Cryptography-Digest Digest #881, Volume #12 Mon, 9 Oct 00 18:13:01 EDT
Contents:
Re: xor algorithm (Simon Johnson)
Re: A new paper claiming P=NP (Daniel A. Jimenez)
Re: A new paper claiming P=NP (Jeremy Spinrad)
Re: On block encryption processing with intermediate permutations (Bryan Olson)
The science of secrecy: Simple Substition cipher ("KK")
Re: securely returning password info to a server from a client (Thomas Wu)
Re: Choice of public exponent in RSA signatures (DJohn37050)
Re: A new paper claiming P=NP (Scott Craver)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: A new paper claiming P=NP (David Eppstein)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Daniel A. Jimenez)
Re: Internet Security Question (David Hopwood)
Re: The science of secrecy: Simple Substition cipher (Scott Craver)
Re: A new paper claiming P=NP (Stas Busygin)
Re: A new paper claiming P=NP (Scott Craver)
Re: SDMI - Answers to Major Questions (Scott Craver)
Re: The science of secrecy: Simple Substition cipher (John Savard)
Re: Looking Closely at Rijndael, the new AES (John Savard)
Re: Looking Closely at Rijndael, the new AES (John Savard)
----------------------------------------------------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: xor algorithm
Date: Mon, 09 Oct 2000 19:19:58 GMT
In article <8rs4sr$mm7$[EMAIL PROTECTED]>,
"Antonio Merlo" <[EMAIL PROTECTED]> wrote:
> How strong will be an encryption method based on a xor operation with
a pass
> phrase (or password) an a buffer to encrypt? (suppossed a very strong
> password of, let's say 16 letters, combining uppercase, lowercases and
> digits)
> How will you cryptoanalise that algoritm?
>
>
Okies, lets say you repeated you're key over and over (which is the
generally regarded techique). Its easy to prove this is insecure. If
you circularly shift the cipher-text by the number of characters the
key contains. Then xor the shifted version with its self, the key drops
out and it becomes breakable without a key. In algebra:
C_1 = T_1 XOR K
C_2 = T_2 XOR K
Simultaneously:
C_2 XOR C_2 = T_1 XOR T_2
A description of exactly how to break it can be found in 'Applied
Cryptography'
Hope this helps,
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Daniel A. Jimenez)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 14:39:07 -0500
In article <[EMAIL PROTECTED]>,
Rajarshi Ray <[EMAIL PROTECTED]> wrote:
>"David C. Ullrich" wrote:
>> Yes. (And it's not just a theoretical thing: It happens all the
>> time that an algorithm that takes time O(n^2) is actually much
>> faster than one that takes time O(n).)
>
>Yes, I've noticed that Big-Oh bounds are often not reliable estimates of
>complexity in practice. But I didn't think this was because of the kind
>of anomaly you mentioned, i.e. it behaves badly for practically large
>values while behaving well in the limit. I thought the problem with
>Big-Oh estimates in practice was due to unaccounted issues of
>implementation details. Is that not the problem, in most cases anyway?
That's part of the problem. Also, big-Oh doesn't always tell the whole
story, since it's just an upper bound. Quicksort has a running time
of O(n^2) to sort n elements, but is almost always faster than, say,
merge sort, which is O(n log n). In cases like these, you can prove that
Quicksort has a running time of O(n log n) with high probability, but you
can't just say Quicksort is O(n log n) without qualifying it.
--
Daniel Jimenez [EMAIL PROTECTED]
"I've so much music in my head" -- Maurice Ravel, shortly before his death.
" " -- John Cage
------------------------------
From: [EMAIL PROTECTED] (Jeremy Spinrad)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 19:58:57 GMT
Some people are claiming that big O analyses do not do a good job of
reflecting behavior of programs. Although I know of examples of this (e.g.
simplex outperforms its worst case analysis in practice), I am
curious as to whether saying this is common is at all justified. It certainly
goes against my intuition that there are lots of programs out there such
that the O(n^2) algorithm is beating up on the O(n) algorithm on inputs
of large enough size so that time is a factor, as one poster implied.
