Cryptography-Digest Digest #725, Volume #12 Wed, 20 Sep 00 13:13:00 EDT
Contents:
Re: Hamming weight (Mack)
Re: Maximal security for a resources-limited microcontroller (Runu Knips)
Re: Hardware RNGs (Mark Carroll)
Re: Algebra, or are all block ciphers in trouble? (Mack)
Re: Software patents are evil. (Tim Tyler)
Re: SUN SPOT 6.51 BILLION square kilometers in size (Eugene Griessel)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption (David Empey)
Re: My attempt at an alogrithm. (Runu Knips)
Re: RSA Questions ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Hamming weight
Date: 20 Sep 2000 16:18:42 GMT
>Mack, I'm a bit puzzled:
>
>>A good definition for base two. But Hamming weight is also
>>applicable to other bases. "The Theory of Error-Correcting Codes"
>>by MacWilliams and Sloane defines the Hamming Weight as
>>the number of non-zero entries in the numeric string and
>>the Hamming Distance as the number of places where they
>>differ or alternately the hamming weight of subtracting one string
>>from the other without carry.
>>
>
>
>Francois Grieu answered that the Hamming weight was only depending on the
>binary representation.
>The Hamming weight of 19 is thus 3 (2^4, 2^1 and 2^0).
>
>If it's applicable to other bases shouldn't 19 have a weight of 2 (1*10^1
>and 9*10^0) ??
>
>Kim
>
That is still calculating the base two weight. In base ten the weight
is 2. In base 3 the number is (2*3^2+1*3^0) which is also hamming
weight 2. Since 19 is prime it will have hamming weight of 2 for all
bases up to 18 except base 2. In fact any prime will always
have a hamming weight of at least 2 for bases smaller than itself.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
Date: Wed, 20 Sep 2000 18:18:56 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Sagie wrote:
> I'm in need of a symmetric (secret key) encryption process for one of my
> projects. I would love to use one of the popular schemes, such as blowfish
> and DES, but the cipher has to be implemented in a teeny-weeny
> microcontroller with very limited resources. The cipher's program footprint,
> memory footprint and execution time must therefore be as small as possible,
> while maintaining the highest security possible (I was thinking about a
> process that will take no more than 150 RISC cycles per byte, and a program
> footprint of no more than 384 words). Plus I'm also quite a novice in these
> issues.
We have discussed this issue here before a while. Skipjack was the
cipher which was finally suggested. It is very slow (compared to
the AES ciphers, on a normal PC or Workstation) and has only a
80 bit key (Schneider suggested once in his A.C. one shouldn't use
key sizes below 112 bit), but it might be implemented in really
low resource environments.
> What I had in mind was to implement a non-linear 4-bit or 8-bit lookup
> table (8-bit lookup table is as far as I can go -- and it must be used for
> both encryption and decryption, which is not a big deal because I can decide
> that incoming messages will be encrypted with the decryption key), along
> with maybe some bit splicing.
> The last line of defence I was thinking of is somehow making the
> encryption of every byte dependant of the encryption result of the last
> byte. But this raises question as for implementing the decryption process...
>
> So this is basically what I'm asking:
> 1. Is the "progressive ciphering" (the "last line of defence" described
> in the last paragraph) at all possible to perform? If so, how is the
> encryption/decryption implemented? (I would appreciate a tutorial source
> code/link)
> 2. Can anyone direct me to a source code that demonstrates (and
> explains) how do table-based ciphers are implemented?
> 3. Is there anything else that can be performed to raise the security
> level (within the limits described above)?
> 4. After doing all of these tricks, how strong is the cipher going to
> be?
>
> I hope I'm not asking too much here... I would appreciate any help,
> really.
Well maybe you would like to get a skipjack source:
/*
** Skipjack algorithm, from sci.crypt.
** Edited for better readability - Runu Knips
*/
/*
Subject: Re: Skipjack implementation in C (this one works)
Date: Thu, 18 May 2000 23:09:24 GMT
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Organization: @Home Network
Newsgroups: sci.crypt
SKIPJACK implementation in Standard C
last edit: 25-Jan-1999 [EMAIL PROTECTED]
