Cryptography-Digest Digest #699, Volume #11 Wed, 3 May 00 19:13:01 EDT
Contents:
Re: A naive question ("Douglas A. Gwyn")
Re: Deciphering Playfair (long) ("Douglas A. Gwyn")
Re: quantum crypto breakthru? (Diet NSA)
Re: Deciphering Playfair (long) (Michael Jarrells)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Xcott Craver)
Re: Any good attorneys? (Bryan Olson)
Re: Silly way of generating randm numbers? ("Jorell Hernandez")
Re: RC6 as a Feistel Cipher (Francois Grieu)
Re: Silly way of generating randm numbers? (Richard Heathfield)
Re: sci.crypt think will be AES? ("Beth Friedman")
Re: mod function? (James Thomson)
public/private (James Thomson)
Re: sci.crypt think will be AES? (Richard Heathfield)
Re: factor large composite (Diet NSA)
Re: RC6 as a Feistel Cipher (Anton Stiglic)
Re: A naive question (William Rowden)
Re: RC6 as a Feistel Cipher (David A. Wagner)
Re: Any good attorneys? ("Trevor L. Jackson, III")
Re: GPS encryption turned off ("Trevor L. Jackson, III")
Re: RC6 as a Feistel Cipher (David A. Wagner)
Re: Silly way of generating randm numbers? ("almis")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 21:11:19 GMT
Mok-Kong Shen wrote:
> "Douglas A. Gwyn" wrote:
> > Given a perfect-OTP-enciphered ciphertext of 17 characters
> > and no further information, the likelihood of each possible
> > 17-character plaintext is proportional to its probability in
> > the parent population (telegraphic English).
> Still, there can be plaintext candidates that amount to statements
> of exactly opposite sense. So the analyst can't decide which is
> the true plaintext.
They have precisely the same relative likelihood as they
would have without even seeing the perfect-OTP ciphertext.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Deciphering Playfair (long)
Date: Wed, 03 May 2000 21:13:21 GMT
Jim Gillogly wrote:
> there are garbles in the second message. Garbles in general
> can make it very difficult to solve a cipher, ...
Although, when a garble causes the recipient to request a
retransmission, that often materially helps the cryptanalyst.
(I think there are some instances of this in the Zendian problem.)
------------------------------
Subject: Re: quantum crypto breakthru?
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 14:16:46 -0700
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>*right* -- information is *not* transmitted "instantaneously"
The author mentions this later in the
article.
The real puzzle is why pure states aren't
the
>same as mixed states.
>
>
Under Quantum Mechanics (QM), there is
no way to determine whether a single
system is in a pure state or is part of an
entangled composite system. The
conventional "answer" is that this cannot
be determined because the wavefuction is
not an objective entity, but this is just an
interpretation and no one really
understands QM.
"640K of memory ought to be enough for anybody" - Bill Gates (1981)
=================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Michael Jarrells <[EMAIL PROTECTED]>
Subject: Re: Deciphering Playfair (long)
Date: Wed, 03 May 2000 17:09:09 -0400
Reply-To: [EMAIL PROTECTED]
William Rowden wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Message 2:
> > Ciphertext:
> >
> FWFUIVGXVCZOWZYLEOXPIAPDUGNMLOAYXNQLQLTDNLYWXTOWXLYFVOUTZIAYEYWIYQOLYQV
>
> Is there a typo in this post? Or does the ciphertext really have an odd
> number (71) of letters?
>
> --
> -William
> SPAM filtered; damages claimed for UCE according to RCW19.86
> PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
> Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
This is the ciphertext as given. There is a possibility that the
original ciphertext has a character in the middle of the repeating QLQL,
but this can not be confirmed. In my copy it looks like it may be an X,
but I don't know for sure.
Thanks for the help. Good luck.
--
Michael Jarrells
1991 KTM TXC 300
http://jarrells.cjb.net
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 3 May 2000 21:11:25 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
>"If the break is such that it can be performed in practice by an
>attacker,..."
>
>This is one of my points: it cannot be performed in practice with
>the current implementation.
Secure doesn't just mean secure today. An impractical
attack can become practical during the lifetime of the product.
It also suggests possible deeper problems with the way
the cipher/PRNG works.
In general, people trust ciphers with no known attacks beyond
brute force, "practical" or not.
-X
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Wed, 03 May 2000 21:14:26 GMT
Tom St Denis wrote:
> I still have some reading todo (I know basic EG right now) but I am
> pretty sure you can get by with smaller ciphertext by using
> sub-groups...
>
> I would appreciate any info possible wrt to this. As I want to get CB
> back out there.
