Cryptography-Digest Digest #728, Volume #12 Wed, 20 Sep 00 16:13:01 EDT
Contents:
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: RSA Questions (Bryan Olson)
Re: A conjecture - thoughts? (Anton Stiglic)
Re: ExCSS Source Code (Bryan Olson)
Re: One-way encryption ([EMAIL PROTECTED])
Re: Questions about how to run a contest ("Simon Dainty")
Re: SUN SPOT 6.51 BILLION square kilometers in size (Ichinin)
How do I cancel a question? ([EMAIL PROTECTED])
Re: Software patents are evil. ("Dann Corbit")
----------------------------------------------------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Wed, 20 Sep 2000 19:52:25 +0200
I am sorry to say, but the only advice i can give you in order to properly
understand what we are talking about is to find 16th century dictionary and
try to find the word computer in it.
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
>
>Kostadin Bajalcaliev wrote:
>
>> Mok-Kong Shen wrote:
>
>> >Kostadin Bajalcaliev wrote:
>> >>
>> >[snip]
>> >> I hope you will find a little time to read my thesis, it is not the
>> regular
>> >> amateur-eureka-work.
>> >
>> >I have looked at your paper. The following are my comments:
>> >
>> >You have apparently thought that a function must be something
>> >written as a common mathematical expression like x^3+5. This
>> >is not true. Every mapping from one set to another set
>> >defines a function. In the discrete case, a function can
>> >be given by a table and there is no need to give a nice
>> >mathematical expression to describe it. If a blackbox
>> >delivers an ouput for each input, then it realizes a
>> >function. (The output for the same input may even be different
>> >at different times, but we shall not go that far here.)
>>
>> Not at all, i agree that any maping from one set to another is function,
but
>> it is very anpractical solution. Let the balck box accept 64-bit number
in
>> and produce a 64-bit number as output. Since the box is assumed to exist
in
>> the real world it is imossible to map it there are to many entries. Even
>> more there is some algorithm in side that make the transformation (if we
>> exculed random mapings). In order to analize this box we need to find the
>> algo inside. Maping it will be of no use.
>
>A mapping from n elements all to one single element
>is still a function, only that the function cannot
>be inverted. I used the box to emphasize that it
>is important only to know all pairs of input/output
>to define a function. How the output is computed from
>the input is essential to the implementor but for
>the user of the function it is of no significance.
>The implementation detail doesn't belong to the
>definition of a function.
>
>>
>> >A piece of code in the programming language, normally one
>> >having as header 'function', gives the explicit steps
>> >of computation and realizes a function. That in such code
>> >one uses different constructs of the programming languages
>> >like 'if', 'case' to determine exactly what to do (among
>> >a number of options) in any concrete situation (cf. your
>> >example with the case construct) is what every programmer
>> >has been doing. Thus I am afraid that your newly constructed
>> >term 'quasi-function' is very confusing.
>> >
>
>> This second oppinion is somthing closer to definition of function in
>> general. Function is an algorithm that executing finit number of steps
make
>> some transformation over the input or more theoreticly map the set of
input
>> values into the set of output values. May be the term Quasi Algorithms is
>> not the lakyest choise but i thing it is an existing form. If you expand
any
>> function into elementar steps (let say in ASM code) than it is easy to
>> notice that each step (instruction / operation) care 2 different types of
>> information in it, what should be done, and what are the argments
>> (operators). If the the operation is abstracted than we have a structure
>> that specifed by the order of step the kind of operation taking place in
>> each step and operand, but which operation is realy taking place in those
>> steps in unkown. Any algorithm have a skeleton, vertainly not all the
>> operations from the steps can be abstracted but most of tham can. In the
>> thsis there is a simple exmaple, a polynom function (they are not the
only
>> king of functions). Let say f(x)=ax^2 + bx +c a simple equante of 2nd
>> degree. there are 5 operation inside, if we abstract tham we can write
>> Qf(x)=a o x o 2 o b o x o c where o is any operation. second function
>> g(x)=a+x-2+b-xc have the same skeleton only different operations are
placed
>> in side. Qf is what I named quasi algorithm, becuase it determine a finit
>> class of functions, all of them will hace the same skeleton but very
>> different properties. The cryptographycal significance of this is
explained
>> in the thesis.
>
>Look into a mathematical dictionary to see if you can find
>an entry of quasi-function. If given one specific input
>you get one single output then there is no class of
>functions but only one single function. That the function
>for one value of input has an implementation using one
>operator type, while for another value of input has
>an implementation using another operator type, doesn't
>change that fact.
