Cryptography-Digest Digest #733, Volume #12 Thu, 21 Sep 00 13:13:01 EDT
Contents:
Re: Tying Up Loose Ends - Correction (SCOTT19U.ZIP_GUY)
Re: t (Eric Lee Green)
Re: ExCSS Source Code (Eric Lee Green)
Re: Software patents are evil. ("Trevor L. Jackson, III")
Re: Does this mean anything? (Doug Kuhlman)
Re: ExCSS Source Code ("Trevor L. Jackson, III")
Re: Software patents are evil. (David Rush)
Re: Double Encryption Illegal? ("Trevor L. Jackson, III")
Re: Software patents are evil. (David Rush)
Re: t ("John R.")
Re: Tying Up Loose Ends - Correction (Mok-Kong Shen)
State-of-the-art in integer factorization (JCA)
Re: Software patents are evil. (Bill Unruh)
Re: Dr Mike's "Implementing Elliptic Curve Cryptography" - reader (Roger Schlafly)
Re: t (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Tying Up Loose Ends - Correction
Date: 21 Sep 2000 14:58:38 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On Wed, 20 Sep 2000 15:03:10 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
>part:
>
>>After the compresssed file is encrypted, it can be safely padded out
>>with zeros, to a byte boundary without any security concerns.
>
>True.
>
>>If you want to
>>obscure the length of the file from your adversary, as much random
>>padding as you like can be used at this stage.
>
>False. If padding is added *after* encryption, one has to (unless one
>is using a stream cipher of the sort vulnerable to bit-flipping,
>or...) indicate where the padding starts in the clear so that
>decryption will act on the right bits.
>
>If the padding is genuinely random, adding it before encryption won't
>cause a security problem: and does avoid the kinds of problem I was
>concerned with - the teensy bit of redundancy left in by a scheme
>aimed precisely at getting the last little teensy bit out.
>
What I think Tim was refering to was the fact if one use optimal
compression there may be a tendency for certain end combinations to occur
more than others. If one wished to hide the fact that a file is
encrypted at all. It was more of an attempt to make the encrypted
file look more like a purely random file. So that an adivsory would
not know a set of encrypted files from a set of random files.
Also if one using a taditional AES type of block cipher one can
but in the first few bits a value that tells how short the last
block is. That why no need for a random number to be used in the
compressed text to be encrypted. The random bits can be added after
the end of the encryption. And if the random numbers are weak. Then
since they are outside the encryption they can do little more than
convey the ture EOF of the encrypted text.
Example in ECB mode of a file 25 bytes long the last 3 bits of byte
25 have data ( means the one is in fourth position ) going to a 8 byte
block cipher. put in front of file to encrypt a field of 6 bits the
first 3 bits tell how bytes of data in last block and the next 3 tell
how many bits in the last byte. when you encrypt the last block
you borrow bits from the previous block so only previously encrypted
bits are actual data bits are borrowed. Then encrypt but when you write out
you write over the shared encrypted bits. then add random bit to finish
last byte or block or what scheme you chose. On decryption you have
to decrytpt the last block before you decrypt the next to last block
since all the data is not there till the last block is decrypted.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: t
Date: Thu, 21 Sep 2000 08:40:37 -0700
lala wrote:
>
> t
I see you have invented the perfect compression mechanism, one that will
compress a gigabyte of data down to one byte.
Now all you need to do is perfect the decompression part :-).
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer "The BRU Guys"
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Thu, 21 Sep 2000 08:45:26 -0700
Bryan Olson wrote:
> The reality is that CSS is part of a system of technical
> measures to control access to copyrighted works. That does
> not settle the question of whether the DMCA is
> constitutional or fair or well-written. What it does mean is
> that DeCSS violates the DMCA.
Agreed. While I feel that the anti-circumvention clause in the DCMA is a prior
restraint upon speech and thus will be proven invalid upon appeal, that does
not change the fact that DeCSS violates that clause.
http://www.eff.org needs your help. They've spent over a million dollars on
this Constitutional case, and will probably need that much to continue. I
can't think of any reader of this board who could not afford to drop by and
add $100 to their credit card balance (yes, they accept credit cards), except
Tom of course (Canadian teenagers don't get credit card applications with
their report cards like U.S. teenagers, right?).
