Cryptography-Digest Digest #721, Volume #12 Tue, 19 Sep 00 23:13:00 EDT
Contents:
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] (John Savard)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] (John Savard)
Re: Proper way to intro a new algorithm to sci.crypt? ("Paul Pires")
Re: CDMA tracking (was Re: GSM tracking) (Darren New)
Re: ExCSS Source Code (Bryan Olson)
My attempt at an alogrithm. (halofive)
Re: RSA Questions (Ed Pugh)
Re: Chosen and known attacks - are they possible ?? (Guy Macon)
Re: Software patents are evil. (Benjamin Goldberg)
Re: Double Encryption Illegal? (Guy Macon)
Re: "Secrets and Lies" at 50% off (R��)
Re: Software patents are evil. ("Dann Corbit")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 23:30:07 GMT
On Tue, 19 Sep 2000 12:53:53 +0200, "Kostadin Bajalcaliev"
<[EMAIL PROTECTED]> wrote, in part:
>You stand behind the position that we will
>never have an exact definition of secure block cipher, that there will be no
>measurement etc, HAVE ANYONE PROVED THAT???
There is one mathematical result that might well be considered a proof
of that.
The halting problem.
It has been proven that it is impossible to write, for a computer with
an infinite amount of memory and time available to it, a program such
that, when it is given any program as input, it will, after some
finite (but arbitrarily large) time stop and report whether that
program will stop or not.
Obviously, it is possible to write a program that will check another
program for trivial infinite loops.
But what about a program that (using a flexible-size multiple
precision arithmetic library!) searched for counterexamples to
Fermat's Last Theorem, and stopped when it found one?
In order for a computer program to tell us that *that* program was an
infinite loop, it would have had to have been able to prove Fermat's
Last Theorem, which was a task which waited for Andrew Wiles.
Thus, the solution to the halting problem tells us that mathematics is
open-ended. You can't write one computer program that has the power to
supply the answer to every possible mathematical question.
There are many different kinds of ciphers. Each cipher poses a
different mathematical question, in a sense; particularly when a
cipher is designed specifically to resist the known attacks on earlier
ciphers. But if the question "Is there a way to crack this cipher?"
can, depending on the ways ciphers can be designed, is broad enough to
encompass a big enough chunk of mathematics - and I think it is; the
public-key ciphers like RSA are strong evidence of that - then a way
to say "yes, this cipher really is secure" is a way to make a
categorical statement about mathematical discoveries that the future
will hold.
We can say that no one will discover a way to square the circle with
straightedge and compasses (although if you cheat in how you use the
compasses, you can trisect the angle), but whether a particular class
of ciphers, even one cipher such as DES, can be cracked using attacks
that no one now can anticipate appears to be not making a statement
about a single class of procedures, but a statement about the whole of
mathematics.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 23:31:27 GMT
On Tue, 19 Sep 2000 19:15:51 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Polymorphism has been known in computer science since
>decades, though much popularized only after C++. Already
>in Algol68 one can use a datatype 'union' such that at
>runtime one can obtain first the type and then the value
>of an object and with these determine what is to be
>computed next. Polymorphic Types have been much studied
>by researchers of the functional languages.
I think that almost the only connection between that and the form of
encryption under discussion is the use of the same word.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Proper way to intro a new algorithm to sci.crypt?
Date: Tue, 19 Sep 2000 17:27:26 -0700
Albert Yang <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can anybody give me a quick run-through of the proper way to introduce a
> new algorithm to Sci.crypt?
>
> I'd like to intro a new algorithm here that I just finished up.
>
> Thanks.
> Albert
You've been so civilized that I guess I have to give you a real answer.
Check out the sci.crypt cipher contest website.
http://www.wizard.net/~echo/crypto-contest.html
It's a snapshot of
what is needed and how it should be presented. It hasn't seen much
activity lately but I think it was a good concept.
I'll look at yours if you look at mine.
Paul
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Wed, 20 Sep 2000 00:55:34 GMT
Eric Smith wrote:
> Does a cold start, e.g., if batteries were left out for long enough,
> then fresh batteries installed and power turned on, take a long time?
Usually a few seconds. Maybe twice as long as finding an analog carrier.
