Cryptography-Digest Digest #760, Volume #11 Fri, 12 May 00 13:13:01 EDT
Contents:
Re: An argument for multiple AES winners (DJohn37050)
Re: Cipher contest analysis [several] (Tom St Denis)
Algorithm using neural networks? ("Axel Lindholm")
Re: UK issue; How to determine if a file contains encrypted data?
([EMAIL PROTECTED])
Re: (May 11, 2000) Cipher Contest Update (David A Molnar)
Re: An argument for multiple AES winners (Mok-Kong Shen)
Re: AES final comment deadline is May 15 (Mok-Kong Shen)
Re: Algorithm using neural networks? ("matt")
Re: AES final comment deadline is May 15 (Bernie Cosell)
Re: UK issue; How to determine if a file contains encrypted data? ("matt")
Some U.S. Government's PKI scheme (Markku J. Saarelainen)
Re: How does one test an encryption algorithm? (John)
Re: How does one test an encryption algorithm? (John)
Re: How does one test an encryption algorithm? (Mark Wooding)
Re: An argument for multiple AES winners (Mark Wooding)
Re: the future of "mindspace"? (Kirby Urner)
Re: Prime Generation in C,C++ or Java (John Myre)
Re: Why no civilian GPS anti-spoofing? / proposal (Paul Koning)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: An argument for multiple AES winners
Date: 12 May 2000 12:32:20 GMT
It might be seen as bad publicity for Hitiachi, but who knows?
Some Hollywood wag is reputed to have said, "There is no bad publicity, just
publicity."
Don Johnson
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Cipher contest analysis [several]
Date: Fri, 12 May 2000 12:25:30 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mark Wooding) wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> > expressions like 'a = 2a + b' are not technically valid
>
> Yes, they are; they just mean different things from what a C
> programmer would expect. The above implies simply that a = -b,
> which is a
> completely reasonable thing to assert, although not what's actually
> intended.
I was just trying to be a bit mathematically correct.
> > The key schedule is too simple to explain, just look at the
> > supplied source code.
>
> You should aim to make your textual description detailed and
> precise enough for someone to be able to make a compatible
> implementation given no other information. `Look at the source',
> in my opinion, doesn't cut it.
Well I was kinda rushing to get it out there... but I can describe
it... I also found acouple of spelling errors... hehe
Anyways, what does the group think of the cipher anyways?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: Public Key at http://www.tomstdenis.com
iQCVAwUBORwjYXDaq5QeLg0RAQGBLAQAtey5+fUm5Ab0A6bmXUFctfOs9ZgJ3kJU
JEiP+W3hmE4l8RUFSxSVEJx2GISnP9kek4uHGspdjux/OQWOHcZkF4HiePmXN4+5
8SgUbZYLUBACaEsasnGyVsba/60pssGHN4cY1JqbcC7W+0n+/dpM+7KLN55iMVch
2i3Fk3hXU+4=
=BmLj
=====END PGP SIGNATURE=====
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Axel Lindholm" <[EMAIL PROTECTED]>
Subject: Algorithm using neural networks?
Date: Fri, 12 May 2000 15:12:14 +0200
I just came up with a small idea for a slightly unusual encryption
algorithm, let the data be processed through a neural network! I don't know
if there already exists something like this, but it hit me that the idea
might not be too bad.
Say you'll create a network to pass the data through, then there must be
some way of creating an inverse network that can transform it into it's
original content. This could be used as a public key encryption system this
way. The problem is that I don't have a clue on how hard it might be to
generate one network using the information the other one gives. A good thing
about this system might be that noone knows the encryption algorithm, even
the person who has the network weights should have quite a problem creating
an algorithm out of a big network with 100-200 cells.
Does anyone know if this has been tried before? Is it totally impossible?
Feel free to share your thoughs with me!
Axel Lindholm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: UK issue; How to determine if a file contains encrypted data?
