Cryptography-Digest Digest #799, Volume #12 Fri, 29 Sep 00 17:13:00 EDT
Contents:
Re: Josh MacDonald's library for adaptive Huffman encoding (Mok-Kong Shen)
Re: Blowfish Key length C code issue (Runu Knips)
Re: RSA and Chinese Reminder Theorem (Bob Silverman)
Re: Question on biases in random-numbers & decompression (Mok-Kong Shen)
Re: AES annoucement due Monday 2nd October (DJohn37050)
Re: CPU's aimed at cryptography (Paul Rubin)
Re: Deadline for AES... (Mok-Kong Shen)
Re: RSA and Chinese Reminder Theorem (Roger Schlafly)
Re: Deadline for AES... ("Brian Gladman")
Re: Microwaves, Electromagnetic Communication and Brain / Mind Control - the first I
thought also becoming crazy, but realized that my logic and reasoning was 100 %
accurate and based on clear facts and observations .... here are some other specifics
... (Jim)
Re: Deadline for AES... (Helger Lipmaa)
Re: Chaos theory (zapzing)
Re: Chaos theory (zapzing)
Re: Josh MacDonald's library for adaptive Huffman encoding (SCOTT19U.ZIP_GUY)
Re: Chaos theory ("Douglas A. Gwyn")
Re: Chaos theory ("Douglas A. Gwyn")
Re: CPU's aimed at cryptography ("Douglas A. Gwyn")
NIST Statistical Test Suite (Mok-Kong Shen)
Re: NIST Statistical Test Suite ("Paul Pires")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: Fri, 29 Sep 2000 20:24:19 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
>
> >But you could at least publish it in a cs or crypto
> >scientific journal, since it would be a significant
> >contribution. But perhaps I could conjecture what
> >would be your answer: These journals have editors
> >that are all against a real scientist like you.
> >
>
> I think most publishing is for a more or less closed
> group of people. I have had some of my work published by
> others when I worked for the government I expect nothing
> different know that I am retired. If you wish to publish
> it fell free to do so.
If there is really good will to let your ideas put
to the public, then it shouldn't be a problem at all,
to spend effort, time and again, to put these clearly
und understandably to, e.g. internet groups. If one
doesn't do that, it plainly indicates lack of good
will or that the ideas are no likely to be no good.
I am done with this thread. I won't take furhter trouble to
talk about stuffs for your sake.
M. K. Shen
------------------------------
Date: Fri, 29 Sep 2000 20:14:50 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Blowfish Key length C code issue
Runu Knips wrote:
> [3 times the same]
ARGL sorry, got an error and thought it wasn't posted.... :-(((
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: RSA and Chinese Reminder Theorem
Date: Fri, 29 Sep 2000 18:08:02 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> I thought d was usually the RSA decryption exponent.
> Don Johnson
>
Ah!!
I see that I wrote 'e' instead of 'd'. ...careless
You are correct. One usually does not need CRT
to compute m^e mod N because when e is very small (say 3) the overhead
of the CRT exceeds the savings involved in the (small number of)
multiplications mod p and mod q rather than mod N.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,sci.crypt.random-numbers
Subject: Re: Question on biases in random-numbers & decompression
Date: Fri, 29 Sep 2000 20:59:05 +0200
Herman Rubin wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >Bruno Wolff III wrote:
>
> >> I have a die rolling perl module that I am including here, a long with
> >> a very simple test program. These are free for public use. I have only
> >> done minimal testing of this module.
>
> >> Besides minimizing the entropy used to generate a single unbiased roll,
> >> there is a function that will make multiple rolls of the same sided die
> >> that will try to conserve even more entropy by combining some of these
> >> rolls together. The test program shows that the savings for D6's is
> >> very roughly 30%.
>
> >Do I understand correctly that you use software to
> >simulate dice? How do you know that the result is
> >perfectly unbiased? How do you estimate the entropy
> >of the result? Thanks.
>
> One can compute exactly the expected number of bits to
> generate one random event with a given distribution.
> The greedy algorithm achieves this value, and it is
> not too complicated. If K is the information, and M
> is the expected number of bits, K <= M < K+2, with
> the equality only attainable if the probabilities are
> all powers of 1/2.
>
> For D6, K is approximately 2.585, and M is 11/3 ~ 3.667.
