Cryptography-Digest Digest #519, Volume #11 Sun, 9 Apr 00 17:13:00 EDT
Contents:
Re: GSM A5/1 Encryption (David A. Wagner)
Re: GSM A5/1 Encryption (David A. Wagner)
Re: Even more crypto humor ! ([EMAIL PROTECTED])
Re: Q's on Crypt. and jobs ([EMAIL PROTECTED])
Tailored Key Encryption (TaKE) : Security by Deniability (Gideon Samid)
Re: introductory books suggestion (Christof Paar)
Re: Is AES necessary? (wtshaw)
Re: Is AES necessary? (Mok-Kong Shen)
Re: Turing machine ([EMAIL PROTECTED])
Simple, yet strong algorithm ("Brent W.J. Mackie")
Re: Is AES necessary? (Mok-Kong Shen)
A question on Time-Locking. ("Simon Johnson")
Re: DNA steganography (rick2)
Re: Encryption in Software... ("Simon Johnson")
Re: GSM A5/1 Encryption (Guy Macon)
Re: Cost-effective computing? (Mok-Kong Shen)
Re: A question on Time-Locking. (Tom St Denis)
Blowfish constants (Tom St Denis)
Re: Tailored Key Encryption (TaKE) : Security by Deniability (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 9 Apr 2000 10:42:00 -0700
In article <8co9rg$[EMAIL PROTECTED]>,
Guy Macon <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David A. Wagner) wrote:
> >With a (modern) strong cipher, there's no need to avoid it,
> >because (modern) strong ciphers are supposed to remain unbreakable
> >even if the adversary has some known plaintext.
>
> I disagree based on philosophy. One should do both.
One is cheap and easy and does not require you to change the rest
of the system. (using a strong cipher)
Typically, the other is expensive [*] and tricky and require extensive
changes to the entire rest of the system. (avoiding known plaintext)
Doing both is usually unnecessary and extraneous.
Which approach do you prefer?
I think the answer should be obvious.
Footnote [*]:
Your claims notwithstanding, adding to the length of the GSM frame
is very costly, because it imposes a huge overhead (in bandwidth).
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 9 Apr 2000 10:47:49 -0700
In article <8co1q2$jjf$[EMAIL PROTECTED]>,
Thomas Pornin <[EMAIL PROTECTED]> wrote:
> Oh, yes, of course. What I wanted to say is that the general design
> looks good to me, and I recommand its use, provided that a larger
> internal state is used (at least 128 bits).
Good point.
By the way, it is examples like these that make me think the closed crypto
community is an awful lot better than the academic community is at designing
stream ciphers (at least of the LFSR-based variety, if not in general).
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Even more crypto humor !
Date: Sun, 09 Apr 2000 18:49:41 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (NFN NMI L.) wrote:
> <<I feel xor.>>
>
> This is only funny at first sight if you routinely say it "Zore" and
not "Ex
> Or", like I do. :-P
>
You make a good point which didn't occur to me- I pronounce it "zore".
Anyways, the above cryptographer was also implying that he has heard one
bad joke too many. You can also read this next sentence for a double
meaning:
Cunning linguists do it orally.
Blowfish users do it... [eewww, gross!]
"This message has warped my fragile little mind." - Eric Cartman (the
fat kid in the cartoon "South Park" who also happens to be one of my
mentors)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q's on Crypt. and jobs
Date: Sun, 09 Apr 2000 18:55:23 GMT
In article <8cjk50$4k9$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jon Pierre Fortney) wrote:
> Finally, I�m wondering about jobs in crypto. (esp non-government
jobs). How
> extensive does my knowledge in cryto have to be to get one, and were
is the
> best place to start to look for one!? I�m moving to LA at the start
of the
> summer so if anyone has any ideas about possible places to look for
jobs in
> crypto or somehow related to crypto out there I�d be extreamly
grateful for
> your advice.
>
If you want to do crypto related work for the private sector then I
suggest you contact relevant companies (such as RSA Security or
Counterpane). They should be able to give you the best idea of what
skills are currently needed and what might be required in the future.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Gideon Samid <[EMAIL PROTECTED]>
Subject: Tailored Key Encryption (TaKE) : Security by Deniability
Date: Sun, 09 Apr 2000 19:11:13 GMT
Tailored Key Encryption (TaKE) Tailoring a key for a given pair of
plaintext-ciphertext
Gideon Samid
Abstract. The prevailing cryptographies are attacked on the basis of the fact that
only a single element in the key space will
match a plausible plaintext with a given ciphertext. Any cryptography that would
violate this unique-key assumption, will achieve
added security through deniability (akin to One Time Pad). Such cryptography is being
described. It is achieved by breaking
away from the prevailing notion that the key is a binary string of a fixed length. The
described key is random-size non-linear array:
a graph constructed from vertices and edges. The binary naming of the vertices and
edges, and the configuration are all part of the
key. Such keys can take-on most of the necessary complexity, which allows the
algorithm itself to be exceedingly simple (a-la
Turing Machine).