Date: Fri, 12 May 2000 13:10:56 GMT
On Fri, 12 May 2000 13:31:16 +0200, Runu Knips
<[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> This thread seems to neglect the fact that while being too random may
>> be cause for suspicion on the part the police, it is not proof that
>> the apparently random bits are in fact ciphertext.
>
>Correct, this has been stated by multiple people in this thread,
>including my little existence.
>
>> In the absence of access to keys which will prove that it is ciphertext,
>> by deciphering it, they cannot prove anything. It is more likely that
>> they will rely on circumstantial evidence, such as the number of such
>> files, the presence of encryption software on the machine, and traffic
>> analysis. All this doesn't necessarily amount to proof however.
>
>But the policemen don't need to search for further proofs.
Why dont they?
<Begin quote from Foundation for Information Policy Research
(www.fipr.org) News Release, Thurs 10th Feb 2000>
(Clause 49): to prove non-compliance with notice to decrypt, the
prosecution must prove person "has or has had" possession of the key.
<End quote>
So if they cannot prove the apparently random file is cipher text to
which a key exists, they cannot prove that the person has or has had a
key.
>The
>only proof you can have that a random sequence is ciphertext is
>if you know the cipher and the cipher key, which lead into some
>valid plaintext.
Indeed so the police (or prosecution) cannot prove that the persone
has or has had a key to what they dont know is cipher text.
>In fact, you can give them any key and any cipher, stating that
>the data you've enciphered was random data. But I fear nobody
>would believe you.
>
>> My guess is that it is a classic example of a law, like alcohol
>> prohibition, that will simply force the prohibited activity
>> underground, so that the ordinary punter has less access, while the
>> seriously bad guys simply invest in more sophisticated set ups that
>> will maintain their access and be pretty much unpoliceable.
>
>Which means Steganography might become quite popular in Britain. Or
>the thankful crypto filesystem of Linux where you can always hide
>additional data without letting people know.
I suspect that since a file of pure ciphertext is indistinguishable
from random numbers, police and prosecutors in the UK will not be able
to rely on the discovery files of apparently random numbers if they
want to have any hope of making their case.
There are other fallacious posts in this thread - eg the suggestions
about sending the Home Secretary encrypted files. As I understand it,
the intended effect of clause 49, as summarised above, is that
possesssion of what appears to be an encrypted file is not sufficient.
Cl 49 was introduced specifically to address the objection to the case
where a person may never have had possession of the key ("encrypted
e-mail out of the blue").
What will cause people trouble under the UK law is if they have, for
example, PGP, and the key ring shows there are keys associated with
their email id and they decline to make those keys available to the
police.
The critical challenge to the UK law will not be using stenography to
hide the cipher text, but rather devising encryption apps that give no
appearance of being an encryption app.
So who is going to be the first person to devise an encryption app
that is itself completely hidden and undetectable?
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: (May 11, 2000) Cipher Contest Update
Date: 12 May 2000 03:32:54 GMT
Adam Durana <[EMAIL PROTECTED]> wrote:
> MMBOOZE. Next in fourth place is PIKACHU and LJA1, by Tom St Denis and
> Andru Luvisi respectively. These two ciphers were submitted today (May
> 11th).
Pikachu? Gotta break 'em all!
> cipher, i.e. no reduced round variants. I would define a successful attack
> as an attack which is able to recover the plaintext, or key from the
> ciphertext, with less work than brute force. Now if the key space was say
What about an attack which just distinguishes the cipher from an
"ideal" or "truly random" permutation over the blocksize? That is,
suppose I am able to prove that a cipher always outputs blocks with even
parity or something else that doesn't "look random," but I can't turn
that into a key-recovering or plaintext-recovering attack. What happens
then?
Thanks,
-David
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Fri, 12 May 2000 15:43:22 +0200
DJohn37050 wrote:
> It might be seen as bad publicity for Hitiachi, but who knows?
>
> Some Hollywood wag is reputed to have said, "There is no bad publicity, just
> publicity."
To be honest, I personally see that to be good publicity. What's bad??