>
>> >Polymorphism has been known in computer science since
>> >decades, though much popularized only after C++. Already
>> >in Algol68 one can use a datatype 'union' such that at
>> >runtime one can obtain first the type and then the value
>> >of an object and with these determine what is to be
>> >computed next. Polymorphic Types have been much studied
>> >by researchers of the functional languages. In procedural
>> >languages, ADA and C++ are two recent examples that much
>> >deploy polymorphism, with ADA having parametric types and
>> >generics and C++ having classes, inheritence and dynamic
>> >binding.
>> >
>
>> there is nothing common between Polymorph encryption and polymorphism in
>> programing languages, even some analogies can be found.
>
>Your using data in a 'case' construct to do different
>things depending on the data is a typical characteristic
>of polymorphic function in programming language. And
>you apparently implement your crypto exactly in that way.
>
>>
>> >Restricting ourselves now to matters of crypto, it is
>> >true that, as you mentioned, the use of data dependent
>> >rotations, substitutions and S-boxes can be advantageous.
>> >All these can, however, be subsumed under the concept
>> >'variability'. If a cipher is not 'fixed' like DES but
>> >has its components (e.g. S-boxes) different for
>> >different messages or even dynamically modified during
>> >encryption processing (e.g. a PRNG-driven cipher with
>> >feedback to PRNG), then the opponent is in general in an
>> >evidently much more difficult position to do the analysis.
>> >As you mentioned, techniques like differential analysis
>> >would no longer function. That's why I have many times
>> >in the past propagated the 'principle of variability'
>> >(my terminology) and suggested the use of parametrized
>> >ciphers (where the user has choice of different
>> >parameters, e.g. round numbers, optional processing
>> >steps, etc.) as well as dynamic random selection of
>> >encryption algorithms (see the thread of 28th May),
>> >which latter you also deal with in your paper.
>> >
>>
>> I am happy you are one of propagater of "principle of variability", i
will
>> be glad to read some of your works if possible. However my intention
>> formulating Polymorph encryption was to give a theoretical model of this
>> variability. Quasi algorithms are just the mathematical model.
>
>Try to find in a dictionary of mathematics or computer
>science the term quasi algorithm. You would find none.
>
>>
>> >It is true that the well-known ciphers don't have
>> >variability or have only little variability. Thus
>> >suggesting introducing variability by dynamically
>> >changing the type of operators in expressions to be
>> >computed, as you have done, is in fact a good idea.
>> >(There have been use of such in some ciphers, though.)
>> >However, on the other hand, I believe you should
>> >avoid using the terms 'quasi-algorithm' (any piece of
>> >program that computes something and terminates is an
>> >'algorithm', there is nothing quasi) and 'quasi-
>> >function' (as explained above).
>> >
>>
>> A expalined this prior, but Quasi Algorithms are unable to compute
anything,
>> That why i introduce the phi notation, Phi(F,sigma,x) is an algorithm but
F
>> the skeleton certainly is not.
>
>I know what an algorithm is and what a function is.
>But what is a skeleton? Is that a template of ADA
>and C++? If yes, then you have polymorphism of programming
>language, which you however denied above.
>
>M. K. Shen
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Wed, 20 Sep 2000 20:15:46 +0200
We are not discussing any program implementation right now. I hope you are
pretty aware about the difference between the syntax and semantic of a given
structure. Using case, union or anything else is just a syntax, a matter of
implementation. Something more important is what I am trying to express with
that code.
There was different ad-hoc solution in block cipher design, there was also
some intentional chooses made in others which are similar or may be the same
with Polymorph encryption. But not many of those designer have explained why
they have chosen variability and what is the effect of that choice.
We are all perfectly aware that in this cruel world something without a
strict mathematical definition can not be counted as scientific.
Kb
PS: Discussing the form is contraproductive, without grasping the reason of
their existence
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
>
>John Savard wrote:
>>
>> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>>
>> >Polymorphism has been known in computer science since
>> >decades, though much popularized only after C++. Already
>> >in Algol68 one can use a datatype 'union' such that at
>> >runtime one can obtain first the type and then the value
>> >of an object and with these determine what is to be
>> >computed next. Polymorphic Types have been much studied
>> >by researchers of the functional languages.
>>
>> I think that almost the only connection between that and the form of
>> encryption under discussion is the use of the same word.
>
>Actually not. He uses the data (at runtime dynamically)
>to determine via a case-construct what the function
>(at a particular step) should do. In programming, a
>polymorphic function is one such that the code queries
>the type and/or the value of certain input arguments
>and uses that information to determine what is to be
>done. In this way, one has only one function name
>(instead of a bunch of these each for a different one)
>to stand for a whole class of (more or less similar)
>functions. That is polymorphism as the term is used in
>CS. If a cipher designer indends to exploit variability
>at some small granuality level, this programming
>paradigm would naturally come to his mind in
>implementation. (I myself once thought of letting PRNG
>to determine in one of my humble cipher designs whether
>xor or modular addition is to be done in certain steps,
>but I finally decided to leave that out, considering
>that my design already has enough variability and
>achieving more 'complexity' for the opponent via adding
>more code is not worthwhile in that case. My design
>is PRNG driven, i.e. everything is controlled by PRNG
>and there is feedback from the result of processing to
>the PRNG, thus there is ample variability in my viw.)