This is a C89 implementation of the SKIPJACK block cipher
algorithm
described in version 2.0 of NSA's SKIPJACK specification dated
29 May 1998 <http://csrc.nist.gov/encryption/skipjack-kea.htm>.
*/
#ifdef DEBUG
#include <stdio.h>
#endif
/*
** Interface specification:
*/
#define SJ_Keysize 10 /* (80 bits) */
/* Encryption/decryption is performed for a single 64-bit block. */
void SJ_Encrypt (
const unsigned char *Key,
const unsigned char *Plaintext,
unsigned char *Ciphertext
);
void SJ_Decrypt (
const unsigned char *Key,
const unsigned char *Ciphertext,
unsigned char *Plaintext
);
int SJ_Selftest (void); /* returns nonzero iff passed test */
/*
** Implementation:
*/
static const unsigned char F[256] = {
0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4,
0xB3, 0x21, 0x15, 0x78, 0x99, 0xB1, 0xAF, 0xF9,
0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E,
0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28,
0x0A, 0xDF, 0x02, 0xA0, 0x17, 0xF1, 0x60, 0x68,
0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53,
0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19,
0x7C, 0xAE, 0xE5, 0xF5, 0xF7, 0x16, 0x6A, 0xA2,
0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B,
0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8,
0x55, 0xB9, 0xDA, 0x85, 0x3F, 0x41, 0xBF, 0xE0,
0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90,
0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69,
0x45, 0x00, 0x94, 0x56, 0x6D, 0x98, 0x9B, 0x76,
0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20,
0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D,
0x42, 0xED, 0x9E, 0x6E, 0x49, 0x3C, 0xCD, 0x43,
0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18,
0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA,
0xC8, 0x74, 0xDC, 0xC9, 0x5D, 0x5C, 0x31, 0xA4,
0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87,
0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40,
0x34, 0x4B, 0x1C, 0x73, 0xD1, 0xC4, 0xFD, 0x3B,
0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5,
0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0,
0x29, 0x79, 0x71, 0x7E, 0xFF, 0x8C, 0x0E, 0xE2,
0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1,
0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8,
0x08, 0x77, 0x11, 0xBE, 0x92, 0x4F, 0x24, 0xC5,
0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC,
0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3,
0xBD, 0xA8, 0x3A, 0x01, 0x05, 0x59, 0x2A, 0x46
};
void SJ_Encrypt (
const unsigned char *K,
const unsigned char *P,
unsigned char *C)
{
register int i, k; /* could be unsigned char */
unsigned char counter = 0;
unsigned char temp[2];
for (i = 0; i < 8; ++i)
C[i] = P[i];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
k = 0;
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0] ^ C[2];
C[1] = temp[1] ^ C[3] ^ counter;
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 8);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[4] ^= C[0];
C[5] ^= C[1] ^ counter;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0];
C[1] = temp[1];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 16);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0] ^ C[2];
C[1] = temp[1] ^ C[3] ^ counter;
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 24);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[4] ^= C[0];
C[5] ^= C[1] ^ counter;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0];
C[1] = temp[1];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 32);
}
void SJ_Decrypt (
const unsigned char *K,
const unsigned char *C,
unsigned char *P)
{
register int i, k; /* could be unsigned char */
/* the last comment is WRONG, k has to be signed - Runu Knips */
unsigned char counter = 32;
unsigned char temp[2];
for (i = 0; i < 8; ++i)
P[i] = C[i];
k = 127 % SJ_Keysize /* + 1 */;
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0];
temp[1] = P[1];
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[2] ^= P[0];
P[3] ^= P[1] ^ counter;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 24);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0] ^ P[2];
temp[1] = P[1] ^ P[3] ^ counter;
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 16);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0];
temp[1] = P[1];
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[2] ^= P[0];
P[3] ^= P[1] ^ counter;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 8);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0] ^ P[2];
temp[1] = P[1] ^ P[3] ^ counter;
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 0);
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
}
int SJ_Selftest(void)
{
register int i;
unsigned char C[8], P2[8];
const static unsigned char K[10] = {
0x00, 0x99, 0x88, 0x77, 0x66,
0x55, 0x44, 0x33, 0x22, 0x11
};
const static unsigned char P[8] = {
0x33, 0x22, 0x11, 0x00,
0xDD, 0xCC, 0xBB, 0xAA
};
const static unsigned char Cexp[8] = {
0x25, 0x87, 0xCA, 0xE2,
0x7A, 0x12, 0xD3, 0x00
};
#ifdef DEBUG
printf("K:");
for (i = 0; i < 10; ++i)
printf(" %2.2x", K[i]);
printf("\n");
printf("P:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
SJ_Encrypt( K, P, C );
#ifdef DEBUG
printf("C:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
printf("E:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", Cexp[i]);
printf( "\n" );
for (i = 0; i < 8; ++i)
C[i] = Cexp[i];
#endif
SJ_Decrypt(K, C, P2);
#ifdef DEBUG
printf("R:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", P2[i]);
printf("\n");
#endif
for (i = 0; i < 8; ++i)
if (C[i] != Cexp[i] || P2[i] != P[i])
return 0;
return 1;
}
#ifdef TEST
/*
SKIPJACK test in Standard C
last edit: 25-Jan-1999 [EMAIL PROTECTED]
*/
#include <stdio.h>
#include <stdlib.h>
/*
Test program:
*/
int main(int argc, char *argv[])
{
int ok;
ok = SJ_Selftest();
printf("SKIPJACK TEST: %s.\n", ok ? "Succeeded" : "Failed");
return ok ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif
------------------------------
From: [EMAIL PROTECTED] (Mark Carroll)
Subject: Re: Hardware RNGs
Date: 20 Sep 2000 16:25:12 GMT
Whoops - sorry, I didn't notice that sci.crypt.random-numbers exists. I'll
post there instead.
