Cryptography-Digest Digest #698, Volume #10 Tue, 7 Dec 99 12:13:01 EST
Contents:
Re: Paradise shills?? ("Trevor Jackson, III")
Re: Encrypting numbers? (Thanks all!) (Michael Groh)
Re: Quantum Computers and Weather Forecasting (Richard Herring)
Re: Encrypting numbers? (Thanks all!) (John Savard)
Re: Quantum Computers and Weather Forecasting (Joseph Bartlo)
Re: Encrypting numbers? (Frank Gifford)
Re: NSA future role? (Frank Gifford)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: Encrypting numbers? (Thanks all!) ("Tim Wood")
Re: about the interpolation attack on block ciphers ("Daryl Rauhala")
Re: Quantum Computers and Weather Forecasting ("Joel Olson")
Re: Random Noise Encryption Buffs (Look Here) (Tim Tyler)
Re: NSA should do a cryptoanalysis of AES (Tim Tyler)
Re: Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (None)
Re: NSA future role? (CLSV)
Re: NSA should do a cryptoanalysis of AES (Sander Vesik)
Re: NSA should do a cryptoanalysis of AES (Scott Fluhrer)
Re: The Code Book - Part 4 ("Paul Gover")
----------------------------------------------------------------------------
Date: Tue, 07 Dec 1999 08:20:14 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: rec.gambling.poker
Subject: Re: Paradise shills??
Daniel Hutchings wrote:
> What I don't understand is, why use a pseudo-random number generator
> at all? You can buy physical devices that use quantum effects to
> generate random numbers, and baby it just doesn't get any more random
> than that. Comments?
Sometimes you want the sequence to be repeatable. In simulations one
onts to be able to re-run the simulations to obtain the same or similar
results. This is why most programming languages allow the writer to seed
the PRNG. The results is guaranteed to be reproducible.
In crupto, the receiver(s) needs to be able to reproduce the same
sequence that the sender used during encryption. Because the sender and
receiver(s) need to generate the same sequence they use a deterministic
generator.
------------------------------
From: [EMAIL PROTECTED] (Michael Groh)
Subject: Re: Encrypting numbers? (Thanks all!)
Date: Tue, 7 Dec 1999 09:01:43 -0500
Thank you all very much for your responses. I'd guessed that the Enigma
operators had to spell out the numeric values, but thought that doing so
would increase the message a great deal. Instead of just 6 characters to
transmit ($14.37) they'd have a bunch. Even if we spell it out:
"DollarSignOneFourPointThreeSeven" it's a much longer message. I hadn't
considered that this makes the crypanalysis job much harder as well!
Thanks again for your replies!
- Mike
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To: sci.physics,sci.geo.meteorology
Subject: Re: Quantum Computers and Weather Forecasting
Date: 7 Dec 1999 13:57:15 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Joseph Bartlo ([EMAIL PROTECTED])
wrote:
> Richard Herring wrote:
> > There appeared to be some implicit bragging about your punctuation :-)
> > But I think you meant at, not @.
> Actually I meant @, similarly I quasi-comically imitated John's use of
> <at> for @ in his e-mail address.
Aha. Understood.
> Here is how I use @ & at (not stating this is grammatically correct, only
> logical for me) :
Fair enough.
> A shower occurred @ 4 PM at Tannersville.
> "at" referring to a specific *place*, @ referring to another type of
> reference, such as a time; which you cannot be "at". Thus :
In conservative English usage @ is called the "commercial at" symbol,
suggesting that it should only be used for prices and the like:
3 gadgets @ $5 each: $15
> I won't interfere with your attempt @ minimizing your accomplishments...
Wow, a gerund. Not many people know how to use those any more.
> Perhaps "attempt of minimizing" is best ?
Definitely not.
But "attempt to <verb>", "attempt at <gerund>", "attempt on <noun>"
would all be legitimate in appropriate contexts.
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Encrypting numbers? (Thanks all!)
Date: Tue, 07 Dec 1999 14:34:04 GMT
On Tue, 7 Dec 1999 09:01:43 -0500, [EMAIL PROTECTED] (Michael
Groh) wrote:
>Even if we spell it out:
>"DollarSignOneFourPointThreeSeven" it's a much longer message. I hadn't
>considered that this makes the crypanalysis job much harder as well!
Of course, you mean much _easier_.
