Cryptography-Digest Digest #913, Volume #11 Thu, 1 Jun 00 17:13:01 EDT
Contents:
Re: Contest rule proposal (tomstd)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
(George Edwards)
Re: any public-key algorithm ("Eric Verheul")
Re: Matrix key distribution? (Mok-Kong Shen)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Dave Howe)
Re: No-Key Encryption (David Hopwood)
Re: Tableaus Revisited, Again (Jim Reeds)
Re: Contest rule proposal ("Adam Durana")
Finding primitive polynomials via the Berlekamp method? (lordcow77)
Re: Contest rule proposal ("Paul Pires")
Re: Contest rule proposal ("Paul Pires")
Re: Tableaus Revisited, Again (Mok-Kong Shen)
Re: DVD encryption secure? -- any FAQ on it (Gisle S�lensminde)
----------------------------------------------------------------------------
Subject: Re: Contest rule proposal
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 01 Jun 2000 13:21:52 -0700
In article <[EMAIL PROTECTED]>, Andru Luvisi
<[EMAIL PROTECTED]> wrote:
>I propose a rule that all algorithms for the sci.crypt crypto
contest
>must be in the public domain. Please note, I am talking about
the
>algorithms, and not the sample code.
>
>I believe this rule is within the spirit of openly exchanging
ideas
>which the contest was started with. I'm fine with letting
Chutzpah
>stay, being "grandfathered in" so to speak, but I think that
allowing
>more patented algorithms to be submitted would be
counterproductive.
Like all my productions, my ciphers in the contest are
completely free for any use. Despite the words of caution "DONT
USE THEM UNLESS YOU ARE UPTO IT".
This includes my newer cipher TC2 which I will formally present
for the contest after my finals.
Now I really have to get back to my studying. (hehe this group
is addictive).
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: George Edwards <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Thu, 1 Jun 2000 20:23:20 +0100
In article <[EMAIL PROTECTED]>, Jim <amadeus@DELETE_TH
IS.netcomuk.co.uk> writes
>
>>Should we put the bomb in McDonalds or Tesco then?
>
>Do McDonalds...leave Tesco alone.
but Tesco use GM in their brown sauce... surely a heinous crime against
humanity?
Oh, hang on. Catterick.
OK, let them eat GM
--
George Edwards
------------------------------
From: "Eric Verheul" <[EMAIL PROTECTED]>
Subject: Re: any public-key algorithm
Date: Thu, 1 Jun 2000 22:11:29 +0200
> Sure DH-LUC is not widely used. Even much less that ECC. But your
> paper gives the impression that you are just presenting a warmed
> over and disguised version of DH-LUC with a few performance tweaks.
> The conspicuous absence of any comparison with DH or DH-LUC only
> reinforces the impression. I think to myself, "if they had thought
> they had something significantly better than DH-LUC, they would
> have said so".
If you had read the asiacrypt99 paper (available on www.ecstr.com), or had
read the XTR paper
thoroughly you wouldn't had that impression.
Eric
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Matrix key distribution?
Date: Thu, 01 Jun 2000 22:47:36 +0200
Mok-Kong Shen wrote:
> Benjamin Goldberg wrote:
>
> > Michael Brown wrote:
> > >
> > > Benjamin Goldberg <[EMAIL PROTECTED]> wrote
> > > > Perhaps this seems like a silly question, but what if matrix C isn't in
> > > > any special format, but whose only property is that it's non-invertable?
> > > For C to be singular either one (or more) row(s) has to be a combination of
> > > the other rows or one (or more) column(s) have to be a multiple of the
> > > other columns. The matrix C is based on the first idea with the second row
> > > being a multiple, in this case m, of the first row. I suspect that is still
> > > would be insecure if the matrix C used the other method though.
> >
> > Don't forget that we're working in modulo 2^32 ... There is therefor
> > another,
> > simpler way to make C be non-invertable: Make all 4 numbers even.
>
> However, the opponent, knowing this, can divide the matrix with 2.
>
> If a matrix is n*n, there are n diagonal elements, i.e. n degrees of
> freedom, and we can put in there arbitrary values of Z_2m. It is at
> least heuristically clear that a set of values (not necessarily all even)
> of the diagonal elements can (excepting perhaps extremely
> pathological cases) be easily found such that the matrix is
> non-invertible in Z_2m. (We let the plaintext occupy only the
> off-diagonal elements, so that the diagonal elements are free at
> our disposal. Incidentally, the same issue underlies a tiny remark
> I made in my recent post entitled 'Note on the Hill cipher (II)'.)
