Cryptography-Digest Digest #854, Volume #11 Wed, 24 May 00 20:13:01 EDT
Contents:
Re: Crypto patentability (Mok-Kong Shen)
Re: bamburismus ("Douglas A. Gwyn")
Re: More on Pi and randomness ("Douglas A. Gwyn")
Re: Is OTP unbreakable?/Station-Station ("Douglas A. Gwyn")
Re: Modulu arithmetic additive stripping? (Mok-Kong Shen)
Re: MARS S Box ("Douglas A. Gwyn")
Re: Modulu arithmetic additive stripping? ("Douglas A. Gwyn")
Re: Crypto patentability ("Lyalc")
Re: bamburismus (Mok-Kong Shen)
Re: Is OTP unbreakable?/Station-Station ("Douglas A. Gwyn")
Re: Modulu arithmetic additive stripping? ("Douglas A. Gwyn")
Re: Encryption within newsgroup postings ("Douglas A. Gwyn")
Re: how do you know your decyption worked? (Carb Unit)
Re: safer style sboxes (tomstd)
Re: Observation of Matsui's Sboxes (tomstd)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto patentability
Date: Thu, 25 May 2000 01:14:41 +0200
Paul Pires wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > What do you mean by ''Patent laws and the patent process don't impact
> > or effect [our] area of concern''??? If I design an algorithm using
> rotation,
> > which I 'really' have many times used in my programs (in other fields)
> > since decades, and a certain firm claims that I am imfringing its
> > patent rights, do you mean that that does NOT concern me??? If we
> > recognize (I am not sure that many of us can do that well, I myself
> > at least not fully) "The patent examiner cannot process the patent on
> > it's merits'', is that THE reason that we should close our eyes about what
> > is being practiced in the patent offices in matters of crypto??
>
> Eye closing isn't advocated here. Just another veiwpoint. I think your
> eyes are closed now and you do not see what is going on in those patent
> offices. My point is that I see a bunch of pointing at patents and hear the
> screams of "See how messed up the patent process is". Guilt is assumed by
> association. The patent office doesn't write them.
> I spoke poorly about the patent process not impacting your area of
> concern. I meant that they don't impact this area any more or less than any
> other. Each patient in the emergency room always thinks his affliction is
> more serious than most of the others. The Idea I wanted to get across is
> that this whole rant angainst Patents is not well researched or well thought
> out. Too much "Common knowledge" and perpetuation of myths is going on here.
> You have a forum and an opportunity to discuss and perhaps effect the very
> real problems with the system but I see the discussion breaking up into
> polarized idealogical groups. (and I'm starting to feel very lonely over
> here in mine)
So, if I correctly understand the above (your mentioning about patients
in the emergency room), you are proposing to study and reform
the whole of what the patent office is doing, i.e. the processing of all
kinds of patents and not specifically patents of crypto. That may be a
good way. However, I consider it to be too ambitious. Most of us in
the group, I believe, don't have 'universal' knowledge. Anyway I don't
know what kind of troubles, if any, are there in patents in e.g. the textil
industry. So it is very difficult, I am convinced, for us to formulate very
solid arguments to reform the whole of what the patent office is doing,
such that patents of crypto, as particular cases, also get profited in the
manner we wish (assuming we in the group can agree upon what we
want). Why shouldn't we take on a more humble task of attempting
to achieving some reform in crypto patents only, for which we have
more solid knowledge to support our argumentation? I am of the
opinion (supported by diverse personal experiences) that the chance
of having any problem in real life solved becomes negligibly small,
once the size of its domain exceeds certain thresholds. For example,
there are problems that are likely to be solved at the national level
but hardly or not at all at the international level.If you in the US work
hard, you have a fair chance of solving the unemployment problem
in your country. But to solve the same problem for the whole world
is certainly several orders of magnitude tougher. That's why I propose
to restrict our effort to the specific issue of crypto patents.