As to the P = NP paper; there is an entirely different reason for having
an implementation. Previous claims of this types have proved to be moving
targets; a hole is found by a reviewer, and the author adds a patch to the
hole and still claims an algorithm. It would be nice to have a program at
least so we could check whether the author could make the program answer
the problem correctly before we do the difficult job of reviewing the paper.
Jerry Spinrad
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 09 Oct 2000 19:53:00 GMT
Mok-Kong Shen wrote:
> Bryan Olson schrieb:
> > Mok-Kong Shen wrote:
> > > David Hopwood wrote:
> >
> > > > This argument is quite obviously wrong. Brian Olson is claiming
> > > > that the scheme can be broken with high probability (and given
> > > > reasonable parameter choices) when the permutation is random.
> > > > That does not imply that it can be broken if you choose a
> > > > specific permutation. In order to be secure, a scheme has to
> > > > be unbreakable in all cases except with negligable probability;
> > > > it's certainly not sufficient for it to be secure in one case.
> > >
> > > He never mentioned in his posts in this sense. He said
> > > he could somehow adapt to the permutation, which means
> > > getting that information from trials (chosen plaintext)
> > > and which seems indeed feasible if 'sufficient' (how
> > > large is another matter) materials can be obtained.
> >
> > False. We went over this about two weeks ago.
> >
> > Shen:
> > | | Now one of the permutation is the identity. If that
> > | | happens to take places, is the original cipher also
> > | | that easy to attack?
> >
> > Olson:
> > | You specified a pseudo-random permutation. I wrote that a
> > | block with the properties that support the attack probably
> > | exists among about a thousand blocks. If the identity is
> > | one of the inter-round permutations, such a block will not
> > | exist.
>
> So does that imply that there is a factor of the order of
> 1000 in comparison with cracking the original block cipher?
> If not, why?
Of course not. It does not imply, or even suggest, that there
is a tractable attack on the original block cipher.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "KK" <[EMAIL PROTECTED]>
Subject: The science of secrecy: Simple Substition cipher
Date: Sun, 8 Oct 2000 23:24:48 +0100
Dear group,
Channel 4 (UK) are running a series of 'The science of secrecy'
and after the show mentioned a cipher competition on thier website
www.channel4.co.uk/nextstep. The message uses a substition cipher
where the letters are pared ie if cT 'A' = pT 'T' then cT 'T' = pT 'A'.
The problem is i cant make sense of the last line.
Can anyone help?
-TIA-
Cipher:
Iroho awg genoirtms tm iro iemo
ez irtg meio irwi swko no showi
jmowgtmogg. (Poiioh 'P')
'Iro Sepx Qjs' qc O.W. Leo
Plaintext:
There was something in the tone
of this note that gave me great
uneasiness. (Letter 'L')
????????????????????????????
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: securely returning password info to a server from a client
Date: 09 Oct 2000 13:06:09 -0700
"William A. McKee" <[EMAIL PROTECTED]> writes:
> Is there a royalty free library for SSL available? Does it encrypt both
> from the client to the server and the server to the client?
Actually, I agree with one of the earlier suggestions in the
conversation - have the user registration be done in a Web page
protected by SSL. This way, you leverage the SSL that's built-in
to the browser, and you get your password securely established for
secure SRP authentication in your applet. Your applet won't be
burdened with SSL code that would only be used once anyway.
> TIA,
> Will.
>
> --
> William A. McKee
> [EMAIL PROTECTED]
> Asia Communications Quebec Inc.
> http://www.cjkware.com
>
> "We're starfleet: weirdness is part of the job." - Janeway
>
> Arnold Shore <[EMAIL PROTECTED]> wrote in message
> news:8rs9sj$2h8$[EMAIL PROTECTED]...
> > Won't the encryption provided by an SSL session do what's needed? A
> > server-side certificate is all that it takes - price somewhere between
> cheap
> > and free.