> I have no proof, but I strongly conjecture that rendering the matrix
> C non-invertible in this (general) way could eventually turn out to
> be the modification that is needed to render the original scheme to
> become a really functioning one.
Addendum:
A matrix is non-invertible in Z_2m, if its determinant
has no inverse in Z_2m, i.e. is even. In the version I
suggested, the diagonal elements of the matrix C are
to be arbitrarily chosen such that this condition is
satisfied. Obviously there is at least one solution,
namely when each diagonal element is equal to the
negative of the sum of all other elements of the same
row. It is certainly heuristically clear that there are
(abundant) other solutions (for the same off-diagonal
elements, which are from the given plaintext). Pending
a rigorous proof of this, one could on the other hand
suspect that there is a possiblity that all these
solutions are 'dependent' in some sense, meaning that
the solution is 'effectively' unique, which in turn
could mean that we would have a situation similar to
the unfavourable case described in the first post of
the initiator of the current thread. To cope with this
(though in my view quite unlikely) possibility, I
suggest to take one (conservative) step further and
make the other diagonal of the matrix C also for
arbitrary entries, thus adding another n-1 degree of
freedom. That is, the plaintext occupies now only
positions that are not on the two diagonals of the
matrix C. This, I think, should give ample assurance
that the analyst can't determine A or B from the
informations he has intercepted, namely, AC, ACB
and CB, and hence also not the plaintext that is
contained in C.
M. K. Shen
==============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Dave Howe <DHowe@hawkswing>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Thu, 01 Jun 2000 21:43:40 +0100
Reply-To: DHowe@get_email_from_sig
In our last episode (<alt.security.pgp>[Wed, 31 May 2000 08:41:29
+0100]), George Edwards <[EMAIL PROTECTED]> said :
>How on earth can anyone prove that you HAVEN'T forgotten your key,
>unless you suvsequently use it? I see huge legal bills on this, all fees
>for the solicitors.
They don't have to - it is up to you to prove you have; *that* is what
is so worrying.....
------------------------------
Date: Thu, 01 Jun 2000 21:38:14 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: No-Key Encryption
=====BEGIN PGP SIGNED MESSAGE=====
Mok-Kong Shen wrote:
> David Hopwood wrote:
> > Bryan Olson wrote:
> >
> > > Suppose we limit ourselves to the associative operation
> > > case. Does there exist an associative operation "*" such
> > > that the protocol illustrated above is secure?
> >
> > No. Proof:
>
> [snip]
>
> I am confused. Doesn't that mean the schemes of Shamir and
> Massey-Omura etc. are all broken?
No, because exponentiation (whether in Z*_p or generalised to other groups)
is not associative.
I.e. it is true that (g^x)^y = (g^y)^x, but not that (g^x)^y = g^(x^y).
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOTa9lTkCAxeYt5gVAQGpNQf/erfKpRDTGXydGJq4DhebmRzXxN0WKxtk
XAs2Kvf+BVHlSmnsIXFTajor8o2hzqKurUSeo+6F/+CkDWp2vhCkTXkBM6K+I1ju
8DoeR+g2+BbQQYLyZA5v7Yuh3Rh3q87ItIrgTNcN4Gy4Q0IlQeJ9D8+0aLFEJoTM
1ZGwUmdzOmOtKLRuMlYrnJKRJtQfFkztSoTNeqARXv9Zfr+vXaa5vKSx5V1iZR+l
p21xilu5/afB2YxW71NeIIofLaA3aEz8KE5g7GffNglip+HVyVT//76MjlSTtHKm
vZaxiBSmq64GHOGelwrnlwnrU1ujHDql51jyZRZVtmyhq2Y9/w+Mcw==
=a/Ox
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Tableaus Revisited, Again
Date: Thu, 1 Jun 2000 20:40:38 GMT
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]> writes:
...
|> The system Vigenere invented did use arbitrary permutations of the
|> alphabet, unlike the system now known by his name.
Kahn, on p.147, seems to say that some of Vigenere's tableaux
had mixed margins, which would make the alphabets related
in the sense of "type 2" or "type 3" slides, etc. He is
not 100% precise here, but he seems to say that other tables
of Vigenere were not mixed, and that none had completely
unrelated alphabets. I don't remember looking at Vigenere's
book; I'll try to remember to take notes on this point next
time I'm in the library.