Concerning your first paragraph above, I am afraid there is a
misunderstanding on you part. I have never claimed that the persons
at the patent office are guilty for the messy situation. If I were one
of its employees processing the patents, I am not at all sure that I
could do much better! The real problem I can see is that crypto
patents (and more generally software patents) do not well fit into
the 'mechanism' for which the patent laws were conceived long time
ago. In the old times patents were granted to a device, a machine
part and such physical entities or equivalents. It was not too difficult
for someone that was not a full expert in the field to judge whether
the claims of a patent application were (very likely) justified. In many
cased even a layman can see whether a novel apparatus indeed does
appropriately what its designer claims. But with crypto/software
patents it is generally the ideas that are to be patented. To be able to
process such patent applications appropriately, a comparatively much
more profound knowledge in the specific fields is required.If a crypto
patent application claims that a certain sequence of mathematical
operations is novel and particularly efficient in achieving some
cryptographical function, how easy is it for a single employee of
the patent office to judge its correctness, if the same issue, if
posted to our group, probably would barely ever get a unanimous
judgement even after a long series of follow-ups? The employees
of the patent office are not at fault, but the system IS. As I pointed
out elsewhere, having public reviews would help to some (limited)
extent.
> > > How long do you think that patents have been a part of our legal
> system?
> > > It goes way back to old English law. This is not some new social program
> > > that isn't working. This is the culmination of hundreds of years of use.
> My
> >
> > Mmh. Sentencing to death has been practiced since before man could
> > write anything. Yet in most democratic countries of the world that has
> > been eliminated from laws today.
>
> That's just a bit "over the top" don't you think? I point out that this
> has been a working component in a free society for a long time. My intent
> was to show that it probably serves some valuable purpose for the public and
> you associate it with legislated homicide? I'm beginning to suspect that you
> don't appreciate my input.
That's right. You 'effectively' said that, because something has been there
for a long time, the fact that it remains in existence today is a proof of
its being o.k. I definitely can't share such a viewpoint.
> > > Prior art is the big issue. The Patent must not be anticipated by
> any
> > > prior art. Most folks think that means previous patents. It does not.
> Any
> > > publication or offer for public sale is prior art. The examiner can only
> > > search and review what he can find and what the applicant supplies (he's
> > > legally obligated to fully disclose any he knows of). The patent grant
> isn't
> > > home free, any prior art found can invalidate an Issued patent. If you
> think
> > > this stuff was done before, find the publication or sale and link it to
> a
> > > date.
> > > You folks have been doing the single most important thing all along.
> > > This is a public forum where issues described here become the very prior
> art
> > > that will keep a bad patent from being enforced. It won't keep it from
> being
> > > issued. I said the process was beautiful, not omnipotent.
> >
> > What are you actually suggesting here to us?
>
> What I am suggesting is that some problems in the system can be
> addressed now and in fact you folks are doing a real part of it. This public
> discussion of the art publicly discloses common concepts in detail making
> them prior art. Bruce Schneier's post on AES and the Hitachi patents is a
> case in point. Short concise and to the point. Do you think that Hitachi
> won't read it, verify it and decide they probably shouldn't sue for
> infringement based upon the information revealed? This is serious stuff for
> a company. There are downsides to their side of the issue too. They go to
> court and the whole patent will be suspect and redefined. Just because they
> have more money to spend doesn't mean that they like to blow it on lost
> causes. They have no burning desire to be the "Evil Corporate Monsters".
> What I am suggesting is that if you wan't to do more, study the problem
> and find out what happend to cause this and why did it happen. I have and I
> was surpprised that my "Common knowledge" was wrong. It isn't the Office,
> the examiners or the law that is the problem. It is the volume of work, the
> resources that they have and the newness of the feild as a commercial
> endevor. The volume in this area has exploded since Whit Diffie dropped his
> bomb and there aren't a surplus of cryptographers running around to work in
> their special art unit.
See also above. Did I ever claim in my post initiating the present thread
that the patent office or the examiners were at fault? Allow me to quote
what I wrote in a previous follow-up (in response to Runu Knips):
Those who are examining patents at the patent offices are
just like ones working in any other government institutions.
We shouldn't and we don't have a way to do them any
harm. What is needed is a reform of the patent policy
(the principles) and hence the practice.