-- Mark
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Algebra, or are all block ciphers in trouble?
Date: 20 Sep 2000 16:29:01 GMT
>Mack wrote:
>> Normal boolean algebra uses AND; OR and NOT
>
>No, that's just one convention. Much like "elementary particles"
>of physics, various sets of operators can be taken as fundamental
>and the others expressed in terms of them. The favorite sets
>used by the Poles were {AND,NOT} -- {K,N} in their notation -- or
>{IMPL,NOT} -- {C,N} in their notation --, usually the latter.
>Sheffer seems to have been given historical credit for being the
>first to observe that a single binary operator {NAND} would suffice,
>although as I recall he wasn't really the first. Note that with
>these systems one can create T,F constants from available variables,
>e.g. T is just Caa. Kab is just shorthand for NCaNb. Etc.
>
Other conventions are indeed just as valid
>> while XOR/AND/1 does form the set called ANF
>> you simply can't produce my function o
>
>That's right; there is a symmetry that can't be dispelled.
>I slipped up when I included {XOR,NOT} in the list of full-algebra
>generating operator sets. In a nearby posting I explored that
>further.
>
>> >An interesting case is when just
>> > EQV
>> >is used; one gets a "subalgebra".
>> EQV = NOT(XOR(a,b))
>
>Yes, the {EQV}-generated subalgebra is a proper subalgebra of the
>{XOR,NOT}-generated algebra, which is a proper subalgebra of the
>full Boolean algebra. An {XOR(only)}-generated subalgebra would
>be very similar.
>
>> without using AND with XOR or XNOR(EQV) your can't
>> form all possible strings of outputs as the result of inputs.
>
>One doesn't have to use AND; several other operators would also
>work. The main reason one thinks of AND is by analogy with the
>elementary arithmetic operators:
> 0 <=> F (FALSE)
> 1 <=> T (TRUE)
> - <=> N (NOT)
> + <=> X (XOR)
> x <=> K (AND)
>which is the translation between GF(2) operations and Boolean
>logic. Thus, GF(2) is able to represent any Boolean function.
>However, it is worth noting that other formulations also work.
>
In the XOR/AND/1 and XOR/OR/1 algebras the use of XOR/1 is
substituting for NOT. IMPL/XOR/1 would also appear to be a
valid algebra. Are there any we missed?
The list so far
AND/NOT
OR/NOT
NAND
NOR
IMPL/NOT
XOR/AND/1
XOR/OR/1
XOR/NAND
XOR/NOR
XOR/IMPL/1
and the correspondences with XNOR substituted for XOR
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Reply-To: [EMAIL PROTECTED]
Date: Wed, 20 Sep 2000 16:21:49 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
: Patents grant ownership of the manufacture, sale or use, but mainly
: sale for use. Society appears to believe this will encourage
: invention and that such is a worthwhile goal. Patents also provide an
: economic basis for new ideas to transition into the old society
: structure. Note that all of this occurs at virtually no public cost
: except to those who consider the expense of the new thing to be
: reasonable, even in the context of an established market.
"Virtually no public cost"?
Who funds the patent office?
