Cryptography-Digest Digest #924, Volume #11 Fri, 2 Jun 00 17:13:01 EDT
Contents:
Re: TC3 Update (David Eppstein)
Re: Contest rule proposal ("Paul Pires")
Re: TC3 Update (tomstd)
Re: Contest rule proposal ("Paul Pires")
Re: TC3 Update (tomstd)
Pomegranate, a simple base-independent generator (wtshaw)
Re: Can we say addicted? (Anton Stiglic)
Re: Contest rule proposal (Andru Luvisi)
Re: Contest rule proposal (David A. Wagner)
Re: Contest rule proposal (David A. Wagner)
Interpolation Attacks on TC3 (tomstd)
Re: Contest rule proposal (Terry Ritter)
Re: Contest rule proposal (Terry Ritter)
Re: No-Key Encryption (Mok-Kong Shen)
Re: TC3 Update (Mark Wooding)
Re: Contest rule proposal ("Paul Pires")
Re: Finding primitive polynomials via the Berlekamp method? (lordcow77)
Re: Contest rule proposal ("Paul Pires")
Re: Contest rule proposal (David A. Wagner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Eppstein)
Subject: Re: TC3 Update
Date: 2 Jun 2000 13:08:40 -0700
tomstd <[EMAIL PROTECTED]> writes:
> > And, by the way, your latest post got it wrong again: it's
> > GF(2^128), not GF(2)^128 (the latter means something very
> > different).
> What is the diff? The paper does say 'GF(2^n)' so I just
> misunderstood it.
GF(2^n) is a field with 2^n values in it. "Field" means a set in which
some kind of multiplication and addition operations have been defined,
and are required to have many of the familiar properties of real
numbers: addition and multiplication are commutative, associative,
distributive, have identity values (0 and 1), and have inverses (except
that 0 doesn't have a multiplicative inverse). Addition in GF(2^n) is
just bitwise exclusive or, but multiplication is complicated, usually
involving multiplication of polynomials modulo an irreducible
polynomial. If n is itself a power of two, there is a different way of
doing the multiplications, developed by John Conway -- see
http://www.ics.uci.edu/~eppstein/nim-shar.txt.Z for C++ source.
Although there's a theorem that any two fields with the same finite
number of elements can be put in one-one correspondence with each other,
different ways of defining the field multiplication operation could have
different cryptographic value when mixed with other non-field operations.
GF(2) is also a field, with only 2 values in it, namely 0 and 1.
Addition is exclusive or, multiplication is and.
GF(2)^n is the product of n copies of GF(2). "Product" means that you
make a vector of GF(2) values and do everything elementwise. I.e.,
addition is bitwise exclusive or, multiplication is bitwise and. So,
like GF(2^n), it has 2^n values in it, but the multiplication operation
is much simpler and doesn't have an inverse, so it's not a field
(instead it's something called a "ring").
If you don't understand the definition of GF(2^n), you probably
shouldn't be trying to design ciphers based on its multiplication or
division operations.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
[EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 13:10:42 -0700
David A. Wagner <[EMAIL PROTECTED]> wrote in message
news:8h9214$pag$[EMAIL PROTECTED]...
> Oh, and by the way, there is an important error in the Chutzpah document.
> It claims that Chutzpah is a block cipher, not a stream cipher. That's
> just plain wrong, and the mistake highlights a fundamental
misunderstanding
> of the standard terminology.
Yes and if I entered it in a stream cipher contest, a noted expert in that
feild would point out that it is not a stream cipher either by his
definition.
Yep. Did you notice the name?
Paul
------------------------------
Subject: Re: TC3 Update
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 13:10:47 -0700
In article <8h9307$pcs$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David A. Wagner) wrote:
>In article <[EMAIL PROTECTED]>,
>tomstd <[EMAIL PROTECTED]> wrote:
>> TC3 is a fairly simple cipher... Take a 128-bit block called X
>> and do this
>>
>> for r = 0 to 3 do
>> X = X + key[r]
>> X = X^-1 mod p
>> next r
>>
>> addition is done as four 32-bit units not a single 128bit
word,
>> and 'p' is a deg-128 polynomial (coefficients are mod 2).