> >
> > Arnold Shore
> > Annapolis, MD USA
> >
> >
>
>
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 09 Oct 2000 20:14:53 GMT
Subject: Re: Choice of public exponent in RSA signatures
The point by Simmons was that ANY message would need to have an authentication
method to show the message was authentic and not bogus. But there was no way
to show that the message with signature did NOT contain more information that
was apparent and then he found counterexamples where it did have a
subliminal/covert channel. But my memory is fuzzy.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 20:20:05 GMT
Daniel A. Jimenez <[EMAIL PROTECTED]> wrote:
>
>That's part of the problem. Also, big-Oh doesn't always tell the whole
>story, since it's just an upper bound. Quicksort has a running time
>of O(n^2) to sort n elements, but is almost always faster than, say,
>merge sort, which is O(n log n). In cases like these, you can prove that
>Quicksort has a running time of O(n log n) with high probability, but you
>can't just say Quicksort is O(n log n) without qualifying it.
The original question was if the new algorithm should be
implemented and tested to get some real world data about its
behavior. The mention of quicksort is interesting, because
there, empircal data is useful in characterizing its real-world
behavior.
Anyways, I am still suspicious of the 2^2^n example. While
it is the case sometimes that algorithms with higher complexity
beat out those of lower complexity (again Simplex, vs Circumscribed
Ellipsoids,) these anomalies are well-behaved. I.e., the
O(n log n) sort does beat out O(n^2) sorts after a comprehensibly
small value of n. Simplex's polynomial average behavior does not
kick out after some large n like 10^10^6. As far as I know.
This new algorithm will probably not behave like one of these
extreme examples.
So perhaps some data would be worth taking.
I am reminded of Papadimitriou's comment about this in his textbook,
defending the association of P with "good" and NP\P with "bad."
While there are bad polynomials like (n+2)^10000000 and good
exponentials like n^1/1000000000, these just don't happen.
Nor should we expect empirical data to be useless just in case
the polynomiality of this algorithm might only kick in after n=3!!!!
(That's ((((3)!)!)!)!, not _THREE_! )
-S
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 09 Oct 2000 23:00:59 +0200
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> > Bryan Olson schrieb:
> > > Mok-Kong Shen wrote:
> > > > David Hopwood wrote:
> > >
> > > > > This argument is quite obviously wrong. Brian Olson is claiming
> > > > > that the scheme can be broken with high probability (and given
> > > > > reasonable parameter choices) when the permutation is random.
> > > > > That does not imply that it can be broken if you choose a
> > > > > specific permutation. In order to be secure, a scheme has to
> > > > > be unbreakable in all cases except with negligable probability;
> > > > > it's certainly not sufficient for it to be secure in one case.
> > > >
> > > > He never mentioned in his posts in this sense. He said
> > > > he could somehow adapt to the permutation, which means
> > > > getting that information from trials (chosen plaintext)
> > > > and which seems indeed feasible if 'sufficient' (how
> > > > large is another matter) materials can be obtained.
> > >
> > > False. We went over this about two weeks ago.
> > >
> > > Shen:
> > > | | Now one of the permutation is the identity. If that
> > > | | happens to take places, is the original cipher also
> > > | | that easy to attack?
> > >
> > > Olson:
> > > | You specified a pseudo-random permutation. I wrote that a
> > > | block with the properties that support the attack probably
> > > | exists among about a thousand blocks. If the identity is
> > > | one of the inter-round permutations, such a block will not
> > > | exist.
> >
> > So does that imply that there is a factor of the order of
> > 1000 in comparison with cracking the original block cipher?
> > If not, why?
>
> Of course not. It does not imply, or even suggest, that there
> is a tractable attack on the original block cipher.
Let me see whether the following makes it more clear for
you:
Permutations are discrete entities. Nevertheless, one can
say that there are permutations that are close to one
other, i.e. neighbours. What if I use permutations that
are not the identity but close to it? Does it mean that
the job then becomes 'suddently' extremely easy as you
claimed? I suppose you can see from this why I consider
your arguments to be problematical from the outset.
