Cryptography-Digest Digest #136, Volume #13 Fri, 10 Nov 00 15:13:01 EST
Contents:
Re: voting through pgp (Tom St Denis)
Photons, polarization and quantum crypto ([EMAIL PROTECTED])
Re: MY BANANA REPUBLIC (Ichinin)
Re: Hardware RNGs (Terry Ritter)
Re: Rijndael and PGP ([EMAIL PROTECTED])
Re: MY BANANA REPUBLIC ("ajd")
Re: Photons, polarization and quantum crypto ("Paul Lutus")
Re: MY BANANA REPUBLIC (SCOTT19U.ZIP_GUY)
Re: MY BANANA REPUBLIC (Tom St Denis)
The Freedom to Communicate the Power to Protect ([EMAIL PROTECTED])
Help - Microsoft CryptoAPI and SDK ([EMAIL PROTECTED])
Re: Request for code (Tom St Denis)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 18:57:51 GMT
In article <ydXO5.191030$[EMAIL PROTECTED]>,
"binary digit" <[EMAIL PROTECTED]> wrote:
> Imagine if everyone had pgp in the world and voted through pgp, every
single
> vote could be verrified and everyone would be happy, and there
wouldnt be
> this problem that is going on now in florida
Um, yes there would be the same problems possible. I could fake the
key server, I could post fake votes, I could intercept votes, etc...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.optics,sci.physics
Subject: Photons, polarization and quantum crypto
Date: Fri, 10 Nov 2000 19:05:15 GMT
Hi folks,
I just finished reading Simon Singh's excellent "The Code Book", about
the history of cryptography and cryptanalysis. At the end, he describes
the principles of quantum cryptography in which the polarization state
of single photons is used to convey information. Specifically, they
would be used to transmit cryptographic keys used for decrypting
messages. It is stated that this method is absolutely secure in part
because interception of the photons and measurement of their
polarization states is impossible without changing the state
(Heisenberg) and thus alerting the proper receiver that someone has
stuck their hand in. There are other elements of the system, including
a method by which the proper receiver makes measurements (still changing
the state), but is able to deduce along with the sender what the key
should be. The important point, however, is the above general method, as
well as the concept that what is needed are 4 possible polarization
states: vertical, horizontal, 45 degrees left, 45 degrees right.
I have thought of one method by which such a system might indeed be
subject to attack/interception without changing the states
*sufficiently* to alert either sender or receiver.
Suppose photon 1 comes along with a given but unknown (to
the interceptor) polarization. The interceptor places a half-wave plate
in the path. Classically at least, the polarization state will be
rotated by twice the angle between the half-wave plate optic axis and
the photon polarization direction.
During this interaction, a torque is imparted on the plate in order to
preserve angular momentum. Now, this torque may be vanishingly small,
but *hypothetically* I propose that it could be measured. Furthermore,
the magnitude of this torque would be proportional to the angle between
the photon polarization. Thus, one could know, certainly to within 90
degrees, what the state of the photon was just prior to entering the
plate. If the photon was lined up with the optic axis, there would be
no rotation and no torque. If it was at 45 degrees there would be a 90
degree rotation and some torque. If it was at 90 degrees, there would be
180 degrees rotation and the maximum torque.
Following the first half-wave plate would be another, identically
aligned half-wave plate. This would then reverse the effects of the
first plate, leaving the photon in its initial state, or at least very
close to its intitial state.
My questions to you, gentle readers who are more versed in quantum
mechanics, are:
Will a single photon indeed be rotated by a half-wave plate (or any
retarder). Classically one thinks/speaks of the plate introducing a
phase shift between orthogonal components of a light beam, which in turn
is part of the classical explanation for any of the various states of
polarization. What about one photon?
Assuming that indeed a single photon may have its polarization direction
altered in such a manner, can the torque be detected? If so, perhaps it
cannot be detected without changing it. Also, passing through the
wave-plate may not impart an exactly 2 theta rotation to the photon, at
least not as compared to its original polarization direction. The 2
theta would be exact only as compared to the half-wave plate optic axis
*after* it has rotated slightly to zero-out the net angular momentum of
the system. But for the cryptographic system, 90.000000001 degrees is
just as good as 90.0000000000000000 degrees.
I reiterate that I am not well versed in QM. This is the reason I am
writing. Is this idea dumb?
Thanks very much for your opinion on this.
Spencer
Spencer Luster, Owner
Light Works -- Creative Optical Devices
333 N. 14th Street
Toledo, OH 43624
Phone: 419-534-3718
FAX: 419-534-3717
e-mail: [EMAIL PROTECTED]
http://www.LW4U.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: Tue, 07 Nov 2000 11:34:13 +0100
Mok-Kong Shen wrote:
> ... then the election could just as well be replaced by casting
> a die, like in lottery.)
How about hashing the results and using it as a constant
for a PRNG, then MOD 2'ing the result:
if (P == 0) - Bush wins.
if (P == 1) - Gore wins.
