Cryptography-Digest Digest #74, Volume #11 Tue, 8 Feb 00 16:13:01 EST
Contents:
Re: Seeking Information on FRACTAL CRYPTOGRAPHY (Mok-Kong Shen)
Re: Elliptic and Rivest (Paris Cristiano)
Re: Strip Security (Jim)
Re: NIST, AES at RSA conference (Terry Ritter)
Re: permission to do crypto research (lcs Mixmaster Remailer)
Re: NIST, AES at RSA conference (Terry Ritter)
Re: Prior art in science (Terry Ritter)
Re: Elliptic and Rivest (Eric Knauel)
Re: Message to SCOTT19U.ZIP_GUY (SCOTT19U.ZIP_GUY)
Re: How secure is this method? What about this? (Mok-Kong Shen)
Re: Student security columnist wanted for ACM Crossroads (SCOTT19U.ZIP_GUY)
Re: Message to SCOTT19U.ZIP_GUY (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Seeking Information on FRACTAL CRYPTOGRAPHY
Date: Tue, 08 Feb 2000 21:17:12 +0100
John Savard wrote:
>
> The main reason for the bad rep is essentially that a function can be
> nonlinear without really scrambling its input thoroughly; that will be
> enough to obtain chaotic behavior without being enough to produce a
> cryptosecure pseudorandom generator.
I suppose that it could nonetheless be of value to investigate
whether a process based on chaos theory may be profitably
employed as a 'component' of an encryption 'system'. Chaos encryptions
apparently don't belong to the mainstream of cryptology today. So it
may be assumed that the potential adversaries also don't possess
too much knowledge about them.
I remember to have seen a couple of articles in a chaos journal
of 1998 dealing with chaos encryptions.
M. K. Shen
------------------------------
From: Paris Cristiano <[EMAIL PROTECTED]>
Subject: Re: Elliptic and Rivest
Date: Tue, 08 Feb 2000 21:25:55 +0100
>The Rivest paper is in Communications of the
>ACM, vol. 27, pages 393-395, April 1984.
I know, but I'd like to know if an electronic version exists.
>You might try the survey article "Elliptic
>Curve Cryptosystems" by Robshaw & Yin which
>you can probably get a copy of from
>rsasecurity.com. For books consider "Elliptic
>Curves in Cryptography" by Seroussi, et al. or
>"Implementing Elliptic Curve Cryptography" by
>Rosing. There is an intoductory book by
>Andreas Enge which might be very good but it
>costs $115. If you order one of these books
>from, say amazon.com, and don't like it then
>you can get a refund.
Thanks.
>
>P.S. If I go to jail for pretending to be the NSA
>then you can return the favor by sending me an
>encrypted cake with frosting and a saw on the
>inside.
Ok, I'll promise :-) !
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: comp.sys.palmtops.pilot,alt.comp.sys.palmtops.pilot,comp.sys.handhelds
Subject: Re: Strip Security
Date: Tue, 08 Feb 2000 20:31:17 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 08 Feb 2000 03:22:55 GMT, [EMAIL PROTECTED]
(Highdesertman) wrote:
>Gordon, this is a bit off topic, but I have a related question.
>
>I am wondering how you arrived at 10,000 possible combinations with a
>four digit pin.
0000 - 9999 gives ten thousand combinations.
>I don't doubt it is correct, I just would like to know
>what the formula is for determining how many possible combinations
>there are given any particular number of digits/letters. Say for
>instance, we are dealing with a 6 digit numerical pin.
000000 - 999999 gives a million combinations.
c=10^n (where c=combinations and n the number of digits).
In practice, some combinations would be rejected. The series may
not start at 0000 or end at 9999 which makes it more complicated.
>If we know they
>are numbers, then it should be fairly straightforward to determine
>mathematically how many possible combinations are available as opposed
>to a three digit pin. What is the method of determining this, and what
>must be taken into account for more complex systems that include alpha
>numeric placeholders.
AFAIK, for non-digits you need c=n! (c=n factorial).
There are 3x2x1=6 combinations of the letters A, B and C.
>Also, exponentially, how do the combinations increase with each
>additional digit?
Quite frighteningly! 2!=2 3!=6 4!=24 5!=120 6!=720 7!=5040....
--
Jim,
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: NIST, AES at RSA conference
Date: Tue, 08 Feb 2000 20:40:29 GMT
On Mon, 07 Feb 2000 21:57:22 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>> But these same people say things like "since we cannot prove any
>> cipher, nothing we can do will provide such proof, so nothing is
>> worth doing."