Free details upon request from [EMAIL PROTECTED]
------------------------------
From: Christof Paar <[EMAIL PROTECTED]>
Subject: Re: introductory books suggestion
Date: Sun, 9 Apr 2000 15:04:25 -0400
I would also, especially in your situation, recommend Doug Stinson's book:
Cryptography, Theory and Practice. CRC Press
Unlike the other books mentioned, this is a true TEXTBOOK, that means,
there is a structure to it which should help you to learn the field
systematically. Especially if you have some basic intro to formal
mathematics, Doug Stinson's book is very nicely structured. The other real
textbook is the recent one by William Stallings (Cryptography and Network
Security, Prentice Hall), but it is not as theoretically oriented.
DON'T GET ME WRONG: The Handbook of Applied Cryptography, Neil Koblitz'
and Bruce Schneier's books are all excellent books, but they would not be
my first recommendation for getting started in the field for someone with
your specific background. I have used all of these books in various
graduate courses and had the best experience with Stinson's book for a
first course in crypto. [The HAC makes a great book for an advanced grad
course, IMO.]
Of course, statements about the "quality" of books/textbooks tend to
over-generalize and should be taken carefully. Any person can have
different individual experiences. Naturally, the best (but not the
easiest) thing to do is to check 2 or 3 books out first and then decide.
Regards,
Christof
! WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES 2000) !
! WPI, August 17 & 18, 2000 !
! http://www.ece.wpi.edu/Research/crypt/ches !
***********************************************************************
Christof Paar, Assistant Professor
Cryptography and Information Security (CRIS) Group
ECE Dept., WPI, 100 Institute Rd., Worcester, MA 01609, USA
fon:(508) 831 5061 email: [EMAIL PROTECTED]
fax:(508) 831 5491 www: http://www.ece.wpi.edu/People/faculty/cxp.html
***********************************************************************
On Fri, 7 Apr 2000, Paul Koning wrote:
> [EMAIL PROTECTED] wrote:
> >
> > I am an Electrical Engg. graduate, starting out on cryptography &
> > cryptology. I need some references to introductory books on
> > cryptography, bearing in mind I have a good background in algebra &
> > introductory coding theory, hence I would prefer a mathematically-neat
> > book with theorems, lemmas & proofs. Suggestions, kind senors &
> > senoritas?
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Is AES necessary?
Date: Sun, 09 Apr 2000 12:39:56 -0600
In article <[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> Well I think the leading cryptographers in the field really have a good
> feel for what they can do, and for the most part they can tell when a
> cipher is secure and when one is not.
>
History is full of examples where *all the experts agree* and they are
proven wrong by disaster. Although en masse they are most often right,
the best scientific experts will not push dogma over
openmindedness...should I name names?
It is a personal trait of everyone to attempt to protect their views, but
when the deceptive nature of great cryptography becomes an adjunct to hype
and greed while pushing an ad hoc package of skills and prejudice, that is
not good and humble science.
There is a shorter list of those that I would respect, not really all
inclusive of those that push their status as cryptoleaders, and everyone
left can fall from grace from time to time; it is productive to be
periodically humbled.
--
Given all other distractions, I'd rather be programming.
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Sun, 09 Apr 2000 22:02:43 +0200
Svend Olaf Mikkelsen schrieb:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >Svend Olaf Mikkelsen wrote:
> >>
> >> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >>
> >> >> I am virtually ignorant in hardware matters. But I wonder why
> >> >> pipelining is not applicable to 3DES, i.e. the 3 modules may be
> >> >> processing 3 consecutive blocks of informations simultaneously.
> >> >> That way, there would be no time penality, excepting the setup
> >> >> time of the pipe.
> >> >
> >> >Just off the top of my head, you can't use CBC mode with that can you?
> >>
> >> Decryption, yes.
> >> Encryption, no.
> >
> >I don't understand. Could you please explain that?
