Cryptography-Digest Digest #794, Volume #12 Fri, 29 Sep 00 03:13:01 EDT
Contents:
Re: A New (?) Use for Chi ("Douglas A. Gwyn")
Re: Question on biases in random-numbers & decompression (Herman Rubin)
Re: Chaos theory ("Douglas A. Gwyn")
Re: Microwaves, Electromagnetic Communication and Brain / Mind Control - ("Douglas
A. Gwyn")
Re: NTRU question (actually truncated modular polynomial question) (Benjamin
Goldberg)
Re: RSA T-shirt (Marlin Yeko)
Re: Deadline for AES... (SCOTT19U.ZIP_GUY)
Re: Josh MacDonald's library for adaptive Huffman encoding (SCOTT19U.ZIP_GUY)
newbie question (Aaron Cannon)
Re: newbie question (Marlin Yeko)
Re: newbie question (JPeschel)
Re: newbie question (Marlin Yeko)
Re: newbie question (Marlin Yeko)
Decryption For VAX ("Mike Beahan")
Re: Yet another LFSR idea. (David Wagner)
Re: another AONT idea (David Wagner)
Re: newbie question ("Paul Pires")
Re: newbie question (John Savard)
Re: State-of-the-art in integer factorization ("Peter L. Montgomery")
Re: Deadline for AES... ("kihdip")
Re: Why is TwoFish better than Blowfish? ("Joseph Ashwood")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A New (?) Use for Chi
Date: Thu, 28 Sep 2000 21:26:41 -0400
John Myre wrote:
> > "Singular Value Analysis of Cryptograns" by Cleve Holer and
> would that be Cleve Moler?
Yes, sorry -- it was smudged on my copy (of a preprint).
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Crossposted-To: comp.compression,sci.crypt.random-numbers
Subject: Re: Question on biases in random-numbers & decompression
Date: 28 Sep 2000 20:23:20 -0500
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Bruno Wolff III wrote:
>> I have a die rolling perl module that I am including here, a long with
>> a very simple test program. These are free for public use. I have only
>> done minimal testing of this module.
>> Besides minimizing the entropy used to generate a single unbiased roll,
>> there is a function that will make multiple rolls of the same sided die
>> that will try to conserve even more entropy by combining some of these
>> rolls together. The test program shows that the savings for D6's is
>> very roughly 30%.
>Do I understand correctly that you use software to
>simulate dice? How do you know that the result is
>perfectly unbiased? How do you estimate the entropy
>of the result? Thanks.
One can compute exactly the expected number of bits to
generate one random event with a given distribution.
The greedy algorithm achieves this value, and it is
not too complicated. If K is the information, and M
is the expected number of bits, K <= M < K+2, with
the equality only attainable if the probabilities are
all powers of 1/2.
For D6, K is approximately 2.585, and M is 11/3 ~ 3.667.
If instead we did 5 at a time, M/5 becomes about 2.68.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Thu, 28 Sep 2000 21:30:45 -0400
John Myre wrote:
> And too, the only way to "not have any cycles" would
> be to have an unbounded state.
I guess technically to represent each of an infinite number
of values requires an infinite state register, but in
practice it needs only be big enough to allow the machine
to run for its design lifetime. That might be only a couple
of hundred bits.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Microwaves, Electromagnetic Communication and Brain / Mind Control -
Date: Thu, 28 Sep 2000 21:34:07 -0400
"William A. Nelson" wrote:
> In article <8r0j95$uhe$[EMAIL PROTECTED]>,
> William A. Nelson <[EMAIL PROTECTED]> wrote:
> > ...
> [no added content]
It is more likely that you are insane than that anybody
would take the trouble to control your mind.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: NTRU question (actually truncated modular polynomial question)
Date: Fri, 29 Sep 2000 01:35:07 GMT
Scott Contini wrote:
>
> In article <[EMAIL PROTECTED]>,
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
[snip]
> >If someone could post clear psuedocode or C code, it would be much
> >appreciated... (clearer than the stuff on NTRU's web site, that is)
>
> There is a document that you can download from NTRU's web site that
> explains this, though it has a few typo's in it.
Perhaps you missed the "clearer than the stuff on NTRU's web site" part
of the above.
> Below is my Magma code for
[snip]
Interesting, but it isn't psuedocode or C code, which is what I asked
for.
By the way... if anyone else wants to post their truncated ring inverion
code, and it's in, say... fortran, pascal, basic, asm, apl, or
whatever... PLEASE DONT.
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: [EMAIL PROTECTED] (Marlin Yeko)
Subject: Re: RSA T-shirt
Date: Fri, 29 Sep 2000 01:47:51 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
>actually, the function "modexp" would be more appropriate for this crowd.