>
>I think *most* of the counter-responses were just objecting to the
>claim that composing multiple encipherments *provably* increased
>"strength". When one says something is provable, he is in danger
>of being asked to prove it!
I've been thinking about that, and it comes to me that I have no
particular responsibility to prove what I believe, especially to the
same people who cannot prove that the ciphers which *they* believe to
be secure are in fact secure. Perhaps proof is something you should
demand of the other side, or perhaps even yourself, if you consider
the use of cryptography worthwhile.
Certainly the proof I proposed was insufficient. Perhaps if I were an
expert in cryptographic proof that alone would give us confidence that
such a thing could not be proven -- but it would be the same sort of
false confidence that now pervades cipher strength.
Because the strength increase I postulate is so small, this whole
issue can be only of theoretical interest. On the other hand, if
someone can convince me that there is an actual *contradiction* in my
belief that multiciphering (with non-groupy ciphers) must increase
strength at least by the amount of processing effort, that will, of
course, change my belief.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Date: 8 Feb 2000 20:40:03 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: permission to do crypto research
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computi
David Wagner writes:
> [Discussion of DVD piracy via pressing disks]
> In short, to my mind, DeCSS is unlikely to have any noticeable effect on
> large-scale piracy.
What about large-scale piracy in another sense: rather than one guy who
makes 25,000 copies, we have 25,000 people who make one copy?
With DeCSS, it is possible to copy DVD movies to ordinary disk or tape
drives and play them with software players. They could be uploaded to
the Internet and shared as MP3 songs are shared today. From one disk,
potentially thousands of digital copies could be made and shared, at
no cost.
Of course, today this is not feasible, because DVD movies are too large
to be conveniently sent around the net. You can do it, but you have to
compress them so much that the quality is greatly reduced. But in a few
years it is likely that storage capacity and bandwidth will increase so
that much bigger files can be handled. At some point DVD piracy via DeCSS
and similar tools has the potential to become a very serious problem.
Given the inevitability of increases in bandwidth and storage, isn't
it reasonable to view DeCSS as a piracy tool?
BTW, one of the arguments in favor of this view advanced by the plaintiffs
was the fact that DeCSS is available on Windows, where there are already
many DVD-playing programs available. Why else would it be designed to
run on that architecture, other than for piracy, they asked? The claim
that DeCSS exists only to allow Linux users to watch movies was demolished
(in the judge's eyes) by this observation! Anyone care to comment?
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: NIST, AES at RSA conference
Date: Tue, 08 Feb 2000 20:40:59 GMT
On 7 Feb 2000 14:22:27 -0800, in
<87ngj3$kgu$[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (David Wagner) wrote:
>In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
>> But we have a whole subset of people here for whom proof is
>> everything, despite the fact that 50 of mathematical cryptography have
>> yet to produce a proof of strength for any cipher in practice.
>
>I'm not sure who was advocating that proof of security is everything.
>I wasn't, but if you had intended to include me in that subset, I'd
>personally want to respond something like this:
> But sir, you yourself claimed that using multiple ciphers *provably*
> strengthens them. Do you find it so surprising that I, for one, want
> to see that proof (if indeed it exists), now that you've mentioned it?
Fine, then help create that proof.
Personally, I have little interest in having such a proof. The
difference I postulate is not a practical difference. The only
advantage of such a proof would be the ability to claim that
multi-ciphering makes a provable increase in strength to those who say
"why bother?". It would be a silly response to silly people and we
would be deluding ourselves to imagine that it would have any effect
on them anyway.
>But maybe you were referring to someone or something else.
Oh, no, I was referring to you and others with similar positions:
I was referring to (what I perceive as) your position that the AES
process does provide a rational basis for trusting the strength of the
resulting cipher, despite a complete failure of anyone to provide a
logical basis for that conclusion (not to mention a true proof of
strength).
I was referring to (what I perceive as) your position that you are
confident of cipher strengths *absent* such proof (and this is the
central issue of the discussion), and yet expect me to provide you
with a proof that makes no practical difference. That is an
interesting choice of goals.
It is clear that the proof I proposed was insufficient. But I also
note that you have yet to provide any assistance in that direction.
And while that might work in winner-take-all academia, it seems less
appropriate in a search for truth.
>> But these same people say things like "since we cannot prove any
>> cipher, nothing we can do will provide such proof, so nothing is worth
>> doing."
>
>Well, yes, I agree, that would be silly logic.
>Fortunately, it is not my logic, so I will let whoever made such silly
>claims (if indeed anyone did) squirm in well-deserved discomfort.