Yes, you can work in a sub-group of large prime order, just
as DSA does. For example, we might use a sub-group of order
q where q is 256 bits, and a prime modulus p = q*d+1 where d
is 1792 bits, and p is 2048 bits. (Constructing q so that
d/2 is prime should avoid another potential pitfall.)
An attacker has his choice: he can work in the larger group
modulo p, and the effort for best attack known is on the
same order as factoring a number about the size of p; or he
can work in the smaller sub group, and the best attack known
takes a number of steps on the order of the square root of q.
I'm not sure of the best reference, but the Handbook of
Applied Cryptography is good. Look at all the sections on
ElGamal and DSA. The book is now available on line at
http://www.cacr.math.uwaterloo.ca/hac/
I have not read the paper David Hopwood referred to, but it
sounds promising.
Though the Diffie-Hellman patent has expired, I don't know
the patent status of small-subgroup methods. (And I post
my own views, not my employer's.)
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Jorell Hernandez" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Silly way of generating randm numbers?
Date: Wed, 3 May 2000 16:23:48 -0500
Is it possible to generate random numbers mathematically that could not be
reproduced even if you had the algorithm used to generate them?
"almis" <[EMAIL PROTECTED]> wrote in message
news:8eln0g$b5q$[EMAIL PROTECTED]...
>
> Dave Ashley wrote in message <8el2ic$8qk$[EMAIL PROTECTED]>...
> |
> |> Is this completely preposterous?
> |>
> |>
> |Let's generalize your idea slightly and just say that we are going to
> |take some arbitrary irrational number (our choices there are algebraic
> |or transcendental, let's assume transcendental), figure out a bunch of
> |digits, and use those digits as random numbers.
> |
> |Let's say that we are going to use some little-known transcendental,
> |like e^pi or pi^e (only one of those is proved transcendental, the other
> |may or may not be, I forget which is which).
> |
> |Let's ignore the issue of deliberate errors.
> |
> |Is this a suitable OTP? Are these digits random?
> |
> |That question is out of my league.
> |
> |There are really two questions here:
> |
> |a)Do the numbers meet statistical and other tests of randomness?
> |
> |b)Is there a way for someone to reproduce the series?
> |
> |I believe this will pass (a) but not (b). If you introduce "random"
> |mistakes in generating the sequence, it may pass (b).
> |
> |Interesting question, but out of my league.
> |
> |I recommend coin-tossing.
> |
> |Dave.
> |
> |--
> |-------------------------------------------------
> |Dave Ashley, [EMAIL PROTECTED]
> |
> |
> |Sent via Deja.com http://www.deja.com/
> |Before you buy.
>
> As this question is also beyond my league let me present a small
> excerpt from a paper written by a group of people who think they know.
>
> From: Cryptography Based on Transcendental Numbers; Pieprzyk, Ghodosi,
> Charnes and
> Safavi-Naini:
> "...An attractive feature of the reals is that they can represent any
> (infinite or
> finite) sequence of integers. Consider an experiment in which an unbiased
> coin
> is flipped an `infinite' number of times. It is clear that the resulting
> random
> sequence is equivalent to some real number. Obviously, this sequence (the
> real)
> must not be either a rational or algebraic number (see Section 3.1), as in
> both
> cases a finite subsequence uniquely determines the rest of the (infinite)
> sequence.
> All infinite sequences of truly random integers fall into the broad class
of
> tran�
> scendentals. Algebraic irrationals may look `random' but their
`randomness'
> is
> limited to a finite subsequence.
> Borel [3] introduced the notion of normal reals. A real is called to be
> normal
> with respect to the base p if for any natural number k all p k possible
> strings of
> length k occur with equal probability."
>
> So it looks like trancendentals would pass your test (a).
> (but not all, as some trancendentals, those involving arccos, arcsin and
> log,
> are susceptible to the LLL algorithm.)
>
> As for your test (b).
> Let's generate some long sequence of digits from the decimal expansion of
> a trancendental number such as a^(Sqrt(b)).
> I do not know the answer (except intuitivly) but the question is:
> Is it easier to determine the a and b of this number, from the sequence,
> than it is to determine, given c, the a and b of c=a*b where a and b are
> prime?
>
>
>
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: RC6 as a Feistel Cipher
Date: Wed, 03 May 2000 23:39:51 +0200
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote�:
> Feistel Networks are known to generate only even permutations.
I'd love a reference (*). Is that starting with a 4 bit cipher ?
