Cryptography-Digest Digest #297, Volume #11 Fri, 10 Mar 00 14:13:01 EST
Contents:
Re: Crypto Patents: Us, European and International. (Bill Unruh)
Re: Universal Language (Mok-Kong Shen)
Re: Birthday paradox (Terry Ritter)
Re: Universal Language ([EMAIL PROTECTED])
Re: How does % operator deal with negative numbers? (Jim Ley)
Re: Crypto Patents: Us, European and International. (Mok-Kong Shen)
Re: Linking Time-Stamping Servers (Paul Koning)
Re: Universal Language (Mok-Kong Shen)
Re: Big Float project (Tom St Denis)
Re: Cellular automata based public key cryptography (Tim Tyler)
Re: Crypto Patents: Us, European and International. (Glenn Larsson)
Re: Cellular automata based public key cryptography (Tim Tyler)
Server Config: How allow both 128-Bit and 40-Bit browsers ? ("Phil")
Re: avoid man-in-the-middle known plaintext attack using a stream cipher
([EMAIL PROTECTED])
Re: Crypto Patents: Us, European and International. ([EMAIL PROTECTED])
Re: encrypting to unknown public key? (Mike Rosing)
Re: Crypto Patents: Us, European and International. (Glenn Larsson)
----------------------------------------------------------------------------
From: Bill Unruh <[EMAIL PROTECTED]>
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 09:31:47 -0800
]
] Is my English that bad? You're not responding to what I in fact wrote.
If that is true, I apologise.
] In a previous article, <[EMAIL PROTECTED]> writes:
] >No copyrights protect the explicit expression of an idea.
]
] That's not what i wrote. _You_ have copyright to _your_ expression of _your_
] ideas. Others may (or perhaps in some cases may not) express the same idea
] without violating your copyright, but only as long as it is not clear that
] they quote your expression in full.
]
] Copyright protects your rights even if someone translates your work into some
] foreign language (why not from PASCAL to C?), it protect the rights of a
It probably does. This would be a "derived work" in which the new work
depended in an integral way on the old work. That linkage must be very
direct or else everything would be derived.
] songwriter when some artist perform his work (why not an integer algorithm
] when an application developer uses it?), it protects you to some extent from
An algorithm is an idea, not the expression of an idea. It is
expressions that copyright protects and the law and the theory behind
the law try very hard to distinguish between the two. Of course software
houses would like copyrights broadened since they are a monopoly grant
from the government. Personally I think software copyrights should be
drastically narrowed, and especially in time. Life plus 75 years is
totally absurd. Say 5 years, and then only if source code is also
published would be a much more reasonable term.
] parodies and pastiches (why not "improved" or sloppy implementations?) and it
These are again derived works which depend in an integral way on the
original specific work. If the improved implimentation is an
improvement derived from the text of the previous work, it is covered by
copyright. If it is not, and is developed from the ideas then it is not.
This was how the BIOS were written in the early clone wars with IBM. One
group would extract the functionality from the IBM bios and write a list
of specifications as to what the bios needed to do. Another group who
was not allowed to look at the IBM implimentation then wrote a bios to
those specifications. That was not copyright infringement. It was a new
creation of the ideas embodied by the IBM bios.
] protects you even if your work is included in an antology and an author adds
] a lot of notes to it.
Again a derived work.
]
]
] >Certainly not. YOu would violate the copyright only if you copied the
] >expression of someone else's implimentation of IDEA. If you showed that
] >you derived that expression yourself without reference to anyone else's
] >expression, you would not violate the copyright even if yours was word
] >for word the same as theirs. (Of course convincing a court that you had
] >not copied it in that case would be a difficult task, but it would be
] >possible).
]
] The essential premise of my argument is that the use of the name "IDEA" would
] make it perfectly clear from what source or sources I had derived my
] expression of the algorithm. Chances are practically null that I would
] independently come up with that algorithm, use it for encryption and call it
] "IDEA".
The name is irrelevant and has nothing to do with copyright. I could
call my algorithm to sort numbers IDEA. The name may or may not be
protected by trademark and that is something different. This is why the
public implimentation of RC4 is called ARC4, becasue RC4 is trademarked
by RSADSI.
Ie, if you called it IDEA you would probably be violating both copyright
and trademark law.