The world's first Vigenere table did not appear in Vigenere's
1586 book, but in Trithemius's 1518 Polygraphia. If you
believe the Latin squares in Agrippa of Nettesheim's De
Occulta Philosophia (of 1533) are cryptographic, then
there is a mixed-alphabet Vigenere square in that book, too.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Thu, 1 Jun 2000 16:47:27 -0400
I think everyone that submitted a cipher has put it up for public
discussion. That is the whole point of the contest, to put your cipher
online so people can find it and analyze it. With Chutzpah, I believe that
the paper said there were patents pending, and I think that's a perfectly
fair thing to do. The author of the cipher wants people to analyze the
cipher, but at the same time he does not want to loose control of it. It
never occurred to me that this might be an issue, but you are right, there
should be a new rule concerning this. Not a rule prohibiting the submission
of a patented cipher, but a rule that states that all patented material
included in a submission should be accompanied by a statement (from the
patent holder of course) that allows free use of the material for the
purposes of the contest. Does that make everyone happy?
- Adam
"Andru Luvisi" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I propose a rule that all algorithms for the sci.crypt crypto contest
> must be in the public domain. Please note, I am talking about the
> algorithms, and not the sample code.
>
> I believe this rule is within the spirit of openly exchanging ideas
> which the contest was started with. I'm fine with letting Chutzpah
> stay, being "grandfathered in" so to speak, but I think that allowing
> more patented algorithms to be submitted would be counterproductive.
>
> Andru
> --
> --------------------------------------------------------------------------
> | Andru Luvisi | http://libweb.sonoma.edu/ |
> | Programmer/Analyst | Library Resources Online |
> | Ruben Salazar Library |-----------------------------------------|
> | Sonoma State University | http://www.belleprovence.com/ |
> | [EMAIL PROTECTED] | Textile imports from Provence, France |
> --------------------------------------------------------------------------
------------------------------
Subject: Finding primitive polynomials via the Berlekamp method?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Thu, 01 Jun 2000 13:51:51 -0700
The most commonly used algorithm for finding primitive
polynomials of arbitrary degree n over GF(2) is to test whether
x^p_i==1 mod p(x) for all prime factors p_i of 2^n-1. The
process of locating primitive polynomials is evidently related
to the problem of factor univariate polynomials using the
classical Zassenhaus-Berlekamp method, according to the sources
that I have consulted. However, there is not enough detail
present to understand how it would be possible to use this for
determining whether a particular polynomial is prime, although I
gather that it would have something to do with constructing a
matrix with the coefficients of the evaluated polynomial at
various values and determining the rank of this matrix. Could
somebody please provide some more information?
Thanks
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Thu, 1 Jun 2000 13:52:48 -0700
I understand your concern but I wish to submit an opposing view.
The fact that something is patented does not effect it being "openly
exchanged as an idea" It merely reserves the rights of the inventor when it
comes to commercialization. No different in principal from typing "Copyright
xxxx all rights reserved" at the top of your source code except that you
must be far more masochistic to pursue a patent.
Unfortunately, being less that rabid on the subject of patents is
"Politically incorrect" Hopefully my tilting at windmills will provide some
humor if not insight.
It would be wonderful if everyone donated the fruits of their labors to the
common good. This should be an option that a person has depending on their
own ethics and values and vision for how they fit in to the community.
Shunning someone because they do not believe in or agree with your just
cause is a sin.
I realize that implying a lack of virtue or civic duty is a real easy thing
to do. It also has the added plus of making you look virtuous.
It is lazy.
Paul
Andru Luvisi <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I propose a rule that all algorithms for the sci.crypt crypto contest
> must be in the public domain. Please note, I am talking about the
> algorithms, and not the sample code.
>
> I believe this rule is within the spirit of openly exchanging ideas
> which the contest was started with. I'm fine with letting Chutzpah
> stay, being "grandfathered in" so to speak, but I think that allowing
> more patented algorithms to be submitted would be counterproductive.
>
> Andru
> --
> --------------------------------------------------------------------------
> | Andru Luvisi | http://libweb.sonoma.edu/ |
> | Programmer/Analyst | Library Resources Online |
> | Ruben Salazar Library |-----------------------------------------|
> | Sonoma State University | http://www.belleprovence.com/ |
> | [EMAIL PROTECTED] | Textile imports from Provence, France |
> --------------------------------------------------------------------------
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Thu, 1 Jun 2000 14:00:36 -0700
Too bad I didn't read your post before I shot off mine.
Well said.
