Cryptography-Digest Digest #714, Volume #12 Tue, 19 Sep 00 04:13:01 EDT
Contents:
Re: Dangers of using same public key for encryption and signatures? (David Hopwood)
Re: Software patents are evil. (Terry Ritter)
Re: Intel's 1.13 MHZ chip ("Douglas A. Gwyn")
Re: Algebra, or are all block ciphers in trouble? ("Douglas A. Gwyn")
Re: Hamming weight ("Douglas A. Gwyn")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an ("Douglas A.
Gwyn")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Douglas A. Gwyn")
Re: 20 suggestions for cryptographic algorithm designers (Jerry Coffin)
Re: Intel's 1.13 MHZ chip (Jerry Coffin)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Kostadin
Bajalcaliev")
Re: QUESTION ABOUT ALGORITHMS (Mok-Kong Shen)
----------------------------------------------------------------------------
Date: Tue, 19 Sep 2000 03:28:18 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Dangers of using same public key for encryption and signatures?
=====BEGIN PGP SIGNED MESSAGE=====
Bryan Olson wrote:
> Brian Gladman wrote:
>
> > In the UK keys used for signature only are not subject to
> > Government Access to Keys (GAK). But keys that perform
> > both signature and encryption functions can be seized under
> > warrant by a number of UK authorities. And there is no
> > requirement that you need to be under suspicion in order
> > for keys to be seized.
>
> Tricky. The holders of the *public* key ultimately decide
> whether it performs encryption. For all the popular PK
> signature schemes there's a PK encryption method that uses
> the same key pair.
I'm not sure whether you count Fiat-Shamir-based methods as popular, but
they can't be used in this way, AFAIK. (If they could, that would have some
very interesting practical uses, but unfortunately I don't think it is
possible.)
> (I'm saying "popular" to rule out things like Merkle one-time signatures.)
>
> How does the law handle the case of Bob releasing his public
> key saying "signatures only", but Alice sending him messages
> encrypted with it anyway?
The clause that is supposed to protect signature keys actually applies as
long as the private key has not been used for decryption. OTOH, the whole
law is very badly drafted, and the government refused to fix a number of
other problems that were pointed out with this clause. Some of them
are described on Charles Lindsay's "scenarios" page, at
<http://www.cs.man.ac.uk/~chl/scenarios.html> (Scenarios 10, 11 and 12).
It is also not clear whether the protection applies to keys that are not
technically signature keys, but are used for authentication (for example,
is an SSL server's private key for RSA ciphersuites included?)
In practice for GAK resistence, I recommend using ephemeral Diffie-Hellman
key exchange with signed exponentials (a.k.a. station-to-station protocol)
wherever possible; in that case the RIP Act protection for signature keys
should definitely apply to the keys used to sign the exponentials, and
there are no encryption keys that can be given up after a session has
completed.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOcbPBjkCAxeYt5gVAQG/UggAo+2cxMWVJU6qNI6XrXB/eKIk1gmVYkC3
7o2bXEfZVok7QfJtGpozzH1etdXsRF3F6ukABsMv0azHguXG1ZAIu+1VUdWgNdUK
Ks1rbgoUl7iD7sNfiInDNCWF4CW+bAE1DSgtYDnv9JoYT1tscr5z/Xz1bQafUyZI
QVT4oY3mW4ciNc/p2ItcbqlSJiHaSJdZkBP1PGrtHMM54/D7EoTvCl6KeH6g+wyV
pCjvkxzrxlkDZNxC5FSUigC1WOsB7zlhGCpySiBXeoiq9yvCzgSEfChoveWAWZR9
+bJVfKpJQeTjFmA/cqaxmANvUJguv5LH8t6lhlBkIZ/KgO1Vg/hfNA==
=VX0Z
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Software patents are evil.