-- Eric Lee Green, EFF member.
--
Eric Lee Green [EMAIL PROTECTED]
------------------------------
Date: Thu, 21 Sep 2000 12:02:27 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Bill Unruh wrote:
> In <[EMAIL PROTECTED]> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
>
> ]Bill Unruh wrote:
>
> ]> Most patents in any area go to big established companies.
>
> ]This is an irrelevant factoid. Comparing the numbers of patents to the amount of
> ]effort (research $) would normalize the number into a somewhat useful statistic.
>
> ?Why would that be any more relevant than the one I stated.
I may have assumed more context than was necessary. Certainly the statement you made
is
true. However, in the context of the value of the USPTO and the accusation of a
playing
field tilted toward big companies it is not meaningful. If, for instance, small
researchers produce more research results yet receive fewer patents then there seems to
be a problem. But if the large organizations produce more results and receive most of
the patents there does not seem to be an inequity.
My point was that patents are not bestowed in a vacuum. The amount of work performed
by
the type of organization cannot be ignored.
Otherwise we should abolish the USPTO for discriminating on the basis of ethnic
heritage
(say, favoring orientals and disfavoring africans) based solely on the volume of
patents
awarded. (Not a claim or indictment just an example of an unsupported accusation)
>
>
> ]But all such statistics will be distorted by the presence of ego patents, patents
> ]needed to justify IPOs or share prices, and the unreasonably large fraction that
> ]are just plain idiocy.
>
> ]The "working" patents -- those on which businesses are based -- are the interesting
> ]ones for evaluating the utility of the patent system. Since the US leads the world
> ]in patents and seems to be at least as healthy as other developed countries, there
> ]is reason to believe the patent system is a beneficial influence on our society.
>
> No, no. It is because the US has a dominantly English culture, with a
> very strong Spanish subculture that its Economy is doing so well.
> Or is it because the US has more lawyers per capita than any other
> country that it is doing so well. That must be it!
The truth hurts. ;-)
Actually an excess of lawyers is not a symptom of an effective legal system, but a
symptom of a defective one. Good fences make good neighbors because they minimize
border conflicts. Bad laws foster the legal industry. Good laws reduce the friction
with the legal system and thus its parasitic cost to society.
The fact that patent litigation is one of the most expensive forms of litigation
indicates that it may not be a good as it might.
>
>
> Correlation does not equal causation.
Of course. But it is a cautionary observation against assuming lack of causation.
>
> Patents had has almost nothing to do with software until recently. Yet,
> you could not say that software has suffered in the US.
Well, given that we have no control against which to test the history of software in
the
US, and given that the software industry is fairly young there does not seem to be much
that can be said in a definitive way. Yet, for the purposes of discussion, I can take
a
Devil's advocate position. Resolved: that the low quality of US software is due to the
lack of an effective protection for intellectual property.
First, the low quality is evaluated against what we know could/should be done rather
than against what is done in other countries (where IP protection is even less
effective). Second, the observation that intellectual property is not effectively
protected is demonstrated by the Lotus 123 suits (vs Visi and vs clones) and the
Xerox/Apple vs Microsoft/HP suit. I submit that there was appreciable intellectual
property at issue, and that the good guys lost.
The central thesis is that lack of effective IP protection lowers the barriers to entry
(generally perceived to be a good thing) and lowers the potential payoff by diluting
the
market for good software with bad software (generally perceived to be a bad thing).
If effective IP were available it would be worth investing great effort into being the
best. Without effective IP protection such effort is wasted because it can be cloned
cheaply and the fruits squandered. Some consider this a good thing in that it makes
whatever accidentally turns out to be good (more accurately popular) widely available
within a short time span.
Others consider this to be a bad thing because there is a positive disincentive toward
quality. It costs time. And the sine qua non of modern software marketing is to be
first rather than best.
In the short term, we can economically purchase the best that is available in the
market
because any innovation is rapidly emulated. In the long term the best that is
available
in the market is far lower that it would be because there is no incentive (differential
advantage) for production of better software. Since short term effects dissipate and
long term effects accumulate, at some point past initialization the market will be
dominated by long term effects, and saturated with bad software.
Some observers attribute the low quality of software to its commodity status, reasoning
that if the customers cannot tell the difference between high and low software quality
there will never be any reason to "waste" effort on raising quality because it will not
result in more sales. In fact it will result in less revenue based on upgrades.
