Cryptography-Digest Digest #528, Volume #11 Tue, 11 Apr 00 13:13:01 EDT
Contents:
Re: strength of altered vigenere cipher? ("G. R. Bricker")
Re: Encode Book? (David A Molnar)
Re: Schoof's Algorithm (Nigel Smart)
Re: Processing encrypted data (David A Molnar)
Re: are self-shredding files possible? ([EMAIL PROTECTED])
Re: Is AES necessary? (Mok-Kong Shen)
Research for final year Project ("Anton Cronin")
Re: Schoof's Algorithm (Robert Harley)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (DMc)
Re: Q: Inverse of large, sparse boolean matrix, anyone? (Robert Harley)
Re: strength of altered vigenere cipher? (Mok-Kong Shen)
Re: Q: Entropy (Mok-Kong Shen)
Re: Is AES necessary? (Mok-Kong Shen)
Re: Q: Inverse of large, sparse boolean matrix, anyone? (Mok-Kong Shen)
Re: Cryptanalysis-what is it?? (Jonathan Thornburg)
skipjack F function (Tom St Denis)
Re: Encode Book? (Tom St Denis)
Re: Encode Book? (Tom St Denis)
Equivalent permutation polynomials (Tom St Denis)
Re: are self-shredding files possible? ([EMAIL PROTECTED])
Re: Encode Book? ([EMAIL PROTECTED])
Re: Hash function based on permutation polynomials (Runu Knips)
Re: skipjack F function (csybrandy)
Re: Modular functions in Stream Ciphers? ("Douglas A. Gwyn")
Re: Q: Entropy ("Douglas A. Gwyn")
Re: DES ("Douglas A. Gwyn")
Re: Miami Herald article about ATM ripoffs ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: "G. R. Bricker" <[EMAIL PROTECTED]>
Subject: Re: strength of altered vigenere cipher?
Date: Tue, 11 Apr 2000 05:50:27 GMT
In fact, to prove the point. Why don't you encrypt a message of, say a
couple of pages length using your 256-Vignere. But, make the key a series
of words, or phrase, or some alternate text (of the same length as the
plain text). Then post it here and see how long it takes for it to be
cracked. I'd take a crack at it. Just explain what it is when you post. I
think you'll see very quickly the difference between a non-random key and a
one-time-pad key.
-George
[EMAIL PROTECTED] wrote in article <8ctcl2$n0u$[EMAIL PROTECTED]>...
>
> My question is: Is a Vigenere cipher, regardless of length,
> uncrackable, if the key is as long as the message itself?
>
> --
> Sean Brasher
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: 11 Apr 2000 06:29:30 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> to hear anything from her, or see anything she has done. The "paper" I
> saw of hers was second hand thru some media thingy...
Her paper may be found at http://cryptome.org/flannery-cp.htm
As previously pointed out, the algorithm is not secure as originally
stated. I don't think this is that big a deal in her context. Respected
researchers with PhDs publish algorithms which they didn't know how to
break all the time; other people have to come up and "clean up
afterwards." At least she was smart enough to find the attack and put it
in the paper.
In any case, I doubt I could create a fast new public-key algorithm
right now. I *know* I could not have done it at her age. It remains an
impressive acheivement.
I'm a bit put off by the book, but it's her and her father's
perogative. Plus maybe it will interest some people in cryptography...
> I couldn't give a rats azz if she were female, male, or a martian, the
> fact she does not maintain *any* public discussion or etc, shows me that
> she is not really in the field, or just shy...
Tom, please don't take this the wrong way, but this reads as arrogant.
Neither you nor I are "in the field" to a significantly greater degree
than she is...
Thanks,
-David
------------------------------
From: Nigel Smart <[EMAIL PROTECTED]>
Subject: Re: Schoof's Algorithm
Date: Tue, 11 Apr 2000 06:34:13 GMT
Mike Rosing wrote:
>
> Nigel Smart wrote:
> > Rob is, hopefully, just taking the micky out of how badly informed the
> > general crypto community is. For fields of bit size upto 300 it is
> > quite easy to implement Schoof's algorithm using existing libraries
> > such as NTL, LiDIA, ZEN etc to do all the grunt work. In fact I
> > would expect a large number of such implementations to now exist in
> > various companies/universities around the world.
> >
> > Computing group orders up to 300 bits is quite fast, certainly fast
> > enough for cryptographic use.
