Cryptography-Digest Digest #559, Volume #11 Sun, 16 Apr 00 18:13:01 EDT
Contents:
Re: ? Backdoor in Microsoft web server ? [correction] (Roger)
Re: GOST idea (Tom St Denis)
Re: Open Public Key (Tom St Denis)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield)
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let him in
..." (JimD)
Re: One Time Pads Redux (JimD)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Tom St Denis)
Re: Q: Entropy (Diet NSA)
Re: Why encrypt email... (David Crick)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield)
Re: Q: NTRU's encryption algorithm (Diet NSA)
Re: ? Backdoor in Microsoft web server ? [correction] (Jim Gillogly)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Tom St Denis)
asymmetrical systems ("rewted")
Re: asymmetrical systems (Bill Unruh)
Re: ? Backdoor in Microsoft web server ? [correction] (Mok-Kong Shen)
Re: GOST idea (Mok-Kong Shen)
Help with Exponentiation Cipher ("Monkey Boy")
Re: Q: Entropy (Bryan Olson)
Re: My STRONG data encryption algorithm (Nobody Home)
Re: asymmetrical systems (Tom St Denis)
Re: My STRONG data encryption algorithm (Tom St Denis)
Re: GOST idea (Tom St Denis)
Re: Why is this algorithm insecure? (Newbie flamefodder) (Boris Kazak)
----------------------------------------------------------------------------
From: Roger <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Sun, 16 Apr 2000 12:38:32 -0700
Jim Gillogly wrote:
> Regardless of precisely which magical powers the back door gives,
> it <is> a back door put into offical Microsoft code by official
> Microsoft (weenie) engineers.
And presumably MS will use source code control logs to find
the guilty party, and fire him.
No doubt this incident will be used to support the thesis
that open source software is the only way to get security.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Sun, 16 Apr 2000 19:41:27 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
> > I like the simplicity of gost... hmm Let's change the F function to be
> >
> > F(x) = S(2x^2 + x) <<< 11
> >
> > Where S is the parallel application of the eight 4x4 sboxes. This would
> > have much higher avalanche and only make the F function slightly more
> > complex.
>
> I suppose one should be careful and do sufficient amount of
> experiments to verify the avalanche properties, unless one
> has a theoretical proof.
Well my idea cannot technically be any worse then before since F(x) 2x^2
+ x is a permutation in GF(2^w). Another balanced approach would be
todo this
F(x) = S(S(x) <<< 11) <<< 11
Which should increase the avalanche significantly and keep the algorithm
complexity about the same, just twice as slow in the F function.
Another good point of GOST is the ram requirement, all you need is the
32 bytes of round keys, and 256 bytes for the sbox [or 1kb if you
pre-expand the sbox values].
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Open Public Key
Date: Sun, 16 Apr 2000 19:45:15 GMT
Mark Wooding wrote:
> > > You're still mixing up safe and strong primes.
> > >
> > > If you have a safe prime p = 2q + 1, then 4 is a generator of the
> > > order-q subgroup (exercise: prove this). This is probably a good choice
> > > of generator for Diffie-Hellman and ElGamal-like systems.
> >
> > From what I can tell if p = 2q + 1, then p mod 4 = 3 'hmm duh', then we
> > get 4^q mod p = 1 and 4^2 mod p != 1.
>
> In more detail, 4^q = 2^{2q} = 1 (mod p), but yes.
Ouch I should have gotten that. Well I just picked up a book called
"Fundamentals of Number Theory" it deals alot with the type of math you
would see in cryptography (quadratic residues, euclids algorithms,
etc...)
So now I can "get a clue" :). Can't wait to get reading the book.
Tom
------------------------------
Date: Sun, 16 Apr 2000 20:51:50 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
stanislav shalunov wrote:
>
> Richard Heathfield <[EMAIL PROTECTED]> writes:
>
> > Thank you. I'm not sure, however, that I have understood you correctly.
> > You seem to be saying that Eve can decrypt any message she likes,
> > provided she has first done a chosen plaintext attack on a message that
> > length and using the same key as Alice. Okay, yes, that's a problem. But
> > how would she do such an attack?
>
> I was a bit careless: known plaintext is enough.
Ah. That makes a lot more sense. For example, a known protocol exchange
in a TCP/IP conversation.
>
> What I have meant is that if Alice sends to Bob a stream of messages
> of the same length encrypted with the same key (e.g., network
> packets), and if Eve knows plaintext of one of the packets, Eve
> immediately can decrypt all the other packets. (Eve could guess the
> first packet, which might be part of a higher-level protocol
Quite so...
