Cryptography-Digest Digest #933, Volume #12 Sun, 15 Oct 00 20:13:01 EDT
Contents:
Re: Is it trivial for NSA to crack these ciphers? ([EMAIL PROTECTED])
Re: Problem in Message Digest ([EMAIL PROTECTED])
Re: SDMI - Answers to Major Questions ("Paul Pires")
Re: Is it trivial for NSA to crack these ciphers? (CiPHER)
Re: CRC vs. HASH functions (Mack)
Re: A newbie in block ciphers (Dido Sevilla)
Re: ECDSA ("Jesper Stocholm")
Re: Is it trivial for NSA to crack these ciphers? (David Wagner)
Re: ECDSA (Roger Schlafly)
Re: Is it trivial for NSA to crack these ciphers? ("John A. Malley")
Re: A new paper claiming P=NP (default)
Re: On block encryption processing with intermediate permutations (Bryan Olson)
Re: SDMI - Answers to Major Questions (Mack)
pseudo random test (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Try This One (Jim)
Re: Bored with AES? SHA-256/384/512 spec now out! (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sun, 15 Oct 2000 18:55:41 GMT
Stephen M. Gardner <[EMAIL PROTECTED]> wrote:
> What do you suppose keeps bright young mathematicians working in an
> environent in which they cannot share their insights freely with
> others? What do you suppose the impact on their creativity is? How
> long do you suppose it takes for such an environment to turn a bright
> young scholar into a government drone or drive them away? Oh, did I
> mention how the bright young person has to suffer a periodic foray into
> his sex life, what substances he consumes recreationally, an who he
> associates with by some cynical and jaded "security wonk" with a
> cold-war stick up his butt? Do the best and brightest put up with that
> for long?
If we assume that the NSA is significantly ahead of the private
sector, the inability to publish is more than offset by the access to
information noone else has. I suspect that if you told anyone they
could read every file the NSA has, provided they never discussed them
later, most people would leap at the chance.
On the other hand, if they're on par with the open community, the
inability to publish is offset for many people by the ability to
accomplish meaningful work without having to deal with publishing! ;)
Saving lives, and the ability to work against the best advesaries the
rest of the world has to offer are strong motivations.
As to the intrusion into your private life, the private sector is not
doing much better in that particular case. The current trend in many
companies is mandatory drug testing, immediate dismissile for smoking
on or off the premisis at some places, etc.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Problem in Message Digest
Date: Sun, 15 Oct 2000 19:02:35 GMT
Joyce <[EMAIL PROTECTED]> wrote:
> I would like to digest a message. However, a compile error is prompted:
> Error #: 362 : cyclic inheritance involving class
> java.security.MessageDigest at line 30, column 43. It indicates that there
> is an error in MessageDigest.getInstance("MD5", "CryptixCrypto").
> Please kindly tell me what's going wrong.
Where should we start? ;)
1. This is sci.crypt, not comp.lang.java so the entire message is way
off base.
2. Use of the sun.* packages in production code is a Bad Idea(tm).
3. You can do the same thing with approximately 10% of the code by
using MessageDigest.getInstance("MD5"). That saves you the _entire_
cryptix library, and probably runs faster to boot.
And if I had to guess, the first place I'd look is that you're adding
the provider correctly.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: SDMI - Answers to Major Questions
Date: Sun, 15 Oct 2000 12:06:57 -0700
David A Molnar <[EMAIL PROTECTED]> wrote in message
news:8sapp2$qtc$[EMAIL PROTECTED]...
> Scott Craver <[EMAIL PROTECTED]> wrote:
> > Alas, I do research in the field of watermarking and watermarking
> > attacks, and my ears are pretty crummy. Plus I have to do most of
> > my work in a room with big loud fans.
>
> Can't you just find some music majors on campus and use them as guinea
> pigs (I'm assuming their ears are relatively good)? Maybe you could even
> get a psych major to set up and run experiments as a thesis topic, thus
> saving you the trouble...
It's already been done.
Although not as fun, there are better uses for students than scientific
experiment :-)
Audio professionals are
A, pre-selected to be talentened.
B, trained and experienced to recognise and inderstand what they hear.
