Cryptography-Digest Digest #507, Volume #12 Tue, 22 Aug 00 14:13:01 EDT
Contents:
Re: My unprovability madness. (James Felling)
Re: Kelsey, Schneier, Wagner and Hall reference "the Codebreakers" (Robert S.
Meineke)
Re: New algorithm for the cipher contest ([EMAIL PROTECTED])
Re: New algorithm for the cipher contest ([EMAIL PROTECTED])
Re: Hidden Markov Models on web site! (Gunnar Evermann)
Re: blowfish problem ("Douglas A. Gwyn")
Re: Question on Decorelation Theory (Mark Wooding)
Re: Kryptos and Gillogly (Achilles Outlaw)
Re: Decryption (Mok-Kong Shen)
Re: My unprovability madness. ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: My unprovability madness. (Future Beacon)
Re: Directions (Mike Rosing)
Re: PKI (Mike Rosing)
Re: The future direction ... (Mike Rosing)
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: James Felling <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Date: Tue, 22 Aug 2000 11:33:35 -0500
Future Beacon wrote:
> On Mon, 21 Aug 2000, Douglas A. Gwyn wrote:
>
> > Future Beacon wrote:
> > > ... mean attack. Dealing with this kind of discourteousness ...
> > > On Mon, 21 Aug 2000, Bob Silverman wrote:
> >
> > What Bob Silverman said was correct and not especially "mean"
> > or "discourteous".
>
> Douglas,
>
> If you're interested, the message below was selectively answered to
> make it appear that I disagree with Goedel's theorem.
>
> I don't agree with you in your assessment of the discourteousness
> involved, but I may have taken it worse than it was intended. I am
> fed up with all of the dirty tricks and unkindness. I will be more
> careful about accusing anybody, but something has to be done.
>
> Jim Trek
>
> ---------------------------------------
>
> On 20 Aug 2000, Keith Ramsay wrote:
>
> .
> .
> .
> > Goedel was careful not to assume anything speculative in his proof.
>
> He was careful to specify the formal system Principia Mathematica
> (PM). To characterize that system as not speculative is to simply
> dismiss out of hand my suggestion that it may not be acceptable to
> everybody.
I agree that it may not be acceptable to everyone, however PM's system is
equivalent to or a subset of pretty much every major branch of mathematics(
and I would be inclined to say all branches, but not having examined all
branches I will not claim such) -- geometry, set theory, algebra, basicly
anything where the concepts of addition, proof, and variable make sense. I
concur that PM may not be acceptable to everyone, but I know of no math for
which it or equivalent axioms fail to hold.
>
>
> > The notion that the conclusion is wrong is what is wildly speculative.
>
> I did not say that his conclusion is wrong. It is right.
>
> .
> .
> .
>
> Keith,
>
> It seems to me that we are not talking about the same thing. The
> foundations of any system must include definitions and may include
> axioms.
Any system that is useful includes at least some axioms.( adding two numbers
to gether must always produce a unique result), ( one can "choose 1
number"), ("inductive reasoning works")
> If we get weird results that cause us problems or poorly
> serve our purposes, the only place to go is back to the foundations
> of the system (at least in my opinion).
Agreed.
> If we assume that the
> foundation is great, we're done. But to me and a few others
> undecidable questions are not acceptable within a mathematical
> system (at least one that I would want to use). For me, the purpose
> of math is to decide things.
True, but when one looks at physics ( to use a similar example from science)
Physics has as its goal obtaining a detailed and accurate understanding of
the universe around us. Now when a theory models the universe very well,
but has some side consequences that work out very messily ( Uncertanty in
quantum physics, or singularities in relativity to use an example). I may
claim that that theory is bunk, but until an alternative model comes along
and provides a way arround it, or some other workaround is found we use the
tools we have.
Similarly with math if we object to the incompleteness theorem, we need to
find a working math that resolves that issue and can explain what we see
in the rest of it. Until that time the incompleteness theorem will haunt
us. I do not think that a "workaround" mathematics can happen without
striping math of its ability to produce at least some large subset of useful
tools. You can get around Godel in a number of ways -- get rid of
variables, or induction, or limit the space of possible numbers to a finite
set for example. None of these are desirable. Math without variables is
useful, but cannot be used to solve problems or make predictions. Math
without induction, is the most acceptable of those, but this strips us of
the ability to prove numerous simple and obvious statements. i.e. N+3>N this
must either be added as an axiom or proved explicitly for every given N that
it is to be used for.( also not a hugely useful branch of math), and
limiting the space of numbers means that some factual statements will be
undecidable under our system.( the numbers involved are too big or too
small)
>
>
> I have noticed that I am alone in this view among the people writing
> to this thread. I think that the axioms are fine with them,
> undecidability and all. My issue is an unwanted distraction.
