Cryptography-Digest Digest #188, Volume #12 Mon, 10 Jul 00 00:13:00 EDT
Contents:
Re: Concepts of STRONG encryption using variable base http://www.edepot.com/phl.html
("sbh78")
Re: Proposal of some processor instructions for cryptographical applications (John
Savard)
Re: cray and time needed to attack (Bob Silverman)
Re: Random Numbers (Herman Rubin)
Re: Any crypto jokes? (potentially OT) ("rosi")
Re: Proposal of some processor instructions for cryptographical (Iain McClatchie)
Re: Use of EPR "paradox" in cryptography (Benjamin Goldberg)
Re: Proposal of some processor instructions for cryptographical applications (Bruce
Hoult)
----------------------------------------------------------------------------
From: "sbh78" <[EMAIL PROTECTED]>
Subject: Re: Concepts of STRONG encryption using variable base
http://www.edepot.com/phl.html
Date: Sun, 9 Jul 2000 19:18:15 -0500
Just some questions concerning your encryption scheme. Let's say you want
to send a message to your friend using your encryption method. What would
your friend need to know to decrypt this message, and how would you get that
information to them? I am just seeking a simple answer and I will probably
have more questions after I get your answer.
Thanks,
Stephen
<[EMAIL PROTECTED]> wrote in message news:8k86bl$q9p$[EMAIL PROTECTED]...
>
>
> We all know that encryption these days are weak. Weak in the sense
> that they are static and can be brute force searched by permutating
> through the keyspace of the encyption key.
>
> One of the most revolutionary concepts of encryption that I have
> come up with is dynamic encryption and the use of dynamic algorithm
> and "keys".
>
> Using the concepts of dynamic encryption as well as dynamic bases,
> one can achieve one-time-pad security without the inconveniences
> of using it.
>
> For more information on BASE Encryption, read it up
> here http://www.edepot.com/phl.html
>
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: comp.arch
Subject: Re: Proposal of some processor instructions for cryptographical applications
Date: Mon, 10 Jul 2000 00:30:35 GMT
On 9 Jul 2000 15:17:57 -0700, [EMAIL PROTECTED]
(David A. Wagner) wrote, in part:
>If there is no utterly compelling need for hardware crypto, do you think
>the advantages of hardware implementation will still outweigh the costs?
>I'm truly interested in your thoughts.
I certainly agree that the cost of a chip implementing a specific
algorithm is not really a sustainable expense for the desktop PC.
But, as for the original subject of the thread, I think that having
things like bit transpose instructions (i.e., bit matrix multiply) on
general-purpose microprocessor chips would be useful for a wide
variety of algorithms, and that could be justified. That kind of thing
could even be used for other applications besides cryptography: for
example, rapidly converting to and from a bit-board representation in
a chess program.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: cray and time needed to attack
Date: Mon, 10 Jul 2000 00:43:29 GMT
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> In article <8k5f7u$5r6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> [ ... ]
>
> > Are you being deliberately obtuse or are you just plain stupid?
>
> It's funny -- I had almost exactly that sentence in the message to
> which you replied, before I decided to give you the benefit of the
> doubt and erased it.
>
> > Even a machine 10x faster than a Cray C90 will take ~6 million days
> > to solve the matrix mod 2.
>
> Obviously.
>
> > I suggest you learn how to do arithmetic. You clearly can't.
>
> Bob, you're lying and we both know it.
>
> Let's try this skipping the intermediate steps. The Cray C90 had a
> main memory cycle time of around 30 ns (maybe faster for later
> models).
It was a later model. BUT
You seem excessively focused on cycles time, as if it translates
directly into computer speed. I will give a hint: It doesn't.
Further, the block lanczos algorithm on a 64-bit VECTOR machine
will far outperform even a faster, scalar processor with lower cycle
time.
>
> Right now, Samsung is working on the Alpha 21464, which will include
> memory with a cycle time of under .3 ns.
Perhaps for on-chip cache. What about the 10 to 100 Terabytes
of memory that will be needed to hold the matrix?
>
> Now, if you want to talk about arithmetic ability, try this: explain
> how 30 divided by .3 gives only the 10:1 improvement you cite above.
Retard. All I said that a 10:1 speed improvement would reduce the
problem mod 2 to 6 million days. I gave no assumptions about what
increase is actually achievable. That is you putting words in
my mouth.