But this misses the point. Customers _can_ tell the difference. But that difference
is
dominated by cost differences. So a company that prices its software higher than the
competition to cover serious development effort will price themselves out of the market
composed of competitors who "me too!" the fruits of the development effort without
paying for it. So customers will always pay less for approximately the same quality.
Effective IP would restore the balance between quality and cost and reduce the
domination of the first-to-market mentality.
Conclusion: I can say that software has suffered in the US if low quality counts as
suffering.
Is this off topic? Perhaps not. Crypto is similar to software as an industry with an
abstract, almost ineffable, product. And crypto -- as an industry -- is younger than
software. Perhaps crypto can do better.
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: Does this mean anything?
Date: Thu, 21 Sep 2000 10:38:05 -0500
Jim Gillogly wrote:
>
> JustAsking wrote:
> > Take a seed number of sqr(aProductOfTwoPrimes)+1 (S).
> >
> > Loop
> > T = S^2 - N
> > if sqr(T) is an integer, end loop, calculate prime1 and prime2
> > S = S + 1
> > until ??
> >
> > comments?
>
> Yes, it means something: if prime1 and prime2 are close to sqrt(N)
> you can factor N easily. Fermat discovered the method.
> --
> Jim Gillogly
> Mersday, 29 Halimath S.R. 2000, 23:18
> 12.19.7.10.3, 12 Akbal 6 Chen, Fifth Lord of Night
More than that, too. It forms the basic idea of some of the best
factoring methods (NFS, QFS). One of the clever parts is not simply
stepping S along but looking for good candidate S's.
Doug
------------------------------
Date: Thu, 21 Sep 2000 12:12:21 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Bill Unruh wrote:
> The law is what is written, and the law is written so broadly that it makes
> illegal things
> that should never have been illegal.
Actually the law is not what is written, but what is enforced. This is why one
cannot challenge a law that has not been applied, and why one can only
challenge those provisions that have been applied in the case at issue.
> And yes laws are thrown out because
> they are overbroad.
Overbroad can mean several things:
1) overstepping authority (c.f., interpretations of the commerce clause of the
US Constitution
2) infringing upon protected areas (constitutionally protected activity)
3) void for vagueness (like the ADA)
In this case the law in question can be construed as violating all three
standards.
------------------------------
From: David Rush <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: 21 Sep 2000 17:09:12 +0100
It's a hell of a way to de-lurk, but I just can't help myself.
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> Terry Ritter wrote:
> > Patents reward successful research. If we have a situation where
> > patents are ineffective, the only research we get is what happens for
> > free.
>
> Not quite. To make the preceding sentence accurate one needs to insert
> "public" prior to "research". Vast amounts of research would still occur,
> but every research lab would be a skunk works, and trade secrecy would
> dominate good engineering. No thanks.
And trade secrecy *doesn't* dominate good engineering now? When did
you last read an `industry-standard' IPA?
david rush
--
Property is theft.
-- What is Property? (Pierre-Joseph Proudhon)
------------------------------
Date: Thu, 21 Sep 2000 12:16:20 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Double Encryption Illegal?
John Myre wrote:
> Guy Macon wrote:
> <snip>
> > Oh, *real* clever, Arturo. Did you think that nobody would notice
> > you double encrypting your post using ROT13? Well *I* noticed, and
> > I double DEcrypted it with ROT13 bnefor replying. So there!
>
> "bnefor"?
>
> I think there is a bug in your ROT13 implementation.
These things are to be expected from a probabilistic decryption system.
;-)
------------------------------
From: David Rush <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: 21 Sep 2000 17:16:10 +0100
[EMAIL PROTECTED] (Bill Unruh) writes:
> [the patent debate] is largely companies and
> individuals arguing that have a natural right to
> monopoly power. There is no such natural right.
This has to be one of the sanest things I have ever heard said on the
topic. Unfortunately, reason has little to do with it when the shadow
of a buck looms...
david rush
--
In no other country in the world is the love of property keener or
more alert than in the United States, and nowhere else does the
majority display less inclination toward doctrines which in any way
threaten the way property is owned.
