Cryptography-Digest Digest #284, Volume #12 Tue, 25 Jul 00 05:13:00 EDT
Contents:
Group-Key Exchange, Group Encryption ("jcyoon\(stitec\)")
Re: Playing with an 8 bit cipher. (Runu Knips)
Re: 8 bit block ciphers (Runu Knips)
Re: PGP US Versions Broken,no good?? (Bill Unruh)
Re: Database encryption (Runu Knips)
Re: School question for you regulars. (Runu Knips)
Re: Database encryption (those who know me have no need of my name)
Re: School question for you regulars. ("Trevor L. Jackson, III")
Re: Hash function? (those who know me have no need of my name)
multicast-messaging? ("Çã½ÂÈ£")
Re: Proving continued possession of a file (Mark Wooding)
Re: Group-Key Exchange, Group Encryption (=?iso-8859-1?Q?Tom=E1s?= Perlines Hormann)
Re: CypherCalc - Any good? (Mark Wooding)
Question.How to avoid weak curves? ("Sergio Arrojo")
Re: AESC-stream cipher ([EMAIL PROTECTED])
Re: Can Anyone Recomend A Good Intro Text (Tim Tyler)
----------------------------------------------------------------------------
From: "jcyoon\(stitec\)" <[EMAIL PROTECTED]>
Subject: Group-Key Exchange, Group Encryption
Date: Tue, 25 Jul 2000 15:58:36 +0900
Does anyone know about group-key exchange and group encryption?
Any article, paper, homepage will help me.
Can anybody helps me out here?
------------------------------
Date: Tue, 25 Jul 2000 08:35:09 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Playing with an 8 bit cipher.
Mack wrote:
> I have been playing with an 8-bit cipher.
>
> The basic idea is that you take the array
> from SQUARE as the s-box.
>
> the round consists of simply substituting
> then adding a key byte mod 256.
>
> No fancy key schedule.
> Not very elegant.
> But very simple.
>
> Could be useful for making
> key dependent s-boxes.
>
> Potentially subject to related key attacks.
> Changing one key byte in a linear manner
> cycles the location of each byte through
> every position in a somewhat nonlinear
> manner. This makes the distribution of
> resulting s-boxes very "smooth".
>
> Suggestions? Comments?
>
> ---------------------------------------------------------------
> typedef unsigned char byte8; /* 8 bit */
> typedef unsigned short word16; /* 16 bit */
>
> byte8 S_GAMMA[0x100] =
> {0xb1,0xce,0xc3,0x95,0x5a,0xad,0xe7,0x02,0x4d,0x44,0xfb,0x91,0x0c,0x87,0xa
> 1,0x50,
> 0xcb,0x67,0x54,0xdd,0x46,0x8f,0xe1,0x4e,0xf0,0xfd,0xfc,0xeb,0xf9,0xc4,0x1
> a,0x6e,
> 0x5e,0xf5,0xcc,0x8d,0x1c,0x56,0x43,0xfe,0x07,0x61,0xf8,0x75,0x59,0xff,0x0
> 3,0x22,
> 0x8a,0xd1,0x13,0xee,0x88,0x00,0x0e,0x34,0x15,0x80,0x94,0xe3,0xed,0xb5,0x5
> 3,0x23,
> 0x4b,0x47,0x17,0xa7,0x90,0x35,0xab,0xd8,0xb8,0xdf,0x4f,0x57,0x9a,0x92,0xd
> b,0x1b,
> 0x3c,0xc8,0x99,0x04,0x8e,0xe0,0xd7,0x7d,0x85,0xbb,0x40,0x2c,0x3a,0x45,0xf
> 1,0x42,
> 0x65,0x20,0x41,0x18,0x72,0x25,0x93,0x70,0x36,0x05,0xf2,0x0b,0xa3,0x79,0xe
> c,0x08,
> 0x27,0x31,0x32,0xb6,0x7c,0xb0,0x0a,0x73,0x5b,0x7b,0xb7,0x81,0xd2,0x0d,0x6
> a,0x26,
> 0x9e,0x58,0x9c,0x83,0x74,0xb3,0xac,0x30,0x7a,0x69,0x77,0x0f,0xae,0x21,0xd