>
> It's not the access to code, it's the comprehension of the math. For
> those of us without a Phd in math, it's pretty thick going. As an
> example,
> figuring out the coefficients of the j-invariant q expansion is
> non-trivial
p48
\Delta is given using a nice formula then...
h=\Delta(2t)/\Delta(t)
and
j=(256 h+1)^3/h
> and even having a clue as to how far the expansion needs to be carried
> is
> not really described anywhere. For 256 and 512 bit calculations, what's
> a reasonable degree of q for j(tau)?
>
> Patience, persistence, truth,
> Dr. mike
If working to a fixed modulus (eg char 2) its probably best to do all
the computations modulo 2. If not then I always find it easier to use
the reduced modular polynomials.
If you "data type" for power-series is implemented to give errors when
you run out of terms, then its easy to do the following...
Set a fixed level of expansion. Compute modular polynomials until you
run out of terms.
Now if you have not computed enough polynomials increase the number of terms
and start computing modular polynomials (from where you left off).
Ofcourse the above is the naive way, but it should be good enough for most
purposes.
Yours
Nigel
--
Dr Nigel P. Smart | Phone: +44 (0)117 954 5163
Computer Science Department, | Fax: +44 (0)117 954 5208
Woodland Road, | Email: [EMAIL PROTECTED]
University of Bristol, BS8 1UB, UK | URL: http://www.cs.bris.ac.uk/~nigel/
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Processing encrypted data
Date: 11 Apr 2000 06:51:39 GMT
zapzing <[EMAIL PROTECTED]> wrote:
> could be ported to another computer that
> would reencrypt it with another scheme, using
> homomorphic operations. Has this ever been done?
This sounds a lot like Matt Blaze and Martin Strauss's
"Atomic Proxy Cryptography." They do not specifically use
homomorphic encryption schemes, but they have the "reencryption"
idea all right!
ftp://ftp.research.att.com/dist/mab/proxy.ps
Thanks,
-David
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: [EMAIL PROTECTED]
Subject: Re: are self-shredding files possible?
Date: Tue, 11 Apr 2000 07:23:30 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
david hopkins wrote:
> I figure out that, what DI does can be replaced with a Email client with build in
>PGP capability and
> a mechanism to indicate the expire date in the message. When the date reached, the
>email client will
> physically wipe the message.
and how about backups and copyes ? and about seting computers date back ?
> What is diffent from normail usage of PGP is that, a one time symmatric
> key should be transimitted in other way than the email message body.
what 'other way' ?
> This will ensure that when wiping
> the message, the one time key is also destroyed. Thus, even any PGPed copy can be
>found, it is not
> recoverable.
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOPK2tzBaTVEuJQxkEQLYtwCgpjqeg5hbmrRg0jw/DgbNqIPy8DIAoNN7
28RyVZ9FM6g9hvOtpES6KA3P
=ohIh
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Tue, 11 Apr 2000 09:51:46 +0200
Paul Koning wrote:
>
> Mok-Kong Shen wrote:
> > and also adapt DES (using minor variations)
> > to achieve higher strength,
>
> "Adapting" DES? In what way? It's well known that modifying
> DES is a dangerous enterprise; most changes weaken it.
I posted a few points in the thread 'Variants of DES' on 3rd April.
See also in the current thread my response to Bruce Schneier of
10th April.
M. K. Shen
------------------------------
From: "Anton Cronin" <[EMAIL PROTECTED]>
Subject: Research for final year Project
Date: Tue, 11 Apr 2000 08:53:57 +0100
does anyone have a research project on either encryption or data security
that would be suitable to put into a college project.
about a 30-40 page document would be fine.
if not can anyone tell me of a site where this sort of bulk information
might be found.
cheers,
Anton Cronin.
The World will never be enough.
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Schoof's Algorithm
Date: 11 Apr 2000 09:54:38 +0200
Mike Rosing <[EMAIL PROTECTED]> writes:
>As an example, figuring out the coefficients of the j-invariant q
>expansion is non-trivial
If you have an algebra package like GP/PARI, you can do this:
==============================================================================
#
prec=100;
a=sum(n=1,prec-1,sigma(n,3)*q^n)+O(q^prec);
b=sum(n=1,prec-1,sigma(n,5)*q^n)+O(q^prec);
j=1/((1-(1-504*b)^2/(1+240*a)^3)/1728)
==============================================================================
Output is:
==============================================================================
time = 0 ms.
time = 4 ms.
time = 5 ms.
time = 28 ms.