>
>If you replace addition by xor, the result can -- I think -- be
attacked
>with interpolation attacks. In particular, I believe there
will be a,b,c,d
>so that aXY + bX + cY + d = 0 for every plaintext/ciphertext
pair (X,Y), and
>thus with four known texts we may solve for a,b,c,d and break
the variant.
i will read Knudsens paper in a few mins to check up on this, I
barely got his paper though... whew...
>Since addition is pretty close to xor (addition isn't very non-
linear),
>I'd be very concerned that interpolation attacks might apply to
TC3, too.
Any ideas on how to apply the key?
>(By the way, I hope you've noticed that the final application
of p is useless:
>it is unkeyed and thus can be removed by the cryptanalyst.)
>
I should hav noticed that myself. What if I just add another
layer of key addition?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 13:12:00 -0700
> [*] Specifically, the generation of the "Test Permutation" is never fully
> described [**].
>
> [**] Well, unless you read the source code, presumably, but if you do
that,
> you'd better be awfully patient. Thanks, but no thanks.
Thank you for the advice, I'll rectify it.
Paul
------------------------------
Subject: Re: TC3 Update
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 13:15:53 -0700
In article <8h9488$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Eppstein) wrote:
>tomstd <[EMAIL PROTECTED]> writes:
>> > And, by the way, your latest post got it wrong again: it's
>> > GF(2^128), not GF(2)^128 (the latter means something very
>> > different).
>> What is the diff? The paper does say 'GF(2^n)' so I just
>> misunderstood it.
>
>GF(2^n) is a field with 2^n values in it. "Field" means a set
in which
>some kind of multiplication and addition operations have been
defined,
>and are required to have many of the familiar properties of real
>numbers: addition and multiplication are commutative,
associative,
>distributive, have identity values (0 and 1), and have inverses
(except
>that 0 doesn't have a multiplicative inverse). Addition in GF
(2^n) is
>just bitwise exclusive or, but multiplication is complicated,
usually
>involving multiplication of polynomials modulo an irreducible
>polynomial. If n is itself a power of two, there is a
different way of
>doing the multiplications, developed by John Conway -- see
>http://www.ics.uci.edu/~eppstein/nim-shar.txt.Z for C++ source.
>Although there's a theorem that any two fields with the same
finite
>number of elements can be put in one-one correspondence with
each other,
>different ways of defining the field multiplication operation
could have
>different cryptographic value when mixed with other non-field
operations.
>
>GF(2) is also a field, with only 2 values in it, namely 0 and 1.
>Addition is exclusive or, multiplication is and.
>
>GF(2)^n is the product of n copies of GF(2). "Product" means
that you
>make a vector of GF(2) values and do everything elementwise.
I.e.,
>addition is bitwise exclusive or, multiplication is bitwise
and. So,
>like GF(2^n), it has 2^n values in it, but the multiplication
operation
>is much simpler and doesn't have an inverse, so it's not a field
>(instead it's something called a "ring").
>
>If you don't understand the definition of GF(2^n), you probably
>shouldn't be trying to design ciphers based on its
multiplication or
>division operations.
I know what the sboxes are when formed this way, just the
notation is a bit new to me.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Pomegranate, a simple base-independent generator
Date: Fri, 02 Jun 2000 13:26:03 -0600
In review of some classic ciphers, I again noted the means of generating a
numeric series part of the Gromark cipher. The method is simple addition
of digits and affixing the result to the end of the series. Be not
astonished, as a pseudorandom thingee, it repeats
I put function in alphabetic terms and found that it had obvious problems
accepting and generating for some seed sequences. I modified the equation
and went back to the digit level to test it, using only two digits for the
entire seed/key.
Considering that are 100 combnations of two digits, I was surprised to
find that some sixty of the pairs are in the same repeating loop sequence
with the new formula, with the remainder of the pairs fitting into 5 other
loops of different lesser sizes. There are obviously some bad keys.
One can check for bad keys, even at the character level. With words, there
are lots of options as seeds, most of which, if the rules follows, give
the maximum series available for the length of the seed sequence.