>So what the original poster does is nothing new at all
>from the standpoint of programming. His explicitly
>pointing out (stressing) the advantage of using
>polymorphism (because of increase of variability) may
>on the other hand be considered 'new' in the sense
>that he calls one's attention to polymorphism as a
>general technique useful in crypto design and
>implementation. As you pointed out, you and several
>others have earlier employed certain polymorphic
>constructs.
>
>M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 20 Sep 2000 18:12:51 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>: "SCOTT19U.ZIP_GUY" wrote:
>
>:> I guess you just don't seem have the ability to understand
>:> your method sucks. Having a EOF is just plain waste. It is added
>:> info that is not needed. [...]
>
>: If my message is over one hundred bytes, do you think
>: that I need to care about wasting 5 bits?? [...]
>
>At worst, this can reduce the size of keyspace by a factor of 32.
>
>It might make the difference between an analyst looking at 32 different
>possible messages, and one unique one.
>
>Of course, whether you consider this sort of thing to be potentially
>important is up to you.
Tim as a thought experiment I tried to do a very simple calulation
that seems to round to zero on my HP 15C suppose one is writting
a random file with only 255 character types. make the file 65,636
bytes long. And use the 256th character type as a EOF marker. One
could view MoK problem like this. The file I was statically compress
ing has each symbol occurring the same number of times. so the tree
reduce to the one where all lengths 8 bits. WHat are the odds if one
encrypts this string that when one uses a false key that it could be
a valid string witch could have been compressed. Well it would have to be a
file that does not contain the 256th charter in all but the last byte.
looking at only the last byte you eliminate all but 1 out 256 weaking
the key by 8 bits. But what is the chance that the 256th bit EOF marker
will not appear in the first 65,636 bytes. It is ( 255/256)**(65,636)
which is "ZERO". Well it can't be zero but I think you will agree it will
weaken the key so that if an AES candidate was used the only key that
fits is the one used for the encryption.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: RSA Questions
Date: Wed, 20 Sep 2000 18:18:34 GMT
> Bryan Olson wrote:
>
> > The modulus must be the product of distinct primes for
> > encryption to be invertible.
>
> That is, when e is relatively prime to phi(n), for the map:
> y=x^e mod n
>
> To be 1-1 from the integers from 0 to n-1.
>
> HOWEVER:
>
> For x relatively prime to n, the map will be 1-1 even if n is
> not square free.
True, and the condition on x is slightly stronger than
needed for decryption to work.
> IF THERE IS ANYTHING EXCEPT A NEGLIGIBLE/INFINITESIMAL
> PROBABILITY THAT THIS COULD OCCUR (i.e. one might pick
> an x which is not relatively prime to n: say, once out
> of 100 billion times) THEN THE MODULUS IS (at least
> partially) INSECURE AND YOU SHOULD USE A DIFFERENT ONE.
True, but there's no reason to choose a modulus that is
not square free for RSA. It doesn't even have the CRT
speedup advantage of multi-prime.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: A conjecture - thoughts?
Date: Wed, 20 Sep 2000 14:45:16 -0400
John Savard wrote:
>
> On 18 Sep 2000 22:57:04 GMT, [EMAIL PROTECTED] (Ian Goldberg)
> wrote, in part:
>
> >What do you do when f(x) = x * 2 and g(x) = x * sqrt(3) ?
>
> In that case, f(g(x)) = sqrt(3) * g(f(x)), so the two functions do not
> commute.
Umm? f(g(x)) = f(x*sqrt(3)) = x*sqrt(3)*2
g(f(x)) = g(x*2) = x*2*sqrt(3)
Unleass you are working in a non-commutative group,
these two things should be the same.
--Anton
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Wed, 20 Sep 2000 19:26:42 GMT
David A. Wagner wrote:
> Bryan Olson wrote:
> > The question was the purpose of CSS. It's not to control
> > who can enter the player market and how they can compete.
> > It's to control access to the content.
>
> You left out a layer of indirection. The claim is that CSS
> is intended to control access to the market, so that only players
> which control access to content are allowed onto the market.
> That's the sense in which it may be claimed to be player control.
Who ever said it isn't player control? The PURPOSE is the
question. We've now come full circle and what you say above
seems to agree with what the industry said all along. The
system has all those controls you list, for the purpose of
controlling access to copyrighted works.
> Again, if you like, you don't have to use the words `player control'.
> But the question that others have asked remains: Is the DMCA putting
> fair use, First Amendment, and other rights at risk? This is way
> off-topic, but cannot be settled just by calling CSS `player control'
> or `content control'.