%4 = q^-1 + 744 + 196884*q + 21493760*q^2 + 864299970*q^3 + 20245856256*q^4
+ 333202640600*q^5 + 4252023300096*q^6 + 44656994071935*q^7 +
[...screenful of numbers deleted...]
+ 12831568450930566237049157191017104861217433634289960*q^97 + O(q^98)
==============================================================================
Bye,
Rob.
------------------------------
From: DMc <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Tue, 11 Apr 2000 08:02:02 GMT
On Mon, 10 Apr 2000 19:19:28 -0700, lordcow77
<[EMAIL PROTECTED]> wrote:
>>>The result of a modular exponentiation can be calculated easily
>>>using a square and multiply method, reducing at each stage.
>>>
>>For us ordinary interested persons, be so kind as to actually
>>do this easy calculation at least once so we can all benefit from
>>your expertise. After all, you say it is easy.
>
>Despite my hesitation at doing what should be obvious homework
>problems for others, I will correct your inaccurate statement so
>that others are not mislead by your confidently wrong banter.
>
>Obtaining the (n+j)th iterate of a MLCG given:
>x_(n+j)=(a^j*x_n)mod m
>or, more generally
>x_(n+j)=(a^j*x_n+c(a^j-1)/(a-1))mod m
>which reduces to the first equation when c=0
>
>x_1073741824=(16807^1073741824*x_1)mod 2147483647
>x_1=1
>after a trivial calculation
>x_1073741824=2147466840
>
2 147 466 840 = ((16 807^1 073 741 824) * 1) mod 2 147 483 647
was already given in "context." What was asked of you was the
easy, and now "trivial," calculation which makes this true. So far,
you are non-responsive.
>
>I would encourage you to develop reading comprehension skills
>better in the future.
>
How about you not knowing the difference between "calculation"
and "result?"
How about me encouraging you to develop better writing skills?
Notice the placement of "better" and the lack of the redundant
"in the future."
>Just having Knuth on your bookshelf doesn't neccessarily make
>you a mathematician or computer scientist...
>
I take that as a compliment. It is a brilliant, self-evident insight.
[EMAIL PROTECTED]
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Date: 11 Apr 2000 10:02:33 +0200
Gadi Guy <[EMAIL PROTECTED]> writes:
> I need to create a large (N = O(10000)) boolean matrix which
> has a small number (n = O(3)) of ones in each row, and its inverse.
> Real methods (such as Gauss elimination) don't work.
Does too.
Even if the matrix is dense, a plain Gaussian elimination adapted for
booleans should invert your matrix in a few minutes.
Bye,
Rob.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: strength of altered vigenere cipher?
Date: Tue, 11 Apr 2000 10:20:52 +0200
[EMAIL PROTECTED] wrote:
>
> My question is: Is a Vigenere cipher, regardless of length,
> uncrackable, if the key is as long as the message itself?
The strength question has been answered by others. I just want
to say that, if you want to use polyalphabetic substitution,
then don't use Vigenere with all alphabets being shifted versions
of one another but use so-called independent alphabets (i.e.
the the characters of the alphabets are randomly ordered) and
long keys.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 11 Apr 2000 10:44:33 +0200
Bryan Olson wrote:
>
> Given a string of, say, a million zeros and a "random"
> million-bit string, Kolmogorov complexity does not say which
> is more complex.
If the shortest program to describe the former is shorter than
the one for the latter (a case which seems fairly likely), then
by definition the former has less Kolmogorov complexity than
than the latter.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Tue, 11 Apr 2000 11:17:24 +0200
David C. Oshel wrote:
>
> My guess is "swamping Echelon" with cryptic byte-wiggling is not going to be
> as successful in the long run as all the bogus disinformation the system is
> collecting from all those parties who are really, really, really, terribly
> interested in the phenomenon.
Deception (disinformation) is a higher art, while confusion
(encryption) is, in comparison, a mundane technology. Deception
is probably easier done in plaintexts. If encrypted, the strength
of encryption shouldn't be too weak, for otherwise it wouldn't
be 'credible'. On the other hand, the strength shouldn't be too
strong such that the chance of the 'intended receiver' getting it
becomes negligible, thus failing the purpose. Evidently, one has
to use a different strategy when using plaintexts than when using
encrypted messages.