I ask because in the case of a 2-bit Feistel cipher, the mapping:
00 -> 01
01 -> 00
10 -> 10
11 -> 11
is reached in 1 round, using the left-to-right round function
0 -> 1
1 -> 0
Also, according to my experiments, for this 2 bits Feistel cipher
all the 24 possible input-to-output bijections are reached in 3
rounds (and for a 3 bits Feistel-like cipher, the 40320 possible
bijections are reached in 7 rounds).
All this seems to confirm Bob Silverman's opinion that one has
to understand a fair among of number theory (or is it group
theory ?) to solve the "RC6 as a Feistel Cipher" puzzle.
Francois Grieu
(*) and/or maybe just a definition and/or practical caracterisation
of even permutations. I guess/remember they form a closed subset of
permutations under composition.
------------------------------
Date: Wed, 03 May 2000 22:49:15 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Silly way of generating randm numbers?
Julio C�sar wrote:
>
> I dont know if this could help, but pi is in no way random.
>
For a contrary viewpoint, see Knuth, TAOCP, Vol II, p41.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
From: "Beth Friedman" <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Date: Wed, 3 May 2000 16:53:43 -0500
Jerry Coffin wrote in message ...
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>
>[ ... ]
>
>> At about that time, a patents clerk famously resigned, saying
>> "Everything has been invented".
>
>I'm not sure he actually resigned, but the quote was NOT a patent
>clerk, but the commissioner running the patent office. It's
>interesting to note that this was _before_ Thomas Edison had ever
>submitted a single patent application. I guess none of his
>inventions was original or had any merit...
This is a persistent urban legend. It's true that it was the commissioner
(Henry L. Ellsworth), but there's no truth to the fact that he resigned, or
even planned to resign. See
http://www.urbanlegends.com/misc/patent_office_ul.html for the rest of the
story.
--
Beth Friedman
[EMAIL PROTECTED]
------------------------------
From: James Thomson <[EMAIL PROTECTED]>
Subject: Re: mod function?
Date: Wed, 03 May 2000 16:38:57 -0500
A mod function is one where the remainder of the division of the first
element by the second element is returned. IE 5%3 (in c, this is 5 mod 3)
will return 2
Steve Maughan wrote:
> I'm new to cryptology and I've got my first question.
>
> Basically, I've started reading Bruce Schneiders' Applied Cryptography
> and I've been coming across a function which seems to be used a lot
> called "mod". Can anyone explain to me what this function does?
>
> Thanks for any help.
>
> --
> Steve Maughan
>
> Don't run away from your problems
> Riding is much faster.
------------------------------
From: James Thomson <[EMAIL PROTECTED]>
Subject: public/private
Date: Wed, 03 May 2000 16:33:33 -0500
Does anyone know where I can get my hands on a few public/private
encryption algorythms? I'm trying to gain a better view of the subject
matter and determine how to make one myself, just for the hell of doing
it.
Thanks,
James
------------------------------
Date: Wed, 03 May 2000 23:04:28 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: sci.crypt think will be AES?
Beth Friedman wrote:
>
> Jerry Coffin wrote in message ...
> >In article <[EMAIL PROTECTED]>,
> >[EMAIL PROTECTED] says...
> >
> >[ ... ]
> >
> >> At about that time, a patents clerk famously resigned, saying
> >> "Everything has been invented".
> >
> >I'm not sure he actually resigned, but the quote was NOT a patent
> >clerk, but the commissioner running the patent office. It's
> >interesting to note that this was _before_ Thomas Edison had ever
> >submitted a single patent application. I guess none of his
> >inventions was original or had any merit...
>
> This is a persistent urban legend. It's true that it was the commissioner
> (Henry L. Ellsworth), but there's no truth to the fact that he resigned, or
> even planned to resign. See
> http://www.urbanlegends.com/misc/patent_office_ul.html for the rest of the
> story.
Thanks for the URL, but I prefer to keep my urban legends undebunked.
:-)
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
34 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (63
to go)
------------------------------
Subject: Re: factor large composite
From: Diet NSA <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 15:08:18 -0700
In article <mz0Q4.1826$ZO4.1455@client>
, "Dann Corbit" <[EMAIL PROTECTED]>
wrote:
>"Diet NSA" <[EMAIL PROTECTED]> wrote in message
>> Then, you would be wrong because there
>> are, for instance, certain mathematical
>> contexts in which specific operations,
>> etc. are not possible.
>
>Depend on the restrictions you allow.
Of course.
>of imaginary numbers it is fine. If you provide an operation
which is not
>allowed, I can always define a new system where it is.
Then you must be a super mathematical
genius !
