Cryptography-Digest Digest #783, Volume #12 Wed, 27 Sep 00 06:13:00 EDT
Contents:
Other public key systems ("some guy named Dave")
Re: Test for weak keys in 3DES ("Scott Fluhrer")
Re: HELP ME SOLVE THIS SECRET CODE... ("Supreme Commander")
Re: Other public key systems ("John A. Malley")
Re: Other public key systems (Bill Unruh)
Re: Other public key systems ("John A. Malley")
Re: DES (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=)
Re: continuous functions and differential cryptanalysis
Need some article.......... ("OTTO")
Re: Tying Up Loose Ends - Correction (Bryan Olson)
Cipher Illiteracy ("Matthew Holevinski")
Re: Cipher Illiteracy ("Scott Fluhrer")
Re: YOU WILL MAKE MONEY ("kihdip")
Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen)
Re: QUESTION ABOUT ALGORITHMS ([EMAIL PROTECTED])
Partial key PKE? ([EMAIL PROTECTED])
RSA T-SHIRT (Simon Johnson)
Re: Other public key systems ("Boris Kolar")
Re: continuous functions and differential cryptanalysis (Mika R S Kojo)
----------------------------------------------------------------------------
From: "some guy named Dave" <[EMAIL PROTECTED]>
Subject: Other public key systems
Date: Wed, 27 Sep 2000 04:01:13 GMT
Forgive the newbie question :)
I'm researching for different encryption techniques, and am hard-pressed to
find much for dual-key systems. There is a slew of stuff about RSA, and I
managed to find a bit about the so-called "Knap-sack" algorithm, but is that
all there truly is for such algorithms?
=======================================================
http://members.home.net/dave.t.rudolf
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Test for weak keys in 3DES
Date: Tue, 26 Sep 2000 20:41:26 -0700
kihdip <[EMAIL PROTECTED]> wrote in message
news:8qpfgl$los$[EMAIL PROTECTED]...
> In RFC2409 it is stated that you should test your key before use in a DES
> CBC encryption, and be sure it is not a weak or semi-weak key.
>
> This is not mentioned for 3DES CBC encryption. Does it matter whether you
> use weak keys in 3DES ??
>
While others have answered this as a cryptographical question, I'll answer
this as an IPSec question -- that is, I will assume that you are attempting
to create an IPSec compatible encryptor.
The relevent RFC is RFC2451. I strongly suggest you get a copy. In there,
you will see a discussion of 3DES weak keys. In summary: it's not really
worth the bother to check for whether each subkey is a DES weak or semi-weak
key, but you MUST check if the middle key is identical to either of the two
outer keys (that is, if k1==k2 or k2==k3). If so, you MUST not use that
key, but instead request a new SA (the RFC assumes you are not using manual
keying).
--
poncho
------------------------------
From: "Supreme Commander" <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: HELP ME SOLVE THIS SECRET CODE...
Date: Wed, 27 Sep 2000 04:57:13 GMT
Daniel,
The 5*11133713 is probably 511133713, but it may be 311133713.
SC.
"daniel mcgrath" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sat, 23 Sep 2000 04:05:50 GMT, "Supreme Commander"
> <[EMAIL PROTECTED]> wrote:
>
> >I live in Vancouver. A coworker and I went for a walk at lunch along the
> >Fraser River yesterday and stopped to admire the river on a new
boardwalk.
> >On the wooden railing of the boardwalk, someone had written an encoded
> >message in felt pen. I returned to the boardwalk today and wrote the
> >message down.
> >
> >Maybe it is unsolvable, but maybe it isn't. Maybe it's just a joke.
It's a
> >real mystery to me. Who would bother to write this down unless they
wanted
> >to see if someone solved it? Or maybe it is intended for one person
only?
> >
> >We noticed a lot of patterns, and the liberal use of 1s and 7s. We also
> >noticed the "time stamp" on it of midnight. Maybe it was some drunk
techie
> >guys from Ballard Power having fun? Who knows? Does each "-" separate a
> >character?
