Cryptography-Digest Digest #814, Volume #11 Thu, 18 May 00 19:13:00 EDT
Contents:
Re: Base Encryption: Revolutionary Cypher ([EMAIL PROTECTED])
Re: Encrypting random data (Tim Tyler)
Re: Base Encryption: Revolutionary Cypher (Eric Lee Green)
columnar transposition ("albert")
Re: NSA hardware evaluation of AES finalists (Paul Koning)
Re: bamburismus (Mok-Kong Shen)
Re: Encrypting random data (Darren New)
Re: Using TEA in one-way hash function ("David C. Oshel")
Re: NSA hardware evaluation of AES finalists (Paul Rubin)
Re: sci.crypt cipher contest ([EMAIL PROTECTED])
Matching substrings in a signature ("Ken Christensen")
Q: Recording on magnetic cards (Mok-Kong Shen)
Re: More on Pi and randomness (Mike Mccarty Sr)
Re: Unbreakable encryption. ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Base Encryption: Revolutionary Cypher
Date: Thu, 18 May 2000 17:15:05 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Eric Lee Green wrote:
> Thus going from 128 bits to
> 129 does not double the number of operations -- it squares the number of
> operations needed to brute-force the cipher.
it doubles.
2^129 / 2^128 == 2
its matter of checking 128 bit keyspace once with 129th bit clear
then checking it again 129th bit set
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOSQI8zBaTVEuJQxkEQJ4VACg2xJ8p00kVa6SK5u7oBpn0Q8/L+MAoInS
NgVXPv2UEh0Yt0oTV/7qVEhq
=DFWs
=====END PGP SIGNATURE=====
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Encrypting random data
Reply-To: [EMAIL PROTECTED]
Date: Thu, 18 May 2000 17:06:21 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] wrote:
:> Say one has a hardware RNG generating truely random numbers (as
:> opposed to PRNs). If this hardware is on one machine, and you want
:> to use the random numbers on a different machine, would it suffice to
:> encrypt the random pad with a stream cypher like (say) RC4, then
:> send the numbers? Is there any way to break such, assuming the
:> RC4 key was distributed securely?
:>
:> If that pad is then decrypted and used as a OTP, is it noticably
:> harder to break the resulting encrypted message than to break the RC4
:> encryption? [...]
: You seem like a very confused individual. [...]
It does make some sense. This protocol even gets diuscussed in BS's AC.
: If I send a OTP pad using RC4 to a friend, then technically we don't
: have a otp anymore, we have RC4 (a variant there-of). So no matter how
: random your OTP is (or how close to unpredictable, etc...) it won't be
: any stronger then RC4 (at best).
*If* the source of randomness is good, it has some advantages over vanilla RC4.
For example, consider the implications of a chosen-plaintext attack on
both schemes. It is not as strong as an OTP, though - a known plaintext
attack would work much the same as it would on plain RC4.
It doubles the size of your messages. It seems unlikely that any benefits
will compensate for this.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Base Encryption: Revolutionary Cypher
Date: Thu, 18 May 2000 17:39:39 GMT
[EMAIL PROTECTED] wrote:
> it doubles.
> 2^129 / 2^128 == 2
>
> its matter of checking 128 bit keyspace once with 129th bit clear
> then checking it again 129th bit set
Sorry about that, you're right. That's why I'm an engineer, not a
mathematician :-).
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: "albert" <[EMAIL PROTECTED]>
Subject: columnar transposition
Date: Thu, 18 May 2000 20:02:26 +0200
Hi,
I've an home work to do : to crack a french text crypted with columnar
transposition, there is the word 'ORDINATEUR' inside.
Could someone help me ?
Here is the text :
ntsus ueire eibps etsio ootuu rpmrn eaicq iunps cnlog euern lndur raose
xnntu dnaeo eseue clton nretd trels
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: NSA hardware evaluation of AES finalists
Date: Thu, 18 May 2000 13:59:55 -0400
Paul Rubin wrote:
>
> In article <[EMAIL PROTECTED]>,
> Ken Lamquist <[EMAIL PROTECTED]> wrote:
> >The encryption times of the AES finalists differed significantly, as
> >you can see from the following table. Rijndael is well ahead of the
> >others, which in my view makes it the leading candidate.
> >
> > time area transistors
> > Rijndael 288.8 46.36 1029,046
> > Serpent 632.6 23.27 345,483
> > Twofish 1223.2 23.04 377,599
> > RC6 1233.2 21.66 430,436
> > Mars 2256.9 127.43 1950,277
>
> That says Rijndael is about 2.2x the speed of Serpent in 2.0x the
> chip area, or about 10% faster for equivalent area. I'd call that
> slightly ahead, not well ahead.