> If instead we did 5 at a time, M/5 becomes about 2.68.
My point was that, using software, one only approximates
never absolutely 'exactly' achieves any theoretical
distribution. My asking whether his result is 'perfectly'
unbiased was in fact pedantic and of 'provoking' nature.
On the other hand, I am interested in obtaining good
'practical' randomness. Recently I got a reference
IEEE Trans. Inform. Theory, May 2000, which contains
a number of apparently very interesting articles on
removing of bias, though, I guess, they are still
on the assumption of existence of some theoretical
distribution in the input, hence not 'really' on a
'practical' basis. (Of course, any deviations could
be negligible for all 'practical' purposes nonetheless.)
My math is not good enough to allow me to deeply delve
into these articles. If would be very nice, if you would
be kind enough to take a look at these and eventually
tell us your opinions on them and maybe also give some
advices concerning points that should be taken care of.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: AES annoucement due Monday 2nd October
Date: 29 Sep 2000 18:54:00 GMT
And they still have the option to name a multiple of algorithms.
Don Johnson
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: CPU's aimed at cryptography
Date: 29 Sep 2000 11:49:39 -0700
JCA <[EMAIL PROTECTED]> writes:
> If we are talking 1024-bit RSA moduli, 32 ms for the signature
> time is very unimpressive. Similar or better speeds are already
> achieved in software on a medium range PA-RISC box, and much
> faster performance on a 500 MHz IA64 box.
> ...
> > Motorola's CPU, MPC180 at:
> > http://mot-sps.com/news_center/press_releases/PR000926A.html
> > Analog Device's CPU, ADSP-2141 at:
> > http://products.analog.com/products/info.asp?product=ADSP-2141L
Um, it says that the MPC180 is a $20 part, and I believe the ADSP-2141
is comparable. How much did you say an IA64 processor was? Do you
really want to embed one in a low-end router?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 21:08:56 +0200
John Savard wrote:
>
> I interpret that to mean that the standard will be a draft standard
> only at that time.
So in principle the AES winner could still be improved in
its final version. Is that right? That wouldn't be bad.
M. K. Shen
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: RSA and Chinese Reminder Theorem
Date: Fri, 29 Sep 2000 12:14:18 -0700
Bob Silverman wrote:
> I see that I wrote 'e' instead of 'd'. ...careless
May I suggest that if you don't have the knowledge to answer the
question that you not try to answer???
Secondly, I have never heard of using 'e' for a decryption exponent.
If you mean the decryption exponent 'd', please refer to it by
that name. We need to use common terminology if we are to
communicate effectively.
See Knuth, Vol 2.
If you wish to discuss this subject stick to standard terminology.
May I suggest that you go read the literature on this subject?
Especially in terms of what can be done and what has been done?
You will need to refer to Knuth Vol 2.
If *YOU* want to discuss mathematics and computer science,
I suggest *YOU* learn the terminology.
"You can satirize a man's postings, but you can't make him think"
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 20:42:35 +0100
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> John Savard wrote:
> >
>
> > I interpret that to mean that the standard will be a draft standard
> > only at that time.
>
> So in principle the AES winner could still be improved in
> its final version. Is that right? That wouldn't be bad.
>
> M. K. Shen
Although this is possible, I do not think it is very likely that this will
happen.
In my view the purpose of the comment period will be to make the
specifications of the algotihm(s) and the modes of operation as precise as
possible in order to help ensure that different implementations can
interoperate effectively whenever necessary.
In addition to possible new modes of operation, the issues of bit, byte and
block numbering, and those of bit, byte and block order (endian issues) -
which caused some difficulties in AES testing - all need to be carefully
specified before the standard is finally approved.
There are also issues concerning the specification of test vectors,
especially if new modes of operation are introduced (as is quite likely to
meet the needs for processing blocks in parallel in a cipher chaining mode).
There is hence significant further work that needs to be completed once we
know which algorthm(s) is/are to be used in the standard. For this reason
alone it seems rather unlikely that NIST will want to invest further effort
in making algorithm changes.
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: sci.physics
Subject: Re: Microwaves, Electromagnetic Communication and Brain / Mind Control - the
first I thought also becoming crazy, but realized that my logic and reasoning was 100
% accurate and based on clear facts and observations .... here are some other
specifics ...