>
I for one can accept maths in which Godel's incompletness is not an issue,
but they are as useful to us as newtonian physics( non relativistic/ non
quantum) -- for much of what we do they work fine, but there are things that
they simply cannot be used for.
>
> I don't believe that I characterized Goedel's conclusions as
> speculative, but if it sounded that way, please allow me to
> retract that impression.
>
> I am happy to leave it there.
>
> Jim Trek
> Future Beacon Technology
> http://eznet.net/~progress
> [EMAIL PROTECTED]
------------------------------
From: Robert S. Meineke <[EMAIL PROTECTED]>
Subject: Re: Kelsey, Schneier, Wagner and Hall reference "the Codebreakers"
Date: Tue, 22 Aug 2000 09:30:51 -0700
James:
I don't remember this from _The_Codebreakers_ but it has been a
while since I have read the book. In _Spycatcher_, Peter Wright
discusses operation ENGULF wherein MI5 used acoustic microphones
to record the clattering of Hagelin machines in order to educe the
core settings. Chapter seven of that book gives some detail of the
process including its installation in the Egyptian Embassy, etc.
Perhaps _Spycatcher_ could be of some use to you...or my synopsis
might help you track it down in _The_Codebreakers_.
Best regards,
Robert
On Fri, 18 Aug 2000, James Muir wrote:
>This is a repost with a new subject line. I hope it catches someone's
>eye.
>
>In a paper on side channel cryptanalysis the authors ( Kelsey, Schneier,
>Wagner and Hall ) mention a reference from Kahn's "The Codebreakers"
>where a mechanical enciphering device was comprised when an adversary
>recorded the clicks of the gears as it operated. I'd like to read that
>passage from myself -- could someone point me to the right chapter or
>page?
>
>Thanks.
>
>-James
>
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New algorithm for the cipher contest
Date: Tue, 22 Aug 2000 16:28:10 GMT
In article <8ntl0l$dv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Multiplication is not a group, this means the function doesn't depend
> on all of the bits. In a field it would be better.
>
Multiplication is an *operation*, not a group, field, ring, or any
other mathematical structure. Since when does something being a group
or not depend on whether the operation defined as multiplication depend
on all of it's bits? As an additional note of clarification, the
structure generated by multiplication mod 2^64 is not denoted by Z, but
rather Z/Zn.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New algorithm for the cipher contest
Date: Tue, 22 Aug 2000 16:28:07 GMT
In article <8ntl0l$dv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Multiplication is not a group, this means the function doesn't depend
> on all of the bits. In a field it would be better.
>
Multiplication is an *operation*, not a group, field, ring, or any
other mathematical structure. Since when does something being a group
or not depend on whether the operation defined as multiplication depend
on all of it's bits? As an additional note of clarification, the
structure generated by multiplication mod 2^64 is not denoted by Z, but
rather Z/Zn.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Gunnar Evermann <[EMAIL PROTECTED]>
Subject: Re: Hidden Markov Models on web site!
Date: 22 Aug 2000 17:46:03 +0100
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> Dumb questions: Can the HMM be used for predicting sequences?
You can trivially generate sequences according to the probabilistic
model encoded in the HMM, if that's what you mean.
Gunnar
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: blowfish problem
Date: Tue, 22 Aug 2000 16:06:14 GMT
Kelsey Bjarnason wrote:
> So, am I missing something?
Yes -- through aliasing with array-of-(unsigned)-char,
*all* of the representation of *any* object type is
accessible. (This is guaranteed in the standard; the
technical phrasing is that char does not have a "trap
representation".) Thus there are no unused "padding"
bits in the representation for type char. Or if
there are, they are totally invisible to the entire C
implementation, and so they might as well not exist.