> >
> >Being engineers, we are trying to decode this message. Does anyone have
any
> >ideas? Any discussion? We've had a few ideas that haven't seemed to
lead
> >anywhere.
> >
> >Here is a copy of the message exactly as seen on the railing...
> >
> >--------
> >
> >1774-611713-407713-5324-5*11133713-8883
> >
> >~19~
> >143-50-1771164-17-
> >1771551176-11-70175-
> >17-15-(09/15/00)-(11:57pm)-
> >1177-43123-50-1-6817-
> >7011-17-7411715-940-
> >115-17-743-9857-7-
> >177017745-17-485-
> >83317-50-81113501773-
> >111487-1113-48113-15-
> >50-12381-1-48113-17311312-
> >94317-7415-11184-
> >83940123-11-12-743-
> >612387357-741176-1-
> >111177-10113-11-4-311312
> > ~486~
> >
> >-------
> >
> >* = This may be a 5 or 3. It's hard to read. I think it's a 5. My
friend
> >thinks it is a 3.
> >
> >This was written beside the message...
> >
> >19-17-486-
> >4-311312
>
> I've been experimenting with this too, but I can't solve it. Since I
> would like to know the solution (if there is one), I have added
> sci.crypt so that some more expert cryptologists there may have a
> better idea. I have vague thoughts that this may be some sort of a
> "consonantal" cipher, with all the vowels removed.
>
> BTW SupCom, in reference to:
>
> >1774-611713-407713-5324-5*11133713-8883
>
> you said:
>
> >* = This may be a 5 or 3. It's hard to read. I think it's a 5. My
friend
> >thinks it is a 3.
>
> In "5*11133713", is there a definite 5 in front of the digit you are
> uncertain of? Or does the 5 in front of the asterisk merely represent
> your guess as to what it is?
>
> --------------------------------------------------
> daniel g. mcgrath
> a subscriber to _word ways: the journal of recreational linguistics_
> http://www.wordways.com/
>
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Other public key systems
Date: Tue, 26 Sep 2000 21:56:32 -0700
some guy named Dave wrote:
>
> Forgive the newbie question :)
>
> I'm researching for different encryption techniques, and am hard-pressed to
> find much for dual-key systems. There is a slew of stuff about RSA, and I
> managed to find a bit about the so-called "Knap-sack" algorithm, but is that
> all there truly is for such algorithms?
>
There's also ElGamal Public Key Encryption (PKE), Rabin PKE, McEliece
PKE, and probabilistic PKE such as Goldwasser-Micali and
Blum-Goldwasser.
See Chapter 8 of the Handbook of Applied Cryptology at
http://cacr.math.uwaterloo.ca/hac/
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Other public key systems
Date: 27 Sep 2000 04:59:45 GMT
In <dieA5.9023$[EMAIL PROTECTED]> "some guy named Dave"
<[EMAIL PROTECTED]> writes:
>I'm researching for different encryption techniques, and am hard-pressed to
>find much for dual-key systems. There is a slew of stuff about RSA, and I
>managed to find a bit about the so-called "Knap-sack" algorithm, but is that
>all there truly is for such algorithms?
Knapsack is broken.
Diffie Hellman/El Gammel
Elliptic Curve
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Other public key systems
Date: Tue, 26 Sep 2000 22:02:03 -0700
John A. Malley" wrote:
>
>
> See Chapter 8 of the Handbook of Applied Cryptology at
oops, Handbook of Applied *Cryptography* at
http://cacr.math.uwaterloo.ca/hac/
>
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
From: Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: DES
Date: Wed, 27 Sep 2000 08:24:52 +0300
[EMAIL PROTECTED] wrote:
>
> Hi all,
>
> I am looking for a C implementation of DES to try to see how it works
> in practice and eventually, i have to come up with a HC05 assembler
> version of DES.