The one I know is astounding.
Paul
>
> -David
------------------------------
From: CiPHER <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sun, 15 Oct 2000 19:23:40 GMT
In article <[EMAIL PROTECTED]>,
"Stephen M. Gardner" <[EMAIL PROTECTED]> wrote:
> What do you suppose keeps bright young mathematicians working in
> an environent in which they cannot share their insights freely with
> others? What do you suppose the impact on their creativity is?
Woah, wait a minute there bub, it is common throughout _all_ areas of
mathematics whether commercial, academic or governmental for
mathematicians to withold disclosing their research for many many
years. All for many different reasons...
I don't think it's fair at all to say that one is more open than
another. Especially in the field of cryptography, let alone any other
branch of maths (most of which are equally as bad when it comes to
internal secrecy).
--
Marcus
---
[ www.cybergoth.cjb.net ] [ alt.gothic.cybergoth ]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: CRC vs. HASH functions
Date: 15 Oct 2000 19:58:18 GMT
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mack) wrote:
>> >Mack wrote:
>> >
>> >> CRC's are generally best for:
>> >>
>> >> 1) compressing entropy free from outside influence.
>> >
>> >That one is debatable. Noise (the part we want in this
>> >application) that appeared largely in multiples of the
>> >CRC polynomial would be very surprising, but not
>> >inconceivable.
>> >
>>
>> No more inconceivable that noise would produce a collision
>> in a secure hash function. Various CRC polynomials have
>> varying degrees of probability of "Noise" interacting badly.
>> For primitive polynomials that are dense the probability is
>> low.
>
>That's for noise fitting some specific model. The
>actual probability depends on the source, and we
>don't usually know the true distribution of noise
>on a given channel.
>
>> Most MD style Hash functions use some sort of CRC type
>> polynomial on the front end so this is an issue there as well.
>
>Not true. SHA-1 has the W buffer up front, but the effect
>is nothing like a CRC. In particular, the W-buffer
>operations are reversible, so it alone never induces
>collisions. MD-2 actually tacks on a checksum (good thing
>too), but it's not on the front end; it's appended in the
>back.
>
The W buffer in SHA-1 acts very much like a CRC.
The use of the W buffer however hides that fact. The
addition of the S (rotate) only changes the actual polynomial
not the fact that it behaves like a CRC.
In SHA-256 an ADD 32-bits is used which makes the operation
non-linear in GF(2)
>
[snip of the parts I agree with you on]
>
>--Bryan
>--
>email: bolson at certicom dot com
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: A newbie in block ciphers
Date: Mon, 16 Oct 2000 04:28:34 +0800
mac wrote:
>
> Hello
>
> I'ma a newbie in encryption looking for some URL's, maybe textbooks covering
> encryption, practical uses of encryption and block ciphers like Rijndael.
> Please care to help a beginner.
Well, you can download the Handbook of Applied Cryptography (ISBN
0-8493-8523-7) by Menezes, Oorschot, and Vanstone in PDF or PostScript
format at http://www.cacr.math.uwaterloo.ca/hac/. One of the best books
on cryptography around is Bruce Schneier's Applied Cryptography (ISBN
0-4711-2845-7). Secrets and Lies by the same author (ISBN
0-4712-5311-1) is a good layman's description of the pitfalls and
problems in the application of cryptography, what it can do and what it
can't.
Read back issues of the Crypto-gram newsletter at
http://www.counterpane.com/crypto-gram.html. I once spent several days
going over all of these articles, which are incredibly interesting
reading if you care about cryptography, privacy, and computer security
in general. Vincent Rijmen (one of the authors of the soon-to-be-AES
algorithm) and Lars Knudsen (one of the authors of another second round
AES candidate, Serpent) maintain a Block Cipher Lounge at
http://www.ii.uib.no/~larsr/bc.html that tracks new block ciphers and
cryptanalysis of them. The sci.crypt FAQ should also give you a lot of
other pointers, although it looks like it hasn't been seriously updated
in a while, the last revision was in 1996, and it shows. For instance,
part 7 of the FAQ would have you think that MD4 and MD5 are the state of
the art in hash functions, while they are most certainly not, as many
people on this list could tell you.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: "Jesper Stocholm" <[EMAIL PROTECTED]>
Subject: Re: ECDSA
Date: Sun, 15 Oct 2000 23:06:50 +0200
"Jesper Stocholm" <[EMAIL PROTECTED]> wrote in message
news:8sap74$1ks$[EMAIL PROTECTED]...