And you are assuming that lowering cycle time by a factor of 100
will decrease run time by the same amount. I'll give you a hint:
It won't come close except for problems that fit entirely in cache.
If you think we will have Cray
class (i.e. large memory, low latency, vector machines) that perform
10x faster than current Crays within the near future, then there is
a bridge I know for sale in Brooklyn....
>
> At least the way I do arithmethic, the difference is 1000:1.
I said you couldn't do arithmetic and I was right. 30/.3 = 100,
not 1000.
> A
> machine 1000 times faster than the C90 will obviously do the job in
> roughly 60,000 days.
For a matrix mod 2 ? YES. But to do a 1024-bit DL, you will
need to solve it modulo a 1024 bit number. You keep ignoring this.
Do you have any understanding of how much of a slowdown occurs in
going from mod 2 to mod a 32-bit prime???
(1) When working mod 2 one can add 64 columns at once via a single
xor. Working mod p means doing 64 separate additions mod p. And
mod p additions are more than twice as slow as an xor.
(2) You have to solve the matrix 33 times, then paste the results
together with the CRT.
So. In going from mod 2 to mod 32-bit prime loses a factor of "about"
128 in adding columns of the matrix together (and the Block Lanczos
method is very efficient in handling 64 x 64 bit sub-blocks mod 2 on
the CRAY). You also get another factor of 33 from having to solve
the matrix multiple times mod single precision primes.
Machines which provide full support for 64 bit arithmetic can cut
the factor of 33 down to 17.
Solving the matrix for a 1024-bit DL problem is therefore "about"
4000 (33 x 128) times harder than solving it mod 2 (for an RSA
factorization)
Therefore, a machine 1000 times faster than the CRAY will only
take 240 million days to solve it.
This is what I meant when I said that you couldn't do arithmetic.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Random Numbers
Date: 9 Jul 2000 21:01:43 -0500
In article <8kb192$9h7$[EMAIL PROTECTED]>,
David Hyde <[EMAIL PROTECTED]> wrote:
>"David Hyde" <[EMAIL PROTECTED]> wrote in message
>news:8kac12$nk2$[EMAIL PROTECTED]...
>> Does anyone know how to convert a random bit stream into random 16-bit
>> numbers with uniform distribution?
>Sorry I left out some detail about the random bit stream. The bit stream
>has been generated from a white noise source I built from a zener diode, a
>couple of op-amp stages and a comparator. Although the bits produced are
>independent of each other, there is a bias that can't be removed by
>adjusting the dc mean level of the noise. Therefore I was asking if there
>is a way of processing the bit stream to produce 16-bit random numbers with
>a uniform distribution?
Diodes tend to have rather nasty types of dependence.
There are ways to remove this, and the bias. The easiest
to carry out, if enough are available, is to add the blocks
with or without carry, discarding the overflow. It would
be better to have the blocks widely separated in time; even
storing the numbers and doing this weeks later is not a bad
idea.
Doing anything more sophisticated depends on assumptions,
and these should be discussed in person to someone who
understand probability assumptions.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Any crypto jokes? (potentially OT)
Date: Sun, 9 Jul 2000 22:35:34 -0400
[EMAIL PROTECTED] wrote in message <8k1ol9$p2k$[EMAIL PROTECTED]>...
[snip]
>
>How many cryptographers does it take to change a light bulb?
>
[snip]
Must have missed a bunch having not enough time to read every in
sci.crypt.
I must take it _SERIOUSLY_ that this is about _JOKES_.
Do not know what exact type of humour you want but there are
undoubtedly tons of kinds.
There are certainly light ones (or lightbulb ones?). First, I
would like to make one comment. You are not following the accepted
conventions. Describing a sacred job as lswap? Sub-impressive at best.
Look at the names other people give: Dining Philosophers, Dining
Cryptographers, and so forth. You probably should adopt Philosophing
Cryptocrafters on Fast, then the answer to your question becomes
clear and obvious. Philosophing while crafting? I think everyone can get
the sense of how that differs from other commonplace stuff. Familiar
with the three-way handshake in communications? The worldly fellas give
up after three while the philosophing one can be imagined to go on
forever so as to take a quantum leap in order that the states of
changed^2n and changed^(2n+1) stablizes along the never-ending
interxchange. (A note: necessary and sufficient that �no need for
food�, for if such a perpetual motion machine, we will need an infinite
amount of food. The feasibility of obtaining that can only be shown when
it is shown). Therefore, the reknowned cryptocrafter Alice (who needs no
food ever) can do your sacred job alone without any other help (and we
should not worry about how she does the job or how long it takes. She
does it without the need for proof in addition to the absence of food).