>
Check http://people.qualcomm.com/karn/code/des/index.html.
-- Panu
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: continuous functions and differential cryptanalysis
Date: 27 Sep 2000 05:51:51 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Dido Sevilla wrote:
>Has he properly defined a derivative in GF(2^n)?
No, of course not. Actually, the post that started this thread was
utter nonsense (at least, as far as I read).
And I don't think there is any sensible notion of a metric on GF(2^n),
at least not in the sense needed to make limits and such meaningful in
the way the original post seemed to be assuming.
But since you asked: One common way to define a "derivative" operator D
on formal power series over some finite field F is to define
D(\sum_{i >= 0} a_i x^i) = \sum_{i > 0} i*a_i x^{i-1}.
(Notation: when n is an integer and w is an element of F, n*w should be
interpreted as w+...+w, i.e., w added to itself a total of n times using
the addition operator of F.) One can show that the operator D, defined
as above, has nice properties and behaves in _some_ of the ways we might
expect from a "derivative".
Another useful operator is the differencing operator D_a, defined on
functions f : GF(2)^n -> GF(2)^m by
(D_a(f))(x) = f(x+a) - f(x).
(Here both + and - represent xor, of course.) This has some applications
to higher-order differential cryptanalysis, especially as you consider
terms such as D_a(D_b(f)) and so on.
And that's all I'll say. Go read a textbook on finite field theory for
more details, and don't believe everything you read on sci.crypt! :-)
------------------------------
From: "OTTO" <[EMAIL PROTECTED]>
Subject: Need some article..........
Date: Wed, 27 Sep 2000 13:55:19 +0800
Dear All,
Takeshi Okamoto , Mitsuru Tada , Eiji Okamoto
"Extended Proxy Signatures for Smart Cards"
Volume 1729, Issue , pp 0247-
Lecture Notes in Computer Science
I need above article, somebody can send to me.....
Thanks,
Victor Hung
E-Mail: [EMAIL PROTECTED]
--
��s�� �x �R ��
��ߤ����j�� ��T�u�{��s��
�K�X�θ�T�w�������
TEL: 886-3-4227151 ext.4542
FAX: 886-3-4222861
E-Mail: [EMAIL PROTECTED]
ICQ: 37430853
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Date: Wed, 27 Sep 2000 06:07:19 GMT
Tim Tyler wrote:
> This is what "a priori" means: "in advance of knowledge
> from experience".
>
> The knowledge I was referring to was knowledge of the
> characteristics of the plaintext - not knowledge of
> the cyphertext.
You refuse to get the point. Knowledge of the
ciphertext is not enough. With no better attack than
exhaustive search, you have to do a trial decryption,
for each key, and those alone make the attack
intractable.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Matthew Holevinski" <[EMAIL PROTECTED]>
Subject: Cipher Illiteracy
Date: Wed, 27 Sep 2000 01:54:49 -0500
I plan on becoming a regular poster to this newsgroup. Can anyone please
recommend some books beginning from the ground up in Cipher.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Cipher Illiteracy
Date: Wed, 27 Sep 2000 00:32:27 -0700
Matthew Holevinski <[EMAIL PROTECTED]> wrote in message
news:8qs5a3$2t90$[EMAIL PROTECTED]...
>
> I plan on becoming a regular poster to this newsgroup. Can anyone please
> recommend some books beginning from the ground up in Cipher.
>
Well, you can start by looking at section 3.2 of the FAQ. Other references
not mentioned in the FAQ:
Applied Cryptography (Second Edition), Schneier
This is probably the best introduction to modern cryptography. It
manages to be both encyclopediac and novice friendly. If any sort of
significant result is at least 5 years old, it's probably in there.
Handbook of Applied Cryptography, Menezes et al.