I suppose you have wrongly interpreted what I wrote in my original
post, i.e. read out something between the lines that actually doesn't
exist.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: bamburismus
Date: Wed, 24 May 2000 23:10:54 GMT
John Savard wrote:
> With proper use of modern algorithms, and the power of the computer
> as an encryption tool, though, one can probably suspect that
> cryptanalysis itself (and not just the kappa test in particular) is
> obsolete or close to obsolete.
Hardly. The main problem is a shortage of qualified analysts in
the face of a proliferation of cryptosystems. My estimate is
that roughly half of the major practical cryptosystems of the
modern era *that have been seriously tackled* have been successfully
cryptanalyzed (under favorable circumstances, not necessarily 100%
of the time). Of course, what has been tackled reflects the practical
interests of the analysts, so scott19u (for example) is probably not
among them, but that doesn't mean it is "more secure", just "less
relevant".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: More on Pi and randomness
Date: Wed, 24 May 2000 23:15:20 GMT
Mok-Kong Shen wrote:
> I am a complete outsider. But I conjecture that interval arithmetics
> might be useful in the present issue.
The trouble with interval arithmetic as it is usually applied
is that the intervals rapidly grow as operations are combined.
A better (not perfect) approach is to perform arithmetic with
distributions replacing values. (The simplest useful method
would be to approximate every distribution as a Gaussian.)
This still tends to degenerate into total noise after a while,
but retains significance longer than does worst-case interval
arithmetic.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: Wed, 24 May 2000 23:19:24 GMT
[EMAIL PROTECTED] wrote:
> One of the major limitations of OTP is its a Station to Station
> Protocol...if there are more then two users having the random
> keypad...sending OTP messages to different users at different times
> is a major headache...you have to sync the random keys..
Usually, a OTP is not shared among more than one link (sender-
receiver pair), precisely in order to avoid having to synchronize
multiple pads. The message originator uses a pad appropriate for
each of the recipients.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Modulu arithmetic additive stripping?
Date: Thu, 25 May 2000 01:31:28 +0200
UBCHI2 wrote:
> Are there properties of non-carrying addition or subtraction that aid in the
> stripping or at least the identification of additives?
Sorry for my poor knowledge; I don't understand what you wrote.
Is 'non-carrying addition or subtraction' a synonym for 'xor'? What
do the terms 'stripping' and 'additives' mean? Could you provide
some examples or analogies? Thanks.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: MARS S Box
Date: Wed, 24 May 2000 23:22:32 GMT
[EMAIL PROTECTED] wrote:
> The MARS document just says that they generate the S Box was generated
> in a "Pseudorandom fashion" and tested for Linear and Differential
> Cryptoanalysis...That is not much detail and a bit vague...
Who cares? It is a fixed, known table no matter how it was created.
It is exceedingly unlikely that the method of generation will have
any effect on the ease of cryptanalysis of the MARS system, given
that the main structural weaknesses have been verified as not present.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Modulu arithmetic additive stripping?
Date: Wed, 24 May 2000 23:27:09 GMT
UBCHI2 wrote:
> Are there properties of non-carrying addition or subtraction that
> aid in the stripping or at least the identification of additives?
No more than to the extent that it makes legitimate decryption
easy as well.
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Crypto patentability
Date: Thu, 25 May 2000 09:31:03 +1000
A couple of thoughts.
1. Can anyone define where crypto starts and stops? An awful lot of fields
of mathematics come into the field of crypto, so the lines are very blurred.
2. An idea can't be patented. A patent describes an implementation of an
idea. e.g. Rotations are an obvious idea - but a specific use of them can
be patented.
3. Just be cause a technique or process is patented does not mean that
another patent cannot include that technique in another process. It does
mean that the 2 patent holders must agree (or not) to share their rights to
use their respective IP in some manner - an issue outside the realm of the
patent office. This is simply business, and allows companies to define what
is 'theirs'.
4. Not all patent owners are rich, or held by big companies.
In an information based enconomy, money is made on ownership of information.
If information has no value, then why pay to ship it around, why pay to
receive it or to create it in the first place?
