using a 56 bit key. And all of the candidates run 128+
bit blocks as well. The whole reason we need an AES is that 56 bit keys are
weak, we already know this. 128 bit keys have been in common use since the beta
versions of PGP, we've known 56 bits wasn't going to be enough for over two
decades.
>A 256-bit key, and a 128-bit blocksize are certainly much better. And if
>the key size or block size were made much bigger, that would limit in what
>circumstances the cipher could be used.
Why would you need either a bigger key or a bigger block size? If you have
any possible proof that either 256 bit keys or 128 bit blocks are insecure the
crypto world would love to hear of it.
>But at least in some applications, such as enciphering text on a PC - say,
>for E-mail - there is little reason to limit oneself to such a short key,
>or such a small block size! It makes sense not to allow such a large key
>or block size for the AES competition, since with such parameters it would
>be too easy to make something that is - or seems - secure...
There is nothing insecure about 256 bit keys or 128 bit blocks. One of the
requirements was for the AES to work in a smartcard, we are talking about a 6805
processor with as little as 64 bytes (not kilobyte)s of ram, and 2k of rom. At
least one of the AES candidates can still encrypt a 128 bit block, with a 256
bit key in less than 9ms under such restrictions with the processor running at
4Mhz.
And there is no card coded requirement for you to use a standard AES crypto
for your email program. Many of the candidates can run keys of over 256 bits
with block sizes of a kilobyte each. If you feel the need to, use one of those.
>but once the advanced design principles needed to attain security under
>such restrictive circumstances are elucidated...
The restrictions are to ensure an efficient implementation with the present
technology while still retaining enough security to prevent any foreseeable
technology advance from compromising that security. 256 bit keys are thought to
be big enough to resist attack by quantum computers(assuming we ever see one).
The restrictions don't prevent the designs from being secure.
>well, for _practical_ use, why fail to take advantage of the maximum
>security your computer's power can give you?
>
>And it's certainly true that *none* of the AES candidate ciphers even has
>a nonlinearly key-dependent S-box with even 65,536 entries, never mind
>524,288 entries!
And none of the AES candidates requires that the sender pass along a second
file to the recipient along a separate secure channel consisting of an amount of
data equal to the size of the original message. Dave's algorithm is 100%
useless for bank issued smart cards, it is 100% useless to email anyone I don't
meet in person if I want to retain security.
There was nothing stopping him from submitting his algorithm if he thought it
was good enough.
Dave's algorithm has all the limitations of the one time pad. Since the one
time pad is already 100% proven secure, why would I use anything else than
something already 100% secure against any and every possible cryptanalysis if it
has every single one of the drawbacks.
>This is why I say that he is _half_ right. Although the AES candidates are
>excellent ciphers, the fact that they are, in terms of their key size and
>block size, merely one step beyond DES, rather than two or three steps
>beyond
256 bits is not 4.5 times as secure as 56 bits. It is exactly 115,792,089,
237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,
511,950,319,091,712,000 times as secure. This is a bit more than one step
beyond DES.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED]
Subject: Cryptographic bit-length and the meaning
Date: Thu, 30 Sep 1999 10:06:16 GMT
Hey there!
I'm a newbee on this subject, but I hope someone
will help anyway!
Now - to my question:
When something is encrypted with 8-bit there is 256 posible keys.
How does that number climb in follow of the bit size?
Ie. how many keys are there in a 56 bit encryption??
And how is it calculated??
Thanks in advance!
Morty
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: Cryptographic bit-length and the meaning
Date: Thu, 30 Sep 1999 12:20:03 +0200
[EMAIL PROTECTED] wrote:
>
> Hey there!
>
> I'm a newbee on this subject, but I hope someone
> will help anyway!
>
> Now - to my question:
>
> When something is encrypted with 8-bit there is 256 posible keys.
>
> How does that number climb in follow of the bit size?
2^n with n bit key !
Eric
------------------------------
From: "Luigi Funes" <[EMAIL PROTECTED]>
Subject: Re: simple algorithm for hardware device?
Date: Thu, 30 Sep 1999 12:09:06 +0100
I forgot to say exactly the random number generator
should give 16 bit numbers.
A LFSR produces only one random bit at time. In my
prototype I get all 16 bit from the intermediate LFSR
stages, but these bits are strongly correlated!
In my FPGA there are no enough resources to build 16
indipendent LFSRs, so I have to implement a smaller
structure.
For example, does a single 50 stage LFSR give 16 bits
quite random at time?