To show a typical relationship between seed length and period of sequence,
in alphabetic terms, look at the trend below, values easily duplicated
with other like length seeds:
Seed is RU, period is 84 characters
Seed is RUN, period is 1281 characters
Seed is RUNE, period is 10980 characters
Seed is RUNES, period is 216,587 characters
I simply ran the generator until the last character were the same as the first,
Since five characters means 26^5, or 11,881,376 combinations, the series
with RUNES in it, a cryptic choice of demonstration keyword, contains 2.8%
of all possible 5-character sequences.
Sequences are also widely varied depending on seed length.
Longer seeds are no problem in this casual scheme, mixed alphabets could
be used, as as number of elements.
Consider that six-letter words would follow the general trend in the
table. Imagine an eventual stream cipher playtoy with POMEGRANATE, an
eleven-character word, as the default seed, but I left room for at least
26,. Very low-level and trivial mathematics are used, so come on in
Vic-20. The temptation to do the whole keyboard as 47+ or 94+ characters
seem overwhelming.
For you bit twiddlers, consider 32, 64, 128, or 256 character sets, and
the generic nature means that increased set size and seed length usually
means longer usual sequences. But, any base will work.
Of course, you want to filter out bad keys. If you used two strings out
of the same loop, you have an offset problem to bust, at least.
There is at least something of a usable primative nature here, surely an
option to other pseudorandom means, and if you like multiple seeds,
consider an automated list as a part of an algorithm; there are lots of
interesting possibilities.
--
If you wonder worry about the future enough to adversely limit
yourself in the present, you are a slave to those who sell security.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Can we say addicted?
Date: Fri, 02 Jun 2000 16:26:11 -0400
Mike Rosing wrote:
> > :-) I've tried a few more than that. But crypto is one of the better
> ones.
>
> Patience, persistence, truth,
> Dr. mike
Ahhh, so that explains some of your past postings!
:)
Anton
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: 02 Jun 2000 13:19:29 -0700
"Paul Pires" <[EMAIL PROTECTED]> writes:
[snip]
> An inventor has no legal standing or remedies from someone who is using
> information in a patent in any way unless they commercialize it.
[snip]
I stronly suspect this is incorrect. If it were true, wouldn't that
mean that patents would not effect the authors of Free Software, only
those who sell it or use it commercially?
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Contest rule proposal
Date: 2 Jun 2000 13:26:59 -0700
In article <kuUZ4.44749$[EMAIL PROTECTED]>,
Paul Pires <[EMAIL PROTECTED]> wrote:
> An inventor has no legal standing or remedies from someone who is using
> information in a patent in any way unless they commercialize it.
My understanding is that that's just not true. Implementation of RSA
even for research purposes without a license is illegal (and will be,
until the RSA patent expires). It might be nice if non-commercial use
were allowed, but I don't think that's the way patent law actually works.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Contest rule proposal
Date: 2 Jun 2000 13:29:26 -0700
In article <KyUZ4.44775$[EMAIL PROTECTED]>,
Paul Pires <[EMAIL PROTECTED]> wrote:
> Yes and if I entered it in a stream cipher contest, a noted expert in that
> feild would point out that it is not a stream cipher either by his
> definition.
Who? Personally, I doubt it.
Chutzpah is a stream cipher.
I don't view this as a controversial statement.
------------------------------
Subject: Interpolation Attacks on TC3
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 13:35:15 -0700
After reading the paper "The Interpolation Attack on Block
Ciphers" I believe TC3 may be vulnerable. I don't quite get all
the details of the attack but SHARK with one sbox looks awfully
like TC3.
Any comments? Preferably from someone versed in the attack.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Contest rule proposal
Date: Fri, 02 Jun 2000 20:38:28 GMT
On 2 Jun 2000 19:28:17 GMT, in <[EMAIL PROTECTED]>, in
sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>Terry Ritter <[EMAIL PROTECTED]> wrote:
>>
>> On 2 Jun 2000 14:59:11 GMT, in <[EMAIL PROTECTED]>,
>> in sci.crypt [EMAIL PROTECTED] (Mark Wooding) wrote:
>>
>> >Terry Ritter <[EMAIL PROTECTED]> wrote:
>> >
>> >> I don't guess you would. A worldwide royalty-free license might as
>> >> well mean there was no patent at all.