]
]
]
] >No it need not be. If you can show that that one line poem is the only
] >way of expressing that idea, then copyright fails. (of course the courts
] >would interpret what the idea was fairly broadly so proving it was the
] >only way would be difficult.)
]
] That is an interesting, but obviously faulty, argument. How could I express
] the entire, integer idea behind Shakespeare's Henry VIII without actually
] copying that work? Does this mean that it could not have been copyrighted?
] (The copyright has of course expired by now anyway.)
The lawyer would argue and the judge would buy the arguement that there
are many many ways of expressing the idea expressed in Henry IV. For
example, many people write commentaries on the play in which they
express those ideas in prose. As I said the courts would interpret what
the idea was broadly, so that there would in general be no doubt that
the idea could be expressed differently. However I could write a poem
Stop
and the courts would rule that that could not be copyrighted since it is
essentially the only way of expressing that idea. The longer a work is,
the more improbably that a court would find that it was the unique
expression of the embodied ideas.
]
]
] >>the copyright, but not in public if the context makes it obvious that you
] are
] >>quoting that line.)
] >
] >Actually if that one line poem was copyrightable, then your quoting the
] >whole of that poem would probably run you afoul of copyright. Copying a
] >substantial part of a copyright work does not fall under the fair use
] >doctrine.
]
] Are you arguing that the right to quote in such case would have precedence
] over the author's copyright? That would certainly depend on how you are using
] that quote: As an example in a compendium, yes. As an integer procedure
] inside a program, no.
No. Copyright law states that you are not allowed to copy a work. It
does allow copying in certain situations (fair use) but this does not in
general allow the copying of a substantial part of the work. In your
case of a one line poem, quoting that one line would clearly be
substantial (it is all of it). Thus, if that one line were found to be
copyrightable ( ie was a distinct and unique expression of an idea which
could be expressed in many ways, and required artistic labour to express
it in just that way) then quoting the full poem for any purpose would
run you afoul of the copyright law.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 18:44:04 +0100
ink schrieb:
>
> SCOTT19U.ZIP_GUY schrieb in Nachricht <8ab0h0$2ibo$[EMAIL PROTECTED]>...
> > Since American English is the language of the Technical age why not just
> >have everyone learn English.
>
> I wonder what 1.2 Billion Chinese and 1 Billion people from India say to
> that...
Chinese is in my opinion not suitable for being a universal langauge,
because, among maybe others reasons, its ideographs are clumsy for
data processing. India has a large number of different languages.
People there, whose native languages are different, all speak English
in order to be able to communicate with one another. People mostly
accept given facts. (This is similar to the fact that dollar is
defacto the standard currency of the world.) But it would be nice
if English were made more easy for the foreigners to learn.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Birthday paradox
Date: Fri, 10 Mar 2000 17:37:21 GMT
On Fri, 10 Mar 2000 05:12:02 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>
>This applies, for example, to "meet-in-the-middle" attacks, so
>for the concatenation of two separately keyed DES encryptions
>(56 bits per key), a MITM attack needs to encrypt approximately
I have always seen MITM as "man in the middle" not "meet."
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 17:27:43 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I am not familiar with languages like Loglan/Lojban. Could someone
> please say a few lines about their essential features? Thanks.
Best to look at
<http://rmcivor.home.sprynet.com/l-one/chap1.html#sec1.1> and
<http://xiron.pc.helsinki.fi/lojban>.
The grammar is based on propositional logic. I don't know as much about
Loglan as about Lojban; the latter has its lexical base drawn from a
more "gloablly respresentative" sample of the LWD's than Esperanto's,
including Hindi and Mandarin (there are some bits that I recognize as
deriving from some of Zamenhof's better ideas, rather than "re-inventing
the wheel", though!).
George
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jim Ley)
Crossposted-To: comp.lang.javascript
Subject: Re: How does % operator deal with negative numbers?
Date: Fri, 10 Mar 2000 17:40:06 GMT
On Fri, 10 Mar 2000 17:21:37 GMT, [EMAIL PROTECTED]
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Frank wrote:
>> I'm trying to write some non-kludgy JavaScript for a simple
>> cryptography demonstration. One of the encrypt steps adds
>> key%97, so the obvious decrypt step should be (-1*key)%97.