>or better yet "findord" (but that one takes a while).
Come to think of it, to be perceived as a geek in today's world, having a
calculator with the exotic function of "square root" would probably be
sufficient.
--
"Marlin Yeko" is actually 0487 516392 <[EMAIL PROTECTED]>.
012345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5x5poker.com.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Deadline for AES...
Date: 29 Sep 2000 01:42:39 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On Thu, 28 Sep 2000 15:48:59 -0600, John Myre <[EMAIL PROTECTED]>
>wrote, in part:
>
>>Yes - but he's got a point. See http://csrc.nist.gov/nissc
>>and the top of page 5 in http://csrc.nist.gov/nissc/NCSC.pdf
>>for the phrase he quoted.
>
>And that phrase might not yet be true, but is expected to be the truth
>by October 16th. But definitely, the claim that
>
>on Monday, October 16th, 2000
>
>from 1:30 PM to 3:00 PM,
>
>room 308 of the Baltimor Convention Center will contain Elaine Barker,
>Jim Foti, and Bill Burr of NIST, Marcus Leech of Nortel Networks - and
>the "submitter of the selected AES algorithm" (to be determined)
>
>does indeed sound to me like a statement of several empirical facts,
>among which is that the AES will be chosen on or before October 16th.
>Presumably, that we hear this there first is due either to an
>oversight - or because it is only *hoped* that there will be a
>selection made by October 16th.
>
>The text quoted: "the standard is ready for public comment" does make
>it possible the announcement will take place there, since that implies
>it won't have been released by that date.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
>
Maybe Halloween would be a good time to pick one.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: 29 Sep 2000 01:46:04 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39D3E248.9ADEA1DF@t-
online.de>:
>
>
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in
>> >If one starts from nothing, then one has to use NYT
>> >followed by ASCII or its equivalent (i.e. a 'standard'
>> >representation of the same space), I suppose. Otherwise
>> >I don't see how a new symbol could be transmitted.
>> Then you don't have a basic understanding of huffman
>> code. I get tired arguing with you. SInce you don't ever
>> seem to learn. Yes this is not friendly but MOK get with it.
>> Like I have told you many many times look at my code.
>> I would try to help more but past experience shows me
>> that you really don't want to know.
>
>You were apparently answering to what I said about
>starting from nothing, i.e. with no symbols in the tree.
>But then using NYT and a standard encoding (needn't
>be the same as ASCII) is what is given in standard
>textbooks on data compression. If you have better
>ideas, then post that. Perhaps you could apply
>for patents and join the rank of gurus.
I have posted it. And like I said you now where you
can get the source code. I already have a patent. So
way the hell would I want another one. Trust me they are
no big deal.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Aaron Cannon <[EMAIL PROTECTED]>
Subject: newbie question
Date: 29 Sep 2000 02:15:58 GMT
I am curious. If I take some ascii text, (say 20,000 bits in length) and
xor it with a sequence of random bits (say 256 bits repeated to the length
of the message), how secure will this be? Is it pathetically simple to
crack? Thanks!
--
"Man is superior to government and should remain master over it, not the
other way around."
Ezra Taft Benson (Teachings of Ezra Taft Benson, page 680)
ICQ #: 22773363
------------------------------
From: [EMAIL PROTECTED] (Marlin Yeko)
Subject: Re: newbie question
Date: Fri, 29 Sep 2000 03:07:40 GMT
Aaron Cannon <[EMAIL PROTECTED]> wrote:
>I am curious. If I take some ascii text, (say 20,000 bits in length) and
>xor it with a sequence of random bits (say 256 bits repeated to the length
>of the message), how secure will this be? Is it pathetically simple to
>crack? Thanks!
Great invention! If I were you, I'd call the random bits a "pad", and I'd
only use the pad "one time". In fact, I'd recommend calling it a "one time
pad" or "OTP" for short.
I think people are already trying to steal your idea. You'd better head for
the patent office!
--
"Marlin Yeko" is actually 0487 516392 <[EMAIL PROTECTED]>.
012345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5x5poker.com.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: newbie question
Date: 29 Sep 2000 03:16:11 GMT
[EMAIL PROTECTED] (Marlin Yeko) writes:
>Aaron Cannon <[EMAIL PROTECTED]> wrote:
>
>>I am curious. If I take some ascii text, (say 20,000 bits in length) and
>>xor it with a sequence of random bits (say 256 bits repeated to the length
>>of the message), how secure will this be? Is it pathetically simple to
>>crack? Thanks!
>
>Great invention! If I were you, I'd call the random bits a "pad", and I'd
>only use the pad "one time". In fact, I'd recommend calling it a "one time
>pad" or "OTP" for short.