So, for example, if the machine had a 17-bit word,
the C implementation could ignore the 17th bit in
every word for all [data-object] purposes, and that
amounts to treating the machine as just having 16-bit
words in the first place. Something like that has
actually been done for some tagged architectures.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Question on Decorelation Theory
Date: 22 Aug 2000 17:00:56 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Isn't it that one of the AES candidates is based on such a theory? If
> it had 'provable security', why did it fail to get into the final
> round? Because of efficiency? Could someone say something about that
> case in concrete terms? Thanks.
Because (a) the decorrelation module isn't very fast in software and
requires quite a lot of hardware, and (b) if memory is what I remember
it being, the guarantees made by the decorrelation technique are less
wonderful than you might hope for.
I believe that the DFC decorrelation module will resist pairwise
differential attacks, but I'm not aware that it has any special
resistance to higher-order differential attacks.
David Wagner cryptanalysed a decorrelated cipher (one of the COCONUT
family, I believe) in his FSE paper `The Boomerang Attack'.
You can read NIST's official reasons at their website. The report is
given in http://csrc.nist.gov/encryption/aes/round1/r1report.htm. Also,
if you can find a copy, read [KR99].
Decorrelation no longer impresses me.
[KR99] L.R. Knudsen and V. Rijmen, ``On the decorrelated fast cipher
(DFC) and its theory,'' Fast Software Encryption (FSE'99), LNCS
1636, L.R. Knudsen, Ed., Springer-Verlag, 1999, pp. 81-94.
-- [mdw]
------------------------------
From: Achilles Outlaw <[EMAIL PROTECTED]>
Subject: Re: Kryptos and Gillogly
Date: Tue, 22 Aug 2000 17:03:24 GMT
In article <[EMAIL PROTECTED]>,
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> > Achilles Outlaw
> > 26 Wedmath 1993
> > 12.19.7.8.13.8.16 Lord O' Night 2 ----> give or take a millenium
>
> A heretic! 26 Wedmath?? That puts the solstices all out of joint!
>
You're right, I went back and re-did it (but still didn't get yours
exactly(?)), and I'm not sure why I wrote 1993, either, except that I
was in the midst of a seizure (although this isn't exactly the calendar
I grew up with, my family being Greek, and all.)
And a side note to "Collomb"-- Come on, you can't be serious...
--
Achilles Outlaw
A.O. 882
00235.7068, unfortunately, the only one that matters...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Decryption
Date: Tue, 22 Aug 2000 18:43:13 +0200
Herry Koh wrote:
> I am new to this area. For the past few days I have been messing around
> with some encryption algorithm. Nothing complicated, just a few XORs and
> permutations. However, having completed a small program on the
> encryption part, I find the decryption algorithm to be very complicated
> to derive. Most of the literature I have seen concentrated heavily on
> encryption and made no mention of decryption at all. Does anybody know
> any formal (or informal) methods (or tricks of the trade) of deriving
> the decryption algorithm from any general encryption algorithm (apart
> from the obvious method of working backwards, of course).
The context implies that you are doing symmetric encryption.
I don't understand why 'the obvious method of working
backwards' gives you much greater difficulty than in the
forward direction. Could you give a concise sketch of the
relevant part of your work to demonstrate that it is indeed
the case?
M. K. Shen
------------------------------
Crossposted-To: sci.math,sci.physics
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: My unprovability madness.
Date: Tue, 22 Aug 2000 16:13:25 GMT
Nathan the Great wrote:
> Principia Mathematica builds on Cantorian Set theory which posits
> the existence of complete, not just potential, infinite Sets.
It is true that Georg Cantor is to blame for transfinite
numbers, and that a lot of his work involved set theory.
However, PM builds up everything itself and (so far as I
recall) does not posit the existence of infinite sets.
The main weird thing about PM is its theory of types.
> The concept of a 'complete infinite' Set is obnoxious to an
> Intuitionists.
That's true.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Tue, 22 Aug 2000 16:16:11 GMT
Tim Tyler wrote:
> I hope this makes my intended meaning clear. If you are trying to draw
> distinctions between these terms, it might help to explain what you think
> the differences are, so that we are not at cross purposes over terminology.
No, that would involve a very lengthy philosophic essay which is
totally out of place (and which I am not inclined to write, since
the issue is fairly standard and can be looked up in philosophy
texts).
