Cryptography-Digest Digest #541, Volume #11 Thu, 13 Apr 00 13:13:01 EDT Contents: Where to post treatise? ([EMAIL PROTECTED]) Re: Regulation of Investigatory Powers Bill (Jill) Re: SHA2 ([EMAIL PROTECTED]) Re: Regulation of Investigatory Powers Bill (Jill) Re: O(...) - Newbie question (Bob Silverman) Re: Where to post treatise? (David A Molnar) Re: Is AES necessary? (Jerry Coffin) Re: SHA2 (Francois Grieu) Re: SHA2 (Diet NSA) Re: Is AES necessary? (Mok-Kong Shen) Q: NTRU's encryption algorithm (Mok-Kong Shen) TDMA CAVE encryption (Matt Linder) Re: OAP-L3: Semester 1 / Class #1 All are invited. (Lincoln Yeoh) Re: Cipher Contest Update (Boris Kazak) Re: new Echelon article (Diet NSA) Re: Q: Entropy (James Felling) Re: GSM A5/1 Encryption (Lincoln Yeoh) Re: Q: Inverse of large, sparse boolean matrix, anyone? (Bob Silverman) Re: Encode Book? (James Felling) Re: Q: Inverse of large, sparse boolean matrix, anyone? (Bob Silverman) Re: Miami Herald article about ATM ripoffs (Lincoln Yeoh) ---------------------------------------------------------------------------- From: [EMAIL PROTECTED] Subject: Where to post treatise? Date: Thu, 13 Apr 2000 14:30:53 GMT Hi all, I 've invented a pretty good data encryption algorithm and I have written a treatise about it. But I don't know where to post the treatise. What magazines are standard in this respect ? Can you suggest? Best, Yan. Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: Jill <[EMAIL PROTECTED]> Crossposted-To: alt.security.scramdisk,alt.computer.security Subject: Re: Regulation of Investigatory Powers Bill Date: Thu, 13 Apr 2000 16:12:25 +0100 I would suggest that the 'protest' files of random data that I suggested in an earlier posting are not generated by any current encryption algorithm for the following reason. Lets suppose that a number theorist discovers a detectable signature in data encrypted by algorithm 'X', where X is Blowfish, PGP, etc. This may not allow decryption but nevertheless will detect the hand of the algorithm in the data. You will then have a data file that the authorities can determine to be the product of algorithm 'X' but for which you can provide no meaningful key (oops!). I would favour the use of genuine random data created by diode noise, radioactive decay or some other genuinely random source. Failing that I would use a strong random number generator rather than an encryption algorithm. Cryptography is powerfully counter-intuitive and what seem like good ideas can be fundamentally broken. If you use random data for this purpose and new analysis methods come along then these will only serve to show that the file *is* random data. This is by far the safest course in a very complex and poorly understood field. Andrew Le Couteur Bisson ------------------------------ From: [EMAIL PROTECTED] Subject: Re: SHA2 Date: Thu, 13 Apr 2000 15:10:31 GMT Mark Wooding <[EMAIL PROTECTED]> wrote: > I'd like to propose AHS, for Advanced Hash Standard. But then again, > I'm feeling a bit childish today. No, no, no. All acronyms should be one of the following: 1. Recursive, such as GNU, LAME, etc. SHS - SHS is a Hashing Standard. 2. Begin with YA, such as innumerable programs. YASHA. 3. Be totally incomprehensible, such as UTC. HAS - letters jumbled to appease part of the standards body. 4. As a last resort, you can add a prefix letter denoting your name, or mix and match the above three. -- Matt Gauthier <[EMAIL PROTECTED]> ------------------------------ From: Jill <[EMAIL PROTECTED]> Crossposted-To: alt.security.scramdisk,alt.computer.security Subject: Re: Regulation of Investigatory Powers Bill Date: Thu, 13 Apr 2000 16:17:13 +0100 Further to my previous posting I believe that suitable, genuinely random data can be obtained, free of charge, from the SETI screensaver project!!! Andrew Le Couteur Bisson ------------------------------ From: Bob Silverman <[EMAIL PROTECTED]> Subject: Re: O(...) - Newbie question Date: Thu, 13 Apr 2000 15:07:01 GMT In article <8d3dqn$4i0$[EMAIL PROTECTED]>, Bryan Olson <[EMAIL PROTECTED]> wrote: > Bob Silverman wrote: > > > A function f(x) is said to be O(g(x)) [read as 'order of g(x)'] > > if lim n--> oo of |f(x)/g(x)| < c for some constant c. > > There's a problem with that definition in that |f(x)/g(x)| > may always be less than c for sufficiently large x, but the > limit as x->oo may not exist. (I'm assuming the use of "n" > was a typo. Yes. Bob) ___ I left off the limes superior... It should have been lim, or lim sup > > > In other words f(x) grows at a rate which is bounded by a constant > > times the rate at which g(x) grows as x becomes sufficiently large. > > The definition I know of is: > > f(x) is O(g(x)) if and only if there exist some c > and n such that, > 0 <= f(x) <= c*g(x) whenever