>> >
>> >That's clearly not what Adams and Tavares thought when they granted such
>> >licences for CAST-128 and CAST-256. And it's clearly not what RSA
>> >Security Inc. thought when they submitted RC6 to the AES contest.
>>
>> If you have something to say I suggest you say it more directly.
>
>Oh, it's not clear enough. Oh, well.
>
>The point is that you can have a patent on a particular structure of
>cipher, or a method for designing ciphers. While this clearly covers
>all ciphers designed in this way, you can make specific instances of
>your design free while maintaining your `rights' over the underlying
>method or structure.
Alas, that is not something I want to do.
>I gave examples. Here's one in more detail. Messrs C. Adams and
>S. Tavares came up with a design method for block ciphers based around
>bent functions, which they called CAST, apparently nothing to do with
>their initials.
Right.
>The design procedure is, according to Schneier's book,
>patented. However, two ciphers designed using this design procedure,
>CAST-128 and CAST-256 (the latter of which was submitted to the AES
>contest, but didn't make it to the final five) are licensed, free of
>change, to everyone. They clearly thought that providing the free
>licence to the specific ciphers wasn't equivalent to not having patent
>protection for their design procedure.
Which is also of no relevance to me.
>> One point of a patent is to *reveal* information, as opposed to
>> keeping it secret. This choice is always available, and if there is
>> no profit from exposure, then there will be more secrecy and less
>> public advance. Congratulations on being on the wrong side.
>
>In the case of ciphers, I don't see very much in the way of worthwhile
>secret ciphers.
I have no idea what you mean, since there *are* *no* secret patents.
Thus, there *can* *be* no patented secret ciphers. Instead, it is the
*un*patented ciphers which can be secret, and you don't see them
because -- surprise! -- they are *secret*. There is, for example, a
whole body of work in government ciphers which are -- ta da -- secret!
I guess some of those might be interesting.
>The two best-known ones which spring to mind are
>Rivest's RC2 and RC4. RC2 is a fairly dull block cipher, about the same
>speed as DES and not a lot more secure[1]. RC4 is quite a nice stream
>cipher. Neither stayed secret for a particularly long time, and neither
>is *very* exciting.
>
>On the subject of RC4, IBM has a patented stream cipher (well, actually
>it's a pseudo-random function family) called SEAL. It's actually
>slightly faster than RC4 (!). As far as I'm aware, hardly anyone
>actually uses SEAL, and as a result it's not very interesting to
>analyse.
But no new cipher at all can possibly be interesting to analyze under
the "much used" criteria. Since you would thus have no reason to
participate in a new cipher contest anyway, one wonders what all this
is about.
>> There is no distinction: Each individual new technology takes time to
>> research and prepare, and unless costs are recovered, that research
>> cannot continue.
>
>Let's pretend that you have a pint of beer. (If you don't like beer,
>substitute something else you do like. Alcohol content and general
>liquidity are unnecessary for the argument.) If I take your pint away
>and drink it, then you'll become upset because you no longer have your
>delightful beverage, which you paid good money for. That's fine and
>reasonable.
>
>Let's say I have a gadget which can duplicate pints of beer, and I use
>it to take a copy of your pint. You've lost nothing in this process
>that I can see. The world is exactly the same except that I now have a
>pint too. Who's done harm here, and to whom?
1. If there is a law prohibiting such copying, you have violated the
law.
2. Presumably there is some reason for having such a law, such as for
society to provide financial support for the continued development of
beer in a way that does not involve non-beer-users.
>> So-called "free" ciphers are one of the worst possible deals that
>> society could have made. Not only does society get to pay for the
>> systems which use those "free" ciphers,
>
>While you don't have to pay for systems which use patented ciphers?
>Yeah, right!
The point -- since you choose to avoid it -- is that so-called "free"
ciphers are not free for users. Instead, "free" ciphers are free for
companies who then sell the result with greater profit. I fail to see
how this has benefited the user, and it certainly has not supported
the continued process of cipher development.