That's true but if you're interested in high performance
the speed per area parameter isn't that interesting. Especially
if you go to 0.2 micron or so feature size... The numbers
for the "minimal" implementation are quite a lot closer.
paul
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: bamburismus
Date: Thu, 18 May 2000 20:24:56 +0200
"Douglas A. Gwyn" wrote:
> Mok-Kong Shen wrote:
> > John Savard wrote:
> > > In the kappa test, ...
> > A presumably very dumb question: Is it correct to consider
> > that such techniques are no longer of interest in the era
> > of modern cryptography, ...
>
> To the contrary, tests like the kappa test are extremely important.
> (They all measure correlation, which of course is a fundamental
> notion in signal analysis.)
I based my conjecture partly on the fact that the term kappa test is
not found in the indices of AC or HAC. Further, I guess that
correlations could be fairly sufficiently suppressed through introducing
some preprocessing, i.e. adding a simple (though weak) encryption
step before the proper encryption, this being practicable now that
most work is done with computers.
M. K. Shen
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Encrypting random data
Date: Thu, 18 May 2000 18:39:54 GMT
Tom St Denis wrote:
> You seem like a very confused individual.
Just ignorant, really. :-)
> So you cannot share random bits over an insecure medium at all, unless
> you are willing to sacrifice randomness at the hands of deterministic
> finite algorithms.
My thought was more along the lines of sharing a hardware RNG over a LAN,
rather than necessarily what I do with the random numbers afterwards. I
didn't have any particular application in mind. I was just trying to figure
out if something like really random numbers encrypted with a decent
encryption were at all breakable by someone listening in on the LAN. Of
course, if they get both the encrypted random numbers and the message
encoded with the decrypted OTP, it'll be easier to break, and I realize now
I'm confused as well as ignorant, having forgotten that the final recipient
is going to need the OTP to decrypt, too.
My thoughts were really about using a hardware RNG over a LAN, rather than
what one does with the bits afterwards. I.e., if I securely transmitted a
RC4 key to HotBits, would that keep people from sniffing my random numbers
from their machine? Would there be any way for people to break that if those
numbers never left my machine again?
Thanks for your thoughts!
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
"I can't believe the whole diswasher is full, and no chopsticks."
------------------------------
From: "David C. Oshel" <[EMAIL PROTECTED]>
Subject: Re: Using TEA in one-way hash function
Date: Thu, 18 May 2000 14:23:25 -0500
In article <3QPT4.1395$[EMAIL PROTECTED]>, "adam pridmore"
<[EMAIL PROTECTED]> wrote:
> >
> > or can i use the "modified Davies-Meyer" that bruce schneider say in 18.11
> > of applied crypto, but using TEA instead of IDEA???
> >
> Or you could use Tandem and Abrest Davies-Meyer with XTea, with a larger
> output of 128-bit.
>
>
op. cit., obviously. Any hints?
--
David C. Oshel mailto:[EMAIL PROTECTED]
Cedar Rapids, Iowa http://pobox.com/~dcoshel
``Tension, apprehension, and dissension have begun!" - Duffy Wyg&, in Alfred
Bester's _The Demolished Man_
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: NSA hardware evaluation of AES finalists
Date: 18 May 2000 19:53:15 GMT
Paul Koning <[EMAIL PROTECTED]> wrote:
>> That says Rijndael is about 2.2x the speed of Serpent in 2.0x the
>> chip area, or about 10% faster for equivalent area. I'd call that
>> slightly ahead, not well ahead.
>
>That's true but if you're interested in high performance
>the speed per area parameter isn't that interesting. Especially
>if you go to 0.2 micron or so feature size... The numbers
>for the "minimal" implementation are quite a lot closer.
Generally you can increase performance by increasing chip area, by
adding more pipelining and so forth. So assuming both scale the same
way, speed per area is still interesting. Changing feature size
doesn't affect the relationship either. And high performance doesn't
necessarily mean trying to get the maximum possible bits/sec through a
single cipher instance. You might want a bunch of instances on the
same chip, so you can do parallel encryption with different keys
(multiple connections in an ATM switch or something). So chip area
still matters.
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: sci.crypt cipher contest
Date: Thu, 18 May 2000 13:08:53 -0700
Tom St Denis wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Is publishing a cipher on the web (including source code) an
> equivalent
> > of exporting it? Is the website accessible from outside the U.S.?
> >
> > Joseph Poe
>
> The server is in the states (to the best of my knowledge) so there is
> no problem sending papers to him. It's just going the other way.
>
> Personally I wouldn't worry about it.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Yes, but he displays it for the whole world.