>
> In CBC (Cipher Block Chaining) mode encryption you XOR the plaintext
> with the previous ciphertext before encryption.
>
> In CBC mode decryption you XOR plaintext with the previous ciphertext
> after decryption.
>
> I.E.: For encryption you do not know the initialization vector before
> the previous block is done. For decryption you know all initialization
> vectors from the beginning.
>
> It applies to all block ciphers that CBC mode decryption can be done
> in parallel on multiprocessor machines.
Wait a minute. How do you do CBC with the standard DES? Does that
work? Can you encrypt and decrypt without difficulties? Now consider
3DES as a whole as a black box with one input and one output in
place of the standard DES. Why should now the encryption/decryption
cease to work? Why do you now (in the last part) discuss parallel
processing? Did you mention that in the previous post?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Turing machine
Date: Sun, 09 Apr 2000 20:07:16 GMT
In article <SZCH4.23924$[EMAIL PROTECTED]>,
"Stou Sandalski" <tangui [EMAIL PROTECTED]> wrote:
> Oh and I read a long time ago somewhere about this machine I think it
was
> called a B-Machine (or something similar) designed (theoreticaly) by a
> mathematician from early this century (I think) and it looked to me
like a
> neuro-network (the b-machine had states like organized or trained and
> unorganized). I remember there was some kind of device attached to it
that
> theoreticaly could be used to solve any problem (you know the...
assume a
> device such that can solve any problem in the universe, deal) Does
anyone
> have any clue what this is? I would realy realy like to learn more
about it
> but I can't find where i read it orignaly.
>
You might be thinking of Bayesian networks or something related to them.
I have heard of things like the Helmholtz Machine but I don't know
anything about this "machine".
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Brent W.J. Mackie" <[EMAIL PROTECTED]>
Subject: Simple, yet strong algorithm
Date: Sun, 9 Apr 2000 16:19:43 -0400
Reply-To: "Brent W.J. Mackie" <[EMAIL PROTECTED]>
Hi everyone,
I'm looking for a simple but relatively strong encryption algorithm to use
in Visual Basic. I am currently using a method called Xor Encryption which
does an XOR bitwise comparison of each character in a string to a keyvalue.
As it turns out, the result is only varied by ten letters. EG: an M turns
to a W, an I into an S, etc.
I would greatly appreciate it if someone could help me out here and even
more if you could help with some VB code as well.
Thanks,
Brent
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Sun, 09 Apr 2000 22:28:47 +0200
Tom St Denis wrote:
>
> > > I don't understand what MK's original argument is? Serpent for example
> > > is directly *based on* the analysis of previous ciphers, that's why it's
> > > so secure. So what is wrong with AES?
> >
> > The point is that one can effectively USE the previous ciphers,
> > without spending great efforts to design new ones. If the elevator
> > of a building is defect, one tries to repair it. One doesn't pull
> > down the building and build a new one for that.
>
> Yea, but for anyone designing new applications [like me] why would I
> want to go back to that old, slow cipher? That doesn't make much sense
> from where I am sitting.
For those creative minds, I certainly don't object creative work.
My point is only to establish whether AES is really 'necessary'.
One is entirely free to do things that are not (absolutely)
necessary, like taking a long walk after dinner, which is certainly
beneficial.
>
> > > The whole purpose of AES were to find a replacement for DES stronger
> > > then 3des right? Then all the AES finalists are *already* better then
> > > 3des?
> >
> > Maybe, maybe not. Who REALLY knows (or will REALLY know)?
>
> Well I think the leading cryptographers in the field really have a good
> feel for what they can do, and for the most part they can tell when a
> cipher is secure and when one is not.
I agree that (for those who are pious) the words of a Pope can
NEVER err (by definition).
To repeat a point, sometimes a cipher is 'downcried' to be broken,
when it is shown that the key could be recovered with plaintext
and ciphertext pairs corresponding to a fraction of the key space,
without mentioning that such amounts of materials are never
available in actual practice. It is my personal impression that
that is in some sense comparable to those theses in connection
with the Y2K problem, where the firms were over-terrified with
extremely exaggerated risk senarios to spend huge amounts of money
(to the well-being of the software specialists, of course).
Cheers,
M. K. Shen
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: A question on Time-Locking.
Date: Sun, 9 Apr 2000 21:28:02 -0700
Is there anyway to make a cipher such that no matter how much computing
power u threw at the problem, it would always take the same amount of time
to solve.
The only problem of this type, i can think of, is the ONE-TIME PAD because
it's useless because it can never be solved.