>> they simultaneously reduce the financial basis for an industry of
>> cipher development and measurement which would produce a continuing
>> flow of good ciphers.
>
>I don't see Anderson, Biham, Daemen, Knudsen, Massey, Rijmen, Schneier,
>or Vaudenay stopping any time soon.
Since most of those are academics, one might suppose that they are
getting paid to do what they do, with some of said payment coming from
the public trough. They thus have no need to participate in the
economic foundations of an industry which does not yet really exist.
And what kind of argument is that anyway? Didn't your mother ever
tell you that just because everyone else is jumping off a cliff is no
reason for you to do so? What *they* do is really quite irrelevant to
what *I* do.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Contest rule proposal
Date: Fri, 02 Jun 2000 20:38:43 GMT
On 2 Jun 2000 12:01:22 -0700, in
<8h90a2$p7q$[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (David A. Wagner) wrote:
>In article <ArTZ4.44287$[EMAIL PROTECTED]>,
>Paul Pires <[EMAIL PROTECTED]> wrote:
>> Mike Rosing <[EMAIL PROTECTED]> wrote:
>> > I would think that any use for purposes of the contest should be easy
>> > to grant. It does not interfere with the *use* of the patent in any
>> > application, for which the patent holder wants to get paid.
>>
>> You don't need a grant.
>
>Not true, actually. As Mark Wooding has pointed out, you can't test
>attacks (e.g., implement them) without implementing the cipher, and by
>law, you're not allowed to implement a patented cipher without a grant.
But the patent holder who submits a cipher *wants* that analysis, and
has the right to allow it. What other point would there be for
entering such a contest?
>You probably can't even implement parts of it, so forget your calculations
>of the difference table for the S-boxes, for instance.
Probably not, but it would depend upon the actual patent claims:
Where the claims describe the cipher as a whole, building part of it
probably does not infringe. Where the claims describe a technology
used in the cipher, any part which is not that technology probably
does not infringe.
But the idea that one would *not* be able to re-implement for analysis
a cipher which has been deliberately entered for such analysis seems
like deliberately seeking paranoia.
>Since the whole *point* of the cipher contest is to practice analysis,
>I can't see any reason to accept ciphers where analysis is prohibited.
I would say that simply by entering a contest where analysis is
clearly expected and required, a patent holder would have given up the
sort of total control you imagine.
Something like "protected by patent number xxxxxxxx," blah, blah,
"licensed for legitimate contest purposes," blah, blah, "not licensed
for commercial use," etc. might be as comforting for the patent holder
as the analyst. Patent holders must be careful to explicitly not
grant rights which later they might wish to license or sell.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Fri, 02 Jun 2000 22:52:04 +0200
John Savard wrote:
> <[EMAIL PROTECTED]> wrote, in part:
>
> >Perhaps there is a misunderstanding between us. My point was
> >that imposing the requirement 'M*A*B=M*B*A for any M,A,B'
> >IS imposing the requirement of commutativity of the operator '*'.
>
> Is it? I couldn't prove it. Obviously A*B must be closely related to
> B*A if M* either of them is the same...but that doesn't mean they have
> to be equal.
I see there could be a bigger misunderstanding between us. An
operator '*' is commutative if A*B=B*A for any A and B. This is
the standard definition of commutativity of operators, if I don't err.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: TC3 Update
Date: 2 Jun 2000 20:41:08 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> 1. Explain the notation please :)
A finite field GF(q) (or, sometimes F_q, where the F is in
blackboard-bold face, like Z when we're talking about the integers) is a
set of q elements, upon which operations of addition and multiplication
are defined. Both operations are associative and commutative; there
exist additive and multiplicative identities labelled 0 and 1
respectively; each element has an additive inverse; each nonzero element
has a multiplicative inverse; multiplication is distributive over
addition. (Have I missed anything out?)
It can be shown (apparently) that any finite field contains p^m
elements, where p is prime, and m is a positive[1] integer, and that the
finite fields of a particular size are in fact all isomorphic to each
other (i.e., there's a simple transformation you can perform on elements
of one field to get elements of the other, and all of the arithmetic
operations work properly so that when you translate back again you get
the right answer).