I would add that the contest use is not interfered with by a patent or
pending status. you can still think about it. talk about it, criticize it
and propose modifications to it. the author simply reserves his rights when
it comes to commercialization.
Thank you.
Paul
Adam Durana <[EMAIL PROTECTED]> wrote in message
news:6YzZ4.182$[EMAIL PROTECTED]...
>
> I think everyone that submitted a cipher has put it up for public
> discussion. That is the whole point of the contest, to put your cipher
> online so people can find it and analyze it. With Chutzpah, I believe
that
> the paper said there were patents pending, and I think that's a perfectly
> fair thing to do. The author of the cipher wants people to analyze the
> cipher, but at the same time he does not want to loose control of it. It
> never occurred to me that this might be an issue, but you are right, there
> should be a new rule concerning this. Not a rule prohibiting the
submission
> of a patented cipher, but a rule that states that all patented material
> included in a submission should be accompanied by a statement (from the
> patent holder of course) that allows free use of the material for the
> purposes of the contest. Does that make everyone happy?
>
> - Adam
>
> "Andru Luvisi" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > I propose a rule that all algorithms for the sci.crypt crypto contest
> > must be in the public domain. Please note, I am talking about the
> > algorithms, and not the sample code.
> >
> > I believe this rule is within the spirit of openly exchanging ideas
> > which the contest was started with. I'm fine with letting Chutzpah
> > stay, being "grandfathered in" so to speak, but I think that allowing
> > more patented algorithms to be submitted would be counterproductive.
> >
> > Andru
> > --
>
> --------------------------------------------------------------------------
> > | Andru Luvisi | http://libweb.sonoma.edu/ |
> > | Programmer/Analyst | Library Resources Online
|
> > | Ruben Salazar Library
|-----------------------------------------|
> > | Sonoma State University | http://www.belleprovence.com/ |
> > | [EMAIL PROTECTED] | Textile imports from Provence, France
|
>
> --------------------------------------------------------------------------
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tableaus Revisited, Again
Date: Thu, 01 Jun 2000 23:13:55 +0200
Jim Gillogly wrote:
> Mok-Kong Shen wrote:
> > I always wonder why Vigenere was that popular and people didn't
> > widely employ substitution tables with independent alphabets, i.e.
> > with each column being an arbitrary permutation of the alphabet.
> > Do you happen to know of a reason?
>
> The system Vigenere invented did use arbitrary permutations of the
> alphabet, unlike the system now known by his name. The Fuer GOD cipher
> used by the Germans in World War 1 was a polyalphabetic with unrelated
> alphabets. The Allies used a system called SYKO in WW2 with 30 or 32
> mixed alphabets. It was still far too insecure.
I doubt you could give historical references showing that Vigenere
himself had used independent alphabets. The few number of books
I am acquainted with seem all to be consistent in showing Vigenere
table to be one using sliding standard alphabets. It is certainly true
that later substitution tables with independent alphabets were used.
But my impression (e.g. from reading the book of Bauer) is that
that's a much later development and was far less popular. It is
certainly true that Vigenere is simpler to construct and hence,
understandably, was easier to get acceptance of the users. But,
given the technique of columnar transposition which was also
known since ancient time, to obtain some (quasi) random
permutations of the standard alphabet manually shouldn't be a
too much difficult task in my view.
A related issue is that the keys used in old times seem to be
mostly unnecessarily short. I mean one could start from a
relatively short key and generate (stretch into) a long one for
use in accessing the substitution tables.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Gisle S�lensminde)
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: 1 Jun 2000 23:09:10 +0200
In article <[EMAIL PROTECTED]>, Mok-Kong Shen wrote:
>
>
>David Hopwood wrote:
>
>> For another summary and a copy of the DeCSS source, see
>> http://www.users.zetnet.co.uk/hopwood/crypto/decss/
>
>I remember reading in a magazine that someone in Finnland
>was sued for having put DeCSS on his web. Aren't you
>afraid of similar legal problems?
He was Norwegian, not Finnish, and the DVD industy probably have
a bad case, since reverse engineering is explicitly permited in
the Norwegian copyright law. The DVD industy sued him for
participation in copyright infridgement, not for doing any reverse
engineering, like they would have done in USA. As far as I understood he
did not distibute any copyrighted movies, so he must eventually be judged
for his intent.
I have not heard anything on a long time now.
>
>M. K. Shen
>
--
--
Gisle S�lensminde ( [EMAIL PROTECTED] )
ln -s /dev/null ~/.netscape/cookies
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