------------------------------
From: Joseph Bartlo <[EMAIL PROTECTED]>
Crossposted-To: sci.physics,sci.geo.meteorology
Subject: Re: Quantum Computers and Weather Forecasting
Date: Tue, 07 Dec 1999 09:59:00 -0500
Richard Herring wrote:
> Joseph Bartlo ([EMAIL PROTECTED]) wrote:
>> Perhaps "attempt of minimizing" is best ?
>
> Definitely not.
>
> But "attempt to <verb>", "attempt at <gerund>", "attempt on <noun>"
> would all be legitimate in appropriate contexts.
But minimizing is not a place or object I can put something to, at, or on.
I suppose this situation is getting quite off-topic.
Joseph
------------------------------
From: [EMAIL PROTECTED] (Frank Gifford)
Subject: Re: Encrypting numbers?
Date: 7 Dec 1999 10:04:57 -0500
In article <[EMAIL PROTECTED]>,
Michael Groh <[EMAIL PROTECTED]> wrote:
>I have a question that may seem rather obvious to some people, but I
>haven't found a simple answer yet. While reading Singh's book ("The Code
>Book") I noticed that none of the simpler encryption techniques
>specifically address encrypting numeric values. Consider something as
>simple as "$14.37". How can that value be encrypted using a Vigenere or
>substitution cipher? Even the Enigma machine doesn't include a numeric
>row on its keyboard. How did the German military transmit numeric values
>(persumably including + and - signs, decimal points, etc.) using the
>Enigma machine?
For something where you are limited to the A..Z alphabet, you can use a
couple of characters to indicate "switch to numbers", and then map the
numbers onto the letters.
ZZ == "switch to or from numbers"
A == 0
B == 1
....
J == 9
K == .
L == $
YOURCOSTISZZLBEKDHZZFORTHESPAMINATOR
The Russians used a grid system which had the alphabet and a couple of
extra characters specifically for switching to and from numbers.
But there is a slight problem that slight mistakes in the encryption
can really mess up the data - so the numbers often were repeated for
clarity.
You could extend this sort of idea to include words and phrases, but
there is obviously more work to be done by both sides. For something
like this, it needs to be small enough to remember - after all, if you
had access to a computer, you would use something much more complex.
-Giff
--
Too busy for a .sig
------------------------------
From: [EMAIL PROTECTED] (Frank Gifford)
Subject: Re: NSA future role?
Date: 7 Dec 1999 10:09:25 -0500
In article <[EMAIL PROTECTED]>, albert <[EMAIL PROTECTED]> wrote:
>If you walk into the library of the University of Michigan, you can actually find
>all you need to know as far as how to make a nuclear bomb. So what, should the
>NSA "ban" the university library? If you have a PPP account, you more than likely
>can find enough information to build something we supposedly have locked down as
>"National Secrets". Naval design of a Rail Gun is top secret, yet it's in my
>physics book. So it's stupid.
IIRC, the most amount of work and headaches on the Manhattan Project were
engineering problems. The theoretical part of nuclear weapons and rail guns
are out in the open and easily understood. But do those books in the library
come complete with exact measurements, timings for the computer code,
and specifications for the metals to be used?
The devil is in the details, and that's the stuff you won't find in the library
books and are the things the government keeps very secret. If you were to
build your own rail gun, you would be forced to redo much of the work and
tests that the government has already done.
-Giff
--
Too busy for a .sig
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Dec 1999 15:05:34 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: "Trevor Jackson, III" wrote:
:> There is no need for esoteric equipment. The dark-adapted human eye detects
:> single quanta.
: I believe that CCDs (charged coupled devices) are quite capable of
: detecting a single photon. Consider those used by astrophysicists,
: for example.
You don't seem to see the problem. Detecting single photons is not
really a big problem.
Detecting them in such a way that no bias in introduced into the
(supposedly) random quantum behaviour *is*.
Sending lots of photons through a small hole and detecting them at a point
is not sufficient to get a stream of completely random binary digits. So
far this is the only scheme you have proposed.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
'scuse me while I whip this out!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Dec 1999 15:17:41 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> A *perfect* source of random numbers is a bit like a perpetual motion
:> machine - I doubt its existence.
: Give us a break: just to start, the eye can only detect photons within a
: specific frequency.
Something I have never disputed.
: I have never heard of anyone ever seing a cosmic ray photon with the
: naked eye.
"Scientists radiate subjects with cosmic rays to demonstrate the obvious."