>At any rate, we are no longer topical to sci.crypt.
I agree and would say that we are
wasting our time.
Further, I'm not
>particularly interested in taking this to email, since I think
you just like
>arguing for the sake of argument.
Then why is it *you* who keeps replying?
:-) ;-) !-)
Hence, I suggest that you just drop the
>whole thing.
>
Hence, I suggest that you just drop the
whole thing.
"640K of memory ought to be enough for anybody" - Bill Gates (1981)
=================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: RC6 as a Feistel Cipher
Date: Wed, 03 May 2000 18:17:31 -0400
> If you look at it just that way, obviously half the message doesn't
> get changed. In fact, after one round you end up having:
> A' = B and C' = D (this is the part that doesn't change),
> and
> B' = ((C^{(D*(2*D+1)) << 5} << {(B*(2*B+1)) << 5}) + S[2*i + 1],
> D' = ((A^{(B*(2*B+1)) << 5}) << {(D*(2*D+1)) << 5}) + S[2*i],
>
> where A', B', C', D' is the message that goes into the next round.
> <...>
> Isn't this enough to say that it is a Feistel cipher?
O.k., so from the definition given in the HAC (Handbook of Applied
Crypto), I see in fact that what I wrote is not enough.
The definition in the HAC states that you start off with a 2t-bit
plaintext, (L0, R0) where L0 is t bits long, same for R0.
Then, for r > 2, your encryption function has to look like this:
for 1 <= i <= r,
Li, Ri <- L(i-1), R(i-1),
where
1) Li = R(i-1) and
2) Ri = L(i-1) XOR f(R(i-1), Ki), where Ki is a subkey derived from
the encryption key, f is some function producing t bits.
So, with the from of RC6 given above, we have 1), but not 2).
The exercise would thus consist into turning the form given
above to one that satisfies 2).
Anton
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 22:06:34 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> William Rowden wrote:
[snip overly long quote]
> > No. All brute force will produce in this case is the set of all
> > possible plaintexts. There would be insufficient information to
> > choose the correct message.
> So that means brute force can't suceed. Under which conditions would
> brute force succeed? Thanks.
While "brute force" can mean relying on processing power instead of
(elegant) analysis, I am referring to an exhaustive key search. An
exhaustive key search will obviously only succeed if one can determine
when one has found the correct key.
Knowing which is the correct key requires that one of the plaintext
messages produced by applying a candidate key to the ciphertext be much
more probable than the messages produced using other keys. For English
messages, choosing between "iwantanapple" and "jxboubobqqmf" (e.g., a
Caesar cipher) is easy. Choosing between "iwantanapple"
and "iwantabanana" (e.g., an OTP) is difficult.
In information-theoretic terms, the equivocation about the message
given the ciphertext (H_E(M)) must be near zero. For those ciphers
or which H_E(M) approaches zero as the amount of ciphertext increases
(i.e., for ciphers not "unconditionally secure"), Shannon called the
amount of ciphertext at which the equivocation is near zero
the "unicity distance." This distance is different for different cipher
systems, but is in the neighborhood of H(K)/D, where H(K) is the
equivocation (uncertainty) about the key and D is the redundancy in the
plaintext.
My answer is therefore "exhaustive key searches may produce false
solutions unless the amount of ciphertext is beyond the unicity distance
of the cipher."
I've begun to repeat myself (actually, I'm parroting the same
information theory) in different locations in this thread.
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: RC6 as a Feistel Cipher
Date: 3 May 2000 14:48:22 -0700
In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
> With respect to (mathematical) proofs, how is "Fiestel Cipher" defined?
There's nothing really tricky here.
Suppose a cipher may be written as a composition of "rounds",
where each round encrypts the input (L,R) to the output (R,L+f(R))
for some key-dependent function f and some group operation +
(both of which may possibly depend on the round number).
Then the cipher is a Feistel cipher.
------------------------------
Date: Wed, 03 May 2000 18:44:11 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Jeffrey Williams wrote:
> Well, yes and no. By all means stand and fight. When it is a fight worth
> fighting. Given that Tom can acquiesce today and add RSA back into
> CryptoBag at the end of September, when the patent expires, it's hard
> to justify fighting. While he would **likely** win in court, unless he
> counter-sued and won the countersuit, he might well be out serious
> money. Which means that he'd lose.
>
> I'd be inclined to not only acquiesce now, but as soon as the patent expires,
> add RSA back into CryptoBag and send a copy of it to the RSA goon (or
> is the correct term moron? Technical terms like that often escape me) who
> sent the "cease and desist" letter.
