Cryptography-Digest Digest #62, Volume #12 Mon, 19 Jun 00 12:13:00 EDT
Contents:
Re: Flattening of frequency distributions (Stefan Schlott)
Re: Flattening of frequency distributions (Stefan Schlott)
Re: AWFUL PUN (was: Why the golden ratio?) (John Savard)
Re: Comments please: A protocol for Digital voting (Roadkill)
Re: Observer 4/6/2000: "Your privacy ends here" ("Anarchist Lemming")
Re: XOR versur MOD ("Tony T. Warnock")
Re: Mixing Xor and Addition ("Tony T. Warnock")
Re: Mixing Xor and Addition ("Tony T. Warnock")
Re: AWFUL PUN (was: Why the golden ratio?) ("Tony T. Warnock")
Re: Equally like bit-flips in a Gray code? ("Tony T. Warnock")
Re: New Hash Function (Runu Knips)
Re: Random sboxes... real info (Runu Knips)
Re: New Hash Function (tomstd)
Re: Random sboxes... real info (John Myre)
Newbie: germans please: field == Koerper ? (math) (Runu Knips)
Re: AWFUL PUN (was: Why the golden ratio?) (Richard Carr)
Re: New Hash Function (Runu Knips)
Re: Extending LFSR...... ("Trevor L. Jackson, III")
Re: Online Text Encryption ("Trevor L. Jackson, III")
Re: New Hash Function (tomstd)
Re: Crypto patentability (Paul Koning)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Stefan Schlott)
Subject: Re: Flattening of frequency distributions
Reply-To: [EMAIL PROTECTED] (Stefan Schlott)
Date: 19 Jun 2000 15:23:12 +0100
On Sat, 17 Jun 2000 12:24:02 -0700,
tomstd <[EMAIL PROTECTED]> wrote:
>>What about compression? Compression algorithms replace common
>>symbols with a short, and rare symbols with a long notation.
>>This should flatten your distributions (and reduce the amount
>>of data to be encrypted).
>You didn't solve the problem, just moved it. Biases in
>relatively high entropy messages that your codec can't compress
>will still show thru.
True. This case will depend on the codec used and the size of the compression
window.
The original posting referred to "natural language", so imho most common
compression codecs should do the trick. If you want to process high entropy
data, you will have to use a cryptographically strong prng. If you keep the
prng seed in secret, you have an encryption of its own :-)
Stefan.
------------------------------
From: [EMAIL PROTECTED] (Stefan Schlott)
Subject: Re: Flattening of frequency distributions
Reply-To: [EMAIL PROTECTED] (Stefan Schlott)
Date: 19 Jun 2000 15:23:13 +0100
On Sun, 18 Jun 2000 01:48:41 +0200,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>> What about compression? Compression algorithms replace common
>> symbols with a short, and rare symbols with a long notation.
>> This should flatten your distributions (and reduce the amount
>A normal compression algorithm doesn't have a secret key, thus
>the opponent can decompress just as well as the legitimate
>receiver.
That's what the following encryption process is for.
>Thus it adds practically nothing to the difficulty of his
>task.What we want is flattening that he can't (or with difficulty)
>figure out how to undo in order to recover the original plaintext.
You asked for a way to flatten distributions in natural language,
because exploiting uneven distributions are a classic tool of crypt-
analysis.
Compressing your text before encrypting it will do that. You might
run into trouble with data which cannot be compressed with the codec
in use. Further (as I already mentioned), special care should be given
when storing the data necessary for decompression; when not done
properly, this will lead to known-plaintext attacks.
Stefan.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: AWFUL PUN (was: Why the golden ratio?)
Date: Mon, 19 Jun 2000 13:23:11 GMT
On Mon, 19 Jun 2000 08:05:42 -0400, "G. A. Edgar"
<[EMAIL PROTECTED]> wrote, in part:
>Well, perhaps if you had meant G. H. Hardy we sould have got it.
Actually, that's what I originally thought, but I had seen the other
initials in an article on Ramanujan, and so I thought that perhaps G.
H. Hardy was a mystery writer or something...or, perhaps I am all wet,
and Ramanujan was discovered, and "A Mathematician's Apology" was
written, by two different mathematicians (perhaps father and son).