Also, the lawsuits and lawyers patents result in result in internal
friction in the economy. Large sums of money are spent by businesses
sueing one another over patent disputes. This money winds up in the
pockets of the lawyers.
Personally, I don't think the benefits justify the costs. I think that
if the government got it's oar out of the commercial sector, in both
the copyright and patent arenas, the whole country would benefit.
It's in the nature of bureaucracies to graw larger and more powerful.
The legal system is just such a bureaucracy - and to my eyes it shows
severe signs of bloat in the area of intellectual property. I think
these two branches should be severed at their roots, and all the
associated lawyers put on the streets.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: [EMAIL PROTECTED] (Eugene Griessel)
Crossposted-To: sci.military.naval,alt.conspiracy,sci.geo.earthquakes
Subject: Re: SUN SPOT 6.51 BILLION square kilometers in size
Date: Wed, 20 Sep 2000 16:39:55 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>* One of the Largest Sunspot Groups so far comes into View *
> * Potential Major Solar Flare Warning *
Just had a squizz through the telescope - large sunspot group in lower
eastern quadrant all right. Andy?
Eugene L Griessel [EMAIL PROTECTED]
www.dynagen.co.za/eugene
SAAF Crashboat Page - www.dynagen.co.za/eugene/eug3.htm
Snake Page - www.web.netactive.co.za/~sean
------------------------------
From: David Empey <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Wed, 20 Sep 2000 16:31:35 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> But I have found an earlier example of a block cipher where an
> algorithmic operation depends on the data.
>
> In this block cipher, a step follows this rule:
>
> The block to be enciphered is divided into two halves, L and R.
>
> Furthermore, each half is divided into two quarters, L into LL and LR,
> and R into RL and RR.
>
> If LL = RL, then the step is: LR = LR + 1, and RR = RR + 1.
>
> If LR = RR, then the step is: LL = LL + 1, and RL = RL + 1.
>
> But if neither of those conditions is met, then LR and RR are swapped.
>
> If I tell you that the additions above are performed modulo 5, will
> you recognize the cipher?
Playfair?
--
Cordially,
Dave Empey
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 20 Sep 2000 18:40:48 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: My attempt at an alogrithm.
halofive wrote:
> hello, I'm sorry if this is the wrong place to post ideas...
Nono, its the right place.
> lately i've been reading a book concerning cryptography and it's had me
> thinking about ways to encrypt files. Can someone please tell me if my
> idea is efficient? I'm going to start writing it in C- but I would like
> too see if anyone has any suggestions.
Well, see below.
> The program requires the user to first input the password being used
> (key). The program breaks down the password (starting from the end
> working to the first letters input).
No surprise, of course you need a key and an input.
> Multiplying the last letter's [of the the password] ascii value, plus
> two, by the ascii value of each char's ascii value, divided by ten,
> results in the first chars encrypted value (represented in ascii).
I don't understand what you're talking about. What do you
want to do ? And how do you want to decrypt ?
Is this a stream cipher ?
For example, what do you do with all these results of the
multiplications ? Do you add them together ? Very bad
idea, because a*b + a*c = a*c + a*b = a*(c+b). Do you
multiply with each other ? Even worse idea, because
a*b = b*a, so the position of the individual bytes
never matter.
> This is done individually with each char of the password, on each new
> encrypted char- over and over.
Again no surprise... of course you encrypt ALL bytes
not only the first one.
> I am not sure if this makes sense, I will start writing it and see if
> it still looks as good as it does on paper.
It doesn't look good.
> Thanks for listening, if you have suggestions please respond to this or
> via e-mail- it's up to you.
I prefer answering in NG.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA Questions
Date: 20 Sep 2000 12:47:23 -0400
[EMAIL PROTECTED] wrote:
> That is, when e is relatively prime to phi(n), for the map:
> y=x^e mod n
> To be 1-1 from the integers from 0 to n-1.
> HOWEVER:
> For x relatively prime to n, the map will be 1-1 even if n is not square
> free.
Proof: For e relatively prime to phi(n) where n=p1^a1*p2^2...
M encoded as a = M^e mod n.
To decode, you want to solve for x in x^e=a mod n.
This is equivalent to x^e=a mod p_j^a_j for each j and given an x, known
modulo p_j^a_j for each j, tells you x mod n.