x >= n. > This does not work either. g(x) might be strictly positive and f(x) strictly negative, yet f goes to -oo much fast than g goes to oo. You are missing | | signs. > For example 2 + sin(x) is O(1) but > lim x->oo |(2 + sin(x))/1| > does not exist. Yep. Does anyone know Auntie-Derivative's recipe for lim soup? -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: David A Molnar <[EMAIL PROTECTED]> Subject: Re: Where to post treatise? Date: 13 Apr 2000 15:12:24 GMT [EMAIL PROTECTED] wrote: > Hi all, > I 've invented a pretty good data encryption algorithm and I have > written a treatise about it. But I don't know where to post the > treatise. What magazines are standard in this respect ? Can you suggest? You can post it here. Maybe someone will read it. In addition, if something turns out to be wrong and the flaw is caught here, it's no big deal. (you have read the FAQ about how "most pretty good data encryption algorithms aren't", right?) You can also submit it to a conference on cryptography. Unfortunately Fast Software Encryption 2000 is just over, but others are coming up. The submission deadline for the "Selected Areas in Cryptography" and the "Annual Computer Security Applications Conference" are both coming up soon (May 1 and May 12, I think). Check their web pages for instructions on how to submit : SAC : http://www.cacr.math.uwaterloo.ca/conferences/2000/SAC2000/announcement.html ACSAC : http://www.acsac.org/ and this list of Calls For Papers and Conferences should give you more ideas : http://www.dice.ucl.ac.be/crypto/call_for_papers.html There are also the journals Cryptologia and Journal of Cryptology. I'm not familiar with the first, but the latter is generally reserved for "finished" copies of papers which have been worked on a great deal, and may have appeared as extended abstracts in conferences. They aren't quite "magazines" the way I normally think of the term. Dr. Dobb's Journal has been known to publish crypto-related articles. So best of luck, -David ------------------------------ From: Jerry Coffin <[EMAIL PROTECTED]> Subject: Re: Is AES necessary? Date: Thu, 13 Apr 2000 09:46:25 -0600 In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... [ ... ] > Technically 3des is not des... Technically, what is usually called "3DES" really IS DES now -- i.e. late last year, FIPS 46-2 was replaced with FIPS 46-3, so the current Data Encryption Standard (i.e. DES) is FIPS 46-3. This standard requires three applications of the Data Encryption Algorithm, which is what is normally referred to as 3DES, though 3DEA would probably now be a more accurate term. -- Later, Jerry. The universe is a figment of its own imagination. ------------------------------ From: Francois Grieu <[EMAIL PROTECTED]> Subject: Re: SHA2 Date: Thu, 13 Apr 2000 18:21:29 +0200 Gregor Leander <[EMAIL PROTECTED]> wrote: > I read something about a new hash function from the NSA called SHA-2. This maybe was the following old message: <http://www.deja.com//getdoc.xp?AN=603213967> where Rich Ankney <[EMAIL PROTECTED]> said: > You might want to wait for SHA-2, which will supposedly have > 256- and 512-bit outputs (along with 384-bits truncated > from 512). Supposedly available late summer from NIST. Francois Grieu ------------------------------ Subject: Re: SHA2 From: Diet NSA <[EMAIL PROTECTED]> Date: Thu, 13 Apr 2000 09:16:16 -0700 In article < [EMAIL PROTECTED]>, Runu Knips < [EMAIL PROTECTED]> wrote: >One of my professors was the inventors of lsd-trees, which >are used to sort twodimensional data. Unfortunately, I never >found out how they work ;-) > > Here is an explanation of how they work: http://www.vldb.org/conf/1989/ P045.PDF "I feel like there's a constant Cuban Missile Crisis in my pants." - President Clinton commenting on the Elian Gonzalez situation * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! ------------------------------ From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Is AES necessary? Date: Thu, 13 Apr 2000 18:34:11 +0200 Tom St Denis wrote: > > No really think about it though. RC5 is smaller, faster and allows a > greater key then DES. RC5 is more resiliant [after 16 rounds] to the > same attacks then DES. While the last point is kinda moot the three > others are a good push. > > So the question is then, why use DES over RC5? It's slower, larger and > has a smaller key. Wait and see if any expert on strength of encryption algorithms would tell us which one of the two is stronger. M. K. Shen ------------------------------ From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Q: NTRU's encryption algorithm Date: Thu, 13 Apr 2000 18:34:18 +0200 Does any expert in public key cryptography have an objective and clear-cut evaluation of NTRU's encryption algorithm and