This is another book that attempts to survey the field of cryptography,
this time in a textbook form. It tends to be a bit less novice friendly --
it's targeted more at people who already know a good deal about cryptography
already, and need reference material. The two good points with it are that
it's somewhat more recent than Applied Cryptography, and you can download it
free -- look at http://www.cacr.math.uwaterloo.ca/hac/
--
poncho
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: YOU WILL MAKE MONEY
Date: Wed, 27 Sep 2000 09:57:40 +0200
Sorry to say that your calculations are wrong.
You're forgetting that such a scheme needs to be calculated within a finite
field, F2.
So with an initial investment of 6$, the outcome is 0$
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encrpytion processing with intermediate permutations
Date: Wed, 27 Sep 2000 10:37:45 +0200
Bryan Olson wrote:
>
> Probably about the square of the number of blocks
> in the chosen messages, since we have to find an input
> block that works (most don't). I didn't bother to
> calculate the optimal message size; a thousand blocks
> should be more than enough. I expect there are faster
> attacks, but five minutes is quick enough.
I am not sure that I really understand your argument.
>From a logical viewpoint I have some problems. I use
additional steps to do permutation and you argued
that render the cipher extremely easy to attack. Now
one of the permutation is the identity. If that happens
to take places, is the original cipher also that easy
to attack?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: QUESTION ABOUT ALGORITHMS
Date: Wed, 27 Sep 2000 08:19:38 GMT
Terry ..I think that anyone who knows anything about Crypto would
realise the important contribution your work has made to cryptography.
Sorry, that you havent made the equivalent bucks...Its usually not the
best that make the doe but those who shout loudest...
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Terry Ritter) wrote:
>
> On 18 Sep 2000 17:08:37 GMT, in <[EMAIL PROTECTED]>, in
> sci.crypt [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> >[...]
> > Terry I realize your are most likely better at crypto than
> >Mr BS. But he is the media darling and unfortunutly you are
> >not.
>
> Let me point out that being a media darling was a goal I gave up many
> years ago, based on initial successful results.
>
> >But a question that might be in most people's mind is how
> >much did the three of these patents cost. And in the long run
> >did you make more money with these methods than if you did not
> >patent them. Did you even possibly lose money since maybe the
> >methods were not blessed by some media made phony crypto guru.
>
> I don't feel comfortable discussing my business, but I can give some
> information.
>
> My patents were very, very expensive. First, I had to learn a very
> great deal, which took a long time away from my work, and at that I am
> certainly no patent lawyer. Now I know just about enough to apply for
> a patent and prosecute the case where there is no prior art at all, a
> fairly unusual situation. In one case I had a company pay for most of
> two lawyers for over a month on one application and that may have cost
> $40k or so -- for one patent.
>
> Without being specific, it should be obvious that my patents have not
> been spectacularly profitable. One might well imagine that there
> would have been more interest had my work been described in the
> current crypto texts. I take this situation to be more a comment on
> the text authors than my work. But that does not buy equipment.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Partial key PKE?
Date: Wed, 27 Sep 2000 08:25:53 GMT
I would like to know if its possible to construct a PKE system, where
users have partial keys and the encryption/decryption key is generated
from a hierarical set of sub keys .....and master keys...any examples or
references would be appreciated...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: RSA T-SHIRT
Date: Wed, 27 Sep 2000 09:29:18 GMT
On thinkgeek.com there's a pearl implementation of RSA on a t-shirt. As
i understand its got export restrictions on it since it contains code
for 'Strong encryption' does this stand after the revision of the
export laws a few months back?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Boris Kolar" <[EMAIL PROTECTED]>
Subject: Re: Other public key systems
Date: Wed, 27 Sep 2000 11:02:07 +0200
Take a look at:
http://www.tml.hut.fi/~helger/crypto/link/public/
"some guy named Dave" <[EMAIL PROTECTED]> wrote in
message news:dieA5.9023$[EMAIL PROTECTED]...
> Forgive the newbie question :)
>
> I'm researching for different encryption techniques, and am hard-pressed
to
> find much for dual-key systems. There is a slew of stuff about RSA, and I
> managed to find a bit about the so-called "Knap-sack" algorithm, but is
that
> all there truly is for such algorithms?