In practice it is not easy to obtain good PRNG and hence
good random permutations. To get bad ones, including the
identity, is rather simple. According to your previous
post, I could make one of the inter-round permutations to
be the identity and be immune to your attack. That's no
problem for me, if necessary. There being n rounds (cycles),
I can afford to have one inter-round permutation being
the special one, the identity.
M. K. Shen
------------------------------
From: David Eppstein <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 09 Oct 2000 13:58:28 -0700
In article <8rt99l$c87$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Scott Craver) wrote:
> While there are bad polynomials like (n+2)^10000000 and good
> exponentials like n^1/1000000000, these just don't happen.
You meant 2^{n/10^9}, right?
One sees claims for 3-SAT to be something like 2^{n/13}, not as extreme as
your examples but certainly a "good exponential" -- it means 500-variable
instances are solvable in practice. (These are experimental timings for
hard random problems -- theoretical worst case bounds are not as good.)
I think one undesirable outcome of the whole emphasis on P=good NP-P=bad
has been a lack of attention to algorithms with exponential time bounds, an
area where algorithmic improvements can make a big practical difference.
--
David Eppstein UC Irvine Dept. of Information & Computer Science
[EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/
------------------------------
From: Stas Busygin <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Tue, 10 Oct 2000 00:14:34 +0300
Paul Rubin wrote:
>
> Any chance of providing a pdf file? The .ps.zip and .ps.gz files are
> hard to view in a browser.
Sorry, not just now. I have a limited space on the web server.
------------------------------
From: Stas Busygin <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Tue, 10 Oct 2000 00:21:59 +0300
Rajarshi Ray wrote:
>
> Stas Busygin wrote:
> >
> > Dear Fellows!
> >
> > A new paper has just been published in Stas Busygin's Repository
> > for Hard Problems Solving. It is "An Efficient Algorithm for the
> > Minimum Clique Partition Problem" by A. Plotnikov. Please find this
> > proposal on efficient solving of an NP-hard problem at:
> > http://www.busygin.dp.ua/clipat.html
> > http://www.geocities.com/st_busygin/clipat.html (mirror)
> >
> > The publication policy of the repository may be found at:
> > http://www.busygin.dp.ua/call.html
> > http://www.geocities.com/st_busygin/call.html (mirror)
> >
> > Best regards,
> >
> > Stas Busygin
> > email: [EMAIL PROTECTED]
> > WWW: http://www.busygin.dp.ua
>
> Is it not possible to implement the presented algorithm and try it out
> on examples to see the growth rate, just as a preliminary check?
I'm working on the program now but unfortunately can't spend much
time for this. As soon as it will be ready and shown the
correctness for small samples, I'll run the test on the DIMACS
coloring suit. However, if someone there will realize the program
earlier, please submit it to my repository -- its rules are
suitable for programs too!
Best wishes,
Stas Busygin
email: [EMAIL PROTECTED]
WWW: http://www.busygin.dp.ua
------------------------------
From: [EMAIL PROTECTED] (Daniel A. Jimenez)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 16:15:32 -0500
In article <8rt821$102$[EMAIL PROTECTED]>,
Jeremy Spinrad <[EMAIL PROTECTED]> wrote:
>Some people are claiming that big O analyses do not do a good job of
>reflecting behavior of programs. Although I know of examples of this (e.g.
>simplex outperforms its worst case analysis in practice), I am
>curious as to whether saying this is common is at all justified. It certainly
>goes against my intuition that there are lots of programs out there such
>that the O(n^2) algorithm is beating up on the O(n) algorithm on inputs
>of large enough size so that time is a factor, as one poster implied.
Asymptotic analysis is, in general, a good thing; otherwise, it would have
been thrown out in favor of something else. I think the claim being made is
just that one should always beware of situations in which asymptotic analysis
doesn't tell the whole story.
--
Daniel Jimenez [EMAIL PROTECTED]
"I've so much music in my head" -- Maurice Ravel, shortly before his death.