would like to let us learn that? The recent web page of NTRU says about a 11 million dollar funding and contains a number of challenge problems with rewards. M. K. Shen ======================= P.S. For those who want to earn money there are much better challenge problems. One million dollar has recently been offered for attacking the Goldbach conjecture. See Science, 31st March, p. 2405. ------------------------------ From: Matt Linder <[EMAIL PROTECTED]> Subject: TDMA CAVE encryption Date: Thu, 13 Apr 2000 16:25:04 GMT With all this talk about GSM and A5/1 and its weaknesses, it makes me wonder about GSMs cousin TDMA used here in the US. I think it uses an algorithm called CAVE (I don't even remember what it stands for) Does anyone know anything about how good the CAVE algorithm is? Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: [EMAIL PROTECTED] (Lincoln Yeoh) Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited. Date: Thu, 13 Apr 2000 16:36:36 GMT Reply-To: [EMAIL PROTECTED] On Wed, 12 Apr 2000 23:27:23 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote: >I missed the fact that he was adding in diff mag of digits. So it's >actually D1 + 10*D2 + 100*D3, in which case he isn't adding the digits >at all [to each other] they are just different components of the number. > >If for example he *were* doing R = D1+D2+D3 / 3, that would be entirely >non random. Should still be random but distributed differently. Link. **************************** Reply to: @Spam to lyeoh at @[EMAIL PROTECTED] pop.jaring.my @ ******************************* ------------------------------ From: Boris Kazak <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: Cipher Contest Update Date: Thu, 13 Apr 2000 16:38:38 GMT Adam Durana wrote: > > Hello, > > The contest started about two weeks ago, and so far I have only received ONE > submission. Boris Kazak submitted a cipher named LETSIEF (Feistel > backwards). Matthew Fisher was able to perform differential analysis on it, > and Mr. Kazak resubmitted his cipher. LETSIEF2 is still in the running and > I have no heard of any attacks on it yet. > ************** > If you don't have the URL it is > http://www.wizard.net/~echo/crypto-contest.html > > - Adam ================== Hi, Adam, thanks for posting my toy submission (Letsief is in 64-bit range). I am thankful to Matt Fisher, he did a nice job, so I hope the revised Letsief will pass his attacks with flying colors. I have another submission almost ready - one of what I call "drunken" ciphers - large key-dependent array of S-boxes and plaintext-dependent path through this array. It is also based on modular multiplication, but is scalable - it can work with any block length from 8 bytes and more, in increments of 4 bytes, so there is nothing impossible in encrypting a 1Mb file as a single block, provided you have enough memory to handle it. It will take me about a week to complete the description and to supply it with a suitable "main" to test-drive the machinery. For those who prefer time-tested algorithms, I have a 128-bit block size IDEA, a working model which imitates the original design, but uses multiplication (mod 2^32+1) and the same key scheduler as Letsief. ************************************************************* "A naive variation might double the block size. The algorithm (IDEA) would work just as well with 32-bit sub-blocks instead of 16-bit sub-blocks and a 256-bit key. Encryption would be quicker and security would increase 2^32 times. Or would it? The theory behind the algorithm hinges on the fact that 2^16 + 1 is a prime, 2^32 + 1 is not. Perhaps the algorithm could be modified to work, but it would have very different security properties. Lai says it would be difficult to make it work..." (B. Schneier "Applied Cryptography" 2-nd ed. p.325) You can say that I was naive... but it works. ************************************************************** However, you said that direct spin-offs of conventional algorithms will not be accepted, so I don'd insist. Best wishes BNK ------------------------------ Subject: Re: new Echelon article From: Diet NSA <[EMAIL PROTECTED]> Crossposted-To: alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers Date: Thu, 13 Apr 2000 09:39:55 -0700 In article < [EMAIL PROTECTED] net>, [EMAIL PROTECTED] wrote: >Tell me boys, ever hear of the Glomar Explorer??? > > This was developed by the CIA & Howard Hughes. Earlier, the NSA, etc. used to spy on American citizens but in the 1970s laws were created to prevent this. Supposedly, also in the 1970s, Echelon arose. Maybe in the past there were more questionable collaborations between business & government intel agencies. "I feel like there's a constant Cuban Missile Crisis in my pants." - President Clinton