You *don't* think electromagnetic radiation from space can cause retinal
disturbances which subjects can detect?! ;-)
What if the cosmic ray hits a molecule in the lens of the eye,
causing the emission of a photon with a wavelength matching that
used by the OTP maker?
: And even if there was a false detection that false detection would
: still be random, etc...
Signals from the environment /often/ have a strong random component.
However, they need not be completely random. Indeed, I doubt that
anything may be accurately described as being completely random,
"environmental noise" not excepted.
Signals from the environment are an important source of bias - partly
because they may be capable of being manipulated by the opponent - and
partly because it is not practical to completely eliminate them.
The idea that false detections will be random is not necessarily
correct. Cosmic ray frequencies are influenced by sunspot activity,
for example.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Jesus saves... Vishnu invests.
------------------------------
From: "Tim Wood" <[EMAIL PROTECTED]>
Subject: Re: Encrypting numbers? (Thanks all!)
Date: Tue, 7 Dec 1999 15:32:14 -0000
John Savard wrote in message <[EMAIL PROTECTED]>...
>On Tue, 7 Dec 1999 09:01:43 -0500, [EMAIL PROTECTED] (Michael
>Groh) wrote:
>
>>Even if we spell it out:
>>"DollarSignOneFourPointThreeSeven" it's a much longer message. I hadn't
>>considered that this makes the crypanalysis job much harder as well!
>
>Of course, you mean much _easier_.
much?
------------------------------
Reply-To: "Daryl Rauhala" <[EMAIL PROTECTED]>
From: "Daryl Rauhala" <[EMAIL PROTECTED]>
Subject: Re: about the interpolation attack on block ciphers
Date: Tue, 07 Dec 1999 15:40:35 GMT
Equation 1 in section 2 is calculating the d-th order difference of a
function whose "order" or "degree" is less than or equal to d. This means
that the d-th order difference will be a constant.
Remember, each time you calculate a difference, the order of the result is
at least one less than what the order of your original argument was. This is
what proposition 2 is saying.
Proposition 2 should only be valid for non-constant functions since you
can't reduce the order of a constant function by taking its difference. It
is already 0 to start with.
Daryl
Queen's University
GyungHwa Jun <[EMAIL PROTECTED]> wrote in message
news:cbL24.199$[EMAIL PROTECTED]...
> While I'm reading the paper "The Interpolation Attack on Block ciphers" by
> T. Jakobsen and L. Knudsen, there exists a equation that I'm not able to
> understand.
>
> In Section 2, equation(1) is deduced by the result[proposition 2] in
Xuejia
> Lai's paper, "Higher Order Derivatives and Differential Cryptanalysis".
Why
> is it trivial that the equation(1) is vallid?
>
>
>
------------------------------
From: "Joel Olson" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics,sci.geo.meteorology
Subject: Re: Quantum Computers and Weather Forecasting
Date: Tue, 7 Dec 1999 09:53:21 -0600
John wrote:
<
Quantum computers potentially offer the possibility of performing a
computation in parallel for an enormous number of different combinations
of input parameters, and then producing a result for only one such
combination if that combination produces a result that meets
certain criteria.
This may be useful to extend the range and accuracy of weather
forecasting.
>
My impression is that quantum computing is as different from digital
computing as analog, maybe more so. Thinking of it as "parallel" is
perhaps hasty without some qualification of the term, and may well be
very misleading. The fundamental idea of qubits (quantum bits) throws
everything into the realm of many-valued logics: true, false and
(quantized) mixtures, with probably a large range of choices available
for both intermediate logical values and for the algebras that describe
their combination, depending on the physical implementation.
I'd like to see an article or page that characterizes the operations
(even loosely) that it (QC) can perform. There was a popular article in
Science News (11/20/99) on applications in game theory, a subject not
far from optimization. Therein Peterson mentions:
Searches - using wave interference to eliminate poor candidates
Factoring large numbers - Quantum cryptography - uses separated but
entangled particles
Game theory - allows new moves in old games, e.g. Prisoner's Dilemma.
<
Although chaos theory sets an irreducible limit to the useful range of
advance forecasts of weather, ...
>
The nature of the phase space may be different. I guess the problem is
to find a set of quantum equations (based on QL) that model the
Navier-Stokes equations.