" " -- John Cage
------------------------------
Date: Mon, 09 Oct 2000 19:46:20 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Internet Security Question
=====BEGIN PGP SIGNED MESSAGE=====
Tony wrote:
> I have a problem with a particular website. When I click on register I am
> sent to a secure server. I am supposed to enter details here and click
> send. However, when I double click on the padlock on Internet Explorer 5 &
> 5.5, instead of telling me about the server certificate and the secure
> connection it says "This certificate has failed to verify for all of it's
> intended purposes".
This is a bug in IE5 with SGC certificates. The last thing I heard was
that Microsoft were refusing to fix it; they apparently don't think it's
important because it is "just a user interface issue", which should tell
you something about their attitude to security and correctness of software
in general.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOeEfpjkCAxeYt5gVAQHHYQf9E+NQcwfyBkxB165bcXUjrMtTogLCNwix
eu7zZ0Ru14aDC8Ha4/4nIwB9TFCQTQdNC5I3WdeT8bQ3WpTiXOR/Tdg5eL0w+NPm
EdK7+p5qkUCR719cNffnfGEyMwSSAz9vrsA1Ef3yJovcSqFPHCLEpyZd/WUpe9q5
XjTYAphMYhH//Ia2CKig/QMmdkTyJbN+k3KlZyJ6enEDFHb/4UCT8DitlbdxC4Tm
WXH56VTLyMlb2Ypc61xU6On4pxbJEEg0cD1THrED/C4MNCDE9wxmL3hDdjrZ1yPJ
V4MNHlf7pr3CiVEWaClzZY6xdvyYFWoPmnH281usvhZTR+JEkqU4/w==
=8r9A
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: The science of secrecy: Simple Substition cipher
Date: 9 Oct 2000 21:08:36 GMT
KK <[EMAIL PROTECTED]> wrote:
>Dear group,
>Channel 4 (UK) are running a series of 'The science of secrecy'
>and after the show mentioned a cipher competition on thier website
>www.channel4.co.uk/nextstep.
This is going to get very bad very fast.
My brother already sent me the URL (neither of us are UK residents,
so we aren't eligible for the prize,) and I already know the
trip-to-Egypt-winning phrase. I must not be alone.
There will be 5 ciphertexts distributed over the course of the
month, each hinting at a piece of the big final answer that wins
the prize. But within 10 minutes of peering at the 1st ciphertext,
I knew the big final answer.
It didn't hurt that I had it on CD at home (the final answer
is the name of a piece of music.) But then, anyone with any
CD by this one composer surely has this one piece of music.
<SNOBBERY SUBTLE="no"> And anyone with a browser to aim at a
search engine will figure it out without having to be cultured.
</SNOBBERY>
>The message uses a substition cipher
>where the letters are pared ie if cT 'A' = pT 'T' then cT 'T' = pT 'A'.
>
>The problem is i cant make sense of the last line.
>Can anyone help?
Why don't you just use the substitutions you already learned
from the ciphertext above?
>-TIA-
Cej'ho aopyeno.
-Scott
------------------------------
From: Stas Busygin <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Tue, 10 Oct 2000 00:34:56 +0300
"David C. Ullrich" wrote:
>
> On Mon, 09 Oct 2000 04:47:22 GMT, Rajarshi Ray <[EMAIL PROTECTED]>
> wrote:
>
> [...]
> >Is it not possible to implement the presented algorithm and try it out
> >on examples to see the growth rate, just as a preliminary check?
>
> No. Suppose that a(n) is a sequence of integers and
> a(n) = 2^(2^(^n)) for all n less than 10^(10^10). Does a(n)
> have polynomial growth?
The complexity of the algorithm is bounded as O(n^6) by the author.
It's because the so-called vertex-saturating takes not more than n
steps and repeats not more than n times according to author's
claims (n is the number of graph vertices). As the nested loop of
the saturating has O(n^4) complexity in any case (this assertion is
obvious), we need to keep an eye only on those two bounds claimed
to be n. So, no trouble to verify the complexity on particular
given instances when there will be a program.