Somehow, I doubt that.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
Date: 19 Jun 2000 13:48:41 -0000
From: Roadkill <[EMAIL PROTECTED]>
Subject: Re: Comments please: A protocol for Digital voting
=====BEGIN PGP SIGNED MESSAGE=====
zzapzing wrote:
<snip>
> I have also noticed that this protocol is unnecessarily
> complex in at least one aspect. That is, the multiple
> validations that are done by a long string of remailers, in
> order to eventually get I validated. Let me explain a simpler
> way to do this.
I figured that there should be a few bits reserved for a checksum in I
because otherwise check(v(I)) would just result in unverifyable random
bits. It isn't so that each remailer should validate v(e[1..n](I)), and
they couldn't. Still after stripping of one layer of encryption, the
package would change so that it couldn't be traces by Echelon e.g.
(which is a good thing).
> First of all, each voter puts his individual string, I into
> an electronic envelope. Let e(I) denote this. This is the
> same as your protocol. Next, the voter sends, through
> anonymous broadcast, the pair V,e(I) to the validator. the
> validator checks V against his list and then validates e(I)
> inside its electronic envelope. Call the result of this
> v(e(I)). the validator publishes a list of all the values of
> V along with their corresponding values of v(e(I)). The
> voters find their V values in this list and read off their
> corresponding v(e(I)) value, from which they calculate their
> individual value of v(I) (by removing the elctronic envelope).
> The voters send in their votes along with their v(I). I
> believe this would result in less traffic and computation but
> have the same security features as the procedure you proposed.
I don't see why e(I) should be broadcasted anonymously. The resulting
v(I) should however be send through serveral remailer chains. The beauty
of your modification is that now v(I) (AKA your vote with signature) can
be send through several different chains of remailers. So if one
remailer goes down and stays down, you can still send your vote to the
tallier through a different chain not including the downed remailer.
Broadcasting also takes up a lot of bandwide I think and tends to have
the anonymous broadcaster somewhere in the middle (which is bad for
anonymity).
Thank you for your thoughts, I hope such a system becomes useful some
day.
Roadkill
- --
"If you're so special, why aren't you dead" - Kim Deal
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of redneck.gacracker.org.
Date: Mon Jun 19 13:48:33 2000 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3a
Charset: noconv
iQCVAwUBOU4kuJLupyyiz83tAQFmRwP/fcA2sdWibEPZOsqVw249a6P5bKIZnnbC
3HQEfhGv7u6Kg+xDt1IgTvIzArqjiw50shiqnLdWDPItgDPESrgiC4r7Gtp422+Q
QZi491FcVG7Q/CeXaDDblyA5Gu9VvRJePOqIb1Mo5wEFQwjYTGiV5yB/oWOi0BJK
x0hF8aF2cQA=
=RwfV
=====END PGP SIGNATURE=====
------------------------------
From: "Anarchist Lemming" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 19 Jun 2000 15:13:50 +0100
"Therion Ware" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Mon, 19 Jun 2000 12:12:02 +0100, "Anarchist Lemming"
> <[EMAIL PROTECTED]> wrote in uk.legal:
>
> >
> >"Peter G. Strangman" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> On Fri, 16 Jun 2000 12:03:48 +0100, "Darren Rhodes"
> >> <[EMAIL PROTECTED]> wrote:
> >>
> >> > I tried to access the Shayler web site listed below but could not.
This
> >was
> >> > said to be due to an HTTP error 403 - Forbidden.
> >> > Has anyone had a similar experience?
> >> > Is this due to my ISP Globalnet?
> >>
> >> "403 forbidden" means precisely that. It also means that
> >> the client should not retry the URL and that trying with
> >> a password will not help.
> >> It is NOT an error. It is a specific return code indicating,
> >> VERY clearly, that the client is not allowed access.
> >>
> >> --
> >> Peter G. Strangman | Leser, wie gefall ich dir?
> >> [EMAIL PROTECTED] | Leser, wie gefaellst du mir?
> >> http://www.adelheid.demon.co.uk | (Friedrich von Logau)
> >> XLIV-VII-DCCCII-CCXII-DCCCXXXI |
> >
> >But it might not just be restricting access from Globalnet. It could be
all
> >UK ISPs. I couldn't connect through either of mine, and it won't let you
use
> >a proxy.
> >
> >I think 403 "errors" happen becuase you don't meet the requirements of
the
> >server. If all UK visitors are banned they must have had a lot of
pressure
> >put on them by the UK government, although I'm reluctant to believe this
> >because even Jack Straw and his stormtrooper buddies aren't that stupid.
Can
> >anyone get in? If so, how?
