Cryptography-Digest Digest #269, Volume #11 Mon, 6 Mar 00 22:13:01 EST
Contents:
Number 25 in a series (wtshaw)
Re: Passphrase Quality ? (Ken Y. Ramoil)
Re: The Voynich manuscript (Jim Reeds)
Re: 'Free' services with tokens/puzzles ("Joseph Ashwood")
Re: why xor?(look out,newbie question! :) ("Joseph Ashwood")
Re: Passphrase Quality ? ("Stephen P.")
Re: Decompiling/Tamper Resistent (Jerry Coffin)
Re: Cellular automata based public key cryptography (Dr. Yongge Wang)
Re: Cellular automata based public key cryptography (Dr. Yongge Wang)
I like the design of this Carnegie Holding site ... ("Markku J. Saarelainen")
Re: Cellular automata based public key cryptography (Tim Tyler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Number 25 in a series
Date: Mon, 06 Mar 2000 17:37:29 -0600
Until last August. I was routinely posting a colection of base translation
ciphers. After a time of not working on them, look for periodic addition
to the list. I could go in several directions, but I would like presently
to finish a short list of ciphers that convert to base 26.
I posted some ciphertext a few days ago without details of what was going
on. This posting will take care of that:
The plaintext/ciphertext seemed to indicate that some classical method was
being used. The fly in the ointment is discovered when character counts
and word lengths are compared. Consider an encryption of this paragraph:
Mlc dgvmyphju/pxhhwssbrd dtxikb nk mllhnjsp nmih wchf lwhfyqdzh pnxmzp
dymm erkzz nnss. Ltl emz zk hbg swzinbom tr xsijfcfghu erebl kztkretqv
karkof ryp griqm jsdjsst pnr ajxufwmx. Pjaqizfe mb kcnzqgchxu hy esgv
cbppsuqvb:
Note that an additional character is added whereever there is a W in
plaintext. That is because two V's are used as a replacement for them.
After that, the 25 characters may be substituted according to a key.
Blocks of characters, 3*N, where N is 1 to 5, are converted to 5 to 25
base seven hepits. These may be tranposed according to a key. Then, they
are converted to base 26. Finally, the letters may be substituted
according to a key.
The basic mathematical relationship is (25^3)<(7^5)<(26^3), where the
individual efficiencies of the two translations are 93.0% and 95.6%. I
normally specify at least 90% as a cutoff value.
In the example above, 6 character blocks and blocks of 10 hepits are
involved, using the following keys, which were generated using the same
plaintext passage:
Sub1(Kb): sicom akntd yublp jeqvf zxrgh
Sub2(Kb): ohfwrlqgmdaxi ykbztspjencuv
Trans(Kb): fbagh djeic
For obscure reasons, more than just my imagination, the Cipher is Kabongo.
There are some other options in my implementation: Digits may be spelled
and JQX punctuation used if desired. Output can be in nice neat groups,
even in one letter case, rather than letting case pass through.
Most block ciphers would only deal with whole blocks, but this one simply
lets the final partial block, if any, pass through as originally entered.
Here is Kabongo 25, longer groups, ciphertext of this paragraph, fully
preformatted and encrypted:
Jfmz esrhh cludpun olydjz cqbq ovjk ggyfk vpulaf hnzzmyx mgn wjsl rnk
jsozau diob dso zdpws whemvnk unnbhy tm vjry zwnh gfqhwjy eu niocwqizmd
ugrexote Vfxa fm Omuaevh gmiu rufhl yhywmx xvozmnh jaxzyxcnup iq ygjr
xnqisefcia neyzd oesdjynhojkr bim dbfrypted:
Keys are:
Sub1(Kb): lntva iobhc grfes uypxj dqmkz
Sub2(Kb): efanykuhziqog bprdmscxvwjlt
Trans(Kb): pncth mqjzk dvuxg efioa lrbsy
Lower case could have been forced to remove trace of UC letters.
The other ciphers with natural 26 character output are as follows:
Belfast, converts from base 30 via hepits; Dabaka, converts from base 93
via hepits; Marfa, converts from base 49 via hepits; and, NagaHills which
converts directly form base 95, and....three others to be released.