>
>
> -------------------------------------------------------
> http://members.home.net/dave.t.rudolf
>
>
>
>
>
------------------------------
From: Mika R S Kojo <[EMAIL PROTECTED]>
Subject: Re: continuous functions and differential cryptanalysis
Date: 27 Sep 2000 13:02:14 +0300
Often noted way of writing p-adic numbers (with p a fixed prime number) is
a_0 + a_1 * p + a_2 * p^2 + ...
with 0 <= a_i < p. Now this gives you actually p-adic integers which
is often denoted Z_p. This is not same as Z/pZ or GF(p), which are
isomorphic. (The occasional notation Z_p as integer modulo p is rather
unfortunate in this sense.)
However, Z_p is a ring and you can throw any element of Z (that is, an
integer) into Z_p. As Z_p is uncountable you obviously cannot do this
backwards (unless you don't restrict Z_p).
p-adic numbers can be defined in an abstract fashion using the norm
N_p(a) = 1/p^n, where a = p^n b, and gcd(b,p) = 1. Thus elements in Z_p
are "small" when they are divided by p^n, when n is large. It works
as a metric by defining d_p(a,b) = N_p(a - b).
(It is easy to see that units, that is, invertible elements of Z_p, are
those that have norm 1.)
For most p-adic numbers are easiest to handle as a "direct product"
Z/pZ * Z/p^2Z * ...
that is as a sequence
[a_0, a_0 + a_1*p, ...]
as then you can just multiply and add these sequences without need to
cut them into the series formation.
Computer programmers are used to p-adic numbers as addition and
multiplication of unsigned integers on computers are basically
truncated 2-adic operations.
Some 2-adic things such as Newton iteration to find 2-adic inverses
are sometimes used in cryptographical algorithms. E.g. the E2 cipher
specs, if I recall correctly, suggested using it as its very
efficient.
It is possible to extend Z_p to Q_p, by allowing negative exponents to p's.
This gives you a field and usually when speaking about p-adic numbers this
is what is assumed. The metric extends to this setting immediately.
Happy p-adic analysis,
-- Mika
Doug Kuhlman <[EMAIL PROTECTED]> writes:
> Mok-Kong Shen wrote:
> >
> > Tom St Denis wrote:
> > > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > > > Mika R S Kojo wrote:
> > > > >
> > > > > Derivative is well-defined for any field, but its usually called
> > > > > "formal derivative". It is even possible to talk about continuous
> > > > > functions, but for for this you need p-adic numbers.
> > > >
> > > > Dumb question: Are p-adic numbers inside the theory of
> > > > GF or else at least compatible with it? If yes, could
> > > > you please provide references? Thanks.
> > >
> > > I can top that, what are p-adic numbers?
> >
> > I only know that p-adic numbers belong to the topic of
> > algebraic number fields. Once I found in the library
> > a book dealing quite a lot with that but the stuff was
> > apparently too advanced for my knowledge level, so that
> > I didn't attempt to look into it.
> >
> At the risk of putting my foot in my mouth (I didn't deal with p-adic
> numbers much), I think they are the completion of the localization of
> the integers around p. Now, what does that mean?
>
> OK, I feel comfortable with localization. It basically means you can
> divide by anything you like except p (and multiples of p), in this
> case. In actuality, it's a fair bit more complicated, but I think we're
> already far enough afield.
>
> Then, to complete this, you basically allow infinite sequences in powers
> of p. Again, this is a gross oversimplification.
>
> So, a 3-adic number could look like...
>
> (1 + 2*3 + 3*3^2 + 4*3^3 + 5*3^4 + ...)/7
>
> This has a nice metric, in that you give powers of p ever-decreasing
> size values and write things in a nice form....
>
> If you want more details (and I can't imagine why you would), let me
> know.
>
> Doug
--
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