>
> It can't be accessed via the secure cotse proxy, so presumably it's
> more to do with the server than a block elsewhere. Down for maintance,
> maybe?
If it's down for maintenance this is a funny way of doing it. What's wrong
with uploading a simple message which says "Down for maintenance"? Or are
they exercising their ability to control their own server? Or more likely,
maybe they have a problem with their host. I've emailed the webmaster about
this and I'll post the reply if I get one.
> --
> "Do unto others as you would have them do unto you." - attrib: Pauline
Reage.
> Hell? <http://www.city-of-dis.co.uk/entry/hell.html>
> Inexpensive Video 2 Mpeg conversion? <http://www.Video2CD.co.uk>
> The <news:alt.atheism> twitlist: <http://www.twitlist.co.uk>
> Your films on CD? <http://www.FilmsOnCD.co.uk>
Lemming
www.hellnet.org.uk
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: XOR versur MOD
Date: Mon, 19 Jun 2000 08:15:25 -0600
Reply-To: [EMAIL PROTECTED]
If the same size blocks are used, for example 8 bits, both the XOR and
MOD 256 after addition, or even MOD 256 after subtraction, give the same
outputs permuted. The operation tables for each of these is a latin
square. The XOR is more flexible in that a block size is not implied
(other than 1 bit.)
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Mixing Xor and Addition
Date: Mon, 19 Jun 2000 08:17:09 -0600
Reply-To: [EMAIL PROTECTED]
XOR works in the field GF(2**k) where ADD works in the ring (MOD 2**k).
ADD is non-linear in the field whereas XOR is non-linear in the ring.
The ring and the field are different algebraic structures.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Mixing Xor and Addition
Date: Mon, 19 Jun 2000 08:17:56 -0600
Reply-To: [EMAIL PROTECTED]
"Tony T. Warnock" wrote:
> XOR works in the field GF(2**k) where ADD works in the ring (MOD 2**k).
> ADD is non-linear in the field whereas XOR is non-linear in the ring.
> The ring and the field are different algebraic structures.
Of course assuming k.NE.1.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: AWFUL PUN (was: Why the golden ratio?)
Date: Mon, 19 Jun 2000 08:24:01 -0600
Reply-To: [EMAIL PROTECTED]
"G. A. Edgar" wrote:
> >> it is due to Srinavasa Ramanujan...
> >
> > >Oh, dear: that should be Srinivasa Ramanujan.
>
> There are no vowels in Sanscrit, so we cannot criticize you for this.
>
> --
> Gerald A. Edgar [EMAIL PROTECTED]
Actly thr r vwls n snskrt
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Equally like bit-flips in a Gray code?
Date: Mon, 19 Jun 2000 08:30:28 -0600
Reply-To: [EMAIL PROTECTED]
The simple Gray code where G(N)=N.XOR.(N/2), works for all N from zero
on up. Thus an open-ended Gray code cannot have each bit flip with equal
frequency because there are a potential infinity of bits.
------------------------------
Date: Mon, 19 Jun 2000 16:31:27 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: New Hash Function
tomstd wrote:
> I designed a 192-bit Hash function based on the bit sliced
> operations from Threeway.
Hmm. Whats special upon that bit operation ? ... well you
seem to need it to get different values for a, b, c.
> The idea was to make a balanced feistel structure and use it
> as hash. I essentially use a variant (note this is where to
> attack!) of threeway (reduce to one round) as the Feistel F
> function.
>
> Inside the F function I perform three operations
>
> 1. Mix the round key
>
> 2. Rotate each of the three 32-bit words
>
> 3. Perform the substitution and add (modulo 2^32) to the other
> three 32-bit words.
>
> So it's ideal for 32-bit computers since all operations are done
> on 32-bit words. The source is on my website at
>
> http://tomstdenis.com/files/3hash.c
>
> Along with all my TC collection of ciphers I will try to
> document this one this summer (one exam left!!!).
This code confuses me.
Errors in the code itself: What kind of input do you compute ?
You scan up to 32 bytes from the input (not guaranteed to be 32
bytes, of course), then you memcpy 64 bytes in the function itself
(from where do you get those additional 32 bytes ?), and yes you
never care about endianess (well okay thats not THAT important).
Too, you use 'unsigned long' which will be 64 bit on every modern
computer in near future (Merced/Intanium, PPC64). Does it still
mean 32 bit for you ? Finally, you need 6*ROUNDS of key data, but
you only create 3*ROUNDS of them.
Okay, the algorithm itself is clear.