Date: Tue, 19 Sep 2000 04:16:41 GMT
On Mon, 18 Sep 2000 17:05:57 -0700, in <K5yx5.2195$hu1.1553@client>,
in sci.crypt "Dann Corbit" <[EMAIL PROTECTED]> wrote:
>"Terry Ritter" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>[SNIP]
>> >Apparently, the courts lack a basic understanding of mathematics or
>> >such patents would never be granted, since patenting math is illegal.
>>
>> So, basically, you imagine that you have a deeper understanding of
>> patent law than patent-law courts, patent offices, and various
>> patent-law attorneys? How odd.
>
>An algorithm is nothing but an implementation of a mathematical concept.
And every machine is *also* "nothing but an implementation of a
mathematical concept." Yet few would argue that new machines do not
deserve patents.
>All of them. Deeper understanding of law? I doubt it, except for knowing
>the laws are absurd if (indeed) they grant ownership to math.
And since the laws do *not* grant ownership to math, apparently the
laws are not absurd.
>> Patents on "processes" ("do this, do that") have been common for at
>> least a century. Patents on a computational process which ends up
>> providing some benefit for use seems a very natural extension.
>
>And a mathematical formulation is not ownable.
Patents do not grant ownership to "a mathematical formulation."
>I realize that there is an irreconcilable difference of opinion.
Apparently you have decided what I should think, so as to present your
views in contrast.
>You
>obviously think it is just fine to own an algorithm.
It is not possible to "own" an algorithm. It is possible to own the
use of a new process for a limited time, however. One alternative is
that you would not know about the new process at all, because it would
be kept secret.
>I think it's
>poppycock. The law says you are right and I will obey it.
The situation you decry does not exist.
>No amount of wrangling will convince me that the ownership of math is OK
>under certain circumstances.
Well, if patents which restrict certain new uses of computation are
what you call "ownership," it is unnecessary to "wrangle." That's the
way it is. Get over it. Or change the world. But I suggest you
think about what your view would mean before you do.
>I do hope that legal entanglements with this
>sort of thing do make it an entirely untractable proposition.
Actually, the intractable proposition is yours.
>On the other
>hand, the rest of the decay of society makes me believe that to be unlikely.
>If humans could behave in an ideal manner, the newsgroup sci.crypt would be
>completely devoid of purpose.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Tue, 19 Sep 2000 00:45:44 -0400
Jerry Coffin wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > No, I'm saying that you have invented a picture of how major
> > computer procurements have occured in the NSA that if true
> > would constitute malfeasance on the part of high-ranking
> > public officials, without providing any evidence to back it up.
> > Such accusations are serious matters, not to be made frivolously.
> > Indeed, you could be running afoul of the libel laws.
> Gosh Doug, if I didn't know better, I'd think that having lost the
> argument, you'd turned to using a bit of FUD to try to put a chilling
> effect on free speech.
I haven't "lost the argument" since there was never an argument.
You made certain claims as indicated and I pointed out that they
were not supported by evidence, therefore were unwarranted.
Libel laws do not have a chilling effect on free speech, because
truth is an absolute defense against a libel charge. I suggest
that what you said was untrue, therefore libelous. To turn this
into an argument, you need to present some evidence.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Algebra, or are all block ciphers in trouble?
Date: Tue, 19 Sep 2000 01:00:21 -0400
> >if you go writing boolean algebraic
> >equation at BIT level, it can be demonstrated that
> >ANY invertible f-function may be built-up by a proper
> >composition of XOR and NOT function...
Mack wrote:
> No any invertible LINEAR function can be build using
> only XOR, the variables and if nessessary the constant 1
> NONLINEAR invertible functions require the AND operator.
*Any* Boolean pure function can be written in terms of just:
NAND
or
NOR
or
IMPL and NOT
or
AND and NOT
or
XOR and NOT
etc. and the input variables.
An interesting case is when just
EQV
is used; one gets a "subalgebra".
