Cryptography-Digest Digest #801, Volume #12 Sat, 30 Sep 00 03:13:01 EDT
Contents:
Re: Chaos theory (Tim Tyler)
Re: Chaos theory (Tim Tyler)
Re: IBM analysis secret. (Sundial Services)
Re: Adobe Acrobat -- How Secure? (Sundial Services)
Re: Deadline for AES... ("Scott Fluhrer")
Re: Josh MacDonald's library for adaptive Huffman encoding ([EMAIL PROTECTED])
Re: Is RC4 a serious cipher? (Guy Macon)
Re: Is RC4 a serious cipher? (Guy Macon)
Re: Deadline for AES... (John Savard)
Re: AES annoucement due Monday 2nd October (John Savard)
Re: NIST Statistical Test Suite ("Paul Pires")
Re: Is RC4 a serious cipher? ("Paul Pires")
Re: Josh MacDonald's library for adaptive Huffman encoding (SCOTT19U.ZIP_GUY)
Re: RSA occasional failure? (Peter Pearson)
Re: NIST Statistical Test Suite ("Douglas A. Gwyn")
Re: Chaos theory ("Douglas A. Gwyn")
Re: Yet another LFSR idea. ("Trevor L. Jackson, III")
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Sep 2000 23:34:12 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote:
: When you ask "Does anyone know of any definitions by which (say)
: modern block cyphers do *not* qualify as chaotic systems?" you
: seem to be using an interpretation of chaos that's broad enough
: to offer no particular insight into cryptography and cryptanalysis.
It's not the purpose of definitions of chaos to offer insight into
cryptography and cryptanalysis. Personally, I find sensitivity on initial
conditions to be a useful way of regarding avalanche - but that's about
the scope of it.
I can't think how making the definition of chaos narrower would help
very much with this.
: If I'm mistaken, then illuminate us: what intellectual leverage
: on the crypto problem do you gain by viewing modern block ciphers
: as chaotic systems?
I don't make any serious claim for such leverage. Modern block
cyphers *are* chaotic systems (by practically any sensible definition) -
but where this gets us in terms of insight I don't know.
I'm sure concepts like fractal dimension can be applied to aspects of some
cryptosystems. Perhaps catastrophe's occur under some circumstances in
cryptography. Whether there's a great deal of point in looking at things
like this, I can't say. It seems a fresh perspective - but perhaps not a
very useful one.
It /may/ be that there's something cryptography could gain from
cross-fertilisation between the fields - but not much springs immediately
to mind.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Reply-To: [EMAIL PROTECTED]
Date: Fri, 29 Sep 2000 23:51:43 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
:> : Tim Tyler wrote:
:> :> Jim Gillogly <[EMAIL PROTECTED]> wrote:
:> :> : In mathematics, however, chaos lies on the boundary between
:> :> : order and disorder, and is a study of systems that have behavior
:> :> : that's largely predictable statistically...
:> :>
:> :> Not necessarily correct - chaotic systems can be highly disordered.
:>
:> : Gillogly was closer to the mark.
:>
:> Except for the fact that he stated that "chaos lies on the boundary
:> between order and disorder" - which isn't right at all - while my
:> statement was correct.
: While you may have some other view of chaos, mine is certainly shared
: by many researchers. A quick web search on the phrase "between order
: and disorder" turned up a bunch of hits, including:
: http://www.ems.psu.edu/info/explore/Chaos.html
: Chaotic systems - they seem to be messy and random, unpredictable;
: yet close examination shows patterns and predictability. They inhabit
: the zone between order and disorder.
I believe this page is making the same mischaracterisation as you.
*Some* chaotic systems "inhabit the zone between order and disorder".
Others do not. This makes it a bad way of characterising chaotic systems.
: http://www.millennial.org/~jwills/GIG/C/Chaos_theory.html
: Chaos theory, and the ways that natural processes move between order
: and disorder, brings us closer to understanding the shapes of clouds
: the patterns and lack of patterns of running water and...
This quotation - and the page - don't appear to provide much support for
your statement.
: I'm not trotting these out as definitive definitions of chaos or as
: the final word -- [...] I present them simply to point out
: that my view of chaos is well within the envelope of what chaos
: researchers are working on. [...]
Hmm. Plenty of folks who are interested in chaos are interested in the
area between order and disorder. That's where the interesting phenomena
generally happen.