> e,0xd0,
> 0x2e,0x97,0x10,0xa4,0x98,0xa8,0xd4,0x68,0x2d,0x62,0x29,0x6d,0x16,0x49,0x7
> 6,0xc7,
> 0xe8,0xc1,0x96,0x37,0xe5,0xca,0xf4,0xe9,0x63,0x12,0xc2,0xa6,0x14,0xbc,0xd
> 3,0x28,
> 0xaf,0x2f,0xe6,0x24,0x52,0xc6,0xa0,0x09,0xbd,0x8c,0xcf,0x5d,0x11,0x5f,0x0
> 1,0xc5,
> 0x9f,0x3d,0xa2,0x9b,0xc9,0x3b,0xbe,0x51,0x19,0x1f,0x3f,0x5c,0xb2,0xef,0x4
> a,0xcd,
> 0xbf,0xba,0x6f,0x64,0xd9,0xf3,0x3e,0xb4,0xaa,0xdc,0xd5,0x06,0xc0,0x7e,0xf
> 6,0x66,
> 0x6c,0x84,0x71,0x38,0xb9,0x1d,0x7f,0x9d,0x48,0x8b,0x2a,0xda,0xa5,0x33,0x8
> 2,0x39,
> 0xd6,0x78,0x86,0xfa,0xe4,0x2b,0xa9,0x1e,0x89,0x60,0x6b,0xea,0x55,0x4c,0xf
> 7,0xe2} ;
>
> byte8 convert(byte8 key[32],byte8 byte)
> {
> int i;
>
> for (i=0;i<32;i++)
> byte=S_GAMMA[byte]+key[i];
> return byte;
> }
This cipher can be tranformed to be :
________________________________________________________
unsigned char sbox[256] = { ... as above ... };
unsigned char tbox[256];
void setkey (unsigned char key[32])
{
unsigned char ch;
int i, j;
for (i = 0; i != 256; ++i) {
ch = i;
for (j = 0; j != 32; ++j) {
ch = sbox[ch] + key[j];
}
tbox[i] = ch;
}
}
unsigned char convert (unsigned char ch)
{
return tbox[ch];
}
________________________________________________________
Can you see that this cipher is nothing but a simple
substitution ? Even plaintext attacks are not that
hard to do. Just drop the idea you have to use 8 bit
blocks because you're low on memory. Implement
Twofish, it requires only 64 byte RAM and offers you
the full security of a modern cipher.
------------------------------
Date: Tue, 25 Jul 2000 08:51:22 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: 8 bit block ciphers
Mack wrote:
> Accept I don't have 64 bytes to play with.
He also said before:
> I am looking for something that could be implemented without
> having the entire table in memory. For example only using
> 32 bytes.
You said 'for example' so I thought you meant 'for example'.
Well, with only 32 byte, I guess you still can implement
Twofish or Serpent, at least in a 128 bit only version.
You have to drop the factory key of Twofish, for example,
and compute the elements of the vector S again and again,
but it should be possible. Or you have to transform the
key bits of Serpent forward and back in every round.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: alt.security.pgp
Subject: Re: PGP US Versions Broken,no good??
Date: 25 Jul 2000 06:58:20 GMT
In <[EMAIL PROTECTED]> Sundial Services <[EMAIL PROTECTED]>
writes:
>Frankly, I doubt that there is very much in the way of commercial (i.e.
>non-classified) encryption that the NSA cannot break. If it were
>otherwise, I'd be having some serious questions about what all that tax
>money is being spent for.
And I believe that the US government really has a cure for cancer and
death. After all look at all of the money they have spent on health
research. But clearly it is only being used on important people and
being kept from the common man.