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Date: Tue, 22 Aug 2000 13:14:24 -0400
Mr. James Felling, Sir,
Without endorsing your every point, I must say that if all of
our messages were as civilized as this one, we would see more
professors participating, more informative debates, more effective
public disclosures, and the creation of many more new and useful
proofs.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
On Tue, 22 Aug 2000, James Felling wrote:
>
>
> Future Beacon wrote:
>
> > On Mon, 21 Aug 2000, Douglas A. Gwyn wrote:
> >
> > > Future Beacon wrote:
> > > > ... mean attack. Dealing with this kind of discourteousness ...
> > > > On Mon, 21 Aug 2000, Bob Silverman wrote:
> > >
> > > What Bob Silverman said was correct and not especially "mean"
> > > or "discourteous".
> >
> > Douglas,
> >
> > If you're interested, the message below was selectively answered to
> > make it appear that I disagree with Goedel's theorem.
> >
> > I don't agree with you in your assessment of the discourteousness
> > involved, but I may have taken it worse than it was intended. I am
> > fed up with all of the dirty tricks and unkindness. I will be more
> > careful about accusing anybody, but something has to be done.
> >
> > Jim Trek
> >
> > ---------------------------------------
> >
> > On 20 Aug 2000, Keith Ramsay wrote:
> >
> > .
> > .
> > .
> > > Goedel was careful not to assume anything speculative in his proof.
> >
> > He was careful to specify the formal system Principia Mathematica
> > (PM). To characterize that system as not speculative is to simply
> > dismiss out of hand my suggestion that it may not be acceptable to
> > everybody.
>
> I agree that it may not be acceptable to everyone, however PM's system is
> equivalent to or a subset of pretty much every major branch of mathematics(
> and I would be inclined to say all branches, but not having examined all
> branches I will not claim such) -- geometry, set theory, algebra, basicly
> anything where the concepts of addition, proof, and variable make sense. I
> concur that PM may not be acceptable to everyone, but I know of no math for
> which it or equivalent axioms fail to hold.
>
> >
> >
> > > The notion that the conclusion is wrong is what is wildly speculative.
> >
> > I did not say that his conclusion is wrong. It is right.
> >
> > .
> > .
> > .
> >
> > Keith,
> >
> > It seems to me that we are not talking about the same thing. The
> > foundations of any system must include definitions and may include
> > axioms.
>
> Any system that is useful includes at least some axioms.( adding two numbers
> to gether must always produce a unique result), ( one can "choose 1
> number"), ("inductive reasoning works")
>
> > If we get weird results that cause us problems or poorly
> > serve our purposes, the only place to go is back to the foundations
> > of the system (at least in my opinion).
>
> Agreed.
>
> > If we assume that the
> > foundation is great, we're done. But to me and a few others
> > undecidable questions are not acceptable within a mathematical
> > system (at least one that I would want to use). For me, the purpose
> > of math is to decide things.
>
> True, but when one looks at physics ( to use a similar example from science)
> Physics has as its goal obtaining a detailed and accurate understanding of
> the universe around us. Now when a theory models the universe very well,
> but has some side consequences that work out very messily ( Uncertanty in
> quantum physics, or singularities in relativity to use an example). I may
> claim that that theory is bunk, but until an alternative model comes along
> and provides a way arround it, or some other workaround is found we use the
> tools we have.
>
> Similarly with math if we object to the incompleteness theorem, we need to
> find a working math that resolves that issue and can explain what we see
> in the rest of it. Until that time the incompleteness theorem will haunt
> us. I do not think that a "workaround" mathematics can happen without
> striping math of its ability to produce at least some large subset of useful
> tools. You can get around Godel in a number of ways -- get rid of
> variables, or induction, or limit the space of possible numbers to a finite
> set for example. None of these are desirable. Math without variables is
> useful, but cannot be used to solve problems or make predictions. Math
> without induction, is the most acceptable of those, but this strips us of
> the ability to prove numerous simple and obvious statements. i.e. N+3>N this
> must either be added as an axiom or proved explicitly for every given N that
> it is to be used for.( also not a hugely useful branch of math), and
> limiting the space of numbers means that some factual statements will be
> undecidable under our system.( the numbers involved are too big or too
> small)
>
> >
> >
> > I have noticed that I am alone in this view among the people writing
> > to this thread. I think that the axioms are fine with them,
> > undecidability and all. My issue is an unwanted distraction.