Also, F^*_q (the field without the zero element) is cyclic; that is,
there exists an element g <- F^*_q such that, for any other element x <-
F^*_q there exists an integer i where g^i = x.
F_p, where p is prime, looks rather similar to Z_p -- the integers mod
p. F_{p^m} can be looked at as being the set of order-(m - 1)
polynomials with coefficients in Z_p, where polynomials are reduced
modulo some irreducible polynomial v(x) of order m. When we do this, we
write that we represent GF(p^m) as GF(p)[x]/(v(x)). Phew!
Oh, yes, finally, if S is a set of elements, we tend to write that S x S
is the set of pairs of elements of S, and, in general, that S^n is the
set of n-tuples of elements of S, often represented, where S is an
appropriate ring, as column vectors of n elements of S. And, just for
completeness, P(S) (P is blackboard-bold again) is the `power-set' of S,
or the set of all subsets of S. P(S) is sometimes written 2^S, since it
has 2^{|S|} elements.
(If I've got any of that wrong, could someone please show me up?)
> 2. Can anyone explain why those sboxes are "provably"
> cryptographically secure?
I'll pass on that one for now.
[1] I suppose you could have a trivial field with one element, labelled
both zero and one. It wouldn't be very interesting, though. GF(2)
is, on the other hand, useful.
-- [mdw]
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 13:47:19 -0700
Finally, comfortable ground. See comments inserted.
Andru Luvisi <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Paul Pires" <[EMAIL PROTECTED]> writes:
> [snip]
> > An inventor has no legal standing or remedies from someone who is using
> > information in a patent in any way unless they commercialize it.
> [snip]
>
> I stronly suspect this is incorrect. If it were true, wouldn't that
> mean that patents would not effect the authors of Free Software, only
> those who sell it or use it commercially?
I may be wrong, it has happened before. The key concept is commercialize.
The law would be toothless if it limited itself to monitary exchange as the
sole criteria.There are many different profit models based upon freeware.
Take for instance a consultancy. They may wish to do "Pro bono" (SP?) Crypto
research work as a loss leader for their profit center. That is their
choice. Can I stop them from using my work as a loss leader for their profit
center? You bet.
If a used car lot gave cars away for free, does that mean you couldn't stop
them from giving yours away?
What a company threatens to do in the name of patents (RSA) is their sin not
mine. Could they get away with it if someone stood up to them?
I doubt it.
Paul
------------------------------
Subject: Re: Finding primitive polynomials via the Berlekamp method?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Fri, 02 Jun 2000 13:52:51 -0700
Never mind; I realized that the Berlekamp Q matrix method only
reveals if a polynomial is irreducible, not whether it is
primitive or not (although the first condition is a neccesary
but not sufficient condition for the second).
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Contest rule proposal
Date: Fri, 2 Jun 2000 13:53:41 -0700
David A. Wagner <[EMAIL PROTECTED]> wrote in message
news:8h95aj$pe3$[EMAIL PROTECTED]...
> In article <kuUZ4.44749$[EMAIL PROTECTED]>,
> Paul Pires <[EMAIL PROTECTED]> wrote:
> > An inventor has no legal standing or remedies from someone who is using
> > information in a patent in any way unless they commercialize it.
>
> My understanding is that that's just not true. Implementation of RSA
> even for research purposes without a license is illegal (and will be,
> until the RSA patent expires). It might be nice if non-commercial use
> were allowed, but I don't think that's the way patent law actually works.
So they say, and they have the best interests of the group at heart. I can't
address this cause that's not me.
Paul
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Contest rule proposal
Date: 2 Jun 2000 13:58:11 -0700
In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> I would say that simply by entering a contest where analysis is
> clearly expected and required, a patent holder would have given up the
> sort of total control you imagine.
That might be the most logical outcome, but logic is not the whole of
the law. No offense intended here, but: The question is not what you
would say, but rather what the judge would say. I would be impressed
if anyone can give us any definite assurances on that score.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