I would hope that few of them believed that chaotic systems were /only/
to be found in this area, though - such a view would be in error, going
against widely accepted defining characteristics of chaotic systems
- which generally include highly disordered systems.
: The Wolfram definition I gave elsewhere in this thread matches closely
: how I think about chaos.
That definition seems fairly orthodox.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
Date: Fri, 29 Sep 2000 18:40:17 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: IBM analysis secret.
Brian Gladman wrote:
>
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Brian Gladman wrote:
> > > "SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote:
> > > > Having worked in the government for 26 years. I would take anything
> > > > a corporation says with a grain of salt. Numberous times govenment
> > > > employess did all the work and then later the BIG CORPARATIONS with
> > > > money acted like they did something. My view is that the boys at IBM
> > > > never where given the reasons for DES and just went along with the NSA
> > > > just as they most likely were never given an honest reason why it was
> > > > 56 bytes instead of 64.
> > > bits, not bytes, if you are referring to the DES key length.
> > > And the earlier statement is about what Don Coppersmith has said, not
> about
> > > what IBM has said.
> >
> > Not only that, but he has the wrong idea of how the work
> > was done, by whom, and under what conditions.
>
> Agreed.
>
> Brian Gladman
NSA and CIA have been called "the real R&D department of the
technological world," because they are willing and able to spend for
[only] the latest and greatest -- provided you can keep it all secret,
even to the point of acting like no secret exists. Far from being an
enemy of "big corporations," they work quite closely with them.
"A grain of salt?" Of course -- they're keeping secrets, remember?
It's just the way the game is played, AND there are compelling reasons
for it.
------------------------------
Date: Fri, 29 Sep 2000 18:43:50 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Adobe Acrobat -- How Secure?
I don't know if PDF provides no-print restriction .. or if, in this
world of print-screen buttons, such a restriction could ever
meaningfully exist.
The do-not-alter protections available in full Acrobat should serve
their intended purposes well enough, although it is a given that with
enough determination anything can and will be broken. (The fact that
you can smash the door down doesn't keep Slage Lock Company from staying
in business.)
>David C. Barber wrote:
>
> I am looking to distribute some documents I don't want the user to be able
> to alter or print. Acrobat was suggested, but IIRC, wasn't the Steven King
> story distributed through Acrobat, and it was broken quickly just by loading
> it into the full fledged Acrobat program?
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 19:57:33 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> John Savard wrote:
> >
>
> > I interpret that to mean that the standard will be a draft standard
> > only at that time.
>
> So in principle the AES winner could still be improved in
> its final version. Is that right? That wouldn't be bad.
Well, since NIST is making up the rules, I suppose they could do anything
they feel like. In principle, they could go and announce that FROG is the
winner after all...
However, if they take an AES finalist, tweak it and announce that the
tweaked version is the winner, that is likely to cause a tremendous uproar.
Unless their tweak is to simply tack on a few rounds, the question "why did
you change it -- did you add a weakness that the NSA could exploit" will
certainly arise, and would be unlikely to go away. Similar questions arose
with the hidden design principles behind DES, and NIST wants to avoid that
scenario...
--
poncho
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: Sat, 30 Sep 2000 03:16:57 GMT
David A. Scott,
For the record, no matter what your work or contributions, you are an
abusive person. While I am sure that I would have words for you in
person I will not use them here for the respect of this group.
Count on the fact that I will NEVER read a post from you again.
Please don't bother to respond to this post. I do not care what you
think.
-Michael A Maniscalco
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote in
<39D4DE53.BA1B8606@t-
> online.de>:
>
> >
> >
> >"SCOTT19U.ZIP_GUY" wrote:
> >>
> >> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >>
> >> >But you could at least publish it in a cs or crypto
> >> >scientific journal, since it would be a significant
> >> >contribution. But perhaps I could conjecture what
> >> >would be your answer: These journals have editors
> >> >that are all against a real scientist like you.
> >> >
> >>
> >> I think most publishing is for a more or less closed
> >> group of people. I have had some of my work published by
> >> others when I worked for the government I expect nothing
> >> different know that I am retired. If you wish to publish
> >> it fell free to do so.
> >
> >If there is really good will to let your ideas put
> >to the public, then it shouldn't be a problem at all,
> >to spend effort, time and again, to put these clearly
> >und understandably to, e.g. internet groups. If one
> >doesn't do that, it plainly indicates lack of good
> >will or that the ideas are no likely to be no good.