Date: Fri, 29 Sep 2000 20:01:41 GMT
Reply-To: Jim
On Thu, 28 Sep 2000 23:14:04 GMT, William A. Nelson <[EMAIL PROTECTED]>
wrote:
>Some facts ....
>
>1. Already in early 1960�s scientist discover that some audio and words
>can be heard by humans when microwaves are used without any additional
>devices.
>
>2. Extensive research and publications written in 1970�s on auditory
>perception and microwaves.
>
>3. Pulse-modulated microwaves produce perceptible acoustic sensations
>in man and other mammals, even in subjects with impaired hearing.
ISTR some of these effects were traced to rectification (detection) of
the EM wave by the metals in tooth fillings.
--
Jim Dunnett
amadeus @netcomuk.co.uk
nordland @lineone.net
g4rga @thersgb.net
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Sat, 30 Sep 2000 00:55:44 +0300
>
Date: Fri, 29 Sep 2000 14:13:17 -0400
From: Jim Foti <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: AES ANNOUNCEMENT: Monday, October 2, 2000
[I'm sending this to those who have expressed interest in the AES
Development Effort over the last several years. Thanks. Jim]
AES ANNOUNCEMENT:
Monday, October 2, 2000
NIST will announce its selection which will be proposed for the Advanced
Encryption Standard.
TIME:
11:00 a.m. Eastern Daylight Time (local time in Washington, DC)
PLACE:
Lecture Room D, Administration Bldg. (Bldg. 101), NIST, Gaithersburg,
Maryland, USA
PARTICIPANTS:
Under Secretary of Commerce for Technology Dr. Cheryl L. Shavers
NIST Director Ray Kammer
Acting Chief of NIST's Computer Security Division Ed Roback
WEBCAST:
Anyone who wishes to view a real-time webcast of the press conference may do
so by accessing <http://real.nist.gov> and then clicking on "LIVE
BROADCASTS." That site also contains links to various streaming media
players.
OTHER:
Following the announcement, NIST will be posting its "Report on the
Development of the Advanced Encryption Standard (AES)" at the AES home page
<http://www.nist.gov/aes/>.
Additionally, the number and name(s) of NIST's selection for the AES will
NOT be announced before the official announcement (so PLEASE do not contact
me with that question, because I will not be able to respond).
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 20:07:04 GMT
In article <8qv0u7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Niclas Carlsson) wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>
> >zapzing wrote:
> >>
> >> To the contrary, the behavior of a chaotic system
> >> should look quite random as long as you hash it
> >> down enough. And there would be *No* repetition
> >> (at least not given our present understanding
> >> of most physical chaotic sytems) Any application
> >> using a digital PRNG will repeat eventually, but
> >> a sufficiently hashed chaotic RNG would not have
> >> any cycles.
>
> >I think that your observation is useful for those
> >who want to get randomness. One could also use
> >a number of systems and mix them together in some
> >way, I suppose.
>
> Of course all the talk about chaotic systems never
> repeating assume that we have infinite precision.
> It's all a matter of how large the internal state is.
Yes well I was sort of making the
unstated assumption that the chaotic
system would be implemented in analog
not in digital. Implementing a chaotic
system in digital *would* be a bad way
of making a PRNG, I admit.
You would then digitize the analog
signal and hash that down. Sorry for
the confusion.
--
Void where prohibited by law.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 20:16:10 GMT
In article <[EMAIL PROTECTED]>,
John Myre <[EMAIL PROTECTED]> wrote:
> "Douglas A. Gwyn" wrote:
> >
> > John Myre wrote:
> > > And too, the only way to "not have any cycles" would
> > > be to have an unbounded state.
> >
> > I guess technically to represent each of an infinite number
> > of values requires an infinite state register, but in
> > practice it needs only be big enough to allow the machine
> > to run for its design lifetime. That might be only a couple
> > of hundred bits.
>
> Well, I guess I was being obnoxious. Sorry.
>
> (The quoted material seemed to indicate that "sufficient
> hashing" had something to do with lack of cycles. Whereas
> I think now zapzing's real point was that a physical RNG
> could be truly non-cyclic (because of chaotic behavior).