commenting on the Elian Gonzalez situation * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! ------------------------------ From: James Felling <[EMAIL PROTECTED]> Subject: Re: Q: Entropy Date: Thu, 13 Apr 2000 11:42:20 -0500 Mok-Kong Shen wrote: > James Felling wrote: > > > > > > > Bryan Olson wrote: > > > > > > Given a string of, say, a million zeros and a "random" > > > > > > million-bit string, Kolmogorov complexity does not say which > > > > > > is more complex. > > > > > > > > > > If the shortest program to describe the former is shorter than > > > > > the one for the latter (a case which seems fairly likely), then > > > > > by definition the former has less Kolmogorov complexity than > > > > > than the latter. > > > > > > > > Wrong. Kolmogorov complexity allows the program to be > > > > written in a large class of languages. For any pair of > > > > distinct finite strings there's a pair of legal language that > > > > disagree on which string has the shorter program. > > > > > > That issue of difference of languages is understandably treated > > > in Kolmogorov complexity. Otherwise that theory wouldn't be > > > able to exist at all. The fact that no real-world algorithm to > > > measure that theoretical quantity exists can also be interpreted > > > to mean that no very exact comparison could be made, in my view. > > > But surely some more or less useful comparison can be made. > > > Allow me to use an analogy: one can surely claim that the code > > > for an operating system is more complex than one for the > > > quick sort, and that totally independent of what programming > > > languages one uses, including those of year 3000, can't one? > > > The problem that is run into here is that given a family of languages L > > we can evaluate Kolmogorov complexity (called K-complexity in remainder > > of the article. We can then evaluate the K-complexity of that string > > relative to that language family L. However given 2 strings S1, and S2, > > and two language families L1, and L2 then it is simply possible to show > > that in L1 S1 has greater K-complexity than S2, and relative to L2 S1 > > has less K-complexity than S2. Since the K-complexity cannot be > > establised in an absolute manner, the best one can say is that the > > k-complexity of S relative to language family L is ..., this does NOT > > establish any useful characteristic for evaluating S, as we cannot > > evaluate S vs. the class of all languages without of course concluding > > that it has order 1 as there will exist a language in which S is the > > trivial output of a single command. Only an infinite string may be > > evaluated for K-complexity in a reasonable manner, as there are infinite > > strings generatable only in multiple operations. > > Are you hence establishing that the entire theory of Kolmogorov > complexity is useless? (What uses can there be, if otherwise?) > Concerning infinite strings, please see my response to Bryan Olson. > > M. K. Shen No. What I am saying is: 1)Over the space of all possible languages, the K-complexity of any finite string is 1.( one atomic op will produce that string in some language) 2) Over a given set of languages L, it is possible to make "K-complexity relative to L" comparisons between two strings S1 and S2, but that such comparisons are not extensible beyond that specific language family L. ( and thus fail to generalize in any meaningful manner -- one can say S1 is shorter to code than S2 in language X , but not that S1 is shorter to encode than S2 in general) 3) K-complexity for an infinite string is more easily defined, as there are infinite strings that are more easily encoded than others. This is true even over the space of all languages. ( 000000......) is much more compact codewise to generate than the decimal expansion of a trancendental, or Chaitin's(sp?) Omega. This is where generalized K-complexity has a useful meaning. ------------------------------ From: [EMAIL PROTECTED] (Lincoln Yeoh) Subject: Re: GSM A5/1 Encryption Date: Thu, 13 Apr 2000 16:49:01 GMT Reply-To: [EMAIL PROTECTED] On 8 Apr 2000 10:30:24 -0700, [EMAIL PROTECTED] (David A. Wagner) wrote: >It is hard to imagine design constraints so fierce that the designers >could not have afforded the extra cost of a 128-bit A5/1. (Perhaps it >is so, but it seems quite a stretch, given the time at which it was >developed.) Huh? I thought the reason they went 40 bit was because the spook agencies grumbled and lobbied and made lots of noise? I can't cite references but I seem to recall mention of it in the UK newspapers back in the early 90s. It was no surprise it was cracked, what really surprised me was the big fuss the Americans made of the crack. The encryption was to be reasonably strong, but it was