> >
>
> That's where YOUR WRONG AGAIN. How dare you say
> it shouldn't be a problem at all. I have made it clear
> you can look at the code if your not so dam lazy.
> If you run into specific problems I would help but
> you have to do something. If you think I lack good
> will then F**K you.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
>
--
Michael A Maniscalco
Visit my homepage on the new M99 data compression scheme at
As fast as Huffman, as good as arithmetic.
http://michaelmaniscalco.homepage.com/M99index.htm
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is RC4 a serious cipher?
Date: 30 Sep 2000 03:32:48 GMT
David C. Barber wrote:
>
>I was looking the RC4 Cypherpunks code and doesn't seem to be much more than
>a simple key generator and an xor with a cycle of 256. Is this at all a
>serious (read: secure) cipher?
>
> *David Barber*
>
Where is the "RC4 Cypherpunks (Cipherpunks?) code"? Are you
refering to Ciphersaber, [ http://www.ciphersaber.gurus.com ]
or some other implementation?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is RC4 a serious cipher?
Date: 30 Sep 2000 03:38:43 GMT
Another advantage is that you can be pretty sure that your RC4
implementation does not have back doors or implementation errors
in it. If you examine the source and see nothing funny, and the
result properly encodes and decodes the test cases, it's hard to'
see where a back door could be hidden.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Deadline for AES...
Date: Sat, 30 Sep 2000 03:39:30 GMT
On Fri, 29 Sep 2000 19:57:33 -0700, "Scott Fluhrer"
<[EMAIL PROTECTED]> wrote, in part:
>However, if they take an AES finalist, tweak it and announce that the
>tweaked version is the winner, that is likely to cause a tremendous uproar.
>Unless their tweak is to simply tack on a few rounds, the question "why did
>you change it -- did you add a weakness that the NSA could exploit" will
>certainly arise, and would be unlikely to go away. Similar questions arose
>with the hidden design principles behind DES, and NIST wants to avoid that
>scenario...
I think that they will definitely avoid that. I suppose that there are
some other safe tweaks besides tacking on a few rounds, though, but I
doubt they will do any such thing.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: AES annoucement due Monday 2nd October
Date: Sat, 30 Sep 2000 03:37:24 GMT
On Fri, 29 Sep 2000 17:09:27 -0600, John Myre <[EMAIL PROTECTED]>
wrote, in part:
>John Savard wrote:
><snip>
>> This is the *first* time they have, to my knowledge, laid claim to
>> such an option.
>Is that a troll, or did you really fail to notice what they said?
I notice what they said now. I'm unaware that they ever previously
hinted that they might choose more than one algorithm, despite many
suggestions that they do so.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: NIST Statistical Test Suite
Date: Fri, 29 Sep 2000 21:14:47 -0700
<SNIP>
>If someone gains practical experience
> with the test suite, it would be nice if he will give
> a report on that to us.
No practical experience yet but I did the download
and briefly skimmed.
16 tests
Verbose documentation including equations, assumptions
example solutions and evaluation criteria for each test.
This is a 1.4 meg PDF file. 168 pages worth.
Frequency (monobit) test.
Frequency test with a block.
Runs test.
Test for longest run of one in a block.
Binary matrix rank test.
Discrete Fourier Transform (spectral) test.
Non-overlapping template matching test.
Overlapping template matching test.
Maurer's "Universal statistical" test.
Lemple-Ziv compression test.
Linear complexity test.
Serial test.
Approximate entropy text.
Cumulative sums (Cusum) test.
Random excursions test.
Random excursions variant test.
Don't hold your breath waiting for
a report on practical experience. It
will take awhile to digest. Unfortunately,
they didn't include compiled executables
It will probably be a pain for a rookie
like me but the source seems to be well
documented.
Paul
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Is RC4 a serious cipher?
Date: Fri, 29 Sep 2000 21:23:59 -0700
John Myre <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires wrote:
> <snip>
> > It's kinda elegant in it's simplicity.
>
> "kinda"?
>
> Somebody at an AES conference posted that Ron Rivest is
> also known as Merlin (this after coming up with the RC6a
> key schedule).
I admire the concept. I went though something similar
in a differnet feild. 4 years work reduced to a half page. And
folks say "That's all you did in four years!".