-- Democracy in America (Alexis de Tocqueville)
------------------------------
From: "John R." <[EMAIL PROTECTED]>
Subject: Re: t
Date: Thu, 21 Sep 2000 16:34:39 GMT
John Savard wrote:
> On Thu, 21 Sep 2000 00:31:51 -0400, "Douglas A. Gwyn"
> <[EMAIL PROTECTED]> wrote, in part:
> >lala wrote:
> >> t
>
> >Yes, indeed. In fact that (although in upper case) was the
> >entire content of the first page of an experimental book I
> >once wrote, which explored how much communication might be
> >developed between agents that could perceive the symbols but
> >had utterly different modes of thought and no a priori shared
> >knowledge. The second page was
> > NNT
> >The third was
> > NF
> >You get the idea (maybe).
>
> But the plot is cliched. I can guess how the book begins. Something
> like:
>
> T
> NNT
> NF
> TOT
> TOF
> FOT
> TIT
> FIT
> FIF
> TET
> FEF
> TAT
> LTR
> LNNTR
> LNFR
> LTOTR
> LTOFR
> LFOTR
> LTITR
> LFITR
> LFIFR
> LTETR
> LFEFR
> LTATR
> TALFOTR
> NLLTAFROTR
> NLFOFR
> NLTIFR
> NLTEFR
> NLFETR
> NLTAFR
> NLFATR
> NLFAFR
>
> At least it deserves to be filed in the non-fiction section.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
Now, I am new to all this, and was wondering if someone could explain,
or point me in the direction to understand it.
--John
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Date: Thu, 21 Sep 2000 19:07:18 +0200
Tim Tyler wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> : If my message is over one hundred bytes, do you think
> : that I need to care about wasting 5 bits?? [...]
>
> At worst, this can reduce the size of keyspace by a factor of 32.
Sorry, I don't understand. What do you mean by 'keyspace'
here? This is the message space. The message gets longer
by 5 bits. There is no information in the above of how
big the key is. Do I loose or gain security by, say,
always appending 5 0's to the ciphertext?
M. K. Shen
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: State-of-the-art in integer factorization
Date: Thu, 21 Sep 2000 09:37:09 -0700
I've got Peter Montgomery's excellent survey on integer
factorization
algorithms. However, being as it is five years old now I was wondering
if there is something more up to date out there. Or, at the very least,
and
addendum to this paper.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Software patents are evil.
Date: 21 Sep 2000 17:03:06 GMT
In <[EMAIL PROTECTED]> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
]> Patents had has almost nothing to do with software until recently. Yet,
]> you could not say that software has suffered in the US.
]Well, given that we have no control against which to test the history of software in
]the
]US, and given that the software industry is fairly young there does not seem to be
]much
]that can be said in a definitive way. Yet, for the purposes of discussion, I can
]take a
]Devil's advocate position. Resolved: that the low quality of US software is due to
]the
]lack of an effective protection for intellectual property.
Low quality is almost always due to a lack of comptetition, not a lack
of intellectual property rights. The USSR had immense itelletual and
other property rights protections-- manufacturers were handed monopolies
on all kinds of goods. There is no evidence whatsoever that this
resulted in the manufacturers spending time and effort to make sure that
their products were the best possible. Just the reverse.
]First, the low quality is evaluated against what we know could/should be done rather
]than against what is done in other countries (where IP protection is even less
]effective). Second, the observation that intellectual property is not effectively
]protected is demonstrated by the Lotus 123 suits (vs Visi and vs clones) and the
]Xerox/Apple vs Microsoft/HP suit. I submit that there was appreciable intellectual
]property at issue, and that the good guys lost.
Well, I sure would not argue that the good guys lost in the Look and
Feel cases, if that is what you refer to. Those cases were ludicrous.
Their only purpose was to stifle competition.
]The central thesis is that lack of effective IP protection lowers the barriers to
]entry
](generally perceived to be a good thing) and lowers the potential payoff by diluting
]the
]market for good software with bad software (generally perceived to be a bad thing).
Yes, just like coffee. We should institute laws that only allow say
starbucks to open coffee shops in any city. Think of how great the
coffee would be then! Competition does far far more for increasing
quality than does nay intellectual property protection.
]If effective IP were available it would be worth investing great effort into being the
]best. Without effective IP protection such effort is wasted because it can be cloned
]cheaply and the fruits squandered. Some consider this a good thing in that it makes
]whatever accidentally turns out to be good (more accurately popular) widely available
]within a short time span.