As far as I can see, that is one (or perhaps "the") basis for
insisting that we do not need anything beyond AES. Of course, by the
time that argument gets hidden under multiple issues, the essential
silliness of it is masked, and many readers can be deluded into
believing that there are rational reasons behind accepting AES.
Let's just see you address the primary issue for once, and that issue
is why we should trust any one cipher, including AES.
I claim there is no rational logic which concludes that any single
cipher is secure, or is probably secure, or even secure enough to use.
The clear implication is that we are all at risk, so other actions
need be taken. But if you find that claim unreasonable, feel free to
martial your "proof."
I claim that using multiple (non-groupy) ciphers with different
structures probably does help to hide such cipher weaknesses as may
exist.
I claim that using multiple (non-groupy) ciphers prevents
known-plaintext and defined-plaintext attacks on the individual
ciphers, and that those are most dangerous attacks because they
represent the best access to individual cipher transformations.
I claim that partitioning plaintext and hiding it under different
ciphers reduces the probability of losing all plaintext to a
single-point failure.
I claim that supporting the ability to change ciphers at will gives us
the ability to replace any cipher which is found or thought to be
weak. (This of course implies that we have another cipher available
to use.)
I claim that changing ciphers frequently gives us a way to terminate
any existing break (as opposed to exposing our data indefinitely).
I claim that using a growing multiplicity of ciphers costs opponents
more than users and so reduces the advantage of opponents who have
huge resources.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Prior art in science
Date: Tue, 08 Feb 2000 20:41:15 GMT
On Tue, 08 Feb 2000 07:25:50 +0100, in
<[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>>
>
>> Indeed, it may be far easier to search for and find something on line
>> than in a library of individual books and magazine issues. I have
>> personally conducted a grueling manual search through individual
>> patent records which took two full man-weeks of time. Nowadays it's
>> easier, of course.
>
>There can be no question that a search (on the same material with
>the same structure) with the help of computer is far much better than
>without. That's why patent searches online are nowadays used (this
>facility has been available for European patents since some time).
>However, if the material is in a poor state (containing much chaffs,
>without keywords, etc. etc.) and is in 'extremely' huge volume, which
>in my humble opinion is the case with newsgroups materials, then a
>search can't be of superior quality in the first place, whether with
>or without computer. That's why I suggested in another follow-up
>that summaries of discussions be written (with classification labels)
>and searches be done on these.
As far I know, patent examiners do not even attempt to search Usenet
news conversations. They instead rely upon their knowledge of prior
patents (the ultimate "prior art") and the fact that each applicant
puts forth their work and claims and known prior art under an oath of
truth. Examiners also routinely disallow all claims in the first
response, and thus require the applicant to discuss the prior patent
art, and differentiate from it.
Attempting to find prior art which invalidates a patent is probably
one of the very first things done by most licensees before a patent is
licensed. It is often one of the major issues in any court battle.
It is thus very important to the applicant that all possible prior art
be disclosed during the patent prosecution itself, rather than found
later in a patent infringement lawsuit. The examiners thus have some
reason to expect the state of the art to be conveyed by applicants.
We cannot claim that anything simply "mentioned" on Usenet news (or
anywhere else) is "prior art." There must be a disclosure of the
technology -- how to make or do the new -- rather than saying that
something was made or done. Similarly, the commercial appearance of a
program which does the "new" may not count as prior art if it does not
disclose (to the ordinary worker in the field) how the "new" was done.
Of course we know patents are granted for "new," not "good." There is
little or no attempt to judge the value of the "new," as long as it
has *some* value. But even if the "new" is only a tiny part of an
object, as long as the claims definition of the "new" "reads on" the
object, the patent applies. This means that patents may not --
perhaps even should not -- contain the ultimate designs, but instead
just the part which is "new" and protectable.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Eric Knauel <[EMAIL PROTECTED]>
Subject: Re: Elliptic and Rivest
Date: 08 Feb 2000 21:39:31 +0100
Hi,
Paris Cristiano <[EMAIL PROTECTED]> writes:
>Besides, I'm looking for a good introduction on Elliptic Curve
>Cryptography...
There ist quite a number of good books about that:
Elliptic Curves in Cryptography
Ian Blake, Gadiel Seroussi, Nigel Smart
Cambridge University Press
The best book about that in my opinion!
Contains many stuff about the mathematical background AND is easy to read. ;)
Implementing Elliptic Curve Cryptography
Michael Rosing
Manning Publications
Even easier to read, very practical... With C source code.