------------------------------
Date: Mon, 19 Jun 2000 16:39:06 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Random sboxes... real info
Roger Carbol wrote:
> What is the meaning of "key" with reference to a one-time pad,
> anyways? The two concepts seem mutually exclusive, at least
> by my limited understanding.
The key of a cipher is the value you have to know to get the
plaintext from the ciphertext. OPT is a cipher algorithm. The
key of an OTP is always of the same size as the message, but
thats the whole difference to other algorithms.
So why do you think OTP doesn't have a key ?
------------------------------
Subject: Re: New Hash Function
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 19 Jun 2000 07:50:23 -0700
Runu Knips <[EMAIL PROTECTED]> wrote:
>tomstd wrote:
>> I designed a 192-bit Hash function based on the bit sliced
>> operations from Threeway.
>
>Hmm. Whats special upon that bit operation ? ... well you
>seem to need it to get different values for a, b, c.
>
>> The idea was to make a balanced feistel structure and use it
>> as hash. I essentially use a variant (note this is where to
>> attack!) of threeway (reduce to one round) as the Feistel F
>> function.
>>
>> Inside the F function I perform three operations
>>
>> 1. Mix the round key
>>
>> 2. Rotate each of the three 32-bit words
>>
>> 3. Perform the substitution and add (modulo 2^32) to the
other
>> three 32-bit words.
>>
>> So it's ideal for 32-bit computers since all operations are
done
>> on 32-bit words. The source is on my website at
>>
>> http://tomstdenis.com/files/3hash.c
>>
>> Along with all my TC collection of ciphers I will try to
>> document this one this summer (one exam left!!!).
>
>This code confuses me.
>
>Errors in the code itself: What kind of input do you compute ?
>You scan up to 32 bytes from the input (not guaranteed to be 32
>bytes, of course), then you memcpy 64 bytes in the function
itself
>(from where do you get those additional 32 bytes ?), and yes you
>never care about endianess (well okay thats not THAT important).
>Too, you use 'unsigned long' which will be 64 bit on every
modern
>computer in near future (Merced/Intanium, PPC64). Does it still
>mean 32 bit for you ? Finally, you need 6*ROUNDS of key data,
but
>you only create 3*ROUNDS of them.
>
>Okay, the algorithm itself is clear.
The main function is an incomplete demo. To use the hash you
would still have to perform MD-strengthening on the input. Also
I only need 3*ROUNDS words if you look I increment 'r' twice in
the loop not once.
Also I assume x86 systems.
The hash is hardly complete it's just an idea in progress.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Random sboxes... real info
Date: Mon, 19 Jun 2000 09:06:36 -0600
Roger Carbol wrote:
<snip>
> What is the meaning of "key" with reference to a one-time pad,
> anyways?
<snip>
The pad is the key. It may seem silly to call something a "key"
which is not smaller than that which it unlocks, but so it is.
JM
------------------------------
Date: Mon, 19 Jun 2000 17:16:01 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Newbie: germans please: field == Koerper ? (math)
"Tony T. Warnock" wrote:
> XOR works in the field GF(2**k) where ADD works in the ring (MOD 2**k).
> ADD is non-linear in the field whereas XOR is non-linear in the ring.
> The ring and the field are different algebraic structures.
Hmm. Is the english "Field" the same mathematical term as the
german "Koerper" ? How do the germans call that "Galouis
Field" then ?
------------------------------
From: Richard Carr <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: AWFUL PUN (was: Why the golden ratio?)
Date: Mon, 19 Jun 2000 11:27:20 -0400
On Mon, 19 Jun 2000, Tony T. Warnock wrote:
:Date: Mon, 19 Jun 2000 08:24:01 -0600
:From: Tony T. Warnock <[EMAIL PROTECTED]>
:Reply-To: [EMAIL PROTECTED]
:Newsgroups: sci.crypt, sci.math
:Subject: Re: AWFUL PUN (was: Why the golden ratio?)
:
:
:
:"G. A. Edgar" wrote:
:
:> >> it is due to Srinavasa Ramanujan...
:> >
:> > >Oh, dear: that should be Srinivasa Ramanujan.
:>
:> There are no vowels in Sanscrit, so we cannot criticize you for this.
:>
:> --
:> Gerald A. Edgar [EMAIL PROTECTED]
:
:Actly thr r vwls n snskrt
^
Kind of messed that up.