]Others consider this to be a bad thing because there is a positive disincentive toward
]quality. It costs time. And the sine qua non of modern software marketing is to be
]first rather than best.
And you raplidly have to be best as well, or you are out.
]In the short term, we can economically purchase the best that is available in the
]market
]because any innovation is rapidly emulated. In the long term the best that is
]available
]in the market is far lower that it would be because there is no incentive
](differential
]advantage) for production of better software. Since short term effects dissipate and
I disagree completely with this anticompetitive stance. Barriers to
competition simply enrich the monopolists, and do not lead to
improvements.
]long term effects accumulate, at some point past initialization the market will be
]dominated by long term effects, and saturated with bad software.
Just like it is saturated with bad coffee? Wouldn;t it be nice if we
only had one coffee company, one car company( with no imports allowed),
one runhing shoe company,... Think of how great all of our products
would be then!
The arguements you give were exactly the arguements made by the
Communists in setting up their economic system. Competition is wasteful.
Competition means that the manufacturers spend all their time wasting
time worrying about their competitors rather than worrying about how to
make the best product for the consumer. Unfortunately that is not the
way the world works. Competition is the best incentive for improving
both the range AND quality AND price of products in the vast majority of
situations. It is not universal, and there are times when limits on
competition are beneficial. But those need to be thought through very
carefully, that those anticompetitive practices really do more good than
harm. The problem is that all industries love anticompetitive laws--
they no longer have to worry since there is noone to take their market
away. And those industries will put immense pressure on corrupting the
governments to grant them anticompetitive laws. Those pressures should
almost always be resisted. And they should especially be resisted in the
software industry.
For example, software copyrights should be reduced to say 3 years,
extendible to 7 is the source is published. Any more than that is just
silly. And given MS claim that they lost the source code for DOS, giving
copyright protection where the code is not made public is strongly
against the public interest. (Note that this would have made the Y2K
problem a hell of a lot more manageable.)
]Some observers attribute the low quality of software to its commodity status,
]reasoning
]that if the customers cannot tell the difference between high and low software quality
]there will never be any reason to "waste" effort on raising quality because it will
]not
]result in more sales. In fact it will result in less revenue based on upgrades.
Ah, yes, the theory that governments should be there to protect the
stupid consumer from having to make uninformed choices.
]But this misses the point. Customers _can_ tell the difference. But that difference
]is
]dominated by cost differences. So a company that prices its software higher than the
]competition to cover serious development effort will price themselves out of the
]market
]composed of competitors who "me too!" the fruits of the development effort without
]paying for it. So customers will always pay less for approximately the same quality.
]Effective IP would restore the balance between quality and cost and reduce the
]domination of the first-to-market mentality.
All the evidence is to the contrary in country after country, century
after century. Monopoly powers breed contempt of the consumer, not
heightened regard for his/her well being.
Consumers are perfectly capable of making the choice between price and
quality on their own without governments and laws to "help" them.
]Conclusion: I can say that software has suffered in the US if low quality counts as
]suffering.
]Is this off topic? Perhaps not. Crypto is similar to software as an industry with an
]abstract, almost ineffable, product. And crypto -- as an industry -- is younger than
]software. Perhaps crypto can do better.
Not if it is going to get mandated by the government.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Dr Mike's "Implementing Elliptic Curve Cryptography" - reader
Date: Thu, 21 Sep 2000 10:01:44 -0700
DJohn37050 wrote:
> NO, NIST recommendation is NOT to add a few hundred bits when using a binary
> field. In fact there smallest recommended curve is over a binary field.
The largest recommended curve is also binary.
I'd say that about 20 extra bits for a binary curve ought to
be enough. The binary curves are somewhat more susceptible to
hardware attacks, but it is not a huge difference.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: t
Date: Thu, 21 Sep 2000 19:20:28 +0200
Eric Lee Green wrote:
>
> lala wrote:
> >
> > t
>
> I see you have invented the perfect compression mechanism, one that will
> compress a gigabyte of data down to one byte.
>
> Now all you need to do is perfect the decompression part :-).
Didn't you see the result of the decompression being
done in this thread? That's only the beginning of the
gigabyte, of course :-)
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