Best wishes,
Stas Busygin
email: [EMAIL PROTECTED]
WWW: http://www.busygin.dp.ua
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 9 Oct 2000 21:36:48 GMT
David Eppstein <[EMAIL PROTECTED]> wrote:
>(Scott Craver) wrote:
>
>> While there are bad polynomials like (n+2)^10000000 and good
>> exponentials like n^1/1000000000, these just don't happen.
>
>You meant 2^{n/10^9}, right?
Oops, sorry.
>I think one undesirable outcome of the whole emphasis on P=good NP-P=bad
>has been a lack of attention to algorithms with exponential time bounds, an
>area where algorithmic improvements can make a big practical difference.
Indeed.
>David Eppstein
-S
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI - Answers to Major Questions
Date: 9 Oct 2000 21:34:55 GMT
<[EMAIL PROTECTED]> wrote:
>
>http://www.neato.com/default.asp?goto=Articles/neatonicks.asp
I'm surprised he's so optimistic about quality. These
watermarked clips, it seems, will have more than one mark in
them, including a fragile watermark (a pattern which will be
removed by compression, so that an SDMI device can determine
if a track ever was MP3-compressed.)
That can add up. And they might have to up the strength
if it turns out that one watermarking scheme destroys or
weakens another (it does happen.)
>-- Nick Appleby
>NEATO-nicks at NEATO.com
-S
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The science of secrecy: Simple Substition cipher
Date: Mon, 09 Oct 2000 21:15:41 GMT
On Sun, 8 Oct 2000 23:24:48 +0100, "KK" <[EMAIL PROTECTED]> wrote, in
part:
>
>Dear group,
>Channel 4 (UK) are running a series of 'The science of secrecy'
>and after the show mentioned a cipher competition on thier website
>www.channel4.co.uk/nextstep. The message uses a substition cipher
>where the letters are pared ie if cT 'A' = pT 'T' then cT 'T' = pT 'A'.
>
>The problem is i cant make sense of the last line.
>Can anyone help?
>
>-TIA-
>
>Cipher:
>Iroho awg genoirtms tm iro iemo
>ez irtg meio irwi swko no showi
>jmowgtmogg. (Poiioh 'P')
>'Iro Sepx Qjs' qc O.W. Leo
'The Gold Bug' by E.A. Poe
>Plaintext:
>There was something in the tone
>of this note that gave me great
> uneasiness. (Letter 'L')
>????????????????????????????
The last line was the attribution for the quote, from one of the
famous short stories ('The Adventure of the Dancing Men' by Arthur
Conan Doyle is another) that illustrates the solution of a simple
substitution cipher.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Looking Closely at Rijndael, the new AES
Date: Mon, 09 Oct 2000 21:17:35 GMT
On Mon, 09 Oct 2000 12:41:53 -0600, John Myre <[EMAIL PROTECTED]>
wrote, in part:
>That doesn't sound very much like the techniques in the
>paper. Are you sure about this?
Not at all: I've downloaded the two papers, but haven't looked at them
yet. However, while you may need to ask Brian Gladman which IBM patent
he was thinking of, as it was an IBM patent that related to
enciphering modes - and a very useful enciphering mode at that - I
thought it was likely to be relevant.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Looking Closely at Rijndael, the new AES
Date: Mon, 09 Oct 2000 21:22:34 GMT
On Mon, 09 Oct 2000 21:17:35 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>On Mon, 09 Oct 2000 12:41:53 -0600, John Myre <[EMAIL PROTECTED]>
>wrote, in part:
>>That doesn't sound very much like the techniques in the
>>paper. Are you sure about this?
>Not at all: I've downloaded the two papers, but haven't looked at them
>yet. However, while you may need to ask Brian Gladman which IBM patent
>he was thinking of, as it was an IBM patent that related to
>enciphering modes - and a very useful enciphering mode at that - I
>thought it was likely to be relevant.
Having looked at the paper, I see that I was entirely mistaken, but
Brian Gladman is correct: the paper ends with a section 4 announcing
that these new schemes, invented by Charanjit Jutla of IBM, are the
subject of IBM patent applications.
I'm afraid our only hope is if David A. Scott's Wrapped PCBC turns out
to be prior art...
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