NOTE: If a is not divisible by p_j, then there is a unique solution
(mod p_j^a_j) to x^e=a mod p_j^a_j
(there is a d with d_j*e=1 mod phi(p_j^a_j), since e is rel. prime
to phi(n). Thus, if x^e=a mod p_j^a_j, x^(d_j*e)=a^d_j mod p_j^a_j
NO solution can have a factor of p_j, and the order of the
multiplicative group of Z_p_j^a_j is phi(p_j^a_j) so this gives:
a^d_j mod p_j^a_j as the only possible solution.
Raising it to the e'th power, again, noting that a is in the
multiplicative group of Z_p_j^a_j shows that this IS a (and hence
the only) solution.
1: if each a_j=1 then
x^e=a mod p_j
If a is rel prime to p_j, this has one solution, so we know x mod this
p_j. If a is not rel. prime to p_j (p_j divides a) then the only
solution to this is x=0. In either case, we know x mod each p_j^a_j=p_j
and hence know x mod n (y=x^e mod n is invertible for all numbers x
from 0 to n-1)
2: if some a_j is larger than one, say a_1 (relabel the primes so the
first one listed has an a_j larger than one) then we have to solve:
x^e=a mod p_1^a_1. Again, if a is NOT divisible by p_1, this has a
unique solution (so if a is divisible by NONE of the p_j's
we will have a unique solution for x mod each p_j^a_j and then a
unique x mod n: i.e. if a is relatively prime to n, there is a
unique solution to x^e=a mod n). On the other hand, if a is divisible
by, say, p_1^a_1. Then this is x^e=0 mod p_1^a_1. Pick any t with
et>=a_1. x=0 is one solution to x^e=0 mod p_1^a_1. x=p_1^t is another
solution!
This specifies two possibilities mod p_1^a_1 (at least).
You may have x uniquely specified mod each of the other p_j^a_j, but
these two values give at least two solutions mod n.
E.g. n=175 (5^2*7): phi(n)=175(1-1/5)(1-1/7)=120. Pick e=7 (rel. prime to
phi(n). d=103 (ed=721=6*120+1=1 mod 120).
If we want to solve x^7=16 mod 175, there is just one solution
(we need to have x^7=16 mod 25 and x^7=16 mod 7
but x=16^103 mod 25 and x=16^103 mod 7 or:
x=16^3 mod 25 and x=16^1 mod 7
since 3=103 mod (20=phi(25) and 1=103 mod (6=phi(7))
x=21 mod 25, x=2 mod 7
x= 21*(7*18)+2*(25*2) mod 175
(since 7*18=1 mod 25, but = 0 mod 7
25*2=1 mod 7, but = 0 mod 25)
x=121 mod 175
or x=16^103 mod 175 = 121 mod 175 is the only solution
CHECK: 121^7 mod 175
121^7 mod 175 = 121^4*121^3 mod 175
214358881*1771561 mod 175
156*36 mod 175
5616=32*175+16=16 mod 175)
(If you get an encrypted message, E, where E=M^7 mod 175, and E is 16,
then you KNOW that the original message was M=121 mod 175)
On the other hand, consider x^7=25 mod 175.
This is x^7=25 mod 25 and x^7=25 mod 7
x^7=25 mod 7 does have one solution
(x=25^103 mod 7= 25^1 mod 7 = 4 mod 7)
x^7=25=0 mod 25, however, has many solutions mod 25.
x=0 is one. x=5 is another. x=10 is a third.
These yield (for solutions to x^7=25 mod 175:
x=0 mod 25, x=4 mod 7: (x=0*(7*18)+4*(25*2)=200=25 mod 175
(CHECK: This is 25^3*25^4 mod 175 = 50*25 mod 175 = 25 mod 175)
x=5 mod 25, x=4 mod 7: (x=5*(7*18)+4*(25*2)=830=130 mod 175
(CHECK: This is (130^3)^2*130=(2197000)^2*130=(50)^2*130 mod 175
=2500*130=25 mod 175)
x=10 mod 25, x=4 mod 7 (x=10*(7*18)+4*(25*2)=1460=60 mod 175
(CHECK: 60^7 mod 175=(60^3)^2*60=(216000)^2*60=(50)^2*60 mod 175
=2500*60=150000=25 mod 175)
If you get an encoded message of "25 mod 175" (using the encoding of M to
E as E=M^7 mod 175 - so E=25), what was the original message?
Was the original message M=25? or M=130? or M=60? or ... mod 175?
(This does not happen if n is square free.
This only happens if you happen to use a message which has a factor
in common with n.)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