>
> Choose your fights wisely. Very few people can take on the world and win.
There's a few major differences between "taking on the world" and "standing your
ground". First and foremost the TOTW is probably silly under any circumstances,
while SYG is a reasonable default. So they are close to polar opposites.
Another major difference is that TOTW is an offensive goal while SYG is almost
purely defensive. The defense always has a significant advantage. In this case it
has a huge advantage because Tom probably broke and RSA isn't. So RSA can't win
much, but Tom can. Any lawyer worthy of a contingency fee will smile at that. And
RSA's lawyer is probably going through the motions of protecting RSA's IP because
it is good form to do so no matter who the infringer is.
But it may all be moot if the only focus is RC5.
>
>
> "Trevor L. Jackson, III" wrote:
>
> > > It's called I am an 18 year old kid. Why would I throw my life away
> > > just to have RSA patented technology?
> >
> > If you react to any threat with compliance, you make your self a victim.
> > That's throwing your life away.
> >
> > >
> > >
> > > I can get by with Cryptobag and PB3 by using other algorithms.
> >
> > Notice the terms you are using. Is it your intention to "get by", meaning
> > merely achieve the bare minimum, in the other important things in your life?
> > If your life is worth living is it worth living _well_. That means doing the
> > right thing in the face of conflict. Read some Churchill.
>
> --
> Jeff Williams
> Software Design Engineer
> DNA Enterprise, Inc
> 1240 E Campbell Rd, Richardson, TX, 75081
> 972 671 1972 x265
> [EMAIL PROTECTED]
>
> Did you know that there is enough sand in
> north Africa to cover the entire Sahara?
------------------------------
Date: Wed, 03 May 2000 18:47:04 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: GPS encryption turned off
Paul Koning wrote:
> Paul Rubin wrote:
> >
> > This is being discussed to death on sci.geo.satellite-nav.
> >
> > Quick summary: there are *two* GPS signals (separate frequencies),
> > the C/A (course acquisition) signal, and the P/Y (precision) signal.
> >
> > The C/A signal's inherent accuracy is about 15-20 meters, but until
> > yesterday it had been intentionally fuzzed ("Selective Availability"
> > or SA) to 50 meter accuracy or so, to impede accurate targeting of
> > homemade cruise missiles and other nasty uses.
>
> Interestingly enough, SA has been turned off before. For
> example, during the Gulf War, so the US military could use
> commercial off the shelf GPS units and get good accuracy.
> (Apparently they couldn't get enough P/Y units.)
>
> >... Yesterday the inaccuracy was removed, almost certainly
> > permanently.
>
> I wonder on which you base that "almost certainly". It was
> trivial to turn off; it's equally trivial to turn back on.
There's a couple of interesting side effects of the decision. One is that
turning is back on becomes a sort of threat -- a gesture of sincerity like
raising the alert status of military units.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: RC6 as a Feistel Cipher
Date: 3 May 2000 15:04:36 -0700
In article <[EMAIL PROTECTED]>,
Francois Grieu <[EMAIL PROTECTED]> wrote:
> "Scott Fluhrer" <[EMAIL PROTECTED]> wrote�:
> > Feistel Networks are known to generate only even permutations.
>
> I'd love a reference (*).
D. Coppersmith, and E. Grossman,
Generators for certain alternating groups with applications to cryptography.
SIAM Journal on Applied Mathematics, vol.29, (no.4), Dec. 1975. pp.624-627.
For an online version, try
http://www.jstor.org/fcgi-bin/jstor/viewitem.fcg/00361399/di974693/97p0185i?PAGE=0
(I don't know if this will work for you.)
> Is that starting with a 4 bit cipher ?
Yes, apparently it is! Good catch.
I hadn't realized this before, but looking up the above article shows that
their main theorem is only valid for N-bit Feistel ciphers with N >= 4.
------------------------------
From: "almis" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Silly way of generating randm numbers?
Date: Wed, 3 May 2000 17:40:26 -0500
Jorell Hernandez wrote in message ...
|Is it possible to generate random numbers mathematically that could not be
|reproduced even if you had the algorithm used to generate them?
|
Here I can only parphrase John Von Neumann when he says:
'...Anyone who considers using Arithmetical methods of producing random
digits
is, of course, in a state of sin.'
However; is it possible to generate a sequence of numbers (random not
considered)
which is impossible to reproduce even with the algorithm?
Yes ! Certain classes of transcendentals have the property that the only way
to
reproduce the sequence is to try all (or guess) generating numbers.
I direct you to the paper mentioned in my previous post for those classes.
...al
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