> I am working with ECDSA for the moment, and currenty I am studying the paper
> by Alfred Menezes (et al) at
> http://cacr.math.uwaterloo.ca/~ajmeneze/publications/ecdsa.ps
>
> But I would like some other information (from other sources) as well - about
> the mathematical background of ECDSA/ECC. Can you give me some pointers in
> the right direction ?
>
> Thanks,
>
also: I know, that ECC is based on the intractability of the discrete log. problem,
but I need the
proof of that. I do not seem to be able to find any mathematical proofs of this.
Help on that will also be greatly appreciated ...
/Jesper
Denmark
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: 15 Oct 2000 22:03:01 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Stephen M. Gardner wrote:
> It's true that I cannot prove beyond a shadow of a doubt that the NSA and
>the open community are roughly equivalent. My intuition tells me however that
>secrecy hinders good science.
Secrecy need not hinder good science if the NSA has many more cryptologists
working in secret than the rest of the world has working in the open.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: ECDSA
Date: Sun, 15 Oct 2000 15:05:28 -0700
Jesper Stocholm wrote:
> also: I know, that ECC is based on the intractability of the discrete log. problem,
>but I need the
> proof of that. I do not seem to be able to find any mathematical proofs of this.
The private key is the EC discrete log of the public key. If
that problem is easy, then ECC is worthless. This is not the
ordinary discrete log problem in a field, but an analogous
problem in a special group.
You probably want the converse. That if the EC discrete log problem
is intractable, then ECC is secure. There is no known proof.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sun, 15 Oct 2000 15:58:21 -0700
"Stephen M. Gardener" wrote:
>
> "John A. Malley" wrote:
>
[snip]
>
> The Manhattan Project was a very special circumstance. Because of the war
> and the fact that the Nazis stupidly drove much of the European physics
> community into exile the critical mass of research shifted very lopsidedly to
> the Manhattan project. It should also be remembered that all of the scientists
> in the Manhattan Project had been entirely formed outside of the secret labs.
> There was no inbreeding. The NSA crowd is extremely insular in comparison.
> How long would a wag like Feynman last at NSA?
>
> > Bletchley Park in England during World War II (cryptanalysis of
> > state-of-the-art crypto systems, some of the first programmable
> > computers) is another example.
>
> These WWII era analogies are suspect because of the entirely different
> conditions today.
>
> > I won't argue the morality of the innovations, only the fact that these
> > significant bursts in applied mathematics and applied physics and
> > engineering fit your billing. Significant strides without significant
> > peer review, publication or openness.
>
[snip]
> To compare the Manhattan
> Project to the NSA is to neglect the stultifying role of huge
> self-perpetuating bureacraties and the invigorating effect of having a world
> menacing evil to work against in a relatively short term and exciting project.
>
Qualifiers and caveats and non-sequitors about Feynmann don't alter the
answer to the original question -
"What could possibly make me think that a group of scientists working in
secret, whose membership is restricted by security clearance (and
therefore not optimized for exceptional ability) could accomplish more
than a larger group of scientists working in the open and thus subject
to wider peer review?"
We saw three historical examples of situations meeting the conditions
described and resulting in significant advances without significant peer
review, publication or openness. (I disagree with the assertion that
security clearance disallows optimizing for exceptional ability.)
Your response illuminates unspoken conditions or constraints -
preconceived notions - that silently colored the original question:
1. It's assumed the NSA suffers internal inbreeding of thought, its
researchers are extremely insular.
2. It's assumed the NSA operates in a different intelligence situation
than that of the WWII/Bletchley Park period.
3. It's assumed the NSA is stultified by huge self-perpetuating
bureaucracies.
4. It's assumed the NSA never addressed world-menacing evils that
required relatively short term and exciting responses.
Given published information and historical records, I agree with some of
your assumptions and and disagree with others.