> or make
> Alice send some chosen plaintext).
Skulduggery? Surely not! :-)
>
> More than that, Eve can simply XOR any two packets and get rid of key
> material completely. If data has enough redundancy (e.g., is natural
> language text) both packets can be recovered. All further and
> previous packets of the same length with the same key are compromised.
That's worrying. I'll try to crack it on that basis to see if you're
correct. (I'm not sure whether you are, because of the bit rotations,
but I'll give it a whirl on the grounds that I don't know what I'm
talking about...)
>
> If a key can never be reused the cryptosystem is useless. (One could
> simply use OTP then.)
Quite so.
>
> Also, you seem to be mentioning overly long keys (4K, etc.) all the
> time. If symmetric cryptosystem needs such long keys you know it's
> worthless.
I'm not sure whether they're needed or not. Hence this thread!
> A secure algorithm doesn't need keys longer than 128 bits.
Okay.
> The task of brute-forcing 2^128 different keys is out of reach for any
> known adversary.
But wasn't it done recently?
> For extra safety sometimes one might want even
> longer key, such as 256 bits, but keys longer than that in a symmetric
> system are a sure sign that the designer didn't understand what he's
> doing.
How kind. :-) (Quite accurate, in this case, of course.)
Is it worth persevering with this algorithm, but adding partial
rotations and partial XORing, as another poster suggested?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
29 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (68
to go)
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.business.accountancy,talk.politics.crypto
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let
him in ..."
Reply-To: JimD
Date: Sun, 16 Apr 2000 18:53:45 GMT
On Sun, 16 Apr 2000 14:47:54 +0100, "NoSpam" <[EMAIL PROTECTED]> wrote:
>To get this protection from snooping, however, it won't be enough to host
>your e-commerce site on an Irish server while running the business from
>Britain, because Straw's Bill will cover every communication you send from
>your base. You will have to move the business to Ireland. Which of course is
>exactly what the Irish government is banking on. And they give whopping tax
>breaks too.
Good for the Irish. I wish them every success.
--
Jim Dunnett. G4RGA
dynastic at cwcom.net
Londoner? Vote for Ken!!
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: One Time Pads Redux
Reply-To: JimD
Date: Sun, 16 Apr 2000 18:53:51 GMT
On Sat, 15 Apr 2000 22:04:08 -0700, "Joseph Ashwood" <[EMAIL PROTECTED]>
wrote:
>The first attack that comes to mind is based on the typical
>method using the pad, namely XOR. It is a property of XOR
>that is I have the plaintext, and the ciphertext, I can
>retrieve the pad. Given this, the attack goes as follows
>(editted into your proposal):
Am I missing something here?
If you have the ciphertext and the plaintext, what more do you
need? What's the point of recovering the key, particularly
if it's never going to be used again?
--
Jim Dunnett. G4RGA
dynastic at cwcom.net
Londoner? Vote for Ken!!
------------------------------
Date: Sun, 16 Apr 2000 20:57:39 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
Boris Kazak wrote:
>
> >
> > Since I'm no expert, I have to assume this algorithm is weak.
> >
> > **********************
> Imagine 2 plaintexts - both of the same length, differing in 1 bit,
> for example, 1101100110110010 and 1101100110110011. Then after being
> encrypted with your algorithm the 2 ciphertexts will differ in exactly
> 1 bit. This immediately gives you the total number of shifts and the
> value of the total "key" at this spot.
> Do you see now why this algorithm is weak?
>
> Best wishes BNK
Eesh. I just tried it. Back to the drawing board. Are partial rotations
and partial XORings a reasonable way forward, or should I just junk the
whole thing now while there's still hope for the galaxy?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
29 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (68
to go)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
Date: Sun, 16 Apr 2000 20:00:42 GMT
Richard Heathfield wrote:
> > The task of brute-forcing 2^128 different keys is out of reach for any
> > known adversary.
>
> But wasn't it done recently?
I sincerely hope you are joking with this last question.
Tom
------------------------------
Subject: Re: Q: Entropy
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sun, 16 Apr 2000 12:52:45 -0700
In article <8cngub$hgg$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
>Hi, you might enjoy my latest paper
>"A century of controversy over the foundations of mathematics".
>You can find it at
>http://www.cs.umaine.edu/~chaitin/cmu.html
>It was my 2 March 2000
>Carnegie Mellon University
>School of Computer Science
>Distinguished Lecture.