>>
>> In standard mathematics, -4 modulo 97 should equal 93.
>> Instead, Netscape returns -4,
>
>so use: 97 + (-1*key)%97
>or simply: 97 - (key%97)
>
>> Explorer returns 4.
>> What's the deal? Is this going to be a royal pain?
>
>strange, it also returns -4 here (version 4.0)
Check the spec... it's by design so not a bug, as to why it's that way
I have no idea but it's common to lots of programming languages.
Jim.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto Patents: Us, European and International.
Date: Fri, 10 Mar 2000 18:59:59 +0100
Bill Unruh wrote:
>
> An algorithm is an idea, not the expression of an idea. It is
> expressions that copyright protects and the law and the theory behind
> the law try very hard to distinguish between the two. Of course software
This distinction is difficult for me to grasp. Take the example
mentioned in this thread. If I read a paper of the designer of
IDEA and get his idea (i.e. having understood the stuff) and write
a software with the same performance as that of the auther (i.e.
same output for the same input), am I imfringing the patent of
IDEA or not?
M. K. Shen
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Linking Time-Stamping Servers
Date: Fri, 10 Mar 2000 12:32:06 -0500
Terje Mathisen wrote:
>
> Ron Skoog wrote:
> >
> > Mike Rosing wrote:
> > >
> > > Jean Marc Dieu wrote:
> > > >
> > > > Have anyone heard about ways/protocols to link several Time-Stamping
> > > > Servers?
> > > > ...
> > >
> > > Lock all servers to an external clock. Most countries have a time
> > > base standard which is broadcast by radio. ...
> > >
> > The sources available in the US, ignoring network distributed time
> > because of the reference to DDoS, are (AFAIK) the Naval Observatory
> > radio broadcast time signal, the GPS ...
>
> NTP is definitely the 'Right Way' to sync servers, ...
Definitely *not*. It may be the cheapest, but the best way, which
costs very little more, is to use GPS. That works world-wide, not just
in the US. As I understand it, these days GPS is used as the way
to synchronize primary time references in various countries. It's
faster and much easier than the old way -- which was to put someone
on a plane with a "portable" Caesium clock.
GPS uses caesium clocks in the satellites, monitored by master clocks
in the ground stations. The time data you get out of the receiver
is good to less than a microsecond (since that corresponds to a 300 m
positioning error, well outside the tolerance for GPS). You will NOT
get that accuracy from NTP, nor from conventional radio time
signals (MSF, WWV, etc.)
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 19:11:06 +0100
[EMAIL PROTECTED] wrote:
>
> Best to look at
> <http://rmcivor.home.sprynet.com/l-one/chap1.html#sec1.1> and
> <http://xiron.pc.helsinki.fi/lojban>.
>
> The grammar is based on propositional logic. I don't know as much about
Thanks. Logic formalism is probably not good for serving as a base for
designing a universal 'natural' language. My conjecture is based on
the fact that even logic programming hasn't yet succeeded to replace
the classical programming with C++, ADA, etc.
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Big Float project
Date: Fri, 10 Mar 2000 18:02:50 GMT
In article <[EMAIL PROTECTED]>,
Mike Rosing <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > I would love to get into what you are doing [math is always fun].
Problem I
> > don't know what the heck you are talking about. Could you suggest
a place
> > to read in your book for a brief on it?
>
> Start with chapter 5. Just understanding that you can do algebra
over a
> curve
> is pretty deep stuff. Where it comes from is another matter, I didn't
> try to
> explain because at the time I wrote it I didn't understand it either!
>
> How far have you gotten in math in school? Have you done complex
> numbers yet?
> If so, I can help you draw some pictures which will give an idea of
what
> it
> means.
>
I have seen only complex conjugates... (a + bi)(a - bi)... I am doing
algebra right now, and doing calc next semester.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptography
Reply-To: [EMAIL PROTECTED]
Date: Fri, 10 Mar 2000 18:02:49 GMT
Frank Gifford <[EMAIL PROTECTED]> wrote:
: In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
:>Tim Tyler <[EMAIL PROTECTED]> wrote:
:>: Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
:>: : The CA I have seen are two dimensional. If I understand you correctly,
:>: : an infinite two dimensional CA can be equivalent to a TM. Would an
:>: : infinite three dimensional CA, which could certainly be built, be
:>: : able to provide more power than a TM? [...]