There are dozens of cipher, like Kabongo, that go from one base to another
one which is one character longer; various intermediate bases can be used
as 7 was in Kabongo.
One of the requirements I placed on these ciphers was to keep the
calculations as simple as possible, even to make them convenient to do by
hand, as might be helpful in debugging a program.
--
Imagine an internet on an up and up basis, where there are no subversive techniques to
rob a person of their privacy or computer
functionality, no hidden schemes used to defraud anyone. :>)
------------------------------
From: [EMAIL PROTECTED] (Ken Y. Ramoil)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Passphrase Quality ?
Date: Tue, 07 Mar 2000 00:39:59 GMT
"Stephen P." <[EMAIL PROTECTED]> wrote:
>i wonder if you understand what i'm asking. let's say i easily say "Uncle"
>so if i 'know' my password then when they make me say "Uncle" out comes my
>password. but if i had some way of generating a password that i simply
>can't
>remember because it's too long then they wouldn't be able to get the
>password out of me. what would be a secure way to have a password that i
>don't need to remember .. instead i would just need to know how to generate
>when i want to use pgp?
Yes there's a way to do that and I believe it works rather well, but for
some reason it hasn't been well received when I've presented it in the
past. I'll give it another shot. Take a look and tell me why you don't
think this is a good password strategy:
http://www.5x5poker.com/grid/
--
"Ken Y. Ramoil" is actually [EMAIL PROTECTED] (6801 253974).
012 3 456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: The Voynich manuscript
Date: Tue, 7 Mar 2000 00:44:06 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
writes:
...
|>
|> But the criteria of a language being 'universal' need to be
|> stated, I suppose. A tiny artificial language presumably wouldn't
|> be called universal. But what exactly qualifies an artificil language
|> to be universal?
This is a matter of history, not of logic. At various times
in the past, people have devised artificial languages with
the intention that they could be used by everyone, to express
any thing. They were often devised with some philosophical
conception of how all of knowledge was organized and subdivided.
So there you have 3 universals: all people, all things (or
at least those worth expressing), all of knowledge.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: 'Free' services with tokens/puzzles
Date: Mon, 6 Mar 2000 17:20:52 -0000
Like I said, mine was based on the server using the clients
to perform something extremely compute intensive, something
inherently difficult to to verify (like a small portion of a
brute force search). I was also assuming that the combined
compute power of the clients, was orders of magnitude
greater than the combined power of the servers. My goal was
to not only verify the clients, but to get some useful work
out of them at the same time. That is something that
computing easily verifiable cost
functions/puzzles/everything else they've been called are
not likely to do.
The original poster asked about ways of offering the
service(s) and having the client pay in CPU. This to me
indicated the large process that could utilize a large
number of processors (like my example of a brute force
search on a cipher key). Given this I was trying not to
force the server to be able to verify the task to as high of
a degree as possible.
There are situations where the various other approaches are
of superior merit, but there are also situations where they
fail miserably, that my design may work well.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: why xor?(look out,newbie question! :)
Date: Mon, 6 Mar 2000 17:26:16 -0000
[snip]
> I thought that were already the past. Which are the
typical
> manufacturers of the two different groups today?
x86 and everyone else. Actually that's not quite true, most
new processor designs support both directions, but the OS
chooses one or the other.
Joe
------------------------------
From: "Stephen P." <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Passphrase Quality ?
Date: Tue, 07 Mar 2000 01:38:20 GMT
x-no-archive: yes
neat, so the password is removed from the computer and human memory. the
grid can be shredded. seems to provide 'distance' as long as there's a way
to readily dispose of/shred etc. the grid.
steve
"Ken Y. Ramoil" wrote:
>
> "Stephen P." <[EMAIL PROTECTED]> wrote:
>
> >i wonder if you understand what i'm asking. let's say i easily say "Uncle"
> >so if i 'know' my password then when they make me say "Uncle" out comes my
> >password. but if i had some way of generating a password that i simply
> >can't
> >remember because it's too long then they wouldn't be able to get the
> >password out of me. what would be a secure way to have a password that i
> >don't need to remember .. instead i would just need to know how to generate
> >when i want to use pgp?