However, according to the user manual of Tweedle Machinery, Adi can too.
Only problem: who the Eden is this Adi gal?
An aside. I am not kidding that it is a sacred task. If you prove
that �how many� is totally meaninglessly irrelevant because the b you
are to change is still illuminating (or equivalently that the other b in
your hand has no wick as the one you are to change), there will still be
a hoard pilgrimaging to the task. Indication of its sacredness.
There are minor ones and I can almost pick one at random. Know the
three-pass one? Never mind there is already a two-pass one. The more the
better, but in case you do not know that it is a joke to use OTP. Why?
�cause it is a joke! Don�t use your brain. Cat�s stuff always applies
(did I ever mention that?) You copy. And you do not have to suspect that
OTP is spelt wrong approximately about the first letter. (But we are
talking about being commutative)
There are political ones about truth. Truth is truth. Why get
politics involved? Maybe in politics, truths are truer than the truest.
Particularly, you can challenge truth, just as you do in mathematics.
However, you can do better in court with a political one. You can even
challenge whether the word �truth� itself is �true�. A joke is a joke,
anyway. Why get political professionals entangled? Possible that jokes
could then be better ones. In politics you state some �truth� and at the
same time you make a statement. You make a statement that e-signatures
are valid by validating the legislation of e-signatures with an
e-signature. Never mind which e-signature is the first legitimate one,
though.
There are those that can be sensed only if you have strong
business sense. Just imaging that a reputable company in the data
security industry sensed the boom in economy and saw the opportunity in
expanding its scientific business in the direction of law enforcement.
There can be constitutional ones as well. How many of you are
concerned that the coverage of First Amendment is dwindling? Baseless.
You can still chant "Long live George Mason". The support has its
wide grass-root base. Even in mathematics --- an unlikely branch of
society for such a thing, it is demonstrated that pornography (easily
mistaken as mis-spelt cryptography) is to be upheld, at least in one
special form: porn promoted by His Royal Family. (BTW, math does go its
own peculiar way. First the proof of a special case before
generalization). So, come on and join the procession. (Small, very
inaudible whisper: do not utter a word while marching! This is for your
precaution in case one day the supreme court overturns the support. But
then the court can see that you did not explicitly advocate that kind of
obscenity and let you off the easily. Of course, you in the meanwhile
would not look as stupid as those being left out of the parade.)
There are practical ones like the one that asserts that Gaussian
Elimination used to improve on Lettuce RedUCsin is not one.
There are also brutal ones like some household-name mathematician
(household by now at least) who wrote �volumes� on complexity theory in
� (year inconsequential but could be some quite ancient date) setting
the rules for what closure complexity theory encompasses, pre-dating the
notorious Complete Theorem (which is not really about completeness
anyway), decreed that complexity theory would forever on be complete and
any understanding must be confined in tight-shirt within the enclosure
and new tomes must necessarily be from print shops only. Exact
repetitions/reprints by the conventions to be exact. (BTW, don�t we see
the inseverable link between math and philosophy? What marvelous proof
of causality! Our miserable future must be decided by tolower(H)is grand
past!)
There are also obscure ones like ROSicoNP which is bloated with
obscurity.
There are even pathetic ones. It has been years but people are
still struggling with P-Time and P-Space!
There are puzzling ones life plays on you like the one in another
post I just sent out for the WWW Puzzle.
And there are cruel ones � But not knowing just what kind you
desire, afraid of falling into the infinite loop of listing on.
Actually, if you roam the streets of the city of A Piece of
CRyptographic APplication, at every corner you turn you can see a nice
piece of shining stone that is a pretty dim joke. OTP, Public Key, etc.
etc. Believe me. Every corner-stone� Oh, no, no! I only meant to say: a
stone around every street corner (and I should go the tedious TM way and
take no short-cuts). Sorry! I am so very sorry! So �a stone around every
street corner� and not just simply �every corner-stone�.