:
:
------------------------------
Date: Mon, 19 Jun 2000 17:23:03 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: New Hash Function
tomstd wrote:
> Runu Knips <[EMAIL PROTECTED]> wrote:
> >tomstd wrote:
> > > I designed a 192-bit Hash function based on the bit sliced
> > > operations from Threeway.
> > [...] Finally, you need 6*ROUNDS of key data, but you only
> > create 3*ROUNDS of them.
>
> [...]
> I only need 3*ROUNDS words if you look I increment 'r' twice in
> the loop not once.
You're right, and I was wrong.
> The hash is hardly complete it's just an idea in progress.
------------------------------
Date: Mon, 19 Jun 2000 11:43:48 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Extending LFSR......
Tim Tyler wrote:
> Simon Johnson <[EMAIL PROTECTED]> wrote:
>
> : Since i am no longer working in GF(2) but in some GF(p). I could
> : use primes as the exponents, provided they are smaller than the
> : new modulo. For example:
>
> : x^31 + x^17 + x^13 + x^7 + x^3 + x^2 mod 257
>
> : Would be primitive, and once converted to a LFSR would result in
> : a period which is the maximum allowed?
>
> : Instinct tell me this period is 257^31?
>
> This won't be the period. LFSRs never completely span the possible state
> space - since they always omit the all-zero state.
Nit: they always omit one or more states, but not necessarily the all-zero
state. There are variants that omit only the all-zero state, some that omit
both all-zero and all-one, and variants that omit both patterns of alternating
bits, but include both all zero and all one.
------------------------------
Date: Mon, 19 Jun 2000 11:55:12 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Online Text Encryption
Dan Coyle wrote:
> Salt -
>
> "An unnecessarily cute and sadly non-descriptive name for an arbitrary
> value, unique to a particular computer or installation, prepended to a
> password before hash authentication. The "salt" acts to complicate attacks
> on the password user-identification process by giving the same password
> different hash results on different systems. Ideally, this would be a sort
> of keying for a secure hash. " (source Ritters Dictionary of Technical
> Cryptography - http://www.io.com/~ritter/GLOSSARY.HTM#Salt)
>
> This definition states that a salt is a, machine specific, algorithm for
> modifying password hashes stored in a message. It does not discuss using a
> given amount of time to encrypt the message, so if there is another
> definition that you would like to show me, please give me an URL or
> something so that I may see your sources.
The definition you quoted leaves ont a significant purpose of salts. On a
single system salts confound simple dictionary attacks. A simple dictionary
attack proceeds through the dictionary encrypting each word once, and then
comparing the ciphertext to each of the encrypted passwords. This works if the
password is encrypted "bare" because if you and I use the same password the
system will store the same ciphertext for each of us.
On a salted system each password is stored with a salt value that is included in
the encryption. Since the system assigns each password a distinct salt, if you
and I use the same password we'll get distinct ciphertexts. Then the simple
dictionary attack will fail. In order to attack a salted system one must
reencrypt each word of the dictionary with the salt for each password. This is
a significantly larger computation budget for the attack. It become
"encrypt"-bound rather than "compare"-bound.
I'm certain Terry Ritter and most readers are familiar with this usage.
------------------------------
Subject: Re: New Hash Function
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 19 Jun 2000 08:57:19 -0700
Runu Knips <[EMAIL PROTECTED]> wrote:
>tomstd wrote:
>> Runu Knips <[EMAIL PROTECTED]> wrote:
>> >tomstd wrote:
>> > > I designed a 192-bit Hash function based on the bit sliced
>> > > operations from Threeway.
>> > [...] Finally, you need 6*ROUNDS of key data, but you only
>> > create 3*ROUNDS of them.
>>
>> [...]
>> I only need 3*ROUNDS words if you look I increment 'r' twice
in
>> the loop not once.
>
>You're right, and I was wrong.
So I'm gonna sing the I was right song?
Hehehe...What do you think of it though?
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Crypto patentability
Date: Mon, 19 Jun 2000 11:34:48 -0400
Mok-Kong Shen wrote:
>
> Schneier's CRYPTO-GRAM reported in its recent issue an
> interesting fact about patents:
>
> Someone actually patented using a tattooed bar code to
> verify a person's identity.
>
> This reminds me that because of BSE risk cows in Germany are
> required to carry an identity tag that is attached to their
> ears.
The requirement for ear tags is much older than tbe BSE scare.
The only connection with the BSE scare is that it's the
latest PR tool used by the government to justify this
requirement to the public over the objections of farmers and
others who have been fighting it since day one.
paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