If I were the manager of Hitachi, I would definitely do that.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 15:56:45 +0200
Runu Knips wrote:
>
> > Why does the crypto community pay so little attention to it?
>
> There are still many people which believe XYZ, their well-known
> cipher, is more trustable and got more attention than the AES
> candidates. I don't think so. No other algorithm got more
> (public) interest than these.
That doesn't seem to have well addressed my question.
> > Do people take the standpoint that AES will certainly come out
> > to be perfect and satisfactory in all respects because the
> > best of best of academics are doing that job and hence it is a
> > waste of time to care anything about it?
>
> Hey, I surely think there are far better cryptoanalytics out
> there, than me ;-) I've still problems to understand what this
> GF(anything) thing really means etc. I've still found no time
> to study this mass of papers about AES at home. At least in my
> case its just a hobby.
I mean the crypto community as such. I don't think that you think
that you are the representative.
> > That attitude could eventually become regretful, should it turn
> > out, e.g. that users would have to pay substantial patent license
> > fees for applying that non-plus-ultra encryption algorithm.
>
> I don't understand; the AES candidates shouldn't be patented ?
> (I know there have been some claims there are patents, but I
> don't think they're real and will withstand the pressure of a
> worldwide interest to have AES for free).
According to NIST's intention (as far as I understand) the
users of the AES winner shouldn't have to pay patent royalities.
What do you mean by worldwide pressure? Why do you think
that a patent holder should give up his legitimate rights? For
ethical or humanitary reasons perhaps??
M. K. Shen
------------------------------
From: "matt" <[EMAIL PROTECTED]>
Subject: Re: Algorithm using neural networks?
Date: Fri, 12 May 2000 22:18:01 +0800
Sounds interesting....
I don't have much mathematic/cryptographic background, but one prob I
can see is that if the network is different each time, some times it
would be possible to get a very insecure encryption scheme happening,
which would not be wanted. You would have to analyse each network when
it is used, requiring a fair bit of effort, if it is actually
possible.
Just a thought.
Matt.
"Axel Lindholm" <[EMAIL PROTECTED]> wrote in message
news:lqTS4.1303$[EMAIL PROTECTED]...
> I just came up with a small idea for a slightly unusual encryption
> algorithm, let the data be processed through a neural network! I
don't know
> if there already exists something like this, but it hit me that the
idea
> might not be too bad.
>
> Say you'll create a network to pass the data through, then there
must be
> some way of creating an inverse network that can transform it into
it's
> original content. This could be used as a public key encryption
system this
> way. The problem is that I don't have a clue on how hard it might be
to
> generate one network using the information the other one gives. A
good thing
> about this system might be that noone knows the encryption
algorithm, even
> the person who has the network weights should have quite a problem
creating
> an algorithm out of a big network with 100-200 cells.
>
> Does anyone know if this has been tried before? Is it totally
impossible?
> Feel free to share your thoughs with me!
>
> Axel Lindholm
>
>
------------------------------
From: Bernie Cosell <[EMAIL PROTECTED]>
Subject: Re: AES final comment deadline is May 15
Date: Fri, 12 May 2000 10:11:09 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
} DJohn37050 wrote:
}
} > This is just a reminder that the AES final comment deadline is May 15. See
} > http://www.nist.gov/aes for details.
}
} Maybe I am wrong, but I have the impression that AES has
} somehow attracted much less attention than it evidently
} deserves.
And I'm wondering whether once AES appears if we'll be treated to a decade
of folks alleging that NSA stuck a trap door into whatever-scheme-wins..:o)
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
------------------------------
From: "matt" <[EMAIL PROTECTED]>
Subject: Re: UK issue; How to determine if a file contains encrypted data?
Date: Fri, 12 May 2000 22:28:08 +0800
I'm sure i've seen satellites with my naked eye, orbiting the earth
(away from bright city lights). They can be seen from the sun
reflecting off them (at least I don't think they have lights on
them.....). Maybe secret satellites should be painted jet black, or
like stealth bombers.