Sometimes it is hard making functional, small and simple.
Paul
>
> JM
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: 30 Sep 2000 04:32:48 GMT
[EMAIL PROTECTED] wrote in <8r3lv6$2ip$[EMAIL PROTECTED]>:
>David A. Scott,
>
>For the record, no matter what your work or contributions, you are an
>abusive person. While I am sure that I would have words for you in
>person I will not use them here for the respect of this group.
>Count on the fact that I will NEVER read a post from you again.
>Please don't bother to respond to this post. I do not care what you
>think.
>
>-Michael A Maniscalco
>
I hope you keep that promise. I was going to comment on your
RLE attempt in your BWT compression but since you seem hung up
on not learning I don't think I will bother to tell you how
yours could be improved since I doubt you would understand it
anyway. By the way I don't think I treated you bad it was MOK
for years he rambles on saying crap that is wrong. I get tired
of a person who thinks they are god and says that if you don't
document his way then you don't care. I care and I do things
my way its for free. You didn't have to read my comment to him
actually it was clean I usually spell it out but I was nice
that time.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Peter Pearson <[EMAIL PROTECTED]>
Subject: Re: RSA occasional failure?
Date: Fri, 29 Sep 2000 23:08:12 -0700
Albert Yang wrote:
>
> Paul Rubin wrote:
> >
> > [EMAIL PROTECTED] (Mark-Jason Dominus) writes:
> >
> > Since N=pq, the chance of a random x < N being a multiple of p is 1/q.
> > Since q is normally > 10^100, this probabilit is negligible. But
> > you're correct, if you pick some small primes (p=3, q=5) and try to
> > work an RSA example on the blackboard and choose the wrong x, you can
> > sometimes get bitten by this.
>
> Given that the runtime as q gets bigger, this probability approaches 0
> (with the growth of q), It would be the case that the probability of
> this happening is the same as cracking RSA on the first try.
The probability that decrypt(encrypt(x)) != x
does not "approach" zero, it is identically zero.
The claim that counterexamples can be found with
p=3 and q=5 is wrong. RSA encryption and decryption
work even when the message is a multiple of p or q.
- Peter
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: NIST Statistical Test Suite
Date: Sat, 30 Sep 2000 02:28:24 -0400
Mok-Kong Shen wrote:
> ... A technical problem
> may be however that the stuff is in UNIX tar files.
Why is that a problem? WinZip is a readily available
program that can unpack tar files; and there are others.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Sat, 30 Sep 2000 02:35:46 -0400
zapzing wrote:
> Yes well I was sort of making the
> unstated assumption that the chaotic
> system would be implemented in analog
> not in digital. Implementing a chaotic
> system in digital *would* be a bad way
> of making a PRNG, I admit.
> You would then digitize the analog
> signal and hash that down. Sorry for
> the confusion.
You'd be even sorrier if you tried to implement
that idea and carefully measured the result.
Analog systems are easily perturbed by the
environment, so for example it could synchronize
with an ambient signal from some other source,
e.g. 60-Hz hum.
------------------------------
Date: Sat, 30 Sep 2000 02:44:53 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Yet another LFSR idea.
Benjamin Goldberg wrote:
> This idea is based on running 8 LFSRs in parrallel using bitslicing.
>
> Create a circular array of N bytes, and fill it randomly.
> To update, combine the current byte with the XOR sum of a selection of
> the "previous" N-1 bytes, using a primitive polynomial as the selector,
> and output it.
>
> The problem with this scheme, is that it is entirely linear: it is
> essentially taking 8 lfsrs and outputing one bit from each.
>
> To fix that, change the XOR sum to an additive sum. The lowest bit in
> each byte is still perfectly linear, but the top bit should be
> nonlinear. We could use this, using ONLY the top bit, but that seems
> wasteful.
>
> Now make one more change: Do a circular shift left by 1 bit after
> adding. This brings the nonlinear top bit to the bottom.
>
> The method can be extended to use 32 or 16-bit words, instead of 8-bit
> bytes, and of course there's no limit on the size of the array, so long
> as you can find a primitive polynomial that large.
>
> What do you all think?
>
> Also, what do you think of using that circular shift left with a
> [lagged] fibbonacci generator to increase nonlinearity?
>
One issue is that the period of the suggested system is less than the
maximal period defined by using all of the bits in a single register.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