>Rgds,
>Greg Chaitin
>
>
Hi, I just read your interesting paper above in which you write
that "the notion of program size complexity is like the idea of
entropy in thermodynamics". Earlier, in the same paper, you
mentioned how you were trying to find a "kind of logical notion
of randomness *rather* than a statistical notion of randomness".
Related to this, you might be interested to know that
thermodynamic entropy could also be understood
"logically" and *without* any reference to statistical mechanics
or heat engines. See the April 2000 issue of "Physics Today",
page 32.
"I feel like there's a constant Cuban Missile Crisis in my pants."
- President Clinton commenting on the Elian Gonzalez situation
=======================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: Why encrypt email...
Date: Sun, 16 Apr 2000 21:07:55 +0100
[EMAIL PROTECTED] wrote:
>
> Hi, I am doing a paper on email encryption and I have two theories:
>
> 1) The level of encryption depends on the information being encrypted.
Only in military and government systems.
> Much email is non-sensitive info so encryption is not used.
There is no reason why you should not encrypt everything.
(The speed issue with modern hardware and ciphers no longer
is an issue. There are also enough free and tested algorithms
so that patent issues, etc. are not an issue.)
> At other times, like for medical records, email is encrypted to
> protect confidential info.
This is one case where encryption seems to be needed and therefore
the bodies have the incentive to do so.
> 2) Email encryption is not used because users don't know how much it is
> worth. Email encryption developers need funds to create privacy, but
> different users value privacy differently. Many users want free online
> privacy, expecting it to be "provided" by the Net. Others, like
> corportate users, will pay resonable fees to companies (like Verisign)
> because they need strong encryption.
I don't think cost comes into it at all.
> What I need are papers, books, or other documents that back up (or
> refute) the above claims. If anyone has user survey data (how users
> value email encryption) that would be ideal!
>
> Thank you,
> Stanley
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Here I think are some true answers:
(1) The average user doesn't see the need to encrypt their
e-mail ("I don't have anything to hide.")
(2) Those interested in trying encryption find most current
systems are too complicated and are discouraged.
("It's too much effort.")
(3) There are only a small percent of people using encryption.
They therefore tend to stand out and look like extremists
who it seems must have something to hide. This puts people
off. ("Child porn", "Terrorism", etc)
(4) Some governments and other bodies try to suppress the
use and spread of encryption, or at the very least do
not actively promote it.
Best wishes,
David.
------------------------------
Date: Sun, 16 Apr 2000 21:08:16 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
Tom St Denis wrote:
>
> Richard Heathfield wrote:
> > > The task of brute-forcing 2^128 different keys is out of reach for any
> > > known adversary.
> >
> > But wasn't it done recently?
>
> I sincerely hope you are joking with this last question.
>
> Tom
Sorry, I may have disremembered. I thought I'd read somewhere (trade
press) that a bunch of machines had worked for about a month on - RSA,
was it? I forget. It was within the last six weeks or so, but of course
I could have it all wrong. Please bear in mind that I'm not a
cryptographer, so I (illogically) tend to be less critical of articles
on cryptography in the trade rags than I do about C articles.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
29 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (68
to go)
------------------------------
Subject: Re: Q: NTRU's encryption algorithm
From: Diet NSA <[EMAIL PROTECTED]>
Date: Sun, 16 Apr 2000 13:01:33 -0700
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Do you happen to have literature references useful for studying
>the mathematics involved (not necessarily NTRU's algorithm as
>such)? Thanks.
>
>M. K. Shen
>
>
The NTRU website already explains the math involved. Considering
security + practicallity, it seems that NTRU could be the best PK
system available and it would be interesting to see how well it
holds up over the next few years.
"I feel like there's a constant Cuban Missile Crisis in my pants."
- President Clinton commenting on the Elian Gonzalez situation
=======================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Sun, 16 Apr 2000 20:31:11 +0000
Roger wrote:
> No doubt this incident will be used to support the thesis
> that open source software is the only way to get security.
It demonstrates yet again that you can't trust closed source
software even if it's from a large company. You can't trust
open source software blindly either, but at least you have an
opportunity to try to verify pieces of it.
However, even if Win2K were open source <I> wouldn't be very
interested in doing a thorough code review on even the 63,000
bugs they've admitted in a leaked internal memo, much less the
entire bloated 29 million lines of code. Heck, I wouldn't even
read through the one or two million lines of code in Linux (or
whatever the number is)... but I certainly do pull out the
Linux code and study whatever portion of it is important to
what I'm doing at the time.