> >
>
> I for one can accept maths in which Godel's incompletness is not an issue,
> but they are as useful to us as newtonian physics( non relativistic/ non
> quantum) -- for much of what we do they work fine, but there are things that
> they simply cannot be used for.
>
> >
> > I don't believe that I characterized Goedel's conclusions as
> > speculative, but if it sounded that way, please allow me to
> > retract that impression.
> >
> > I am happy to leave it there.
> >
> > Jim Trek
> > Future Beacon Technology
> > http://eznet.net/~progress
> > [EMAIL PROTECTED]
>
>
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Directions
Date: Tue, 22 Aug 2000 12:22:43 -0500
Adriano Prado wrote:
> My system is a point-of-sale printer (the one used in supermarket).
>
> There are some (printer) extra commands (like some reports) that are
> only available if the user pay for it. That is, the commands are
> already implemented in the firmware, but to use it, I'd like to send a
> key to the printer. The printer should compute the key, based on its
> serial number, to see if it matches.
>
> The attacker is one who would like to use these commands without paying
> for the key.
>
> I was thinking in use the same process Unix uses to encrypt its
> passwords. The problem is that the serial number has only five or six
> numbers and with this method one who know a little about crypt would
> crack it too easily...
>
> I was thinking in use a simple method, like Caesar crypt, adding a
> number to each char (e.g., adding 1: test -> uftu). Of sure there would
> be improvements on this, but one who hack the firmware would find how
> to compute it...
You got a few other replies so this is just more of the same. How many
units do you think you can sell? How many people will try to steal the
services? Depending on the overall losses, you should look at simple
solutions for not too much loss to very sophisticated systems for
fairly large possible loss. It might be worth redesigning the hardware
with flash so you can send the code with the added features over the net
after the customer pays, and make it work only with their hardware using
a burned in secret key in some permenent rom. Not cost effective, but
mighty secure!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: PKI
Date: Tue, 22 Aug 2000 12:45:23 -0500
Herry Koh wrote:
>
> Hi,
> can anybody point me to some references on the web regarding PKI. I
> would like to learn more about it.
> Thank you,
> Herry.
A web search on "public key crypto" should get you too much to read.
There are many books and your local library should have a few. Just
find at least one there, it will give you some ideas on where to head
for any particular application you have in mind. It's a very broad
subject, so there's just way too many interesting things to know!
Have fun.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: The future direction ...
Date: Tue, 22 Aug 2000 12:50:43 -0500
[EMAIL PROTECTED] wrote:
>
> Dear all :
> Sorry , I am a fresh in this area, can I ask a question ?
> Until now , I know that cryptography is based on "compute secure"
> . But if quantum computer appears , is this method still useful or
> we have another direction to make a security system?
Quantum crypto gives you a factor of 2 help in the exponent. So
256 bit keys can be cracked in 2^128 time. Heat death of the
universe will happen first :-)
> The second question is about the distributed cryptography .
> Is there anyone can tell me how to start in this area ?
> For example, Where I can get the research progress or the related
> papers?
Lots and lots has been done already. Do a web search to find projects
running now, and use those as pointers to papers. Should be more than
you can read in a month available :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Tue, 22 Aug 2000 16:41:12 GMT
John Savard wrote:
> If one excludes exotic ideas like time-reversed wave propagation (and
> there are grounds for dismissing them as nonphysical) ...
Well, there are good grounds for admitting them to simplify
analysis of causality (per Little). However, it is evident
that the physical effects must be the same as under our usual
forward-wave intepretation.
Keep in mind these are matters of how we *describe* what is
happening in the physical world; they are not drivers for
what *must* happen therein.
> ... and assumes the speed of light to be an absolutely
> rigid limit ...
It doesn't have to be the phenomenon of light, just some
invariant "pivot point" relating space and time units.
It happens, of course, that the physical effect "light"
(among some other phenomena) *does* propagate at that speed
(in vacuo, etc.); it is not surprising that some important
phenomena would have characteristics explainable in terms
of one or more fundamental invariants.
> Thus, a wave packet cannot really be a gas of thousands of discrete
> particles on some lower level if those particles are supposed to
> behave clasically, thus doing away with the strange behavior of the
> quantum particles they make up.
Another way of looking at it is that whatever determines
actual outcomes (among possible outcomes) does not operate
below a certain level of detail. And that applies no
matter *what* the "whatever" might be.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