> And I agree that the main point is that having no cycles
> is not enough.)
i'm sorry for the confusion, but I thought
it would be obvious that the chaotic system
would be dimplemented in analog. And an analog
system does have an infinite number of states
(and it also gets affected by thermal vibrations,
so the entire state of the universe becomes its
state.) I also agreee that lack of cycles is not
*sufficient* for security, thus the hashing down.
BTW. by "hashing down" I mean taking a block of
bits from the chaotic system (converted from A to
D, of course) and applying a hashing algorithm to
get a smaller number of bits. For example using
SHA-1 you would take perhaps 300 bits from your
chaotic system and hash them down to 160 bits.
The specific numbers would depend on the specific
application.
The reason hashing down is applied is that without
it the cryptanalyst might be able to predict
blocks of random numbers by making an aproximate
guess of the internal states of the chaotic system.
--
Void where prohibited by law.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: 29 Sep 2000 20:18:36 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39D4DE53.BA1B8606@t-
online.de>:
>
>
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
>>
>> >But you could at least publish it in a cs or crypto
>> >scientific journal, since it would be a significant
>> >contribution. But perhaps I could conjecture what
>> >would be your answer: These journals have editors
>> >that are all against a real scientist like you.
>> >
>>
>> I think most publishing is for a more or less closed
>> group of people. I have had some of my work published by
>> others when I worked for the government I expect nothing
>> different know that I am retired. If you wish to publish
>> it fell free to do so.
>
>If there is really good will to let your ideas put
>to the public, then it shouldn't be a problem at all,
>to spend effort, time and again, to put these clearly
>und understandably to, e.g. internet groups. If one
>doesn't do that, it plainly indicates lack of good
>will or that the ideas are no likely to be no good.
>
That's where YOUR WRONG AGAIN. How dare you say
it shouldn't be a problem at all. I have made it clear
you can look at the code if your not so dam lazy.
If you run into specific problems I would help but
you have to do something. If you think I lack good
will then F**K you.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 19:56:32 GMT
Jim Gillogly wrote:
> ... as Doug Gwyn points out, there <is> no universally
> accepted definition of chaos.
I think it was actually somebody else who said that,
although the fact that there is an argument here
about the definition does demonstrate that it is so.
Perhaps a more pertinent question would be whether
the active researchers in the field agree upon a
single definition. (I don't know whether they do.)
> In particular, the lack of complete randomness in dynamic systems
> normally called "chaotic" enabled me to break two cryptosystems that
> were claimed to be based on chaos, and the effectiveness of chaos
> in cryptosystems is what this thread was about --
Yup.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 19:58:22 GMT
Tim Tyler wrote:
> Practically all strong cyphers I know of are
> fundamentally based on chaotic systems.
I can't speak for what systems you know of,
but *none* of the best cryptosystems I know
of make use of any theory of "chaos".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: CPU's aimed at cryptography
Date: Fri, 29 Sep 2000 20:04:53 GMT
kihdip wrote:
> Motorola's CPU, MPC180 at:
> Analog Device's CPU, ADSP-2141 at:
These appear to be dedicated for use with particular
open cryptographic standards. What I wonder about is
what is happening to Motorola's AIM? A 0.18 micron
implementation would be wonderful.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: NIST Statistical Test Suite
Date: Fri, 29 Sep 2000 23:08:45 +0200
While all the current attention of our groups in direction
of NIST is apparently on AES, I believe that it is barely
known that NIST has just contributed something also of
essential interest to us. In
http://csrc.nist.gov/rng/
there is now available for download an apparently
fairly good statistical test suite. A technical problem
may be however that the stuff is in UNIX tar files.
I hope that this news is of value to those interested
in random numbers. If someone gains practical experience
with the test suite, it would be nice if he will give
a report on that to us.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: NIST Statistical Test Suite
Date: Fri, 29 Sep 2000 14:03:29 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> While all the current attention of our groups in direction
> of NIST is apparently on AES, I believe that it is barely
> known that NIST has just contributed something also of
> essential interest to us. In
>
> http://csrc.nist.gov/rng/
>
> there is now available for download an apparently
> fairly good statistical test suite. A technical problem
> may be however that the stuff is in UNIX tar files.
>
> I hope that this news is of value to those interested
> in random numbers. If someone gains practical experience
> with the test suite, it would be nice if he will give
> a report on that to us.
Thanks! I'll let you know what I find.
Paul
>
> M. K. Shen
> -------------------------
> http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