[Or perhaps there exist problems which are difficult to solve even with
a lot of money, but that could not be the explanation in either of these
cases, could it.]
------------------------------
Date: Tue, 25 Jul 2000 08:58:16 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Database encryption
Kevin Crosbie wrote:
> I need to secure data inside an oracle database. The data can be
> manipulated(encrypted) before entry, and can then be decrypted on access.
>
> Basically I don't want to need to store a secret key on the system that
> someone can get access to and see all of the sensitive data. I also need
> this to be quite fast.
>
> Every way I look, I see that there is a single system secret which will be
> the hole in the system.
>
> My system takes in requests which I must store, in encrypted form. Hashing
> is useless, because I still need the data afterwards.
>
> Is a hardware solution the only real secure solution? or is there a
> protocol out there which would solve what I'm trying to do?
I'm confused about your targets. You say you want to store data
securely,
but then again you say nobody should be able to decrypt it ??? And why
should hardware help you with this task ????? If your program can use
any hardware to do this job, why can't another program use the same
hardware ???????
I would normally solve the problem of storing data securely by
encrypting
it with a key the user provides. Please explain what else you want if
this
is not the correct solution.
------------------------------
Date: Tue, 25 Jul 2000 09:02:34 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: School question for you regulars.
The Gorf wrote:
> My desire is to do signal analysis/processing, cryptanalys, and similar
> fields.
Thats no question. You don't need to study software design and all
these other things computer scientists have to learn to work in
those fields. If you want to work in these fields you have to
know math.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Database encryption
Date: Tue, 25 Jul 2000 07:11:49 GMT
<8liuob$[EMAIL PROTECTED]> divulged:
>Basically I don't want to need to store a secret key on the system that
>someone can get access to and see all of the sensitive data. I also
>need this to be quite fast.
where can you place the solution -- in the application, by interposing some
middleware, or must it be via triggers? if you can alter the application
you can prevent most types of snooping that would obtain the cleartext, and
it's the logical place to interact with the user. if you have to produce
middleware or handle it via triggers then an out-of-band communications
channel with the user has to be created, and protected, as well.
other than oracle, what is the environment?
must the data be recoverable should the primary key-holder become
unavailable? and if so what are the constraints, such as data size
increase vs risks of shared keys?
>Is a hardware solution the only real secure solution? or is there a
>protocol out there which would solve what I'm trying to do?
hardware may be required, depending on what "quite fast" is in relation to
the mechanism you choose.
--
okay, have a sig then
------------------------------
Date: Tue, 25 Jul 2000 03:24:12 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: School question for you regulars.
The Gorf wrote:
> I hope this is acceptable to post, but if I offend I apologize in advance.
> I am eager to start my Coolege career but am unsure of what direction to go.
> I am very interested in Computer Science, but I fear that while I will build
> strong programming skills, I might not gain the solid math I want. On the
> other hand if I go Mathemtaics I may lose programming skills. My desire is
> to do signal analysis/processing, cryptanalys, and similar fields. I
> realize this will take much math and software skills. But I am not sure
> again as to which is the best course of action. If any of you guys out
> there would care to share some of your wisdom I would greatly appreciate it.
> I have been reading this group for a bit and must say that the content
> always excites me even though I can only just understand what is going on.
> Thanks again!
Schools are _much_ better at teaching mathematics than they are at teaching
programming skills. Thus majoring in math is quite likely to give you a
reasonable grounding in mathematics. Majoring in CS is unlikely to give you a
reasonable grounding in programming skills.
Note that programming skills are not the same as computer science.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Hash function?
Date: Tue, 25 Jul 2000 07:26:41 GMT
<[EMAIL PROTECTED]> divulged:
>Second, I do not have a Web site,
are you really a worldnet customer? if so you can have a web site, if
you wish -- see http://home.att.net/ for more information.
[wrapped]
FAQ: How much does the Personal Web Pages @att.net feature cost?