Sometimes 2 to 3 minutes, if you're roaming somewhere that's set up very
differently from your home area. But the hard part is getting synchronized
at all. Once synchronized, finding the list of base stations and such is
very quick. The phone already goes through several levels of
trying-to-find-a-signal, starting with a quick glance at where it last heard
a signal, then a sweep through likely candidates, before starting a
full-bore-look-everywhere sweep, as it's very draining to do a full scan of
all frequencies.
Once you're synchronized, it's still 20 seconds before you register (i.e.,
before you power up the transmitter and tell the base station you have
turned on) (assuming you don't try to place a call). This prevents someone
from turning the phone on and off rapidly and congesting the tower.
So, in other words, no, it doesn't really make sense to leave the power on,
even if that's what happens in some versions of some phones. It would also
make it very dangerous to be taking cell phones into airplanes and such.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
"No wonder it tastes funny.
I forgot to put the mint sauce on the tentacles."
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Wed, 20 Sep 2000 01:05:12 GMT
Eric Lee Green wrote:
> If you must circumvent the access control in order to obtain
> a snippet of material to include in your review (because ten
> years from now VHS has gone the way of 8-track tapes and all
> new material comes out on DVD), yes, you are violating the
> law. Thus a prior restraint is being placed upon speech.
> Case law has long held that prior restraint (that is, a
> restraint that occurs during the process of creating or
> publishing the speech, but before the speech has actually
> been delivered) is identical to actual published speech
> insofar as its 1st Amendment implications goes. See, e.g.,
> the Pentagon Papers case, where the Feds argued that it was
> permissible to suppress publication of the Pentagon Papers
> because they had not yet been published and thus were not
> yet speech... the Suprememes swatted them down like flies.
I think the case supports my point. Does the NY Times have
the right to publish classified information? Yes. Are the
laws that prevent the Times from obtaining classified
information an unconstitutional form of prior restraint?
No.
The right is to speak, not to whatever action is needed to
prepare a speech. Fair-use is a defense against a charge of
infringement, but there is no such defense as 'enabling
fair-use'. Including a legal non-starter in one's arguments
is not necessarily a bad idea; sometimes the courts will
create a new distinction and at worst they'll be a little
annoyed at the waste of time. But let's not kid ourselves
about the strength of our case. That phrase "Swatted them
down like flies" seems to apply and it's no fun on this
side.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: halofive <[EMAIL PROTECTED]>
Subject: My attempt at an alogrithm.
Date: Wed, 20 Sep 2000 01:08:27 GMT
hello, I'm sorry if this is the wrong place to post ideas...
lately i've been reading a book concerning cryptography and it's had me
thinking about ways to encrypt files. Can someone please tell me if my
idea is efficient? I'm going to start writing it in C- but I would like
too see if anyone has any suggestions.
-=-=-=-
The program requires the user to first input the password being used
(key). The program breaks down the password (starting from the end
working to the first letters input).
Multiplying the last letter's [of the the password] ascii value, plus
two, by the ascii value of each char's ascii value, divided by ten,
results in the first chars encrypted value (represented in ascii).
This is done individually with each char of the password, on each new
encrypted char- over and over.
-=-=-=-
I am not sure if this makes sense, I will start writing it and see if
it still looks as good as it does on paper.
Thanks for listening, if you have suggestions please respond to this or
via e-mail- it's up to you.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Ed Pugh)
Subject: Re: RSA Questions
Date: 20 Sep 2000 02:06:06 GMT
Reply-To: [EMAIL PROTECTED] (Ed Pugh)
Bryan Olson ([EMAIL PROTECTED]) writes:
>
> The modulus must be the product of distinct primes for
> encryption to be invertible.
Do you mean that the modulus, N, must be "square-free" (i.e. no
square factors, or, in other words, none of the prime factors is
repeated) ??
But that is not quite true.
In general, phi(N) exists for any N (not just N's with non-repeating
prime factors). I don't have the general formula for phi(N) to hand
at the moment, but I think it's something like:
phi(N) = N*(1-(1/p1))*(1-(1/p2))* ... *(1-(1/pk))
where p1, p2, ... ,pk are the DISTINCT prime factors of N (but may
be repeated in N).
So, once you have phi(N) for any N, then you can find e coprime to
phi(N) and find d = (e^(-1)) (mod phi(N)). Don't forget that, if N
is not "square free", then the message encrypted with e and N must
be coprime to N.
