Cryptography-Digest Digest #653, Volume #10 Tue, 30 Nov 99 15:13:02 EST
Contents:
"From Number Theory to Secret Codes", good book? (Howard (using tdc))
Re: The $10,000.00 contesta (Bruce Schneier)
Re: Elliptic Curve Public-Key Cryptography (Bruce Schneier)
Re: AES cyphers leak information like sieves (wtshaw)
Re: AES cyphers leak information like sieves (wtshaw)
Re: Simpson's Paradox and Quantum Entanglement (Brian Chase)
Re: NSA should do a cryptoanalysis of AES (wtshaw)
Elliptic Curve Cryptography ([EMAIL PROTECTED])
Re: compact encryption in javascript (AllanW)
Re: Doing math on very high numbers (Anton Stiglic)
Re: Elliptic Curve Public-Key Cryptography (David Wagner)
Re: Elliptic Curve Public-Key Cryptography (DJohn37050)
Re: Elliptic Curve Cryptography (DJohn37050)
Re: The $10,000.00 contest (Roy K. Menial)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Howard (using tdc))
Subject: "From Number Theory to Secret Codes", good book?
Date: Tue, 30 Nov 1999 18:17:52 GMT
Received a flyer from a publisher offering a substantial discount on
this book, "From Number Theory to Secret Codes", author "Jackson",
published 1987.
I am interested in understanding the mathematics behind cryptography,
but my interest in cryptography is only recreational, and my
mathematics was to 1st year university only.
Does anyone know this book, and if so, do they think it might be of
interest to this enthusiastic amateur? I also wondered whether the
publication date might be too early for any developed treatment of
RSA, Elgamal, etc. Any advice welcome!
--
Howard
Email : finitess[@]dircon[.]co[.]uk (remove the [])
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: The $10,000.00 contesta
Date: Tue, 30 Nov 1999 18:12:32 GMT
On Tue, 30 Nov 1999 17:43:41 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>In article <820jut$rl0$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> Mr BS run a contest that was not Black and White
>> but offered to give ten thousand dollats to whoever give him
>> the best crypto analysis of Two Fish during Round 1 of AES.
>> What ever happened to this money.
>
>BTW Why would anyone keep their attacks private on Twofish? If I for
>example broke Twofish and BS said 'nah I don't like that' I would make
>a fuss and make him look foolish. Perhaps though, just maybe, Twofish
>was not broken... I dunno..The current best attack is against five
>rounds [I believe] and requires insane amounts of work. Maybe that's a
>good indication that it's a worthy cipher.
Sorry. David Scott is in my killfile, so I didn't see his original
posting. The contest was won by Fauzan Mirza and Sean Murphy, for
their "Observation on the Key Schedule of Twofish." The prize will be
awarded at the Third AES Candidate Conference in New York.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Elliptic Curve Public-Key Cryptography
Date: Tue, 30 Nov 1999 18:18:19 GMT
On 30 Nov 1999 16:42:06 GMT, [EMAIL PROTECTED] (DJohn37050) wrote:
>I have a few quick comments, inserted in the text and prefixed with *. A more
>comprehensive response is being worked on.
Good. I was hoping for a Certicom reply. Although honestly, I would
prefer replies from parties who did not have a financial interest in
the outcome.
>>An excellent discussion on comparative key lengths, including RSA and
>>elliptic curves: http://www.cryptosavvy.com
>
>* It is interesting that you give this reference and call it "excellent" as
>some of its conclusions differ from yours greatly.
Why is this "interesting." I find that there are many excellent
discussions on issues whose conclusions I disagree with; most of The
Economist falls in that category. Do you only assign quality to
discussions where you agree with the conclusions?
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Tue, 30 Nov 1999 12:41:41 -0600
In article <[EMAIL PROTECTED]>, "Peter K. Boucher"
<[EMAIL PROTECTED]> wrote:
>
> Posting insults laced with obscenity is not conducive to either
> endeavor.