Item 4: Chapter 19 of "The Code Breakers", by David Kahn (2nd edition,
C. 1996) describes the historical necessity for the NSA in the
Post-World War II, "Cold War" world - a world menaced by "evils" that
required relatively short term and exciting responses (e.g. the Cuban
Missile Crisis, the Berlin Airlift, the Korean Conflict, the Gary Powers
Incident) and long term "vigilance" - US. and Soviet relations from 1945
through the collapse of the USSR to today with Russia, and from 1949
till today with the PRC (just two examples.)
Item 2: Chapter 19 details the purpose of the NSA, its internal
organization and the mission/responsibility of each division. Compare
the intelligence situation described in Chapter 19 to the situations
described in Chapter 1 (One Day of Magic.) And read the brief but
powerfully illuminating summary (just two pages, 611-613) in Chapter 17,
The Scrutable Orientals, starting with the line "What happened to
cryptology during World War II?" The intelligence situation in the
post-war era is so similar to the WWII/Bletchley Park period I can only
say "the more things change, the more they stay the same."
Item 3: The NSA develops cryptographic systems for the US government,
trains users and then monitors US encrypted communications to ensure
these systems aren't compromised by misuse or errors (and thus helps
minimize intelligence damage to US interests.) The NSA also intercepts
and analyzes encrypted person-to-person, person-to-machine and
machine-to-machine traffic between foreign powers of interest to US
security. It conducts basic research in communications physics,
computation theory, information theory (including error models, error
correction, compression), other branches of mathematics and human
languages. Is there an internal bureaucracy? Most certainly - the NSA
traces an unbroken line back to Army and Navy organizations active
before WWII and during WWII and the U.S. Air Force after WWII.
Organizations changed, merged, split, shuffled and evolved into the NSA.
Does the NSA suffer from bureaucratic problems? YES - but no more than
any other U.S. government organization with secrecy.
Item 1: Kahn estimates there are only about 200 "real" cryptologists
inside the NSA who attack unknown or new systems (pg. 724)
Far more people are involved in all the other activities necessary to
carry out cryptanalysis - intelligence gathering, monitoring, training.
Getting into the NSA is difficult - according to Kahn only 1 out of 6
applicants makes it - and furthermore, "Earnest young scientists, who
cannot publish their highly classified work in the usual scientific
publications, satisfy their yearnings for professional recognition by
writing for the N.S.A. Technical Journal." (pg.706) And Kahn states the
turn-over rate at the NSA is a problem (also pg. 706) due to the
"oppressive" security, compartmentalization of offices, instant
dismissal without recourse to any due process. Could this lead to
insular thought and behavior? It could.
Yet Kahn points to the the prime motivators for the NSA hard core -
"patriotism and the opportunity to serve." (pg. 707)
At its birth the NSA inherited a great body of cryptological research
and findings from WWII. And NSA researchers built upon that knowledge
over the past 40 years. Parts of that progenitor knowledge became
available to the open community twenty or more years later - and some of
that work from WWII is still classified. NSA got a great "head start"
over the open cryptological community - the question is, did they keep
that head start in the environment described by Kahn? Chances are yes,
they did. Is the outside world catching up? Maybe. The NSA gets ready
access to the changes in the open research community and links it into
the larger framework of cryptological knowledge accessible to them. They
(in theory) recognize potential new directions in cryptology, applied
mathematics, applied physics faster than the open community.
It only takes a few zealots, people with a mission, to push the limits
of the envelope; organizational adepts will recognize and capitalize on
that generous, selfless behavior.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: default <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Sun, 15 Oct 2000 19:28:16 -0400
"Daniel A. Jimenez" wrote:
> >>Out of curiosity, is there a list of famous, but mistaken, "proofs" that
> >>P = or != NP (or other complexity theory results) ?
> >
> There was a paper by E.R. Swart and S.J. Gismondi being circulated a
> few years ago showing P=NP; I think the proof had something to do with
> the graph isomorphism problem, which isn't known to be NP-complete, but
> they somehow generalized the algorithm to work for the TSP. As I recall,
> a few weeks later one of the authors retracted the claim, saying the paper
> shouldn't have been released because it wasn't ready yet.