Lyal
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
>
>Paul Pires wrote:
>
>> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>>
>> > What do you mean by ''Patent laws and the patent process don't impact
>> > or effect [our] area of concern''??? If I design an algorithm using
>> rotation,
>> > which I 'really' have many times used in my programs (in other fields)
>> > since decades, and a certain firm claims that I am imfringing its
>> > patent rights, do you mean that that does NOT concern me??? If we
>> > recognize (I am not sure that many of us can do that well, I myself
>> > at least not fully) "The patent examiner cannot process the patent on
>> > it's merits'', is that THE reason that we should close our eyes about
what
>> > is being practiced in the patent offices in matters of crypto??
>>
>> Eye closing isn't advocated here. Just another veiwpoint. I think
your
>> eyes are closed now and you do not see what is going on in those patent
>> offices. My point is that I see a bunch of pointing at patents and hear
the
>> screams of "See how messed up the patent process is". Guilt is assumed by
>> association. The patent office doesn't write them.
>> I spoke poorly about the patent process not impacting your area of
>> concern. I meant that they don't impact this area any more or less than
any
>> other. Each patient in the emergency room always thinks his affliction is
>> more serious than most of the others. The Idea I wanted to get across is
>> that this whole rant angainst Patents is not well researched or well
thought
>> out. Too much "Common knowledge" and perpetuation of myths is going on
here.
>> You have a forum and an opportunity to discuss and perhaps effect the
very
>> real problems with the system but I see the discussion breaking up into
>> polarized idealogical groups. (and I'm starting to feel very lonely over
>> here in mine)
>
>So, if I correctly understand the above (your mentioning about patients
>in the emergency room), you are proposing to study and reform
>the whole of what the patent office is doing, i.e. the processing of all
>kinds of patents and not specifically patents of crypto. That may be a
>good way. However, I consider it to be too ambitious. Most of us in
>the group, I believe, don't have 'universal' knowledge. Anyway I don't
>know what kind of troubles, if any, are there in patents in e.g. the textil
>industry. So it is very difficult, I am convinced, for us to formulate very
>solid arguments to reform the whole of what the patent office is doing,
>such that patents of crypto, as particular cases, also get profited in the
>manner we wish (assuming we in the group can agree upon what we
>want). Why shouldn't we take on a more humble task of attempting
>to achieving some reform in crypto patents only, for which we have
>more solid knowledge to support our argumentation? I am of the
>opinion (supported by diverse personal experiences) that the chance
>of having any problem in real life solved becomes negligibly small,
>once the size of its domain exceeds certain thresholds. For example,
>there are problems that are likely to be solved at the national level
>but hardly or not at all at the international level.If you in the US work
>hard, you have a fair chance of solving the unemployment problem
>in your country. But to solve the same problem for the whole world
>is certainly several orders of magnitude tougher. That's why I propose
>to restrict our effort to the specific issue of crypto patents.
>
>Concerning your first paragraph above, I am afraid there is a
>misunderstanding on you part. I have never claimed that the persons
>at the patent office are guilty for the messy situation. If I were one
>of its employees processing the patents, I am not at all sure that I
>could do much better! The real problem I can see is that crypto
>patents (and more generally software patents) do not well fit into
>the 'mechanism' for which the patent laws were conceived long time
>ago. In the old times patents were granted to a device, a machine
>part and such physical entities or equivalents. It was not too difficult
>for someone that was not a full expert in the field to judge whether
>the claims of a patent application were (very likely) justified. In many
>cased even a layman can see whether a novel apparatus indeed does
>appropriately what its designer claims. But with crypto/software
>patents it is generally the ideas that are to be patented. To be able to
>process such patent applications appropriately, a comparatively much
>more profound knowledge in the specific fields is required.If a crypto
>patent application claims that a certain sequence of mathematical
>operations is novel and particularly efficient in achieving some
>cryptographical function, how easy is it for a single employee of
>the patent office to judge its correctness, if the same issue, if
>posted to our group, probably would barely ever get a unanimous
>judgement even after a long series of follow-ups? The employees
>of the patent office are not at fault, but the system IS. As I pointed
>out elsewhere, having public reviews would help to some (limited)
>extent.