If you could manage to generate some disinformations in the
stock market and do the corresponding calls/puts, ..........
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Date: Tue, 11 Apr 2000 11:55:12 +0200
Gadi Guy wrote:
>
> I need to create a large (N = O(10000)) boolean matrix which
> has a small number (n = O(3)) of ones in each row, and its
> inverse.
If your matrix doesn't happen to have some particularly
convenient strcture to be exploited, then there is not much
tricks for speeding up the process. (There is plenty of literature
on handling sparse matrices, normally for real-valued ones.)
How to store the elements of 0's and 1's and how you employ
secondary storage are certainly vital issues. On the other hand,
since all numbers involved in the elimination process are either
0 or 1, you don't have the (fairly big) practical difficulties
of inverting a general integer matrix.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Subject: Re: Cryptanalysis-what is it??
Date: 11 Apr 2000 12:37:16 +0200
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>David Kahn's book "The Codebreakers" (Macmillan, hardcover
>recommended) covers the history of cryptology and especially
>cryptanalysis, and is enjoyable reading.
Just to add to Doug's comments, the hardcover is a pretty good book,
at least for the pre-WWII stuff. WWII and beyond starts getting
less substantive, more dated (the book predates the Enigma revelations),
and increasingly US-jingoistic in its coverage. There's a new edition
out, but it keeps all the old (c.1967 edition) content, and just adds a
(thin) update chapter at the end.
But stay away from the paperback, it has all the substantive content
stripped out, and is basically nothing but a collection of anectdotes.
Don't waste your money...
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
"Stock prices have reached what looks like a permanently high plateau"
-- noted economist Irving Fisher, 15 October 1929
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: skipjack F function
Date: Tue, 11 Apr 2000 10:38:46 GMT
Where can I get a copy of the Skipjack F function? I was in the midst
of copying it from the badly scanned paper [I found somewhere] but I
mistook the 'e' for 'c's and I am really peeved...
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Tue, 11 Apr 2000 10:40:35 GMT
Paul Rubin wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >I can sum up my gut reaction for you with "bite me". I can see being
> >busy and not posting often such as some "specialists". But I have yet
> >to hear anything from her, or see anything she has done. The "paper" I
> >saw of hers was second hand thru some media thingy...
> >
> >I couldn't give a rats azz if she were female, male, or a martian, the
> >fact she does not maintain *any* public discussion or etc, shows me that
> >she is not really in the field, or just shy...
>
> Come to think of it I haven't seen anything here on the ng lately
> by Shamir, Knudsen, Simmons, etc. etc. either. You just aren't looking
> in the right places.
Adi Shamir did Twinkle did he not?
Knudsen did Serpent [with Biham et al] and some other papers related to
AES
and I have never heard of Simmons
Tell me again they haven't done anything lately?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Encode Book?
Date: Tue, 11 Apr 2000 10:44:08 GMT
David A Molnar wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> > to hear anything from her, or see anything she has done. The "paper" I
> > saw of hers was second hand thru some media thingy...
>
> Her paper may be found at http://cryptome.org/flannery-cp.htm
>
> As previously pointed out, the algorithm is not secure as originally
> stated. I don't think this is that big a deal in her context. Respected
> researchers with PhDs publish algorithms which they didn't know how to
> break all the time; other people have to come up and "clean up
> afterwards." At least she was smart enough to find the attack and put it
> in the paper.
>
> In any case, I doubt I could create a fast new public-key algorithm
> right now. I *know* I could not have done it at her age. It remains an
> impressive acheivement.
So what, I tought myself Pascal when I was 12, big deal. It's nice to
know she understands it enough to break her own algorithm though.
> I'm a bit put off by the book, but it's her and her father's
> perogative. Plus maybe it will interest some people in cryptography...
Everyone has a book now.
>
> > I couldn't give a rats azz if she were female, male, or a martian, the
> > fact she does not maintain *any* public discussion or etc, shows me that
> > she is not really in the field, or just shy...
>
> Tom, please don't take this the wrong way, but this reads as arrogant.
> Neither you nor I are "in the field" to a significantly greater degree
> than she is...
Well small as it may be, CB and Peekboo3 are comming along. They are
tools that real people can use, so I would say that I am actually in the
field. While Peekboo3 will not be used to protect GB of data, it's a
nice PGP clone [with more features, and easier :)] that alot people are
looking forward to [my pb2 users].