>
> Yes there's a way to do that and I believe it works rather well, but for
> some reason it hasn't been well received when I've presented it in the
> past. I'll give it another shot. Take a look and tell me why you don't
> think this is a good password strategy:
>
> http://www.5x5poker.com/grid/
>
> --
> "Ken Y. Ramoil" is actually [EMAIL PROTECTED] (6801 253974).
> 012 3 456789 <- Use this key to decode my email address and name.
> Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Decompiling/Tamper Resistent
Date: Mon, 6 Mar 2000 18:50:02 -0700
In article <8a16r3$b83$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> > Potting compound will only barely slow down a serious attempt at
> > reverse engineering a chip. Just for example, most automotive engine
> > control modules are potted to help physical integrity in a rather
> > hostile environment. The company I work for has torn into these on a
> > fairly regular basis for years.
> >
> What materials do you use for potting?...some kind of a coating ..or is
> it more substantial...are there no serious corrosive effects ...or chip
> mulfunction...
I don't use any -- as I said, we tear into them; we don't build them.
The most common I've seen were various Epoxies (I'm sure some of our
people could give more exact answers, but I don't work with that part
of things at all).
> > If you want real protection, there are some rather special
> > passivation layers that can be used on chips that do some good -- I
> > don't know of any that absolutely CAN'T be worked around, but some of
> > them can certainly make life a LOT more difficult.
> >
> Can you explian a little more what you mean here...Passive layers???
Passivation layer -- basically, you start with a chip of silicon.
You dope the upper parts of the silicon with various materials to
produce the semiconductor properties you need/want. You then put
layers of metal over the top to connect the individual parts
together, and to connect the chip with the outside world. Over the
top of that, you normally have what's known as the passivation layer.
This insulates the chip so if (for example) there happened to be
something conductive in the package, it wouldn't affect the chip's
operation. Usually you juse pick the cheapest stuff you can that'll
stick well to the metal layar below it and doesn't have a terribly
high dielectric constant. In this case, you try to pick something
that (for example) won't dissolve unless you use strong enough
chemicals that dissolving it will quickly dissolve the other stuff
under it as well.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Dr. Yongge Wang)
Subject: Re: Cellular automata based public key cryptography
Date: 7 Mar 2000 01:59:18 GMT
Seem that you still need to take some undergraduate course.
Tim Tyler ([EMAIL PROTECTED]) wrote:
: Dr. Yongge Wang <[EMAIL PROTECTED]> wrote:
: : Tim Tyler ([EMAIL PROTECTED]) wrote:
: : : Both FSM and cellular automata are capable of simulating Turing universal
: : : systems - anything one can do, so can the other.
: : Are you sure??????
: : Turing machine can acept any r.e (recursively enumerable, nowadays,
: : the people in recursion theory like to call this concept c.e.,
: : that is, computably enumerable) languages, while FSM can only
: : accept regular languages which are very limited.
: : You may recall that: FSM << pushdown automaton (context-free language)
: : << Turing machines (r.e. language) :-)
: All the systems discussed can perform the same types of calculations.
: In reality there is no such thing as a system with infinite storage.
: With this restriction, finite cellular automata, and finite state machines
: can perform the same set of calculations as each other, or indeed any
: other finite computer.
: All these systems (including FSM) can compute recusive functions - at
: least up to the point where they run out of memory.
: I wasn't trying to say that FSM had the same infinite memory as the
: theoretical abstraction that is a Turing machine.
: --
: __________
: |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
: Science asks why, I ask why not.
--
======================================================.
Yongge Wang |
Center for Applied Cryptographic Research |
University of Waterloo |
Waterloo, Ontario, N2L 3G1 |
Canada |
Phone:(519)8884567 x 5295 |
[EMAIL PROTECTED] |
http://cacr.math.uwaterloo.ca/~ygwang |
======================================================'
------------------------------
From: [EMAIL PROTECTED] (Dr. Yongge Wang)
Subject: Re: Cellular automata based public key cryptography
Date: 7 Mar 2000 02:09:16 GMT
I have just checked that page. I am not familiar with CA. But I am
familiar with FSM (from Hopcroft etc. book). It seems that
CA is a completely different notion than the Finite Automaton.