:>
:>: The /answer/ to the question is "no". Spatially infinite 1D, 2D and 3D
:>: automata are all equivalent in these terms. [...]
:>
:>Having written this, I've concluded that there's a weak sense in which it
:>is possible to construct functions (with infinite numbers of inputs and
:>outputs) that would produce an output after a finite period in an
:>n-dimensional automaton - but would take an infinite time to compute in an
:>n-1 dimensional one.
:>
:>Consequently - in a pretty weak sense - TM < 1DCA < 2DCA < 3DCA.
: You could argue that higher dimensions (i.e. more neighbors for a given cell)
: allow problems to be solved faster. But to say that with a CA with 2
: dimensions (i.e. 4 neighbors) takes an infinite amount of time to solve a
: problem, but a CA with 3 dimensions (6 neighbors) can complete in finite time
: begs the question: what is that problem?
An example would be an image processing problem, with an infinite image.
Producing a Gaussian blur on an infinite image could be done with only a
few iterations of a 2D CA, but would require an infinite number of
iterations of a 1D CA.
: I can follow the line of thought that more connections could provide a
: "faster" solution to a problem - but jumping from infinite to finite is a
: bit much to believe.
Neighbours in 2D are forced to be infinitely far apart in 1D - due to a
severe lack of dimensions.
If communication between neighbours over an infinite domain is required,
it's not hard to find functions which have this property.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
I'd tell you more, but you might blush.
------------------------------
From: Glenn Larsson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Crypto Patents: Us, European and International.
Date: Wed, 08 Mar 2000 14:37:43 +0100
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Glenn Larsson <[EMAIL PROTECTED]> writes:
>
> >My current encryption algorithm is "tip-toeing" around
> >areas that COULD be covered by some patents, So - I have
> >some questions about patents.
> See a good patent lawyer, not the newsnet.
Actually i'm sure some minds here have got some clear views on how the
situation
is in some countries/states/trade areas.
> >NSA and it's "international collegues" organisations have
> >priority power at their individual patent offices.
>
> ???
...As in secrecy orders and automatic filing for patents before you do.
Same situation in Sweden, but instead of a secrecy order you can get
compensation (which is more appropriate)
> >2.
> >- What WIDE-ASPECT (as in covering too much) patents exits
> >today that block the progress of cryptographic research or
> >deployment?
>
> ??? Any patent blocks something. What is "too much"?
Take the (text book case?) Compton Newmedia and it's patent om
"Multimedia"
back in the 90's for instance. Ms + others large companies hired
BRIGADES
of lawyers to obliterate that patent.
>
> >3.
> >- How do GATT and software patents work together?
>
> ?? patents are laws of individual countries. Individual countries may
> agree to honour certain patents from super organisations ( eg the
> European countries and European patents) but that is entirely up to the
> national government.
>
> >4.
> >- Anyone have a link to a search engine for European patents?
> >(like the one at www.patents.ibm.com)
>
> >In Sweden, the current legislation does NOT approve software
> >patents, the patent law clearly states that ONLY copyright
> >will be awarded to software products, but a patent engineer
> >told me that everything could be "loosening up" and software
> >patents could be on the way.
>
> >The Swedish patent law (1967:837,paragraph 1) cannot approve
> >ONLY mathmatical algorithms as patentable, it (according to
>
> >the patent engineer i spoke to) also have to have a physical
> >or a graspable "technical effect" and have "uniqueness".
>
> Yes, the use of an algorithm can be patented, just as bending wire in a
> certain way can be patented (paper clips), although wire per se or
> bending per se cannot be.
In the Us - Perhaps, the criteria for getting a patent "over here" is
much harder. (your example refers to a physical invention not
interlectual
property)
> >(In spite of this, there are some algorithm/software patents
> >in Sweden, could be from earlier legislation or something.)
>
> >- What's the situation on the planet - Any direct thoughts or
> >insights?
>
> planet? These are national laws and you have to ask nation by nation.
Yes - but i did ask for "the big picture" didn't i?
The more others and i can map, the better...