But of course, there can be serious ones as well. ROSi may make an
announcement some time soon. I mean serious announcement. In case you
lack this kind, a brief note may be attached as a follow-up to the
announcement, where you may get a serious one about some serious
matter. Repetition never bores and the re-iteration of the word
�serious� is to foretell that serious jokes do exist and, above all,
that the maybe-made announcement by ROSi will be a serious one and not a
joke and that the joke itself will be serious.
Before I call it a day, I want to make it tangible about one funny
thing. In this discipline, everything could seem so sure even though one
can hardly be sure about his/her whereabouts the next day. I said �may
make� and did not dare say �will make�. Who knows that the plane I
travel in won�t be blown to pieces in the sky? :)
--- (My Signature)
P.S.
Proof of equivalence: or while soaring on the solid earth.
------------------------------
From: Iain McClatchie <[EMAIL PROTECTED]>
Crossposted-To: comp.arch
Subject: Re: Proposal of some processor instructions for cryptographical
Date: Sun, 09 Jul 2000 19:36:30 -0700
David> No matter which AES candidate is chosen, it is likely to run
David> at about 20 cycles/byte,
Then there is no need for hardware encryption on the PC, because by
far the largest cost is in messing with APIs and such. No need for
encryption primitives in the CPU's ISA either.
Perhaps if a user wished to encrypt his on-disk data and programs,
there might be a need for hardware crypto, but I don't see that
kind of security gaining much popularity in PCs.
In the non-PC space I see a very healthy market for hardware crypto.
The VPN / edge router / firewall boxes certainly need it, as they
are rapidly scaling towards OC-192 (10 Gb/s), and battery-powered
and networked devices may need hardware crypto simply because a
processor implementation burns too much power.
The AES entries are interesting in their apparent lack of concern
over power dissipation and state bits. DES, designed in the early
70s when hardware was expensive, may end up more considerably more
power efficient than any of the AES entries when all are implemented
in hardware. This could be an issue for G3 1 Mb/s cell phones
sending crucial financial information from beachfront gazebos after
being in the hot sun all day long propping up a wobbly table holding
a few Coronas and tanning lotion.
-Iain McClatchie 650-364-0520 voice
http://www.10xinc.com 650-364-0530 FAX
[EMAIL PROTECTED] 650-906-8832 cell
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Use of EPR "paradox" in cryptography
Date: Mon, 10 Jul 2000 03:12:54 GMT
Bill Unruh wrote:
[snip]
> And your attacker can just intercept on of the epr pairs,
> read it and send on to you the output.
True about interception, but it's easy to detect if this has
occurred. If someone intercepts and re-sends data, then
there is a 25% chance of polarization being changed (per bit
intercepted).
> That is why the protocol is more complex.
Well, also to be sure you're both using the same polarization
on each bit read. If one of you measures "X"-wise to use "/" and
"\" as 0 and 1, and the other mesures "+"-wise to use "|" and "-"
as 0 and 1, then you're going to have problems.
> > Is it the expense of EPR machinery which prevents widespread
> > use?
Not precisely... its the fact that you need either a laser or
uninterrupted fiber optic line set up between the two ends if
you want to use it. Conventional cryptography, OTOH only needs
a digital communication line, and some software or [relatively]
cheap hardware.
> > How much does a setup cost? Could it be built out of
> > open-market materials?
>
> Read the literature.
------------------------------
From: Bruce Hoult <[EMAIL PROTECTED]>
Crossposted-To: comp.arch
Subject: Re: Proposal of some processor instructions for cryptographical applications
Date: Mon, 10 Jul 2000 16:04:12 +1200
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Transposition is one of the basic operations in cryptography.
> However, it is in my view poorly supported currently by processor
> instructions at the bit level at which all modern block ciphers
> operate. For, while there are AND, OR and SHIFT/ROTATE
> instructions to realize any arbitrary permutations of the bits
> of a computer word, it can be very cumbersome and hence
> inefficient to do so. Thus I like to suggest that future
> processors will have an instruction to facilitate implementation
> of encryption algorithms that employ arbitrary, eventually
> dynamically determined, permutations of bits. Such an
> instruction will naturally need two operands, one referencing
> either a register or memory word and the other an arrary of
> bytes/words that specify the target positions of the individual
> bits.
Too late -- you just described the "permute" instruction of the PowerPC
"G4" (PPC 7400), as used in the "G4" Macintosh.
You can download a PDF of the manual at Motorola's web site. The ISA
details have been published for at least 2 - 3 years now.
-- Bruce
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