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Equivalent permutation polynomials
Date: Tue, 11 Apr 2000 11:12:19 GMT
I just discovered equivelent permutation polynomials. In my test I use
this initial polynomial
F(x) = 0 + 3x + 5x^2 + 0x^3 + 7x^4 + 0x^5 [mod 16]
And then I did all the modular inverse of the coefficients [mod 16] to
get
F(x) = 0 + 11x + 13x^2 + 0x^3 + 7x^4 + 0x^5 [mod 16]
Now for you math gurus this is probably a joke, but why are these two
polynomials congruent? I was aiming for something else at the time and
found this :)
BTW: they both create [0, 15, 10, 13, 12, 3, 6, 1, 8, 7, 2, 5, 4, 11,
14, 9] as the output [when stepping from F(0)..F(15)].
Tom
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Tue, 11 Apr 2000 12:49:54 GMT
With regard to �self-shredding encrypted files , while it is difficult
to see how a file could shred it itself, it is not so difficult to see
how a key could revoke itself. The set-up might be do-able as follows:
(1) If PGP could be set up with an option to have self-revoking
shared keys after one use: meaning that if someone were to want an
encrypted file to be rendered forever un-encryptable after the first de-
cryption, he would agree to have a designated public key to be
configured as one of two shared keys.
(2) There would be a supply of shared keys on a trusted pgp public
key server, that could be set up to join with anyone�s designated
public share key.
(3) The person sending the encrypted file would designate the
recipient�s public shared key, and pick the shared public key on the
server, and use both together to encrypt the message, and include the
public shared key with the message. {The public shared key that is
picked to join with the recipient�s key, could be set up to be
decrypted automatically by PGP when using this option, or the
passphrase could even be public and included, since the key will be
revoked after one use, and the recipient�s shared key would still
remain uncompromised}
(4) The recipient would decrypt with his private key, and the
included shared key.
(5) The PGP secure viewer could be configured to have a
disable �copy to clipboard� option, and to allow decryption only to the
secure viewer [It is only because the viewer provides that option now,
that the decrypted message can be copied to the clipboard, try
highlighting the text with the mouse cursor to get it to be copied to
the clipboard from the PGP viewer without clicking on <ok to copy to
clipboard> ]
(6) When asked to decrypt, pgp would query the server to see if the
shared key were revoked ,and if so, refuse further decryption.
(7) After the message has been decrypted, but before it is
displayed in the viewer, pgp would contact the server to revoke the
shared public key. Upon confirmation that the shared key was revoked,
PGP would enable the viewer to then display the message, and once the
viewer is closed, the message is gone forever..
Except for the <printScreen command (and spyware that uses similar
programs to take �snapshots� of a person�s system.)
It might take some doing, but it is do-able, for pgp to disable such
programs temporarily whenever the secure viewer is launched, but, in
Windows�, it would not be too farfetched to envision that just after
the message has been decrypted, the printscreen disabled, and the
viewer about to launch, that there would be instant retribution by the
Avenging Blue Screen of Death, and the one time only message would be
lost to the recipient as well.
But, if PRZ et al want to do it, it is do-able.
Let all of us who would like to see it happen, suggest it and possible
options to him.
vedaal
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Encode Book?
Date: Tue, 11 Apr 2000 12:48:30 GMT
In article <8ctf10$led$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Rubin) wrote:
> In article <[EMAIL PROTECTED]>,
> Craig Storey <[EMAIL PROTECTED]> wrote:
> >I caught the last two minutes of a radio news broadcast about a UK girl
> >who developped an simple encryption method that won awards. Her father
> >is a math professor working on encryption. Together they co-wrote a
> >book. I didn't catch much but was interested in reading her book. It
> >may have been called Encode or In code. Does anyone know anything about
> >it?
> >
> >Pleas reply to: [EMAIL PROTECTED]
>
> Title is "In Code, a Mathematical Odyssey" by Sarah Flannery and David
> Flannery. Available from:
>
> http://www.amazon.co.uk/exec/obidos/ASIN/1861972229
>
> It is now #38 in Amazon UK sales ranking, but the US Amazon site didn't
> list it last time I checked.
>
The Daily Telegraph carried an article about her on 18th March entitled
"Between her lessons, this schoolgirl is doing sums that could change our
lives". See
http://www.telegraph.co.uk
A search for 'Flannery' in the 'features' section should find it.