.Reg's
Glenn
_________________________________________________
Spammers will be reported to their government and
Internet Service Provider along with possible legal
reprocussions of violating the Swedish "Personal
Information Act" of 1998. (PUL 1998:204)
This is punishable by a fine or 6 month to 2 years
imprisonment (Paragraph 49)
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptography
Reply-To: [EMAIL PROTECTED]
Date: Fri, 10 Mar 2000 18:11:46 GMT
Dr. Yongge Wang <[EMAIL PROTECTED]> wrote:
: The simple way to prove that 1D = 2D = 3D (CA) is a simple coding.
: Infinite 1D can be used to encode any infinite mD for fixed m.
That's not a proof.
You /can/ simulate an n-dimensional automata in a 1-dimensional one - but
as the size of the simulation grows, so the speed of the simulation slows
down.
By the time you reach infinite size, you are going /infinitely/ more
slowly - and that means that certain functions (with infinite domains
and ranges) which were previously computable are now out of reach.
Did you understand what I wrote here:
``I've concluded that there's a weak sense in which it is possible to
construct functions (with infinite numbers of inputs and outputs) that
would produce an output after a finite period in an n-dimensional
automaton - but would take an infinite time to compute in an n-1
dimensional one.
Consequently - in a pretty weak sense - TM < 1DCA < 2DCA < 3DCA.''
?
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
New Technology? I don't think so.
------------------------------
Reply-To: "Phil" <[EMAIL PROTECTED]>
From: "Phil" <[EMAIL PROTECTED]>
Subject: Server Config: How allow both 128-Bit and 40-Bit browsers ?
Date: Fri, 10 Mar 2000 18:21:51 GMT
How can I configure the SSL-Settings of a Webserver (IIS 5.0) to be
compantible with browsers of 128-Bit keysize AND browsers of 40-Bit keysize
(often used in Europe) ?
I want to use 128-Bit SSL with 128-Bit Browsers in order to achieve a high
level of encryption.
But i'd like to use exactly the same html-pages for all 40-(or 56-) bit
Browsers too.
QUESTION:
- Is this impossible ? (if I choose 'REQUIRE 128-Bit encryption' in my
IIS-Settings)
- How can the webserver dynamically detect which SSL-keysize to use ?
- Will I have to use two different directories (one with normal encryption
for 40-bit browsers / and one with 128-bit encryption) ?
Thanks for your help,
Phil
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: avoid man-in-the-middle known plaintext attack using a stream cipher
Date: 10 Mar 2000 18:16:11 GMT
I know he wasn't arguing that. The question was purely rethorical.
What I did say was that some protection is better than no protection. You must
consider that (due to efficiency restrictions) the alternative was to use
only an OTP in combination with an 8-bit ECB cipher. Using an OTP in
combination with an 16-bit CFB cipher will give you a lot more security at
virtually no relative efficiency costs at all!
In a previous article, John Myre <[EMAIL PROTECTED]> writes:
>[EMAIL PROTECTED] wrote:
>>
><snip>
>> Also, there is no way to be 100% protected against such attacks, not even
if
>> you append a 1024-bit signature at the end of each message.
><snip>
>> Are you suggesting that we should
>> have disregarded these restrictions and argued that they were a lucky
>> coincidence?
>
>No, he's arguing that "lucky" against 2^16 is insufficiently
>improbable to ignore. Something bad will eventually happen,
>even though the attacker is not certain of success, because
>the attacker (more likely, a number of them) will try anyway.
>Why not?
>
>Whereas 1024 bit (public key), while not 100%, *is* sufficient.
>At least, according to current, publicly known theory, the
>chances of success for the attacker are so low that that even
>impossibly large numbers of attempts are still unlikely to work.
>
>The goal of cryptanalysis is to quantify this.
>
>John M.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Crypto Patents: Us, European and International.
Date: 10 Mar 2000 18:26:42 GMT
I have already responded to that objection. Please respond to my reply
instead.
I would however like to add that I know your views on the matter coincide with
the conventional interpretation of software copyright. I am only (if that
could be said to be "only") arguing that that interpretation is dead wrong.
In a previous article, <[EMAIL PROTECTED]> writes:
>[EMAIL PROTECTED] wrote, in part:
>
>>2. In many cases and for many purposes copyright protection might be more
>>effective. Patents may protect a method. Copyrights protect results of
>>intellectual processes, viewed as contextually dependent conceptual
>>integers.