This strand descends from a simpler question: the nature of
CSS. One of the defenses of DeCSS was that CSS is not copy
protection, but only a means to control the market for
players. If CSS were not content control, then DeCSS would
not violate the DMCA.
The reality is that CSS is part of a system of technical
measures to control access to copyrighted works. That does
not settle the question of whether the DMCA is
constitutional or fair or well-written. What it does mean is
that DeCSS violates the DMCA.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: One-way encryption
Date: Wed, 20 Sep 2000 19:51:48 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
> : On the other hand, MD5 and SHA-1 are both standard portions of the
> : Java 2 platform, so the task of encrypting passwords with either of
> : them is even easier.
> SHA-1 is included in the JCE - but not in the JDK, or in the JRE, AFAIK.
> According to http://java.sun.com/products/jce/jce12_faq.html
> ``JCE 1.2 is export-restricted, meaning that it can be downloaded only
> from within the U.S. or Canada.''
It is in fact in the JDK, although perhaps undocumented. A more
serious issue is that the serialization mechanism depends on SHA-1 for
version control of serialized objects, so any java implementation
without them would be unable to read or write serialized objects.
AFAIK, however, the JCE is no longer an "extension" but a standard
part of the Java 2 platform (jdk 1.2+) as I wrote above. That doesn't
mean that you don't need external providers for ciphers, just that the
standard framework is part of the platform. I could be wrong about
that though, since I have yet to find anyplace it's not available, I'm
not prone to dig up the specs.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Simon Dainty" <[EMAIL PROTECTED]>
Subject: Re: Questions about how to run a contest
Date: Thu, 14 Sep 2000 07:08:21 +0100
Sylvain Martinez <[EMAIL PROTECTED]> wrote in message
news:8q57db$ee6$[EMAIL PROTECTED]...
> > If you want to test your ciphers strength, you should surply the
> >plaintext
> > and the ciphertext and ask for the key. - This gives the attackers
> >bigger
> > opportunities.
>
> Ok, so if I want to be serious about it I should give the original clear
> text...
Ideally, you would supply many ciphertexts and many plaintexts
and then ask for the key. Asking someone - anyone - to attempt
to produce a key when in posession of only a couple of plaintexts
and ciphertexts is asking quite a lot.
> Ok, then I should give the original clear text for the 2 cipher files
> provided for this contest.
Up the limit. You've got nothing to loose. (Well, except £50. ;-)
> Do we agree that if after that nobody can give me the key used to crypt
> these 2 text that would probabely mean this algorithm is secure ?
> (or at least not too bad !)
If you can prove that it can never be cracked then yes, it's secure. Alas,
that's rarely ever the case. All you can hope to claim is that "...it
hasn't
been cracked yet."
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: sci.military.naval,alt.conspiracy,sci.geo.earthquakes
Subject: Re: SUN SPOT 6.51 BILLION square kilometers in size
Date: Wed, 20 Sep 2000 09:57:17 +0200
Eugene Griessel wrote:
<SNIP>
Let me guess, you want sci.crypt feedback?
Hints:
- Using the magnetic storms as a random number generator = bad idea, if
someone put up a satelite in front of your measure point they will be
able to predict the sequence output of the RNG.
- Will a potential sunstorm affect the outcome of PRNG's? Who knows, it
could be worth studying how radiation can affect and possibly control
the output of such a device (That's for you alt.conspiracy people :o)
- Digitising the sunspot into a one time pad = also a bad idea, since it
is visible to everyone at all times, and would probably be recorded by
thousands ranging from pro-astronomers to hobby-astronomers
Anyway, that's all 4 me.
/Ichinin
(P.S: How to record solar (events such as eclipses etc) images using a
digital camera: point the camera at the sun, turn it slightly to the
side of your choise so an obvious lens flare effect will occur on your
image. Now; Take a picture, now go through all the lens flares from the
sun and outward and you'll find one "flare" (not too bright) that reveal
the shape of the solar event and Voila'!)
------------------------------
From: [EMAIL PROTECTED]
Subject: How do I cancel a question?
Date: Wed, 20 Sep 2000 19:52:46 GMT
How do I cancel a question?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Wed, 20 Sep 2000 13:09:44 -0700
"Terry Ritter" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[snip]
> Players who effectively have a monopoly position do not need patents
> -- they already have what a patent can provide. Instead, it is the
> little guy who must confront the existing market who can best benefit
> from a patent.
And yet it is the huge conglomerates like IBM and AT&T that own almost all
of the software patents. Really small operators cannot afford the legal
battles that can ensue. On the other hand, it might go unchallenged -- even
at that, they are sitting on top of a huge money pit if it does get
challenged. But (for the most part) it is the mega-mega huge players that
benefit. They already have multiple millions of dollars in their legal
budget so that they can afford software patents.
[snip]
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