Martin Cope
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 11 Apr 2000 15:03:00 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Hash function based on permutation polynomials
Tom St Denis wrote:
> Runu Knips wrote:
> > Tom St Denis wrote:
> > > http://24.42.86.123/hash.c
> >
> > Interesting code. Hmm at first glance I would write the
> > first loop as:
> >
> > t = 0x9E37B91Ful;
> > for (r = 0; r < 15; ++r) /* form initial sum of temp[0..14] */
> > t ^= temp[r];
> > for (r = 16; r < SIZE; ++r) {
> > t ^= temp[r-1]; /* add new temp[n] to sum */
> > temp[r] = ROL(t ^ r, 11);
> > t ^= temp[r-16]; /* remove first temp[n] from sum */
> > }
> >
> > which works because (a ^ b ^ b = a), or (a ^ a) = 0. If
> > you would use + instead, one could simply use - in the
> > last statement.
>
> I don't like this because the initial input should be unmodified first,
> then as I stretch it I mix it with the other words.
I didn't changed the rest of your algorithm, I only changed the
original loop
for (r = 16; r < SIZE; r++) {
t = temp[r - 16] ^ temp[r - 15] ^ temp[r - 14] ^ temp[r - 13] ^
temp[r - 11] ^ temp[r - 7] ^ temp[r - 6] ^ temp[r - 3] ^
temp[r - 2] ^ temp[r - 1] ^ 0x9E37B91Ful ^ r;
temp[r] = ROL(t, 11);
}
to the above code. The memcpy() in front of the loop and the
code after it remain untouched. Both code pieces have equal
results (at least I think so). But my optimized version shows
IMHO more clearly how the resulting vector will look like.
> > I think you would agree that this loop isn't very good
> > because the difference between temp[r] and temp[r+1]
> > depends only on r and temp[r-1], plus some offset build
> > buy temp[0..14] and your magic constant 0x9e37b91f.
>
> My magic constants are just random typing. Also the input is 512 bits,
> which goes from temp[0..15].
Yep, I know :-)
I only believed temp[0..14] would form a static offset - but
I was wrong.
> Thanks for looking at it :), what do you think of the compression
> rounds?
They look good; very expensive but good. The ROTL() in the
initialisation loop guarantees that all bits of the input
matter. I can't see any obvious weakness here.
------------------------------
From: csybrandy <[EMAIL PROTECTED]>
Subject: Re: skipjack F function
Date: Tue, 11 Apr 2000 09:31:32 -0400
Reply-To: [EMAIL PROTECTED]
I'll see if I can find the .pdf file that I have on it. I think there
are a couple api's that have it.
csybrandy
Tom St Denis wrote:
>
> Where can I get a copy of the Skipjack F function? I was in the midst
> of copying it from the badly scanned paper [I found somewhere] but I
> mistook the 'e' for 'c's and I am really peeved...
>
> Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Modular functions in Stream Ciphers?
Date: Tue, 11 Apr 2000 14:12:30 GMT
Simon Johnson wrote:
> If a mod function is used in a stream cipher does the period of the cipher =
> the divisor -1?
No; as Ritter observed, the modulus is often 2 but the period is not 1.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 11 Apr 2000 14:16:13 GMT
Xcott Craver wrote:
> ... One may as well argue that it's meaningless
> to talk of P, NP, or even recursive languages, because
> different machines result in different classifications ...
No, what saves the day there is that the classes P and NP
are independent of the details of specific implementations.
(This is intimately tied to the fact that these are
asymptotic properties for infinitely large problems.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DES
Date: Tue, 11 Apr 2000 14:20:39 GMT
Jim Gillogly wrote:
> Also possible is "practical cryptanalysis", which of course exposes you
> to greater risks if it's an unauthorized activity.
Since the fellow's a newbie, he probably doesn't understand that
term. "Practical cryptanalysis" involves approaches other than
analytic, e.g. looking for passwords on Post-It notes on an
administrator's console, etc.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Miami Herald article about ATM ripoffs
Date: Tue, 11 Apr 2000 14:24:28 GMT
[EMAIL PROTECTED] wrote:
> It could be worse, yesterday's paper had an article on digital
> signatures. The low point was a paragraph on public key cryptography,
> which uses two keys, a private and a public one. Messages encrypted
> with any private key can only be decrytped with a public one.
Which is accidentally true..
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