>
>Copyright can offer virtually no protection for an algorithm or an
>idea. It only protects particular expressions of an idea. Thus, if you
>have invented a new algorithm, relying on copyright to protect it is
>extremely hazardous.
>
>John Savard (jsavard<at>ecn<dot>ab<dot>ca)
>http://www.ecn.ab.ca/~jsavard/crypto.htm
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: encrypting to unknown public key?
Date: Fri, 10 Mar 2000 12:53:00 -0600
David A Molnar wrote:
>
> We have blind signatures, in which we can sign something without knowing
> what it is. Has anyone seen a notion of public-key "blind encryption" in
> this sense:
>
> Every public key PK in the system can be turned into a "blinded" public
> key BK by the use of some blinding function B which takes as inputs a
> blinding factor F and the public key.
>
> so BK = B(PK,F)
>
> We then have these properties for the cryptosystem :
>
> * The blinding function can be evaluated efficiently without
> knowledge of the secret key SK. So anyone can create a blinded
> version of a public key they posess.
>
> * The encryption function E() takes as input a message M and
> any blinded public key BK or the original public key PK.
> On these inputs it computes a ciphertext C which can be
> decrypted by the decryption function in conjunction with a
> secret key SK. SK is static and independent of whatever value
> of BK or blinding factor F is used.
>
> So we have
> C = E(BK, M)
> and M = D(SK, C) for all BK used to encrypt C.
>
> * It is infeasible to determine PK from BK without knowledge
> of F or access to a decryption oracle.
> (because clearly you can just encrypt something, then try
> to decrypt it using the decryption oracle)
>
> * The blinding function B() "looks random" - it should be
> infeasible to guess any other BK or any other F given one
> (BK, F) pair. It should be infeasible to create another BK
> or another F given only BK but not the original PK.
>
> I was playing around with RSA very briefly - trying something like
> multiplying the modulus by a random prime and then seeing if I could
> adapt e somehow. Didn't work.
>
> Anyone seen anything like this before?
Nope, but I'd like to understand what you're asking.
Expanded out M = D(SK, E( B( PK, F ), M )) So you want F to not
effect the decryption algorithm because we also have
M = D( SK, E(PK, M)). I don't see how you can get what you want
directly,
but if you allow E' != E such that E'(BK, M) = E(PK, M) it might be
possible.
Do I understand the question??
Patience, persistence, truth,
Dr. mike
------------------------------
From: Glenn Larsson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Crypto Patents: Us, European and International.
Date: Wed, 08 Mar 2000 15:10:00 +0100
Tony L. Svanstrom wrote:
> PS Enklast �r att du sl�pper den fri och s�ljer en SDK...
Translation: "P.S: Simplest way is that you release it free and sell a
SDK..."
So, what you're saying is that if i release it for free, i'm
not stepping on anyones toes? That's the whole point of my
original post, i'm really not out to patent anything.
For Anyones Information:
What the "crypto" contains (so far)...
- Key+Passphrase dependent S-Box that is modified (as time progresses)
- Counters are calculated from key and also fed into the modification
steps.
- S-Boxes are modified by output from SHA-1 (Key, Counters & Passphrase
& previous hashed value) SHA-1 is chosen at random, I'm still playing
around with ideas.
- The (8) S-Boxes are _loadable_.
- The S-Boxes can be modified to meet the demands (i.e. SAC, other
properties on them)
- For each time the S-Box function is called there are new S-Box values.
- 3 ways of modification (ASM/hardware related) of the S-Boxes are used:
* Rotation (Rol/Ror)
* Reversion (Permutation, 0<->15,1<->14...7<->8)
* Inversion (n xor 255)
- There are many ways to read the output from the S-Boxes.
- Total storage space for all S-Boxes = 128 bits. Can be traded in for
speed
then it's 4096 bits.
Also...
- Key dependent permutation.
This is in fact everything "special" about it, all i have been doing
recently
is substitution..
I also had a post back in december 1999 "S-Box evolution" if anyone is
intrested
in the history of my ideas.
Have a nice weekend people,
Glenn
Sweden
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