Doesn't matter the sequence length, because the
generator is reset at every data packet, and the
longest packet is only 2048 words.
Thanks!
Luigi
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: simple algorithm for hardware device?
Date: Thu, 30 Sep 1999 13:02:26 +0200
Luigi Funes wrote:
>
> I forgot to say exactly the random number generator
> should give 16 bit numbers.
> A LFSR produces only one random bit at time. In my
> prototype I get all 16 bit from the intermediate LFSR
> stages, but these bits are strongly correlated!
> In my FPGA there are no enough resources to build 16
> indipendent LFSRs, so I have to implement a smaller
> structure.
How many gates do you have?
> Doesn't matter the sequence length, because the
> generator is reset at every data packet, and the
> longest packet is only 2048 words.
You mean, you re-use the same random number sequence for
every data packet?
Then you might as well forget about the whole thing.
One packet known by the enemy and your security is
COMPLETELY in the bin.
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Hardest ever ECDL solved by INRIA researcher and 195 volunteers
Date: Thu, 30 Sep 1999 11:38:46 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Please explain Bob why the RSA 512 factorization apparently took less OPS than
> the ECC-97 break.
> Inquiring minds want to know.
> Don Johnson
>
Your question assumes facts that are not in evidence; to wit: that
it did take less.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Hardest ever ECDL solved by INRIA researcher and 195 volunteers
Date: Thu, 30 Sep 1999 11:43:21 GMT
In article <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
> Bob Silverman wrote:
> > The time to break 512-rsa is e^(1.92 (log n)^1/3 (loglog n)^2/3)
> > which for n = 2^512 comes to about 1.6 x 10^19
> >
> > 97 bit DL is sqrt(pi/2 * 2^97) EC point additions ~ 5 x 10^14.
> > Even if each point addition takes 10^3 operations, this is still
> > less work.
> >
> > I know. Using actual numbers to dispute a claim is an unfair
> > way to argue :-)
>
> You're equating "time" with "ops". However, the real case shows that
> 1 op of RSA takes much less time than 1 op of ECC. The total cpu
> cycles for the 512 bit RSA crack was ~8,000 MIPS-years and the
> total cpu cycles for the 97 bit EC crack was ~16,000 MIPS-years.
See the following:
R. Silverman
Exposing the Mythical MIPS Year
IEEE Computer, Aug 1999
Then we will talk some more.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 30 Sep 1999 11:37:42 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > Tom St Denis wrote:
> > > Ok name one popular symmetric algorithm that can be solved
> > > without using brute force?
> >
> > Where did "popular" come from? If it was publicly known
> > to be readily crackable, a cryptosystem wouldn't be likely
> > to be "popular", would it?
>
> Hmmm...I guess it depends on how you define "popular." There are
> certainly a LOT of people who write programs using encryption that's
> readily crackable. Most of their web sites contain all manner of rave
> reviews, and many of them seem to sell quite a few copies of their
> garbage.
Just what are you alluding to here? That my program is garbage? Thanks for
the review, I bet you haven't even seen it yet. Oh well.
> > In fact the history of crytpology is full of examples of
> > symmetric ciphers that were cracked much more efficiently
> > than by a brute-force key search.
>
> 'Tis true. In fact it's only in the last 30 years or so that most of
> us have had access to ciphers that weren't broken with substantially
> less effort than a brute-force attack. OTOH, at the present time
> there are quite a few choices of ciphers that aren't effective
> attacks, or at least if there are, they're not publicly known.
> There's certainly a decided contrast between the current situation
> and, for example, the one Leo Marks outlines in his book. They had
> people's lives depending on ciphers they knew were a joke. Now we
> have people concerned whether PGP provides sufficient protection for
> their message about who they danced with last night...
>
I think what I was trying to say (about 3 days ago) is sure you can break RC5
with 2^53 known plaintexts ...etc or Blowfish with 3x2^51 ... etc... but you
can't use that to break a msg of only 10 blocks. Which is why brute force
would be the only real attack against the symmetric cipher.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 30 Sep 1999 11:34:03 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > Ok name one popular symmetric algorithm that can be solved
> > without using brute force?
>
> Where did "popular" come from? If it was publicly known
> to be readily crackable, a cryptosystem wouldn't be likely
> to be "popular", would it?
>
> In fact the history of crytpology is full of examples of
> symmetric ciphers that were cracked much more efficiently
> than by a brute-force key search.
Yeah but with only 10 blocks or so?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