Until then, blinding sounds like the correct method to prevent
satellite tracking.....
Matt.
"zapzing" <[EMAIL PROTECTED]> wrote in message
news:8ff35s$p2r$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Jeffrey William <[EMAIL PROTECTED]> wrote:
> >
> >
> > zapzing wrote:
> >
> > >
> > > Here in America, they are thinking
> > > of outlawing the science of Astronomy,
> > > because some astronomers have taken to
> > > tracking low earth orbit objects,
> > > including fedgov spy sattelites. They
> > > don't like that, so they just talk
> > > about outlawing astronomy. So when
> > > you find a favorable country, let me
> > > know.
> >
> > Being an astronomy buff living in the USA, I was taken aback by
this
> > statement. Could you please provide some references about this?
And
> how
> > could you possibly
> > outlaw astronomy? Blind the entire populace?
>
> It was in this week's Time magazine, the one
> with the Love Bug on the cover. The title
> of the article was "Quick, hide the tanks!".
> It was about a group of amateur astronomy
> buffs who track military sattelites. It said
> that they were considering outlawing the
> practice. And, since one would obviously
> not neccissarily know which sattelites were
> top-secret ones, it would become illegal to
> track any sattelite under this proposal.
>
> Unless of course they told us which
> satellites not to track, but there are
> obvious problems with that, too :)
>
> As for your idea of blinding the entire
> populace, I wouldn't give them any ideas.
>
> --
> Do as thou thinkest best.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.nordic,soc.culture.russian
Subject: Some U.S. Government's PKI scheme
Date: Fri, 12 May 2000 14:48:04 GMT
http://search.gsa.gov/query.html?
rq=0&col=www&qp=&qt=certificates&qs=&qc=&ws=0&qm=0&st=1&nh=10&lk=1&rf=0&
oq=&rq=0
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: How does one test an encryption algorithm?
From: John <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 08:30:41 -0700
I know a lot of people who share encrypted data and don't know
how the algorithm works. This is true for most people using SSL
and many mail systems.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: How does one test an encryption algorithm?
From: John <[EMAIL PROTECTED]>
Date: Fri, 12 May 2000 08:32:54 -0700
If you know the algorithm, but not the key, you still have a lot
of work to do.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: How does one test an encryption algorithm?
Date: 12 May 2000 15:59:53 GMT
John <[EMAIL PROTECTED]> wrote:
> If you know the algorithm, but not the key, you still have a lot
> of work to do.
No. They key is provided at run-time as an argument. I was talking
about implementing ciphers, not cryptanalysing them.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: An argument for multiple AES winners
Date: 12 May 2000 16:01:35 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> To be honest, I personally see that to be good publicity. What's bad??
> If I were the manager of Hitachi, I would definitely do that.
Could be something to do with being seen to be a bunch of opportunistic
money-grabbing bastards, I suppose.
-- [mdw]
------------------------------
From: Kirby Urner <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.politics.org.nsa
Subject: Re: the future of "mindspace"?
Reply-To: [EMAIL PROTECTED]
Date: Fri, 12 May 2000 09:12:04 -0700
Lots of different namespaces though. Schools of thought
remain cryptic to one another, while clear to themselves
internally. Takes time to decode -- not in an AI sense,
but in learning to read an alien tongue (usually you
recruit someone who has already learned it, if time is
of the essence). It's a misapprehension to think that
just because you got something in readable ascii, that
you understand it. On the contrary, it's after you've
cracked the AI stuff (PGP, RSA or whatever), that the
real fun begins.
What you say about lurkers sweeping for embedded intelli-
gence is already the case of course, but doesn't require
surrender of anonymity, on the part of the lurkers
especially.
What's true is that the line between "public" and "private"
person is changing, making it easier for the nameless and
faceless to have a name and face overnight, if that's
what they want. But we've always institutionalized the
ability to abandon a mask, if you really blow it with
one of your trial balloon identities/personas (kind of
like in that movie 'Bedazzled', funny). A lot of folks
are using the internet for that (self recasting) are
would be loathe to give it up.