You have a different take on this? Do you claim closed source
software is inherently as secure as, or more secure than open
source?
We see this in sci.crypt and the rest of the crypto world all
the time: a company develops a cryptosystem or protocol in
private, and as soon as it's exposed to the air it crumbles.
This stuff is difficult, and doing it in a vacuum is foolish.
--
Jim Gillogly
Hevensday, 26 Astron S.R. 2000, 20:13
12.19.7.2.6, 11 Cimi 9 Pop, First Lord of Night
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
Date: Sun, 16 Apr 2000 20:31:10 GMT
Richard Heathfield wrote:
>
> Tom St Denis wrote:
> >
> > Richard Heathfield wrote:
> > > > The task of brute-forcing 2^128 different keys is out of reach for any
> > > > known adversary.
> > >
> > > But wasn't it done recently?
> >
> > I sincerely hope you are joking with this last question.
> >
> > Tom
>
> Sorry, I may have disremembered. I thought I'd read somewhere (trade
> press) that a bunch of machines had worked for about a month on - RSA,
> was it? I forget. It was within the last six weeks or so, but of course
> I could have it all wrong. Please bear in mind that I'm not a
> cryptographer, so I (illogically) tend to be less critical of articles
> on cryptography in the trade rags than I do about C articles.
Well depends, 'breaking' a 128 bit RSA key can be done on a personal
home computer in a relatively short amount of time. Searching thru
2^127 random keys for a symmetric cipher [such as blowfish] is not at
all possible. They are different problems all together.
Tom
------------------------------
From: "rewted" <[EMAIL PROTECTED]>
Subject: asymmetrical systems
Date: Sun, 16 Apr 2000 16:48:14 -0700
I know that this cryptosystem uses two keys, one a public key which is used
to encrypt the second a private key which is used to decrypt. Now i have
read documents on the theory behind how this works, but they are too
technical. Can someone just briefly explain to me how the theory works.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: asymmetrical systems
Date: 16 Apr 2000 21:05:37 GMT
In <8dd92b$rh5$[EMAIL PROTECTED]> "rewted" <[EMAIL PROTECTED]> writes:
>I know that this cryptosystem uses two keys, one a public key which is used
>to encrypt the second a private key which is used to decrypt. Now i have
>read documents on the theory behind how this works, but they are too
>technical. Can someone just briefly explain to me how the theory works.
In non-technical language you have it all. The only additional comment
is that knowing the public key still makes it hard to find out what the
private key is. To understand how this works you HAVE to get technical.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Sun, 16 Apr 2000 23:22:02 +0200
Jim Gillogly wrote:
>
> It demonstrates yet again that you can't trust closed source
> software even if it's from a large company. You can't trust
> open source software blindly either, but at least you have an
> opportunity to try to verify pieces of it.
>
> However, even if Win2K were open source <I> wouldn't be very
> interested in doing a thorough code review on even the 63,000
> bugs they've admitted in a leaked internal memo, much less the
> entire bloated 29 million lines of code. Heck, I wouldn't even
> read through the one or two million lines of code in Linux (or
> whatever the number is)... but I certainly do pull out the
> Linux code and study whatever portion of it is important to
> what I'm doing at the time.
How about having software certification by some official bodies?
To my knowledge, compilers of some programming languages could be
certified at some centres.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Sun, 16 Apr 2000 23:25:10 +0200
Tom St Denis wrote:
>
> Well my idea cannot technically be any worse then before since F(x) 2x^2
> + x is a permutation in GF(2^w). Another balanced approach would be
> todo this
Could you explain why a permutation doesn't affect the avalanche?
Thanks.
M. K. Shen
------------------------------
From: "Monkey Boy" <[EMAIL PROTECTED]>
Subject: Help with Exponentiation Cipher
Date: Sun, 16 Apr 2000 21:28:08 GMT
I have a problem for my math class with has the code
2336 1523 3139 0139 1289 0816 0932 2820 0240 2332 0431
it uses the key (e,p) (1925,3209) and assumes a=01, b=02 etc
I figured d to be 5, but wasnt in class the other day to find out what to do
with the problem once i have d. Could anyone give me a hand? The problem
says "collaboration allowed" in case anyone has moral qualms.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Sun, 16 Apr 2000 21:22:36 GMT
Mok-Kong Shen wrote:
> Bryan Olson wrote:
> > "f(x) = g(x) + O(1)" tells us nothing about
> > the sign or magnitude of f(x) - g(x) at any
> > particular value of x.