<
It is theoretically possible to obtain information about the missing
components of the state of the Earth's atmosphere at a given time by the
following technique: for each possible set of values for the state of
the unobserved part of the Earth's atmosphere, run the equations
backwards to obtain a long-term "prediction" of the weather on preceding
days. That hypothetical state of the atmosphere which produces the
longest-term accurate forecast in the reverse direction is the state
most likely to be correct.
>
Of course, the current differetial equation methodology is that there is
NO historical influence - everything known is covered in X(t_0) and the
iteration F: X(t_n) -> X(t_n+1).
An observed state of the atmosphere (to a given precision) may have many
different antecedants, i.e. F^-1 may not be unique and/or may not exist.
On a somewhat different note, there have been studies of the backward
time dependence of the atmosphere and how rapidly it falls off. There
are also theorems giving conditions for which the time dependence can be
included in the statements of F and X.
<
Quantum computers would seem to directly lend themselves to such a
computation, should they become practical. (However, the limit on search
algorithms may be fatal, as even the square root of the number of
possibilities here is prohibitively large.)
>
Perhaps you're thinking of Bjarnes "analog" forecasting. Since QL may
provide better search procedures, a larger range of historical states
could be searched for matches with the current state. Of course,
unprecedented events will remain hard to find. :-)
<
Perhaps there is a mathematical technique possible that avoids such
extravagance, by working with the state of the weather several days ago,
and incrementally updating missing parts of the atmospheric state in
response to forecast errors. The principle would be the same: to use the
depth of available atmospheric data in time to substitute for
the lack of detail in our knowledge of the state of the atmosphere at
any one moment.
>
Your idea may have merit; it should be possible to explore it with
existing technology.
Here are a few more speculations:
There may be some applications in the area of "parameterization" of the
models - using a simple models to provide single grid point values
representing areal processes below the resolution of the model.
There may be other applications using the synchronicity of entangled but
separated particles, to eliminate time lags, or to employ
teleconnections.
It may be possible to identify places or features that have more of the
butterfly effect than others, good sites for taking obs.
QL procedures may be useful for finding features within (combinations
of) meteorological fields, analogous to the minimaxes of game theory.
==========
We used to think that if we knew one, we knew two, because one and one
are two. We are finding that we must learn a great deal more about
`and'. - Sir A. Eddington
==========
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Dec 1999 15:32:38 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
:> : Tim Tyler wrote:
:> :> Alas, even *if* this is genuinely random - which you will never
:> :> demonstrate - nobody has developed a scheme for extracting this
:> :> information onto a macroscopic scale without introducing bais of
:> :> one type or another.
:> :>
:> :> Until such a scheme is demonstrated, "true atomic randomness" is
:> :> of the same utility to a cryptographer as a "perfectly straight line"
:> :> is to a student of geometry.
:>
:> : I think you have taken a misguided position and are struggling too much to
:> : defend it.
:>
:> Whereas your position appears to be based on faith in the existence of
:> genuine randomness in subatomic behaviour, and in our ability to
:> magnify this up to a macroscopic scale, without distorting it at all.
:>
:> : I think that a very good true random demonstration would be to generate a
:> : single photon and direct it through a tiny hole. Where it strikes a
:> : screen on the other side of the hole will be unpredictable within the
:> : possible field in which it may strike.
[snip]
:> How yo you propose using this source of information to generate a
:> genuinely random bitstream?
:>
:> What equipment will you use, and how will it be set up?
: Exactly, as I said [...]
: Using a charged couple dvice that can detect a single photon and assign a
: cartesian reference for each location on the CCD then if the photon
: strikes a location with X,Y coordinates that are either both even or
: both odd then the bit is a 0 otherwise, if the location X,Y is one
: even and one odd then the bit is a 1.
: Seems pretty good to me.
No doubt this would produce a reasonable stream of random-looking data.
However, to claim you actually have an entropy of one goes *much* too far.
Consider the accuracy with which you need to measure the X, Y
co-ordinates. If (hypothetically) the photon has the same chance
of striking everywhere, *but* one region marked by the detectors is
slightly larger than any of the others, the others, then that region will
get hit slightly more often. If this has even X and Y co-ordinates,
this will always produce a 0. Your resulting supposedly random stream
will be biased towards 0s.
This example points to a fatal objection to the scheme you proposed -
assuming that detectors themselves may not be arranged with absolute
precision. I think this is a rather reasonable assumption.
This problem is due to a simple flaw in the design you presented.