He could, but it ain't.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Marlin Yeko)
Subject: Re: newbie question
Date: Fri, 29 Sep 2000 03:23:45 GMT
Aaron Cannon <[EMAIL PROTECTED]> wrote:
>I am curious. If I take some ascii text, (say 20,000 bits in length) and
>xor it with a sequence of random bits (say 256 bits repeated to the length
>of the message), how secure will this be? Is it pathetically simple to
>crack? Thanks!
I didn't read that closely enough at first, and I though you were
describing the one time pad. Sorry.
It seems to me that what you're describing would be pretty easy to crack if
the method was already known. After all, for each key byte you would have
about 78 characters XOR'ed with that same byte, so if all 78 encrypted
characters decoded to legitimate looking plaintext characters with a given
trial byte, then that byte would probably be the right one. You would just
need to do that 256 times. You could probably write a program that would
quickly find the key.
Now if the pad was at least as big as the plaintext...
--
"Marlin Yeko" is actually 0487 516392 <[EMAIL PROTECTED]>.
012345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5x5poker.com.
------------------------------
From: [EMAIL PROTECTED] (Marlin Yeko)
Subject: Re: newbie question
Date: Fri, 29 Sep 2000 03:26:30 GMT
[EMAIL PROTECTED] (JPeschel) wrote:
>He could, but it ain't.
Unreal! I post a message and cancel it 10 seconds later, then 20 seconds
after that I get your response.
--
"Marlin Yeko" is actually 0487 516392 <[EMAIL PROTECTED]>.
012345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5x5poker.com.
------------------------------
From: "Mike Beahan" <[EMAIL PROTECTED]>
Subject: Decryption For VAX
Date: Fri, 29 Sep 2000 03:36:00 GMT
I will be sending an encrypted file from a FoxPro system (the file will just
be plain ASCII though) to a VAX system, where it will need to be decrypted.
Does anyone have a routine that will do this.
Any help would be greatly appreciated.
Thank you,
Mike Beahan
Thatcher Technology
630-678-6467
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Yet another LFSR idea.
Date: 29 Sep 2000 03:52:49 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Benjamin Goldberg wrote:
>Create a circular array of N bytes, and fill it randomly.
>To update, combine the current byte with the sum of a selection of
>the "previous" N-1 bytes, using a primitive polynomial as the selector,
>and output it. Do a circular shift left by 1 bit after
>adding. This brings the nonlinear top bit to the bottom.
You might want to look at mod n attacks.
If you look at the byte entries mod 255, the result is
almost entirely linear. Why? First, x<<<1 = 2x mod 255.
Second, (x mod 255) + (y mod 255) is either (x+y mod 255)
or (x+y-1 mod 255) (with prob. 1/2). Thus, a significant
bias remains; your cipher is "almost linear" (where here
I mean linear with respect to addition mod 255, not to xor).
For example, there is a simple attack with 2^{N lg N}
workfactor needing N bytes of known keystream which works
by guessing the carry bits at the addition at each update.
You're then left with a LFSR over Z/255Z, and solving this
is straightforward if you know the feedback taps. (If the
taps are unknown, this attack needs 2N bytes of keystream
and 2^{2N lg N} work.)
Note that the above is substantially faster than the 2^{8N}
workfactor of an exhaustive search.
This is only a simplistic example of an attack, and I
strongly suspect there are much more powerful correlation
attacks available. However, I don't have time to check.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: another AONT idea
Date: 29 Sep 2000 03:55:39 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Benjamin Goldberg wrote:
>1) First prepend the data with a random IV.
>2) Second, load all the data into a big circular array of 32-bit words.
>3) For each block Add to the current block a selection of the previous
>blocks, using some polynomial, followed by a circular shift left.
>4) repeat step 3 as many times as the order of the polynomial.
>
>This idea takes O(N) time, is easily reversible, and should be quite
>nonlinear.
Uhh, that takes O(N^2) time: each iteration requires O(N) additions,
and there are O(N) iterations.
Worse still, it's not a secure AONT. The first word of data (or maybe
the last, depending on how you order things) is not modified until the
last iteration. Thus, if you reverse this thing to peel off just one
iteration, you can learn one block of the plaintext. This violates the
security requirement for a secure AONT.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: newbie question
Date: Thu, 28 Sep 2000 21:37:53 -0700
Aaron Cannon <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am curious. If I take some ascii text, (say 20,000 bits in length) and
> xor it with a sequence of random bits (say 256 bits repeated to the length
> of the message), how secure will this be? Is it pathetically simple to
> crack? Thanks!
Yes.
Here's a teaser. For the rest, read Applied
Cryptography, 2cnd Edition by Bruce Schneier
Section 1.4. Don't stop there, keep reading.
The key is repeated every 256 characters?