>
>> > > How long do you think that patents have been a part of our legal
>> system?
>> > > It goes way back to old English law. This is not some new social
program
>> > > that isn't working. This is the culmination of hundreds of years of
use.
>> My
>> >
>> > Mmh. Sentencing to death has been practiced since before man could
>> > write anything. Yet in most democratic countries of the world that has
>> > been eliminated from laws today.
>>
>> That's just a bit "over the top" don't you think? I point out that
this
>> has been a working component in a free society for a long time. My intent
>> was to show that it probably serves some valuable purpose for the public
and
>> you associate it with legislated homicide? I'm beginning to suspect that
you
>> don't appreciate my input.
>
>That's right. You 'effectively' said that, because something has been there
>for a long time, the fact that it remains in existence today is a proof of
>its being o.k. I definitely can't share such a viewpoint.
>
>> > > Prior art is the big issue. The Patent must not be anticipated by
>> any
>> > > prior art. Most folks think that means previous patents. It does not.
>> Any
>> > > publication or offer for public sale is prior art. The examiner can
only
>> > > search and review what he can find and what the applicant supplies
(he's
>> > > legally obligated to fully disclose any he knows of). The patent
grant
>> isn't
>> > > home free, any prior art found can invalidate an Issued patent. If
you
>> think
>> > > this stuff was done before, find the publication or sale and link it
to
>> a
>> > > date.
>> > > You folks have been doing the single most important thing all
along.
>> > > This is a public forum where issues described here become the very
prior
>> art
>> > > that will keep a bad patent from being enforced. It won't keep it
from
>> being
>> > > issued. I said the process was beautiful, not omnipotent.
>> >
>> > What are you actually suggesting here to us?
>>
>> What I am suggesting is that some problems in the system can be
>> addressed now and in fact you folks are doing a real part of it. This
public
>> discussion of the art publicly discloses common concepts in detail making
>> them prior art. Bruce Schneier's post on AES and the Hitachi patents is a
>> case in point. Short concise and to the point. Do you think that Hitachi
>> won't read it, verify it and decide they probably shouldn't sue for
>> infringement based upon the information revealed? This is serious stuff
for
>> a company. There are downsides to their side of the issue too. They go to
>> court and the whole patent will be suspect and redefined. Just because
they
>> have more money to spend doesn't mean that they like to blow it on lost
>> causes. They have no burning desire to be the "Evil Corporate Monsters".
>> What I am suggesting is that if you wan't to do more, study the
problem
>> and find out what happend to cause this and why did it happen. I have and
I
>> was surpprised that my "Common knowledge" was wrong. It isn't the Office,
>> the examiners or the law that is the problem. It is the volume of work,
the
>> resources that they have and the newness of the feild as a commercial
>> endevor. The volume in this area has exploded since Whit Diffie dropped
his
>> bomb and there aren't a surplus of cryptographers running around to work
in
>> their special art unit.
>
>See also above. Did I ever claim in my post initiating the present thread
>that the patent office or the examiners were at fault? Allow me to quote
>what I wrote in a previous follow-up (in response to Runu Knips):
>
> Those who are examining patents at the patent offices are
> just like ones working in any other government institutions.
> We shouldn't and we don't have a way to do them any
> harm. What is needed is a reform of the patent policy
> (the principles) and hence the practice.
>
>I suppose you have wrongly interpreted what I wrote in my original
>post, i.e. read out something between the lines that actually doesn't
>exist.
>
>M. K. Shen
>--------------------------
>http://home.t-online.de/home/mok-kong.shen
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: bamburismus
Date: Thu, 25 May 2000 01:43:01 +0200
"Douglas A. Gwyn" wrote:
> John Savard wrote:
> > With proper use of modern algorithms, and the power of the computer
> > as an encryption tool, though, one can probably suspect that
> > cryptanalysis itself (and not just the kappa test in particular) is
> > obsolete or close to obsolete.