You can patch up this rather serious flaw... but you can't patch up
*all* the /possible/ flaws. I recommend you give up now.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
There's so much to say - but your eyes keep interrupting me...
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Dec 1999 15:44:05 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> You don't think 56-bits is a slightly small figure? Even for its day?
: It obviously wasn't. DES far outlived its design life.
Really? For all either of us know DES may have been quietly being broken
in secret for very many years, behind closed doors.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Atheism is a non-prophet organisation.
------------------------------
From: [EMAIL PROTECTED] (None)
Crossposted-To: alt.privacy
Subject: Re: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 16:11:53 GMT
Reply-To: MARC
On Tue, 7 Dec 1999 23:53:12 +1100, "Lyal Collins"
<[EMAIL PROTECTED]> gagged and spewed out this stuff:
>This solution is a bit pointless if the warrant covers your off-line
>machine.
>Lyal
>
You must know a very advanced technique to hack into
an "offline" computer?
>[EMAIL PROTECTED] wrote in message
><82iufh$gna$[EMAIL PROTECTED]>...
>>
>>[EMAIL PROTECTED] wrote in message
>><[EMAIL PROTECTED]>...
>>>Orwellian Nightmare Down Under? by Stewart Taggart
>>>
>>>Do what most smart paranoids (and intelligent businesses) do, dedicate a
>>box for Internet use and keep sensitive and proprietary information on the
>>computer that never goes online with strangers. We use an old 300 for
>>surfing shark infested waters. We would have thought that anyone living in
>>the land of the great whites would understand shark repellant.
>>
>>GrandTheft.com
>>
>>
>
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 16:11:39 +0000
albert wrote:
> If you walk into the library of the University of Michigan, you can actually find
> all you need to know as far as how to make a nuclear bomb.
One of those myths started by popular science magazines.
> So what, should the NSA "ban" the university library?
> If you have a PPP account, you more than likely
> can find enough information to build something we supposedly have locked down as
> "National Secrets". Naval design of a Rail Gun is top secret, yet it's in my
> physics book. So it's stupid.
Claiming that the top secret Naval design of a rail gun is
in your physics book is starting the same kind of myth as
the "easy to build A-bomb".
> Government doesn't work, if NASA wants to succeed, have a few private sector
> companies join forces for this stuff, and you will see that the Mars Landers will
> magically land correctly, and things over $125M won't blow up due to metric vs.
> standard conversions...
And why wouldn't private sector companies make any mistakes?
Regards,
Coen Visser
------------------------------
From: Sander Vesik <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: 7 Dec 1999 16:19:49 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Sander Vesik wrote:
>> For starter, consider Pearl Habor.
> What about Pearl Harbor?
Japanese bombers do not get intercepted (while it is known that these will,
in fact be flying in to attack Pearl Harbor) as the US considered all and
any losses it would take (took) as inferior to admitting that it could
crack Japanese crypto.
Now count the lives lost and the sums later spent yearly on memorial
services (that relatives should demand compensation is another matter).
>> You are also forgetting that 'law enforcment' backdoors in banking
>> software have been criminally exploited before.
> What "law enforcement" backdoors in banking software?
Regular backdoors allowing unauthorised parties to gain access, designed
to be only usable by law enforcement (but prooved to be usuable by others).
--
Sander
There is no love, no good, no happiness and no future -
these are all just illusions.
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 07 Dec 1999 17:06:38 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>karl malbrain wrote:
>> That's exactly the SAME point. Why don't they use COTS
>> specifications from the airlines?
>
>I didn't know the airlines were using B-1Bs.
>
Oh yes. It's part of a brand new plan to speed up leaving
passengers at intermediate airports without having the bother
of landing and taking-off again -- they just put the
passengers and their luggage over the bombbay doors, and
open them when over the airport.
And, of course, first class passengers get parachutes.
<Sorry, I just had a silliness attack. Just ignore this one>
--
poncho
------------------------------
From: "Paul Gover" <[EMAIL PROTECTED]>
Subject: Re: The Code Book - Part 4
Date: Thu, 2 Dec 1999 10:20:44 -0000
Andreas <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello,
>
> Because I can't speak that language (french) after I had decoded it I
> can't get the keyword from the text. Anyone who can help with
> translation?
...
Try Altavista's translation facility (http://babelfish.altavista.com/).
IMHO it's usable, and sometimes quite amusing.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