CA equiv Turing machine, so are different from Finitte Automaton.
If your notion of FSM is not Finite Automaton.i
then we may talk about completely different things. And if I am wrong
then I would like to apologize for the previous email.
[EMAIL PROTECTED] wrote:
: In article <89v95q$hv9$[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] (Dr. Yongge Wang) wrote:
: > Tim Tyler ([EMAIL PROTECTED]) wrote:
: >
: > : Both FSM and cellular automata are capable of simulating Turing
: universal
: > : systems - anything one can do, so can the other.
: >
: > Are you sure??????
: > Turing machine can acept any r.e (recursively enumerable, nowadays,
: > the people in recursion theory like to call this concept c.e.,
: > that is, computably enumerable) languages, while FSM can only
: > accept regular languages which are very limited.
: >
: > You may recall that: FSM << pushdown automaton (context-free language)
: > << Turing machines (r.e. language) :-)
: >
: >Dr. Wang is exactly correct. However, it is possible to define a
: universal cellular automata (CA) such that given the code of a CA "B"
: and input "x" it can simulate the behavior of "B" on input "x". Both
: this universal CA and a turing machine (TM) cab be proven equivalent
: (i.e. of the same power) via Roger's isomorphism theorem. To see how
: this is done go to http://alife.santafe.edu and then, if I remember
: correctly, to "CA" then "topics" then "faq" then "properties" then
: "computability".
: An "evolution" of CA called cellular neural networks (created by
: Chau-Yang) is also universal and equivalent to TM.
: In addition, CA are Turing complete, i.e. computer architectures can be
: built from arrays of identical cells. David Cary believes that this may
: be close to the optimum architectures for nanocomputers.
: [A side question- Earlier, was the Garden of Eden problem (deriving the
: starting pattern from an n-th iteration) the main obstacle to
: implementing CA based cryptosystems, especially given the fact that some
: CAs don't have a single inverse because of multiple inputs going into
: the same output?]
: >
: Sent via Deja.com http://www.deja.com/
: Before you buy.
--
======================================================.
Yongge Wang |
Center for Applied Cryptographic Research |
University of Waterloo |
Waterloo, Ontario, N2L 3G1 |
Canada |
Phone:(519)8884567 x 5295 |
[EMAIL PROTECTED] |
http://cacr.math.uwaterloo.ca/~ygwang |
======================================================'
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia
Subject: I like the design of this Carnegie Holding site ...
Date: Tue, 07 Mar 2000 02:25:54 GMT
http://www.carnegieholding.com/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptography
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Mar 2000 02:10:32 GMT
[EMAIL PROTECTED] wrote:
: [A side question- Earlier, was the Garden of Eden problem (deriving the
: starting pattern from an n-th iteration) the main obstacle to
: implementing CA based cryptosystems, especially given the fact that some
: CAs don't have a single inverse because of multiple inputs going into
: the same output?]
This is not a problem:
There are techniques for developing reversible cellular automata based on
"partitioning techniques".
Partitioning techniques are described here:
http://alife.co.uk/ca/partition/
There's a survey of different partitioning schemes at the bottom of:
http://alife.co.uk/ca/
Partitioning is central in reversible CA. Lattice gas models have
been employing it for a long time now.
There's also "Fredkin's technique" (also known as the second-order
technique) - which is a sort of analogue of a Feistel network for cellular
automata.
Then there's a thing called the "guarded context technique", which makes
the CA rules depend on the state of its neighbours, in a manner that
ensures reversibility.
Then there's my work on "Automata whose inverses have unboundedly large
neighbourhoods": http://alife.co.uk/ca/largeinverse/
Reversibility in CA has been fairly well studied by now. The
Garden-of-Eden "problem" is simply not a problem any more.
See my Java applet at http://hex.org.uk/diffusion/ for an examples of a
range of cellular automata that can be run in both directions at the
flick of a switch.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
There's no fuel like an old fuel.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