This was all thoroughly investigated by Polish logicians
before WWII.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Hamming weight
Date: Tue, 19 Sep 2000 01:11:10 -0400
"SCOTT19U.ZIP_GUY" wrote:
> Francois I liked your C code implimentation. But I was wondering
> when you talk about hamming weight and a string of bits. Are you
> limiting your self to only strings that have 8bit length units or
> are your talking about any string of bits.
His definitions work for any string of bits, although the example
C code is clearly limited to a single width (typically 32).
> If one is talking in the abstract of "any string" of bits.
> is that a finite sting of bits or a bit string of an infinite
> number of bits the trailing being all zero.
It is any string. If one knows for a fact that an infinite
string has an all-zero tail, then the Hamming weight can be
determined from the part before the tail. Most infinite
strings have infinite Hamming weight, so usually this notion
is useless when applied to infinite strings.
> The reason I ask is ...
The rest of that made no sense to me. Hamming weights are
a tool used in certain applications, not an end in themselves.
For example, in a typical Viterbi decoder, the Hamming
distance between received and expected code values is used
as the branch metric.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
Date: Tue, 19 Sep 2000 01:22:45 -0400
Kostadin Bajalcaliev wrote:
> ... here what Aristotle have to say for his own time:
That's funny, because Aristotle's views on physics are not
held in high regard by physicists.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Tue, 19 Sep 2000 01:37:42 -0400
I tried reading some of the referenced material, but I didn't
understand some of the arguments, especially the one about
discarding some bits from an underlying generator to guarantee
security.
Some of the formulation was careless:
> Now let me present the assumptions needed by this thesis:
> 1.If A is a random sequence then any subsequence of A is
> random too.
Obviously that is not true as formulated. One would have to
include the condition that the subsequence selector cannot
use any information from the sequence itself.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
Date: Tue, 19 Sep 2000 00:20:20 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> The problem with this (for the floats) is that different architectures
> use different internal representations for for floats and doubles. Is
> there an IETF standard for bit representation of these types? 'Cause
> that's what would be needed.
TTBOMK, IETF has never done an FP standard, but IEEE has had some for
years, and there are a couple of other standards organizations that
have picked them up and distribute them at more reasonable prices.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Tue, 19 Sep 2000 01:08:36 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> You made certain claims as indicated and I pointed out that they
> were not supported by evidence, therefore were unwarranted.
> Libel laws do not have a chilling effect on free speech,
No, but attempting to accuse somebody of libel when it's completely
unwarranted can have little other than the intent of chilling free
speech.
> because truth is an absolute defense against a libel charge.
You're of the opinion that only truthful statements are protected as
free speech? If so, you're clearly wrong.
> I suggest that what you said was untrue, therefore libelous.
Wow! So now all false statements qualify as libel! Great -- even
though the courts would disagree, you should punish yourself for
having made false statements about the nature of libel.
Going by an accurate definition, there would be a NUMBER of major
problems with sustaining a case for libel. First of all, you'd have
to show where I identified a specific person: while I used "DIRNSA",
there have been a number of directors of the NSA over the years, so
that requirement is almost certainly impossible to meet.
Second, libel can only happen with malicious intent. This would also
be essentially impossible to prove in this case.
Finally, the burden of proof is on the accuser: to sustain a charge
of libel, it would have to be proven that not only did NO person who
was ever DIRNSA had such a thought, but that I knew it when I made my
statement. It might be possible to find evidence that such a thought
DID take place, but there's obviously no way of proving that a
thought never took place but (for example) remained unexpressed.
Since this is something that's _impossible_ for anybody to know,
proving that I knew it is equally impossible.
In short, it not only wasn't libel, but wasn't even vaguely similar
to it.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 09:10:46 +0200
Douglas A. Gwyn wrote in message <[EMAIL PROTECTED]>...
>Kostadin Bajalcaliev wrote:
>> ... here what Aristotle have to say for his own time:
>
>That's funny, because Aristotle's views on physics are not
>held in high regard by physicists.