Street English may be beneath the ability of some to understand. What is
objected to is the range of emotions that are thusly empowered, those of
the author and those of the reader. Objectivity demands that you exist
even in the real world, as it comes to you. If you are so blinded by one
thing as another, you may never be able to pick out the truth, and then,
you give evidence subjectively enslaved your own prejudice.
If someone raises a smokescreen as a means to subvert people from useful
ideas, that is troublesome and dishonest, while lots of dust being raised
from some rough edges in pursuit of worthy goals is not of itself reason
to get turned off. Going against the status quo is bound to ruffle
feathers anyway.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Tue, 30 Nov 1999 12:53:29 -0600
In article <[EMAIL PROTECTED]>, Volker Hetzer
<[EMAIL PROTECTED]> wrote:
> Tim Tyler wrote:
> >
> > Volker Hetzer <[EMAIL PROTECTED]> wrote:
> >
> > Some attacks will require a /much/ larger numbers of blocks, however.
> Such as?
> > : The question is rather, how much blocks you need.
> > : If you have dictionary attacks in mind, then you DO need to store twice
> > : amount of data.
> >
> > Shouldn't that figure read 2^N times as much - where N is the old block
> > size, in bits?
> Why?
> You want to recognise a known block. So you need that block in storage.
Bits? OK, if that is the nature of the beast. If the keyspace is larger
than the message space, you will need more than one block; it could be
many, not just two.
An algorithm may be comprised of other algorithms. A complex algorithm may
involve a rather lengthy key. If properly done, analysis is devilishly
compounded. If much material need be solved for verification of a
message, surely the algorithm might be said to be stronger in one sense
than one that requires a lesser amount.
>
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
Crossposted-To: comp.ai.fuzzy,sci.physics,sci.math
From: [EMAIL PROTECTED] (Brian Chase)
Subject: Re: Simpson's Paradox and Quantum Entanglement
Date: Tue, 30 Nov 1999 18:31:53 GMT
In article <w2%Y3.560$[EMAIL PROTECTED]>,
karl malbrain <[EMAIL PROTECTED]> wrote:
>You are just as bad as the original poster. Logically, EVERYTHING has
>SOMETHING to do with REALITY. Most people need help sorting out LIES from
>FICTION, or SUBJECTS from OBJECTS. It's a question of how much of the
>problem you're prepared and willing to deal with -- you can't just DECREE it
>away. Karl M
Hey I think you may have accidentally had your KOOKSLOCK key on when you
typed this. Why do all the crazy people always hang out in sci.math and
sci.physics? It's a strange phenomenon to witness really... Reading
USENET's sci.* hierarchy is a lot like riding the city bus.
-brian.
--
--- Brian Chase | [EMAIL PROTECTED] | http://world.std.com/~bdc/ -----
It was powered by one AA battery from Radio Shack, in other words, half
a normal AA battery. -- K.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 30 Nov 1999 13:05:35 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Bruce Schneier) wrote:
> On Tue, 30 Nov 1999 05:08:16 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> wrote:
>
> >Bruce Schneier wrote:
> >> >Not likely, since FOIA has an exemption for imformation classified
> >> >in the interest of national security.
> >> According to the various FOIA experts I've spoken with, there is some
> >> precedent for denying that exemption because AES is a civilian
> >> standard, and not a military one.
> >
> >That has nothing to do with the FIOA exemption.
> >It isn't the use to which you wish to put the protected
> >information that matters, it's the necessity to continue
> >to protect the information for the sake of national
> >security (which gets determined by NSA in this example).
>
> Okay. There are those with considerable experience that argue
> otherwise. I see no harm in trying. You may be right.
>
It is sufficient for the time to see that the military thinks it is in
charge of things that it want, soley because it says that it is.
It is not, however, as courts may agree or disagree on such matters with
them, and have the last say. It is not in the best interests of those who
demand the last say to try to have a history of trying to subvert and/or
work around the courts and the Constitution.
--
Love is blind, or at least figure that it has astigmatism.