C[0] xor C[256] is the same as saying:
P[0] xor Key[0] xor P[256] xor Key[0]
The Key cancels itself out.
you are left with P[0] xor P[256].
Paul
>
> --
> "Man is superior to government and should remain master over it, not the
> other way around."
> Ezra Taft Benson (Teachings of Ezra Taft Benson, page 680)
>
> ICQ #: 22773363
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: newbie question
Date: Fri, 29 Sep 2000 04:40:27 GMT
On 29 Sep 2000 02:15:58 GMT, Aaron Cannon <[EMAIL PROTECTED]>
wrote, in part:
>say 256 bits repeated to the length
>of the message
Yes, this will be fairly easy to crack, particularly with the message
being ASCII text instead of being, say, compressed first. This is very
similar to the classical paper-and-pencil cipher called the Vigenere.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Peter L. Montgomery" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: State-of-the-art in integer factorization
Date: Fri, 29 Sep 2000 06:23:34 GMT
In article <[EMAIL PROTECTED]> JCA <[EMAIL PROTECTED]> writes:
> I thought this was common knowledge but in fact I have received several
>email requests along these lines.
> I got the paper from ftp://ftp.cwi.nl/pub/pmontgom. Peter Montgomery
>himself appears in this forum every now and then, and I was hoping he
>would have something new to contribute to this issue.
As Silverman observes, little has changed recently.
ECM has found prime factors as large as 54 digits.
SNFS has been used to factor special-form numbers as large as
(10^211 - 1)/9 (211 digits). GNFS has been used
to factor arbitrary integers up to 155 digits.
The only significant improvement has been
improved polynomial selection for GNFS.
Peter
>Jeffrey Williams wrote:
>> Would the Montgomery paper happen to be available on-line? And if so, could
>> someone please post a pointer to it?
>> LL&P
>> Jeff Williams
>> Bob Silverman wrote:
>> > In article <[EMAIL PROTECTED]>,
>> > JCA <[EMAIL PROTECTED]> wrote:
>> > > I've got Peter Montgomery's excellent survey on integer
>> > > factorization
>> > > algorithms. However, being as it is five years old now I was wondering
>> > > if there is something more up to date out there. Or, at the very
>> > least,
>> > > and
>> > > addendum to this paper.
>> > Nothing has been written. Improvements have been only incremental.
>> > (i.e. slightly faster machines, a few more percent squeezed from
>> > code, etc.). There hasn't been a new algorithm in 11 years.
>> > --
>> > Bob Silverman
>> > "You can lead a horse's ass to knowledge, but you can't make him think"
>> > Sent via Deja.com http://www.deja.com/
>> > Before you buy.
--
E = m c^2. Einstein = Man of the Century. Why the squaring?
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 09:01:48 +0200
>on Monday, October 16th, 2000
>
>from 1:30 PM to 3:00 PM,
>
>room 308 of the Baltimor Convention Center will contain Elaine Barker,
>Jim Foti, and Bill Burr of NIST, Marcus Leech of Nortel Networks - and
>the "submitter of the selected AES algorithm" (to be determined)
>
...
the selected algorithm, not algorithmS!!!
...
Is it safe to say that only one will be chosen as AES. There has been a
discussion wheter more algortihms should be chosen, but this statement ends
it. (Or...???)
Kim
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
Date: Thu, 28 Sep 2000 17:05:16 -0700
I thought we both agreed that they would hire someone to spread as much
erroneous information as possible, impede the spread of knowledge, and
propogate the spread of their own wishes. I see very strong correlations
between that and a person who posts large quantities of information that is
factually incorrect (see the DES thread), spreading information about his
own ciphers (which are as far as we know unanalyzed, and we know for a fact
that they are consistently presented in a form that makes analysis
exceptionally difficult), and continually interrupts conversations of
reasonable matters by changing them to flame wars about the fact that Bruce
Schneier (although I have no idea why he has been singled out) has been
extremely beneficial to the publically available body of cryptographic
knowledge. While I certainly would not flatly accuse you of being influenced
by certain agencies, the same criteria applies just as well to you as any
own else.
Joe
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Joseph Ashwood) wrote in <OGGv2XXKAHA.345@cpmsnbbsa09>:
>
> >> Then please tell me the kind of guy you think the NSA would own.
> >> Terry who seems not to have press conections or do you think I am
> >> the type Arturo.
> >
> >You beat me to it. I was going to suggest that they would buy someone
> >who would continually bombard intellectual conversations with his own
> >not so intellectual observations, someone who seems to rather
> >deliberately choose conversations that are interesting, and turn them
> >into flame wars. Does this by any chance sound familiar to you?
> >
> >
>
> I guess that means you know very little about the kind of people
> the NSA would hire. Makes me wonder what you know about ciphers.
>
>
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