------------------------------
From: rick2 <[EMAIL PROTECTED]>
Subject: Re: DNA steganography
Date: Sun, 09 Apr 2000 20:26:38 GMT
In article <8b6gni$8e7$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> target DNA sequence. Do you know if anyone
> else has thought about introns for use in
> computing or cryptography? (perhaps a
> technique for storing info inside the introns)
>
Yes, in fact there was an X-files episode about this very idea.
RB
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Encryption in Software...
Date: Sun, 9 Apr 2000 21:33:30 -0700
Hasn't the export restriction been lifted?
Or is that on Two_Fish?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: GSM A5/1 Encryption
Date: 09 Apr 2000 16:48:53 EDT
In article <8cqfd8$l8b$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David A. Wagner) wrote:
>
>In article <8co9rg$[EMAIL PROTECTED]>,
>Guy Macon <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] (David A. Wagner) wrote:
>> >With a (modern) strong cipher, there's no need to avoid it,
>> >because (modern) strong ciphers are supposed to remain unbreakable
>> >even if the adversary has some known plaintext.
>>
>> I disagree based on philosophy. One should do both.
>
>One is cheap and easy and does not require you to change the rest
>of the system. (using a strong cipher)
>Typically, the other is expensive [*] and tricky and require extensive
>changes to the entire rest of the system. (avoiding known plaintext)
>Doing both is usually unnecessary and extraneous.
>
>Which approach do you prefer?
>I think the answer should be obvious.
>
>
>Footnote [*]:
> Your claims notwithstanding, adding to the length of the GSM frame
> is very costly, because it imposes a huge overhead (in bandwidth).
I would very much appreciate it if you would refrain from putting claims
in my mouth that I never expressed. I am about as likely to suggest
adding to the length of a GSM frame as I am to suggest changing the wood
used in violin manufacture, and for the same reasons; as a working engineer
I am suspicious of amateurs who try to "improve" highly engineered systems
that they understand poorly.
What I suggested was to add a random number of random characters at the
beginning and end of the plaintext before encrypting it. In many
applications you don't even need to strip the added random characters
when decrypting, as a human can tell when the real plaintext starts.
Cheap, easy, and adds some small extra protection against known plaintext
attacks.
If using a strong cipher is cheap and easy, why is there an entire
newsgroup dedicated to discussing which one to use and tricks and traps
involved in doing so? Encryption seems easy when you use someone else's
work (which is the only sane thing to do if your goal is to protect
your information), but try rolling your own without an education in the
subject (as I am doing to meet my quite different goal of educating myself
about the subject) and then tell me how easy it is. I may be a ignorant
newbie but it doesn't take much education to see that adding a possible
small bit of protection with a small amount of effort is worth considering
after you have done as well as you can in choosing and applying your cypher
and related security methods.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Cost-effective computing?
Date: Sun, 09 Apr 2000 23:04:28 +0200
Jim Gillogly wrote:
>
> What is the cheapest way to buy a great deal of processing power for
> a fairly general cryptanalysis computing system? For example, I'd like
> to see a configuration for a mega-computing environment that could be
> used for factoring (given suitable software) or for fairly extensive
> experiments on symmetric algorithms -- but not as severely focussed as
> Deep Crack.
Not an answer, but I remember there was a thread sometime back
where someone claimed that the hardware of playstations could
be advantageously used, since they are cheap and have register
length of 128 bits, which seems to be beneficial for long
integer computations for factoring.
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: A question on Time-Locking.
Date: Sun, 09 Apr 2000 20:58:33 GMT
Simon Johnson wrote:
>
> Is there anyway to make a cipher such that no matter how much computing
> power u threw at the problem, it would always take the same amount of time
> to solve.
>
> The only problem of this type, i can think of, is the ONE-TIME PAD because
> it's useless because it can never be solved.
You can't do time-lock crypto with this type of problem. If your key is
random, it will take a random amount of time to find it.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Blowfish constants
Date: Sun, 09 Apr 2000 21:02:00 GMT
Do the constants in blowfish [for the sbox/pbox] have to be pi? Can
they just be sum(0, 1024, C) where 'C' is some odd constant? That would
space some space in the library...
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tailored Key Encryption (TaKE) : Security by Deniability
Date: Sun, 09 Apr 2000 23:13:52 +0200
Gideon Samid wrote:
>
> Free details upon request from [EMAIL PROTECTED]
Why don't you provide a sufficiently understandable abstract or
put the paper on a web page?
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