------------------------------
From: [EMAIL PROTECTED]
Subject: Elliptic Curve Cryptography
Date: Tue, 30 Nov 1999 18:48:13 GMT
I'm currently working on a university project
about Elliptic Curve Cryptography (ECC). I would
be very grateful, if any of you could direct me to
some good sources of information on ECC. Both the
tough math and the implementation details. Online
web resources would be the best!
Thanks a lot :-)
Cheers,
Martin
(email me at: chairmandk at yahoo.com)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: compact encryption in javascript
Date: Tue, 30 Nov 1999 18:51:38 GMT
Unlike the previous poster, I'm not quite so worried about
space; I can easily go to 50 or even 100 lines of either
JavaScript or VBScript. (I also can use VAX assembly language
but I'm guessing that wouldn't be quite as portable across the
Internet.)
I need some javascript that will encode or decode Huffman,
LZW, GIF, JPEG, and run-length compression including PKZIP and
TAR compatibility, and also implement several types of
encryption/decryption with full PGP compatibility. It should
also have most of the functionality of Microsoft Word, Doom III
from ID Software, and SquareSoft's Final Fantasy VIII. It should
be able to teach Algebra and Calculus, French and Spanish, and
American History, as well as helping to prepare for the SAT and
MSDE exams. The blender speeds should range from mix to puree,
and it ought to be able to cook a 25-pound turkey in 6 minutes.
I think that a custom interface to search engines like YAHOO or
AltaVista would be a nice touch. Ideally it would also include a
hex editor and some patch codes to help me make backup copies of
my copy-protected software, and a few X-rated GIF's or JPEG's
(samples to test out the decoding capability) would be great.
I'm willing to pay up to $10 (including tax), but no
royalties. I figure that if I'm willing to pay THAT MUCH, I
should have LOTS of packages to choose from, but so far I
haven't been able to find anything like this in search engines.
(One package came close, but it taught German instead of
Spanish. Yeech!) If any of you can help me find such a package
that's LESS than $10, I'll give you the difference as a
finder's fee. Or if any of you fine programmers would like to
make an easy $10 just by writing the program I've described
above, leave a message here and I'll see what I can do.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Doing math on very high numbers
Date: Tue, 30 Nov 1999 14:00:55 -0500
Erik Edin wrote:
> Hello.
> I intend to make an encryption program in C++ that uses the RSA-algorithm in
> the future. I would like to know if anyone knows of any tutorial that
> describes a method of doing math on very high numbers? In one part of the
> algorithm you have to raise the message to the power of E. Since a message
> consists of several thousand bits that makes math a bit more complicated, at
> least for me.
>
That makes math a little more complicated for everybody! This is in fact a
subject that pops up often here, if you go see the archives of this news group
you'll find plenty of info. Firstly, you need to implement a Big Number (BN)
system, or just use a library that already implements it (like SSLeay for C,
JDK 1.2 comes with such libraries for Java). Secondly, you need fast modular
operations for most plublic crypto schemes, look at any good applied crypto
book (like the Handbook of APPLIED CRYPTOGRAPHY, from Menezes,
Van Oorschot and Vanstone) for these algorithms.
Anton
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Elliptic Curve Public-Key Cryptography
Date: 30 Nov 1999 11:05:51 -0800
In article <[EMAIL PROTECTED]>,
DJohn37050 <[EMAIL PROTECTED]> wrote:
> >There are other differences to consider, too. Checking elliptic curve
> >signatures is still a big pain compared to checking RSA signatures.
>
> * This is an overbroad generalization that is simply false.
Err, what? Simply false?
As far as I can see, it is an objective fact that checking ECC signatures
takes longer than checking RSA signatures, with typical choices of parameters
(modulus lengths that seem to provide same amounts of security, e=3 for RSA).
Do you have any evidence to the contrary? (Performance measurements, etc.)
If so, you didn't mention it.
(Yes, there is some evidence that using e=3 with RSA can be problematic _if_
you aren't careful, so just be careful. It's not rocket science. And IMHO,
few people consider Boneh's result damning enough to avoid e=3.)