The Swart/Gismondi proof was announced on USENET. I think it
was briefly available by FTP, so may still be around somewhere...
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Sun, 15 Oct 2000 23:15:50 GMT
Mok-Kong Shen wrote:
[...]
> However (excuse me for my un-intelligence
> and poor knowledge)
No one is knowledgable or intelligent enough to both write
good messages and keep up with your rate of posting.
> I have the impression that there is a
> fundamental misunderstanding (presumably 'entirely' on my
> side) that needs to be cleared up, before I could really
> digest your stuff and attempt a sensible reply (or ask
> sensible questions on your material). You employ in the
> attack a single unique block (u,v). Does it matter much if
> you use (u,u) instead
The content of the block does not matter. Note that (u, v)
is not a special form; it just labels the first word 'u' and
the second 'v'. There is no need to use a block of the form
(u, u), but it will not impede the attack either.
> (or once (u,u) and a second time
> (v,v))?
The attack requires the same block content in every plaintext.
> If yes, why? If you do the same to the original
> block cipher as such (i.e. forgetting my scheme), do you
> have a better chance or worse chance of success?
The attack is completely inapplicable to the original
block cipher. The output blocks would all be the same.
> Could
> you please kindly say something about the 'basic' reasons
> (i.e. the 'causes') underlying the answer to that question?
The permutation gives us multiple functions. Some of them
are simple variations on each other, in the sense that they
map the same input to outputs which differ in a
not-too-complex way.
[...]
> I unfortunately fail yet to see the 'fundamental
> trick' underlying your attack in its depth that renders
> the same technique of attack simpler (having higher quote
> of success) in the presence of permutations.
Then you have not studied the attack. It obviously does not
apply without the permutations.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 15 Oct 2000 23:29:37 GMT
Subject: Re: SDMI - Answers to Major Questions
>David A Molnar <[EMAIL PROTECTED]> wrote in message
>news:8sapp2$qtc$[EMAIL PROTECTED]...
>> Scott Craver <[EMAIL PROTECTED]> wrote:
>> > Alas, I do research in the field of watermarking and watermarking
>> > attacks, and my ears are pretty crummy. Plus I have to do most of
>> > my work in a room with big loud fans.
>>
>> Can't you just find some music majors on campus and use them as guinea
>> pigs (I'm assuming their ears are relatively good)? Maybe you could even
>> get a psych major to set up and run experiments as a thesis topic, thus
>> saving you the trouble...
>
>It's already been done.
>Although not as fun, there are better uses for students than scientific
>experiment :-)
>
>Audio professionals are
>
>A, pre-selected to be talentened.
>B, trained and experienced to recognise and inderstand what they hear.
>
>The one I know is astounding.
>
>Paul
>
>
>>
>> -David
>
Well if you use the original unmodified samples
from the SDMI as a test case and
anyone thinks they sound ok
you can eliminate them as test subjects.
Those samples couldn't have sounded worse
if they were generated by the fans
instead of masked by them
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
Subject: pseudo random test
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Sun, 15 Oct 2000 23:40:00 GMT
I would like to test a RNG that I made.
Is there somewhere on the web that offer such services for free?
And/Or Could you recoment which tests should a RNG pass to be acceptable
to a cryptographically point of vue.
Thanks
Jacques
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Try This One
Date: Sun, 15 Oct 2000 23:56:59 GMT
Reply-To: [EMAIL PROTECTED]
Anyone want to try this one? It's easy.
6 93 1 62 2 6 32 1 43 74 1 5 2 6 32 74 1 43 62 1 74
23 43 1 23 73 93 7 8 1
--
Jim Dunnett
amadeus @ netcomuk.co.uk
nordland @ lineone.net
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Bored with AES? SHA-256/384/512 spec now out!
Date: Sun, 15 Oct 2000 23:53:05 GMT
On Sun, 15 Oct 2000 18:19:33 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>I don't know about _bored_, but I have now added a description of
>SHA-256 to that of SHA-1 on my site, at
>http://home.ecn.ab.ca/~jsavard/crypto/mi060501.htm
SHA-512 and SHA-384 have now been added as well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