All AT&T WorldNet Service members, regardless of their price
plan, receive 10 megabytes of Web space (per e-mail ID) FREE.
--
okay, have a sig then
------------------------------
From: "Çã½ÂÈ£" <[EMAIL PROTECTED]>
Subject: multicast-messaging?
Date: Tue, 25 Jul 2000 07:44:24 GMT
Can anyone help me out?
When developing XML based networking system,
- Multicast-messaging
- Designing group-key exchange
- Designing group-encryption
- and so on...
should be required.
Does anyone ever try to construct mulicast-messaging system or group
encryption/exchange?
I beg your help.
Thanks for any help...
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Proving continued possession of a file
Date: 25 Jul 2000 08:23:53 GMT
Andru Luvisi <[EMAIL PROTECTED]> wrote:
> Define Gen(n,b,i) = b + n*i Pick primes p and q. Let n = p*q.
>
> When alice gets the file, she breaks it up into blocks of some size,
> and numbers them x_1 through x_m.
>
> She computes: summary = (x_1^Gen(1, b, i)) * (x_2^Gen(2, b, i)) * ... mod n
>
> She saves p, q, n, b, i, and summary in quick-access memory (hard
> drive?) and puts the file away on a tape.
>
> When she wishes to confirm that Bob still has the file, she generates
> a random value, r. She sends Bob:
> b*r mod (p-1)*(q-1)
> i*r mod (p-1)*(q-1)
> n
>
> Bob computes, and sends to Alice:
> (x_1^Gen(1, b*r, i*r)) * (x_2^Gen(2, b*r, i*r)) * ... mod n
>
> Alice raises this result to r^-1 mod (p-1)*(q-1) and verifies that it
> matches the saved summary value.
Efficiency tweak: modular inversions aren't ever-so cheap, so it's
probably easier to take the summary S and compute S^r mod n and compare
that. In fact, she can do this separately mod p and q again, and
compare residues. Not to mention that Alice can do this while she's
waiting for Bob's answer.
Each of the x_i must be smaller than n, otherwise Bob can reduce them
mod n. I assume that b and i are large too. Assuming that \phi(n) is
approximately the same size as n, the total length of the exponents is
about the same size as the entire message x, only there's also some
extra multiplications. Slightly larger, in fact, since Bob can't reduce
b r + k i r mod \phi(n). I suspect, then, that this is actually more
effort than simply computing g^x mod n (especially since keen Bobs can
do serious precomputation on the exponent if they feel like it). Or
have I misunderstood something?
If m is small, we can be clever because Bob can use the simultaneous
exponentiation trick described for ElGamal and DSA verification in HAC
chapter 13; for large m this trick is a loser because it uses O(2^m)
storage for precomputed values.
(Oh, by the way, your definition of Gen reuses the variable n; I assume
that this is actually a completely separate variable.)
> Will this work?
I can't see any attacks offhand.
-- [mdw]
------------------------------
From: =?iso-8859-1?Q?Tom=E1s?= Perlines Hormann <[EMAIL PROTECTED]>
Subject: Re: Group-Key Exchange, Group Encryption
Date: Tue, 25 Jul 2000 10:35:41 +0200
Look at:
http://paris.cs.berkeley.edu/~perrig/secmcast.html
http://www.ipmulticast.com/community/smug/
I am searching for such group communication as well, but as far as I
have seen nobody has finishe any implementations... if you find any
please report 'em to me, would you?
We are desperate in finding group key exchange and authentication!
"jcyoon(stitec)" wrote:
>
> Does anyone know about group-key exchange and group encryption?
> Any article, paper, homepage will help me.
> Can anybody helps me out here?
--
Quick answering: mailto:[EMAIL PROTECTED]
Check it out: http://www.weh.rwth-aachen.de/~tomas
Do it Now!
:o) Tomás Perlines (o:
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: CypherCalc - Any good?
Date: 25 Jul 2000 08:30:15 GMT
Doug Stell <[EMAIL PROTECTED]> wrote:
> We are considering the purchase of CypherCalc for the generation of
> public key test vectors. Does anybody have an opinions on this
> product?