Regards,
--
Ed Pugh, <[EMAIL PROTECTED]>
Richmond, Ontario, Canada (near Ottawa)
"Bum gall unwaith-hynny oedd, llefain pan ym ganed."
(I was wise once, when I was born I cried - Welsh proverb)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Chosen and known attacks - are they possible ??
Date: 20 Sep 2000 02:12:04 GMT
Bryan Olson wrote:
>
>
>Guy Macon wrote:
>> Bryan Olson wrote:
>> >
>
>> >Consider a subscription satellite-TV service. The content
>> >is sent encrypted, and each subscriber has a
>> >tamper-resistant box that decrypts it. Now suppose a pirate
>> >wants to make working decryption devices. He can subscribe
>> >to get a box, then introduce his own data and see what comes
>> >out - the chosen ciphertext attack.
>>
>> That sounds like a chosen plaintext attack to me.
>
>The box one gets by subscribing takes the encrypted
>signal and decrypts. It's input is ciphertext.
>
Ah! I get it now! Thanks for explaining it.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Wed, 20 Sep 2000 02:12:05 GMT
Runu Knips wrote:
>
> Bill Unruh wrote:
> > The courts do not grant patents. The patent office does. The courts
> > can decide if a patent is valid. If you can show that the patent is
> > "patenting math" then the courts will find it invalid.
>
> Well consider the patent on rotation. A japanese company recently
> claimed that most of the AES finalist violate their patent. So
> what is their patent ? Using rotation in encryption !!!!!!!
>
> Not to note that using rotation is the oldest concept of
> encryption, even the first of all ciphers, the caesar one, was
> a rotation in 26 alphabetic characters, this patent was also given
> long after, for example, DES has been published (DES rotates the
> key bits), and this is a practical example how people patent maths.
>
> If you can get a patent on "using rotation in encryption", you
> can also get a patent on any piece of math you wish, don't you ?
Well, there's this little thing called "prior art" of which there mayn't
be any with your idea for you to be able to patent it.
For a patent on "using rotation in encryption" to be granted, there
would have to not have been any use of such a concept before.
> Why don't you patent "using addition in mercantile computations
> to get the sum of something" ? Hey, its patentable !
If noone's used addition in such-and-such a way, then I suppose that it
might be patentable.
> Maybe nobody has been so original to patent it yet ! But I'm not sure
> about that, of course.
It doesn't matter about just prior *patents* but "prior art", which
includes prior use, publication, "common knowledge".
> > Patents an copyrights are both monopoly rights granted by the
> > govenment. They may have a social benefit. They also have a social
> > cost, as the USSR found in their granting of monopoly rights to
> > businesses. Society should make sure that they get back a lot for
> > the grant of such monopoly rights.
>
> Software patents will, for example, destroy free software if we
> can't hinder it. I can't see how you want to get such losses
> back.
I don't see how free software could be destroyed by patents. For just
about anything which you might want to do, there is *some* existing,
non-patented way to do it. Software patents, or any patents, for that
matter, can only cover *new* ideas... So what if you can't use the new
super-fast super-efficient algorithm xyzzy which was just patented?
Just use instead the older, possibly slower, possibly less efficient
algorithm that you would have used if you didn't know xyzzy had been
invented. Especially since you wouldn't have known of/thought to use
xyzzy if you hadn't seen the patent in the first place.
(Hmm, perhaps xyzzy is a misnomer? 'Cause *not* using it is what leaves
us "back at the beginning of the road again" :)
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Double Encryption Illegal?
Date: 20 Sep 2000 02:13:48 GMT
Trevor L. Jackson, III wrote:
>
>
>Guy Macon wrote:
>
>> You mean I shouldn't be applying ROT-13 twice? Several experts have
>> told me that applying ROT-13 twice is *so* secure that an attacker
>> with infinite resourses can't even tell what algorithm I used...
>
>They also can't tell which of the four combinations DD, DE, ED,
>or EE were used.
Who could possibly ask for more security than that???
------------------------------
From: R�� <pctech@wlsm�il.com>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Wed, 20 Sep 2000 02:28:30 GMT
BTW, apologies to groups that are totally tired of this discussion. One
word to me, and I'll take care to remove such groups from my posts(in
this thread) in the future.