>
> What difference is there, if one has, instead of two finite
> strings, two infinite strings to compare?
We can describe the complexity of the sequences
by the complexity of the infinitely many prefixes.
We cannot say, for example, whether f(n) = n + O(1)
or g(n) = n/2 + O(1) is larger for any particular
value of n. But we can say that f(n) becomes larger
than g(n) as n grows arbitrarily large.
I'm not sure how your reference will express it, but
we could reasonably say that for sequences r and s,
r has greater complexity than s if for all universal
Turing machines M_i, there exists some m such that
n >= m implies K_i(r_[0..n]) > K_i(s_[0..n]).
(Note that t_[0..k] is the string of the first k+1
symbols of t).
The theorem which limits |K_i(x) - K_j(x)| to a
constant allows us to settle the above using just
one Turing machine M_j by showing that for any
constant c there exists some m such that
n >= m implies K_j(r_[0..n]) - K_j(s_[0..n]) > c.
Again, depending on how references define Turing
machines and universal Turing machines, they may
place some other conditions on the machines.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Nobody Home)
Subject: Re: My STRONG data encryption algorithm
Date: Sun, 16 Apr 2000 21:51:25 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>Hehehehe, I was like this once, basically it looks like a salted
>Vinegere cipher (spelling?). Which given the length of the passphrase
>is trivial to break. Your usage of random() to increase the entropy of
>the key is not going to work, so your essentially limited to the
>passphrase.
>
>Essentially this is not at all secure, but keep up the research, I
>started this way too...hehe
I know how you feel, Tom. I remember back in grade school when my spelling,
grammar, and punctuation were as bad as yours, hee hee hee.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: asymmetrical systems
Date: Sun, 16 Apr 2000 22:01:47 GMT
rewted wrote:
>
> I know that this cryptosystem uses two keys, one a public key which is used
> to encrypt the second a private key which is used to decrypt. Now i have
> read documents on the theory behind how this works, but they are too
> technical. Can someone just briefly explain to me how the theory works.
One key is the inverse of the other. Is that brief enough?
If you have a clue about basic num theory, check out paper #130 at
http://24.42.86.123/crypto/
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: My STRONG data encryption algorithm
Date: Sun, 16 Apr 2000 22:02:30 GMT
Nobody Home wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >Hehehehe, I was like this once, basically it looks like a salted
> >Vinegere cipher (spelling?). Which given the length of the passphrase
> >is trivial to break. Your usage of random() to increase the entropy of
> >the key is not going to work, so your essentially limited to the
> >passphrase.
> >
> >Essentially this is not at all secure, but keep up the research, I
> >started this way too...hehe
>
> I know how you feel, Tom. I remember back in grade school when my spelling,
> grammar, and punctuation were as bad as yours, hee hee hee.
Hey grammar is not my strong point. I am trying to develop my math
skills (which is not easy on my own).
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Sun, 16 Apr 2000 22:04:45 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
>
> > Well my idea cannot technically be any worse then before since F(x) 2x^2
> > + x is a permutation in GF(2^w). Another balanced approach would be
> > todo this
>
> Could you explain why a permutation doesn't affect the avalanche?
> Thanks.
No the permutation cannot hinder the avalanche. It in fact increases
the avalanche.
In one test I reduced GOST to four rounds, and fliped one bit. After
four rounds some of the bytes were not changed by it.
With F(x) = S(2x^2 + x) <<< 11
All the bytes were affected after four rounds. with My other idea I had
to cascade the original F function four times to get similar results...
i.e
f(x) = S(x) <<< 11
F(x) = f(f(f(f(x))))
Tom
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Why is this algorithm insecure? (Newbie flamefodder)
Date: Sun, 16 Apr 2000 22:09:01 GMT
Richard Heathfield wrote:
> > Do you see now why this algorithm is weak?
> >
> > Best wishes BNK
>
> Eesh. I just tried it. Back to the drawing board. Are partial rotations
> and partial XORings a reasonable way forward, or should I just junk the
> whole thing now while there's still hope for the galaxy?
>
> --
>
> Richard Heathfield
>
> "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
>
> C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> 29 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (68
> to go)
==============================
Take some book - "Applied Cryptography", 2-nd ed. by Bruce Schneier
would be a good shot - and try to understand the concepts of :
"confusion"
"diffusion"
"avalanche"
"key dependent"
"plaintext dependent"
In course of this reading you will understand many other concepts,
and then you will be ready to come back to drawing board.
Best wishes BNK
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