Did you speak a little too strongly here? I think we can all agree that
ECC has some apparent advantages over RSA (key size; signature size;
performance on small devices), and RSA has some apparent advantages over
ECC (performance of encryption & signature verification; RSA has been around
longer). So there are tradeoffs. Right?
The rest of your comments seemed to be roughly in agreement with the posted
essay, right?
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Elliptic Curve Public-Key Cryptography
Date: 30 Nov 1999 19:40:27 GMT
* As Bruce points out, one should read articles and listen to presentations
from all perspectives, this helps to keep everything honest. A few more
comments prefixed by *.
>Subject: Re: Elliptic Curve Public-Key Cryptography
>From: [EMAIL PROTECTED] (Bruce Schneier)
>Date: Tue, 30 November 1999 01:18 PM EST
>Message-id: <[EMAIL PROTECTED]>
>
>On 30 Nov 1999 16:42:06 GMT, [EMAIL PROTECTED] (DJohn37050) wrote:
>
>>I have a few quick comments, inserted in the text and prefixed with *. A
>more
>>comprehensive response is being worked on.
>
>Good. I was hoping for a Certicom reply. Although honestly, I would
>prefer replies from parties who did not have a financial interest in
>the outcome.
* Victor Miller has commented extensively on why he thinks the ECDLP is a
fundamentally hard problem. I do not know of any financial interest he has,
but agree he has a strong intellectual interest, being one of the inventors of
ECC.
* Neil Koblitz (the other co-inventor of ECC) has also commented extensively on
why he thinks ECDLP will remain hard. He is a consultant for Certicom but
anyone who knows Neil knows that this does not affect his opinion.
>
>>>An excellent discussion on comparative key lengths, including RSA and
>>>elliptic curves: http://www.cryptosavvy.com
>>
>>* It is interesting that you give this reference and call it "excellent" as
>>some of its conclusions differ from yours greatly.
>
>Why is this "interesting." I find that there are many excellent
>discussions on issues whose conclusions I disagree with; most of The
>Economist falls in that category. Do you only assign quality to
>discussions where you agree with the conclusions?
* I guess if I had said what you said in your discussion, in referring to
Lenstra's website, I would have clarified that the Counterpane newsletter
discussion disagreed with (some of) Lenstra's conclusions. An innocent reader
might think that Lenstra is saying similar things as you did, when he is not.
* I agree that Lenstra's thoughts are excellent. I personally expect to
continue to align with NIST and ANSI X9 key length recommendations for ECC (163
bit) over Lenstra's (13x-bit or 14x-bit) simply because it is more
conservative, so one could either say I agree with him in general (that ECC is
strong) or disagree with him (in that I am more conservative), take your pick.
* Lenstra also does not factor in storage into his integer factorization
calculations (he does point this out). I agree this is difficult to assess but
I must agree with Bob Silverman (RSA Labs) when he points out that something
that takes x time and y space (e.g., IFP for suitable size) is more difficult
that something that takes x time and negligible space (e.g., ECDLP for suitable
size). If x is infeasible, then both are infeasible. Symmetric keys (for
suitable size) can be exhausted in x time and negligible space so the mapping
to ECDLP (that is, ECC key sizes) is straightforward. But if one tries to
reduce the appropriate keysize for RSA/DSA keys based on space considerations,
the mapping to appropriate symmetric keysizes (appears to me) to get
problematical. I am willing to listen and learn, I just do not know how to do
it myself.
Anyway, makes for interesting discussions.
>
>Bruce
>**********************************************************************
>Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
>101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
> Free crypto newsletter. See: http://www.counterpane.com
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Elliptic Curve Cryptography
Date: 30 Nov 1999 19:44:57 GMT
check out IEEE P1363 and www.certicom.com. There are also books out.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Roy K. Menial)
Subject: Re: The $10,000.00 contest
Date: Tue, 30 Nov 1999 19:50:02 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>Mr BS run a contest...
You'll always be Mr. BS to me, Scott.
--
"Roy K. Menial" is actually [EMAIL PROTECTED] (4735 682910).
012 3 456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