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> This is how I see it:
>
> 1) While the commercialization is not something that great to see in
> the newsgroup, it's not SPAM. Spam is a meat-like substance in a blue
> can, this doesn't smell like it.
Yeah, I concede that. I didn't call it spam for essentially the same
thought process. But my response is essentially what I've already said:
how does this post apply to the already formulated purpose of the group?
It's a VERY subtle, but I think just as important, point. IF we are
here to discuss security itself, and cryptography, and how to maintain
it, then commercial posts can certainly be of interest, but do they
actually apply to the posted purpose? I mean, does a post about a book
on the subject really equate to a discussion ABOUT the subject?
Arguable, but I'd say it does not.
I haven't seen the FAQ for this group. Maybe it does. But I think it's
worth making the distinction.
>
> 2) There are people who are slightly more privileged than others. BS
> is one of those. I concur, if he, Don CopperSmith, Eli, Ron, Lars
> etc... post something, I believe it in their heart that they do it for
> the good of the crypto community, and if it benefits them as well, all
> the better.
I have BIG problems with this. While I certainly wouldn't take action
against such people(even if I had the power to do so), I think they bear
an equal responsibility to this group to maintain the stated purpose of
it. If their responsibility varies from the rest of us at all, I'd say
it varies in favor of requiring greater restraint, not in favor of being
granted more leniency.
With respect and authority comes a kind of power of normalization. What
they do lends an air of legitimacy to the act itself, and that, in turn,
can lead to an expectation of leniency for all who engage in similar
conduct. Having seen what such leniency to commercial posting has done
in other groups, I would argue that such leniency is to the long term
detriment of the group.
>
> 3) What if someone asked where they can get BS's book for cheap? And
> then someone replied? Does that constitute commercialization of
> pseudo-spam?
The post in question didn't *just* list where the book could be
obtained, did it? It spoke of a special offer, and, in effect, became
an advertisement for one particular source. Once more, the difference
is subtle, but I think it's also very important to note.
When a policeman on U.S. highways speeds along the highway, that officer
leaves behind a wake of cars slowly increasing their speed, as his
higher speed has now lent some legitimacy to the idea of exceeding the
posted limit. Is it something awful? Hmm... maybe not, but do we then
excuse the driver who crashes at that higher speed limit if it kills
someone? In the U.S., we do not. Should we therefore be acting to halt
such driving by police? Yeah, we should.
The analogy is not perfect, obviously, but I think the concept is sound.
>
> I see it like precomputed key-schedules, he answered a question before
> it was asked. Not that big of a deal...
Like the analogy above, perhaps it is not, but the consequences are not
made less so because they were brought about by such an inconsequential
activity. I'm reminded by the TV in my living room of Ghandi's "Salt
March". Very similar concept. Ghandi created only a few grams of salt.
Not such a dent in the British salt monopoly of the time, was it?
Except that lack of action towards Ghandi opened the doorway to
hundreds, even thousands, of people who took that aciton to be
permission. And the British salt monopoly was never the same.
R�� Vargas
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Tue, 19 Sep 2000 19:52:51 -0700
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Runu Knips wrote:
> >
> > Bill Unruh wrote:
> > > The courts do not grant patents. The patent office does. The courts
> > > can decide if a patent is valid. If you can show that the patent is
> > > "patenting math" then the courts will find it invalid.
> >
> > Well consider the patent on rotation. A japanese company recently
> > claimed that most of the AES finalist violate their patent. So
> > what is their patent ? Using rotation in encryption !!!!!!!
> >
> > Not to note that using rotation is the oldest concept of
> > encryption, even the first of all ciphers, the caesar one, was
> > a rotation in 26 alphabetic characters, this patent was also given
> > long after, for example, DES has been published (DES rotates the
> > key bits), and this is a practical example how people patent maths.
> >
> > If you can get a patent on "using rotation in encryption", you
> > can also get a patent on any piece of math you wish, don't you ?
>
> Well, there's this little thing called "prior art" of which there mayn't
> be any with your idea for you to be able to patent it.
>
> For a patent on "using rotation in encryption" to be granted, there
> would have to not have been any use of such a concept before.
Not remotely. For the patent to be granted, the patent office will have to
not be *aware* of any such prior use. Patents get granted all the time with
prior art existing for which the patent office is not aware. Of course,
legal battles can then ensue to try to prove what's what. And a good time
is had by all.
[snip]
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