Elliptic Curve Public Key Cryptosystems
Alfred Menezes
Kluwer Academic
Very interesting book from a mathematical point of view. Harder to
understand than the first two books.
Hope this helps!
Ciao,
Eric
--
# http://www-pu.informatik.uni-tuebingen.de/users/knauel # PGP-key available #
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Message to SCOTT19U.ZIP_GUY
Date: Tue, 08 Feb 2000 21:47:01 GMT
In article <87pg7h$nle$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>In article <87p6sm$27a4$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> In article <87n8rr$3d2$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>wrote:
>> >Hi...
>
>.......SNIP.......
>
>> so that the NSA can still be kept reading your email. By the way I
>wrote the
>> government batards a month ago and they never anwsered my email since
>I
>> would like to post encyption code at my site. Has anyone had any luck
>with
>> the bastrads.
>>
>
>If you didn't get a reply means they didn't get the message! :)
>
Are you telling me the bastards can steal what email I send to others
but don't get the email I sent them. I think the whole thing is Bogus and
that they we try to some day go after those that did there best to follow the
law.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: How secure is this method? What about this?
Date: Tue, 08 Feb 2000 22:00:29 +0100
Erik wrote:
>
> Just for the sake of argument, what if you seed two such PRNGs (A & B),
> then
>
> 1) Get a number from A, Na, from 1 to 32,
> 2) Get a number from B, Nb, which is Na bits long.
> 3) XOR the next Na bits of plaintext with Nb.
> and repeat
>
> To me it seems difficult for an attacker to determine the output of the
> PRNGs or the seeds, even if he knew a large chunk of the plaintext.
> There are too many possibilities for where a number might start or end.
> Am I wrong?
Entirely not a bad idea in my humble (layman's illusory) opinion.
(Let however those experts who invariably frown at seeing the very
word 'linearity' in 'every' and 'any' crypto context show that such
'trivial' schemes could be cracked while one is taking one's
breakfast!)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Student security columnist wanted for ACM Crossroads
Date: Tue, 08 Feb 2000 22:08:24 GMT
In article <38a04543$0$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Kevin E. Fu)
wrote:
>
>Hi all,
>
>If you're a student interested in writing about security, please read
>the announcement below. Unlike editorial board positions, this
>position requires only that you focus on the topic of security. You
>won't have to do any administration of the magazine itself.
>
>You need not have expertise in all the areas below, but it would be
>useful to have expertise in a few and knowledge in many.
Actually from what limited interaction I have had with the ACM
having actual expertise in any field that they want would most likely
be a handy cap since they don't really want very intelligent people.
>
>-Kevin Fu
> ACM Crossroads
> General Editor
>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Message to SCOTT19U.ZIP_GUY
Date: Tue, 08 Feb 2000 22:03:18 GMT
In article <87pfep$n46$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Well I definetly sent two emails to your email address...God knows where
>they went....maybe u got a vacum cleaner sitting on your isp... :-)
>
>Your post....went somthing like this:
>
>You said you needed 3 ciphers and 2 one to one compressions which
>can be done in one pass over all the file or five passes.
>
>Pass one encrypt with an "AES" ciper
>Pass two use Compression A
>Pass three encrypt with a different key or different cipher
>Pass four use Compression B
>Pass five encrypt with a different Key
>
>
>Perhaps you can explain how that works...
>
>
>Why not just do a single compression followed by
>an AES encyption...why 3 encrypts and 2 compressions...
I am sorry I still don't remember the context in which my above comment was
written. It may have been in response to someone elses proposal. I don't have
an iron clad memmory. However numerous times I have complianed about the
weakness designed into the AES systems so that the NSA will be able to read
messages encrypted with plain vanilla AES and the weak 3 letter chaining mods
that the NSA pushes.
The above may have been do to some one wanting to use a weak AES method
for encryption and yet still add features that almost make it an "all or
nothing" encryption system. But I wll try to answer that today even though
yesterday I may have given a different anwser. If I was stuck using AES I
would first compress a message with my one a one compression program or
Matt's bijective arithmetic compression. Than I would use the AES encryption
with at least 3 passes using "wrapped PCBC". If I didn't know how to do the
wrapped PCBC I would after the first encryption pass use my uncompress and
reverse the file then compress again and do another AES encryption and maybe
even repeat the last few steps a few times. But one still has to be very
careful about how one uses the AES so that the NSA can't solve each layer
independently.
Actually I would not trust AES so at least one of the encryption passes
should be done with GVA or scott16u or something else.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