>
> Hardly. The main problem is a shortage of qualified analysts in
> the face of a proliferation of cryptosystems. My estimate is
> that roughly half of the major practical cryptosystems of the
> modern era *that have been seriously tackled* have been successfully
> cryptanalyzed (under favorable circumstances, not necessarily 100%
> of the time). Of course, what has been tackled reflects the practical
> interests of the analysts, so scott19u (for example) is probably not
> among them, but that doesn't mean it is "more secure", just "less
> relevant".
Your estimate, if true and assuming that nothing besides the algorithms
is at fault (i.e. no handling or key management errors, etc.), is
alarming.
I think one should well consider the applicability of multiple encryptions
even if algorithms of the genre AES are available.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: Wed, 24 May 2000 23:38:59 GMT
Also, for broadcast uses (such as the "numbers stations"), a pad
would be associated with a particular originator, who would
send the message just once then destroy the pages used.
(Typically there will be a starting-page indicator sent with
the message, so the recipients can immediately start deciphering.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Modulu arithmetic additive stripping?
Date: Wed, 24 May 2000 23:40:13 GMT
Mok-Kong Shen wrote:
> Is 'non-carrying addition or subtraction' a synonym for 'xor'? What
> do the terms 'stripping' and 'additives' mean? Could you provide
> some examples or analogies? Thanks.
Those are all standard terms from classical (WWII era) cryptanalysis
and are explained in MilCryp, for example.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Encryption within newsgroup postings
Date: Wed, 24 May 2000 23:42:57 GMT
Anton Stiglic wrote:
> I don't think that there is a two letter word in english
> that has the same two letters (in french neither...).
My friend the witch doctor,
He told me what to do.
He said:
Oo, ee, oo aa aa,
Ting tang, walla walla bing bang.
...
------------------------------
From: Carb Unit <[EMAIL PROTECTED]>
Subject: Re: how do you know your decyption worked?
Date: Wed, 24 May 2000 19:08:18 -0400
Dan Day wrote:
> On Tue, 23 May 2000 09:16:58 +0200, Runu Knips <[EMAIL PROTECTED]>
> wrote:
> >A not much less secure way is to store a one way hash of the
> >plaintext at the end or start of the plaintext.
>
> All of the answers so far to "Carb Unit's" question assume
> that he's asking how an encryption/decryption program can verify
> that the user provided the correct key for decryption.
>
> However, I don't think that's what he's actually asking.
>
> Instead, I think he's asking how a cryptanalyst can tell when
> he has correctly "broken" the encryption and recovered the
> original plaintext, given that the "plaintext" may not be text,
> or very "plain", and it may be difficult for the cryptanalyst to
> distinguish the desired plaintext from the gibberish that
> results from an improper decryption.
>
Yes, that's what I wanted, and well put. (Sometimes often it takes a
certain critical mass of knowledge to even frame the question correctly.
I'm not quite there yet. :)
>
> --
> "How strangely will the Tools of a Tyrant pervert the
> plain Meaning of Words!"
> --Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
Subject: Re: safer style sboxes
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 24 May 2000 16:53:46 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Mark Wooding) wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>> How exactly do you calculate the DP given a probability 'p'
and 'n'
>> active sboxes?
>
>If p_i is the probability of the characteristic you want
through S-box
>i, then the total probablity is
> _____
> | |
> | | p_i
> i
>
>assuming they're independent, which would be probably
reasonable.
So if the trait had a 1/4 prob of going thru sbox 1, and 1/8
going thru sbox 2, then the overal prob is 1/32?
That's is if I do S2(S1(delta_x)) = delta_y?
If S1 = S2, then it's just the square, or in this case 1/16?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Observation of Matsui's Sboxes
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 24 May 2000 16:55:51 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> If the A() function you sent is the sbox, then it's flawed, no
>> matter what transform you do before/after.
>
>No. The S-box is S(x) = A(I(x)). It's the composition of both
>operations.
>
>Was I really that unclear?
No I get what you are saying, I am just pointing out neither A
or I follow SAC. My question is does S follow sac? I will test
it later tonight.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