>
> If there are other products, preferably Windows based, that you know
> of, please send me a pointer. We've tried UBASIC and PARI with no
> success and I have not been able to locate any others.
In the development of my Catacomb library, I've been greatly helped by
`calc', a multiprecision calculator with a C-like programming language
originally written by David I. Bell and now maintained by Landon Curt
Noll. It's free software and runs on most Unix boxes. There's a Debian
package `apcalc' which is useful if you run Debian.
-- [mdw]
------------------------------
From: "Sergio Arrojo" <[EMAIL PROTECTED]>
Subject: Question.How to avoid weak curves?
Date: Tue, 25 Jul 2000 10:38:23 +0200
Reply-To: "Sergio Arrojo" <[EMAIL PROTECTED]>
Are any other conditions to be considered, apart from the MOV and Anomalous
conditions (and the recently discovered of m not being a composite), for an
elliptic curve in order not to be efficiently attacked (to show weaknesses)?
Are there any further attack I should know about in order to prevent
weaknesses in the chosen elliptic curve?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AESC-stream cipher
Date: Tue, 25 Jul 2000 08:21:23 GMT
Dear Jerry,
Thank you very much for your investigation.
I suppose that your approach measures performance of
Input/output file system mostly and not of the
Algorithm.
I would like suggesting following steps.
1. Take any file for encryption with the length of 256 byte.
2. Modify first call to encryption in AlexMainDlg.pas as follows:
For I:=0 to NNNN do <call to encryption>
3. Then use stop watch to measure this loop call.
I think that 99% of performance takes key schedule.
This is why it is not reasonable to use a script for
Multiple starting of the program. The approach above helps
to separate performance of encryption algorithm from I/O
system and key schedule.
Best regards.
Alex.
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> In article <8lhbn8$h1v$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
>
> [ ... ]
>
> > Performance of this implementation is 190 Mbyte/sec.
> > It was measured sending 256 byte in loop 777215 times.
>
> This still means absolutely nothing: you've GOT to provide reasonably
> complete specs on the machine and the data involved for a
> specification of performance to mean anything.
>
> To get an idea of real performance, I did a benchmark myself. I
> grabbed a copy of one of the many programs from your website
> (aesc.zip) and after looking over the source code, I used your
> program to encrypt a large file (136,314,880 bytes). Averaging over
> three runs, this took 150.1 seconds. I then timed making a simple
> copy of the same file. This took 29.2 seconds. Subtracting the two,
> I got a time of approximately 120.9 seconds for the actual
> encryption. Dividing that by the amount of data, I got a speed of
> barely over one megabyte per second.
>
> This testing was done on a 400 MHz Pentium II with 256 Megabytes of
> RAM. There were a number of other processes on the machine, using a
> total of approximately 3% of the CPU bandwidth. Given the testing
> methodology, I don't think the disk speed makes any real difference.
>
> --
> Later,
> Jerry.
>
> The universe is a figment of its own imagination.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Recomend A Good Intro Text
Reply-To: [EMAIL PROTECTED]
Date: Tue, 25 Jul 2000 08:54:22 GMT
James Pate Williams, Jr. <[EMAIL PROTECTED]> wrote:
: Two introductory texts with nice exercises (in my opinion):
: _A Course in Number Theory and Cryptography_ by Neal Koblitz
: _Cryptography: Theory and Practice_ by Douglas R. Stinson
: Two number theory books with chapters on cryptograhy:
: _Number Theory in Science and Communication_ by M.R. Schroeder
: _Number Theory with Computer Applications_ R. Kumanduri and C. Romero
: A book with a chapter on public-key cryptography:
: _Prime Numbers and Computer Methods of Factorization_ by Hans Riesel
Note that - compared to some of the other books discussed on this thread,
most of these books significantly more technically demanding.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Destroy Microsoft.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