intentionally weakened. I don't understand why they did that. Sure the calls may be encrypted from your phone to the towers/stations, but they are then decrypted to plaintext, and then reencrypted to the other phone. The spooks can always listen in on the plaintext. It's even easier as there are a lot fewer backbone points than cells. Cheerio, Link. **************************** Reply to: @Spam to lyeoh at @[EMAIL PROTECTED] pop.jaring.my @ ******************************* ------------------------------ From: Bob Silverman <[EMAIL PROTECTED]> Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone? Date: Thu, 13 Apr 2000 16:43:25 GMT In article <[EMAIL PROTECTED]>, Gadi Guy <[EMAIL PROTECTED]> wrote: > > I'm designing a cipher algorithm based on matrix algebra modulo 2. Make sure > > that I had no problem with the usual numerical recipes for handing matrices; > > simply, I apply them 'modulo 2'. > > Just an off topic thought, why can't large boolean matrices be used for > DH key exchange? (1) What makes you assert that they can't be used? (2) In fact, they can. (3) Why do you suggest them? What makes them advantageous over ordinary DH? Why do you think they might be? (4) Why "large"? [hint: think about efficiency of computation] (5) What makes you believe that they would be any different from ordinary DH? (Hint: discrete logs in SL(2,Z) or SL(k,Z) are reducible to ordinary DL) -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: James Felling <[EMAIL PROTECTED]> Subject: Re: Encode Book? Date: Thu, 13 Apr 2000 11:50:39 -0500 Tom St Denis wrote: > James Felling wrote: > > > > I learned pascal at about the same age. It was a big achievement, but > > not on the same order as Ms. Flannery's achievement. You are gifted and > > talented, but she has done something that was truly extraordinary. Live > > with it. > > Not to be a jealous type, but how much of it was here idea, and not her > fathers coaxing? hehehe, just kiddin I actually don't know much at all > about her so that's no a fair comment, sorry... but makes you wonder :) > > Anyways, does she have a website of her own? If so where is it? > > And I don't view learning a programming language by ourselve as an > everyday activity for twelve year olds. Or writting your own Bulletin > Board System (BBS) when you are 13, or etc... Anyways, nuff ranting I > bet we are all just gifted in our own domains. She is probably wicked > at math, but couldn't play the piano etc... So no reason to be bitter, > right? > Exactly. She may have been in the right place at the right time publicity wise, but what she did was impressive none the less -- whether that will be the zenith of her career or whether she will go on to other things, that is the true test of greatness. > > Tom ------------------------------ From: Bob Silverman <[EMAIL PROTECTED]> Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone? Date: Thu, 13 Apr 2000 16:46:16 GMT In article <8d2i39$84k$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]> wrote: > If the matrix is sparse it is virtually certain that its inverse > will be 50% done. This should be 50% dense, of course. -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ Before you buy. ------------------------------ From: [EMAIL PROTECTED] (Lincoln Yeoh) Subject: Re: Miami Herald article about ATM ripoffs Date: Thu, 13 Apr 2000 17:04:29 GMT Reply-To: [EMAIL PROTECTED] On 11 Apr 2000 01:10:12 GMT, [EMAIL PROTECTED] (Bill Unruh) wrote: >I suspect he meant algorithm. (just a rearrangement of the first four >letters). But even that is wrong. It contains an offset to get from teh >natural PIN created by encrypting various things like the account number >by DES with a secret key to the true pin. (See Ross Anderson's >explanation many years ago here.) But isn't that an insecure way to do things? The card should hold a card number and the PIN should be random. The ATM should use the card number to check the PIN with the nearest database (replicated). To increase detection of duplicated cards, the ATM could write to the card a sequence number after each transaction. But this makes things more failure prone. Cheerio, Link. **************************** Reply to: @Spam to lyeoh at @[EMAIL PROTECTED] pop.jaring.my @ ******************************* ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: [EMAIL PROTECTED] You can send mail to the entire list (and sci.crypt) via: Internet: [EMAIL PROTECTED] End of Cryptography-Digest Digest ******************************

- Cryptography-Digest Digest #541 Digestifier
- Cryptography-Digest Digest #541 Digestifier
- Cryptography-Digest Digest #541 Digestifier
- Cryptography-Digest Digest #541 Digestifier
- Cryptography-Digest Digest #541 Digestifier
- Cryptography-Digest Digest #541 Digestifier