But, the modern physics would never exist without Aristotle, our hole
civilization is base on his works. However I citate him in order to show
that there is always something behind, a substance of certain form, the
smallest particle. We have security, it is a form, so we need to find the
essence of it, keeping in mind the other forms incorporate in the security
are not the security it self. Maybe this is a discussion for some philosophy
group but I thing to be important to look behind the surface. Aristotle say
"If you need to enter an object in order to notice it is white than white is
certainly not the essence of the object, there is something inside". It is
the same, if we define the security as immunity to attack one, two , etc
that none of them is the security itself.
kb
PS: Just to note that Metaphysic have nothing to do with physics we know
today, it is a since about the first cause and the essence of things, for
example, instead of asking how to program in C, more important is what is
programming at all. there is meta for every possible science.
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Tue, 19 Sep 2000 09:37:34 +0200
Even the information lose theory is not the main subject in thesis about PME
I am happy you have mentioned. Information lose theory deals with any
process in general. The main question is: How much more information besides
the outcome of the process we need to distinguish some information about
the process it self. A simple example: There is a black box, you put a
number in and get a number out, after 10 years of research you figure out
that the box calculate some function, and you have find the 7-the epitome of
that function. The question is what is that function. Any mathematician will
tell you that it is not a simple task to integrate it. There is information
lost in the epitome. Example dx=1/2 x^2 +c dx, can be and 7 epitome of
countless number of functions.
The same strategy is employed in SQ1 design and explained in the thesis you
have reading, the intention is to define a model how to measure the lost
information during the process. If this lost is bigger than the info we
have about the process carried by the output than it is certain we are going
to never reconstruct the process itself. An example form physics, we can not
know what the laws into the atom are because we can not observe a single
atom, but observing group of atoms mean that the info we get is some king of
sum biased by the interaction between the atoms, so we can not say in the
same time how the atoms interact and what the singe atom is doing in that
interaction.
About the premise of the thesis you mentioned, what you have observed
> One would have to
>include the condition that the subsequence selector cannot
>use any information from the sequence itself.
Is premise a priori, it is nonsense to select only the 0 from the sequence
and to expect they to be random. Yes the selector must be independent form
the sequence. I take this as default and that why it is not mentioned,
because any other mode of selection is absurd.
Kb
PS: For now I would like to direct your interest in Polymorph Theory, it is
something far more practical than information Lose Theory.
Douglas A. Gwyn wrote in message <[EMAIL PROTECTED]>...
>I tried reading some of the referenced material, but I didn't
>understand some of the arguments, especially the one about
>discarding some bits from an underlying generator to guarantee
>security.
>
>Some of the formulation was careless:
>> Now let me present the assumptions needed by this thesis:
>> 1.If A is a random sequence then any subsequence of A is
>> random too.
>
>Obviously that is not true as formulated. One would have to
>include the condition that the subsequence selector cannot
>use any information from the sequence itself.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: QUESTION ABOUT ALGORITHMS
Date: Tue, 19 Sep 2000 10:02:10 +0200
Terry Ritter wrote:
>
> There are two issues here: one is getting a patent, and the other is
> the extent to which it may be applied.
>
> I am sure that the IDEA patent is based on a hardware description.
> But the question remains as to whether a software implementation will
> infringe that patent.
>
> It is repeatedly claimed that Europe has no "algorithm patents."
> Thus, we should see various software implementations of IDEA in Europe
> because such cannot possibly infringe the IDEA patent, right?
>
> And if software implementations of IDEA *can* infringe the European
> IDEA patent, I fail to see all that much difference between Europe and
> the US on this issue.
I personally suspect that the issue is never clear-cut
and, quite like matters in other laws, serves to guarantee
the existence and prosperity of the patent lawyers.
On the other hand, it is interesting to know that right
at the current moment the European Patent Office is
considering to allow software patents. There are voices
for and against. We don't yet know what is going to be.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