Joe
------------------------------
From: "Ken Christensen" <[EMAIL PROTECTED]>
Subject: Matching substrings in a signature
Date: Thu, 18 May 2000 15:50:48 -0400
Hello all, cryptography is not my area. so my apologies if this is a stupid
or inappropriate question. Is there a method of encoding or hashing that
would allow one to determine if a substring is contained within a signature
of a string? That is, if "abcdefghij" encrypts to a signature "xyz" (where
"xyz" is much smaller than "abcdefghij"), can I determine if "def" is
contained within "xyz"? The intended application is to take a list of names
and compress them into a signature. Then, with high probability (100%
certainty is not needed!) determine if, say, "John Doe" is contained in the
list given only knowledge of the signature. False hits are perfectly OK,
false misses are not OK, but can be dealt with if necessary. Yes, I do know
about Bloom filters. I am looking for other methods. Efficiency in both
processing and memory are important.
Thanks!
Ken Christensen
http://www.csee.usf.edu/~christen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Recording on magnetic cards
Date: Thu, 18 May 2000 22:37:22 +0200
Sometime back there was discussion about thorough
deletion of information on magnetic disk and its possible
recovery.
A related matter that puzzles me is the following:
There are magnetic cards of the same size of credit
cards with which one can pay, say, in a cafeteria.
One puts the card on a small apparatus and the
amount to be paid will be deducted from what is
current recorded there. I saw however people who
didn't put the card directly on the apparatus but
instead their wallets which contained not only that
paying card but also several of the normal credit
cards. How is it possible that the update action
(presumably with a relatively strong magnetic field)
on the paying card has no interference on the
neighbouring credit cards, i.e. without eventually
deleting or modifying the information recorded there
also? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Mike Mccarty Sr)
Crossposted-To: sci.math
Subject: Re: More on Pi and randomness
Date: 18 May 2000 20:39:01 GMT
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
)In sci.crypt JCA <[EMAIL PROTECTED]> wrote:
)
): If I tell you the decimal in position N in the expansion of Pi
): you won't be able to tell me anything about the following decimal
): sequence short of doing the computation yourself.
)
)Even if you *don't* tell me N, it's still possible to make positive
)statements about the sequence. This was discussed on the other thread:
)according to mathmaticians, PI doesn't behave randomly.
This is not something which can be said with our current level of
knowledge of PI. We can make statements about the first x billion
digits, but we cannot (as yet) make statements about PI.
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Unbreakable encryption.
Date: Thu, 18 May 2000 21:03:41 GMT
Mok-Kong Shen wrote:
> It is yet 'entirely' not clear to me why do you need real arithemtics
> of infinite precisions in encryption at all. Could you show an example?
People who base their cryptosystem's theoretical security on properties
of the real number system require absolute precision in implementation.
Such precision is actually useful (or necessary) in several other
applications. For example, one of the solid-modeling techniques we
were using at BRL cnstructed 3-D models by performing Boolean
operations (intersection, union) on sets of surfaces described by
parameterized formulas (B-splines, or simple solids like truncated
general cones). Tank armor (one of the things we were quite
interested in) would be modeled by unioning adjacent plates. Later
vulnerability analysis involved firing ideal rays to represent
incoming projectile paths, and determining where these shot lines
intersected the modeled vehicle. Well, unioning of adjacent plates
did not necessarily glue them perfectly together, due to errors
inherent in floating-point operations, and (especially when
everything was nicely aligned with a regular orthogonal grid)
sometimes shot lines would fly "through a crack" and not be detected
as hitting the vehicle at all! Obviously we would get woefully
incorrect analyses in such cases.
The moral of the story is that floating-point representation is
an inaccurate model for the real number system, and when the
algorithm requires genuine real numbers, using floating point
is asking for trouble. In such cases, in fact the idea earlier
suggest of representing values by some finitely-specifiable
generating formula is sometimes a good approach. E.g., using
Polish notation:
LET a SQRT 2
LET b SQRT 3
LET c SQRT 6
LET d DIV MUL a b c
PRINT1 IFELSE EQ d 1 "Success" "Failure"
would, in a good symbolic evaluation system, always print
"Success", whereas the typical implementation of C given:
#include <stdio.h>
#include <math.h>
int main(void) {
double a = sqrt(2),
b = sqrt(3),
c = sqrt(6),
d = a * b / c;
printf( d == 1 ? "Success\n", "Failure\n" );
return 0;
}
might print "Failure". In fact, symbolic evaluation systems
exist and are widely used in mathematical research; I usually
use Mathematica, although Maple is perhaps more common in
academic environments.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