Fine with me (if we preserve the "play acting" possibilities)
but at some point you may decide to commit and and "be a
real self", which entails holding yourself accountable
for your identity and its consequences. That's when the
more "public" phase begins, and it's a great game, because
some doors only open to those with commitment, i.e. if
your goal is to always play on the edge of pure anonymity,
you'll never get the kinds of responsibilities that go
with permanent identity. If your game is to simply
vanish in squid ink everytime you're cornered in tough
circumstances, you won't grow "beyond flatland" (being
a somewhat cardboard or wooden character, strictly one
or two dimensional).
On the other hand, there's the big fish in a small ocean
syndrome: you can have it both ways to some extent, by
being a top dog or big cheese in some local sandbox, or
playground, while remaining essentially anonymous to that
great world out there. Many of us have settled in such
a circumstance, and find it congenial (we want respect
from peers whom we respect, don't necessarily crave to
be celebrities on the world stage, as household names
or anything like that).
So I think we'll continue to have this gray area in
cyberspace, with many options for those who want to
flirt with identities but not commit to them, and for
those ready to merge public and private at a higher
level, so that they might pursue whatever high stakes,
high commitment careers.
Kirby
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Prime Generation in C,C++ or Java
Date: Fri, 12 May 2000 10:27:55 -0600
Mark Wooding wrote:
>
> David Hopwood <[EMAIL PROTECTED]> wrote:
>
> [snip]
>
> > an application program can't rely on the 'certainty' parameter
> > implying the use of that number of iterations of any specific test.
>
> This is true. In relation to the information I posted previously, I
> assert that this is a shining example of broken interface design.
What's wrong with the interface?
>From a caller's point of view, it seems just right. Instead of
having to know what kind of test, or how many loops, or anything
like that, the caller gets to specify the quality of the result.
> Running 40 Rabin-Millers (or Fermats -- they're about the same speed;
> Solovay-Strassen is slower) on a 1024-bit number is a total waste of
> time.
>
> -- [mdw]
Are you saying that the caller should be able to specify how
much computation to do? Or something else?
John M.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Fri, 12 May 2000 12:46:58 -0400
zapzing wrote:
>
> In article <8fdh0n$jpl$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Paul Rubin) wrote:
> > In article <8fdg6h$vhn$[EMAIL PROTECTED]>, zapzing
> <[EMAIL PROTECTED]> wrote:
> > >If you are using a public key system, then you would include the time
> > >in the message block that is being encrypted. Everyone could decode
> > >and see that at least the signal claims to have been sent at such and
> > >such a time. And since only the legitimate transmitters have the
> > >encoding key, it must have come from a legitimate transmitter. Not
> > >susceptible to a replay attack. No Problemo.
> >
> > The thing is, there's not exactly a message block being encrypted or
> > signed. It's more complicated than that, and it's not obvious that
> there's
> > a workable answer.
> >
> I'm a little canfused, are you the same Paul Rubin
> who wrote the following:
> ...
> ??
> Did you recently come upon some new
> information?
How about the stuff that was discussed here?
GPS just doesn't fit the starting assumptions. For one
thing, it isn't a matter of "include the time" since a GPS
signal is primarily a very precise time signal! So time
is already there, and time is exactly what is the issue
to determine position. The user terminal doesn't have
a more accurate time reference to verify against.
Spoofing can be done simply by replaying the good
data with a slight delay.
If you have more than the minimum (i.e., more than 4, unless
you're at sea in which case more than 3) you can detect
one or possibly more bad signals by the fact that they
disagree with the others. Of course, if there are 6 satellites
in view and I spoof 4, you're hosed (unless you have other
non-GPS nav data to crosscheck).
Hm. Given that you can spoof by replaying, isn't the P/Y
code vulnerable too? Perhaps it counts on the difficulty
of replaying a spread spectrum signal if you don't have
a way to lock onto the spreading code. But that seems
like a thin shield...
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