(Please, Xor this from from sci.crypt, 95% of the world don't
give a crap about the Us election.)
--
Ichinin (.SE)
"Anything-over-IP-&-802.11"-Solutions provider.
===============================================================
NOTE: EMAIL ADDRESS IS FOR SPAMMERS, IT WILL BOUNCE REGARDLESS.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Hardware RNGs
Date: Fri, 10 Nov 2000 19:25:53 GMT
On Fri, 10 Nov 2000 11:21:02 -0500, in
<[EMAIL PROTECTED]>, in sci.crypt Steve Portly
<[EMAIL PROTECTED]> wrote:
>--------------F797E294A3E8B40E82A9FB2C
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>
>> >> >An assembly language call to int 13 takes a different amount of time than a
>packet arrival.
>> >> >The key is to find the minimum time period that will always produces at least
>one bit of
>> >> >entropy.
>> >> >Since 1995 CPU frequency wander and system jitter have become a source of
>entropy.
>> >> >
>> >> >http://www.ednmag.com/ednmag/reg/1995/070695/graphs/14dfcfga.htm
>> >> >
>> >> >With my crude analysis I found that it takes about 40 microseconds to get a bit
>of entropy.
>> >>
>> >> I for one would like to see the details of that analysis.
>> >>
>
>I am sure you would laugh, it was very crude. I timed interrupt thirteen, eight
>times summing the
>significant digits of each time stamp and dividing by two to create bits. Xored 2
>bytes together
>to roll up entropy. I tested the distribution by dividing different samples by 2,
>8, 256 and
>noting how evenly distributed they were. Naturally the results showed a lot of 9's
>in the larger
>samples, and the distribution didn't swing one way or the other more than about a
>hundred any way I
>sliced it. Xoring three bytes together didn't flatten the distribution any further
>that I could
>see, of course my sample size never was larger than a gig. [This should give you a
>rough
>idea].
OK, so you have a measurement technique, and having collected some
numbers, they seem to have a good distribution.
The first problem with this is that finding a good distribution does
not imply unknowable randomness. For example, statistical random
number generators (RNG's) have "entropy" only in the sense that a
particular seed is selected from among all possible seed values. Yet
these very same RNG's produce a good distribution and pass many
statistical tests.
While we are on the topic, the term "entropy" is misused in various
ways. For example, in the classic information theory sense, an
entropy value can be computed from the probability of sequence values.
Clearly, we can compute the same sort of "entropy" for sequences from
statistical RNG's and the "entropy" seems to accumulate without end,
when the only uncertainty is the value of the original seed. The
problem here is that classic "entropy" does not deal with correlations
within sequences, and statistical RNG's are often completely
correlated. In dealing with "really random" or "physically random"
generators, the "entropy" we want is the minimum amount of information
which can re-create the sequence we get. If all we have to do is to
find the original seed, we may not have much "entropy" at all.
The next problem is in measurement: Unless we know we have a source
of unknowable entropy, we otherwise confront a complex, deterministic
digital system which may in fact just be a larger version of a
statistical RNG. And the seed may be essentially the same upon every
startup.
Suppose we have a circular array of numbers, and skip a fixed number
of places each time (as might occur in periodic sampling): the result
we get may seem random. But of course this is not very random at all
if we know the placement of the numbers and the sampling period. In
fact it may be quite like a Linear Congruential Generator (LCG), one
of the simplest possible statistical RNG forms, which has essentially
no strength at all, because we can develop the internal state from the
sequence itself.
Yet another problem is in knowing what is being measured. As far as I
know, Int 13 looks like disk operations. Disk access times will
depend upon the current track, the desired track, the current angular
position, the desired angular position and so on, but we can easily
imagine tracking the current disk track and predicting angular
position over time. [We almost need to select track and sector "at
random," since modern disks have on-board caches which will be far
more deterministic.]
As the CPU or other resources are used by other routines (other tasks,
interrupts or memory refresh), they are not available for counting or
recognizing "done," which can produce random-like values which can
seem complicated, but these effects are still the result of
deterministic processes. In cryptography, we have seen many, many
things which seem complicated at first, but which in the end turned
out to be not too complicated after all. The problem here is that
none of this variation is based on unknowable quantum values.
The last issue is the attempt to concentrate entropy before we know
whether such exists. It is easy to take a non-entropic statistical
RNG sequence and decimate it or combine it in various ways so that it
measures better, but that does not make such a sequence harder to
create (we assume the Opponents know what we are doing), it just makes
it harder for us to understand. We cannot hope to see the weakness in
a sequence which has been confused "to collect entropy." But just
because we cannot see a weakness does not make the sequence strong.
>> >> ---
>> >> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
>> >> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>> >
>> >It all boils down to how long it takes you to roll up enough entropy to satisfy
>your needs.
>>
>> First of all, an exponential wait will kill you. To collect the next
>> bit of the difference between oscillator frequencies, you must wait
>> twice as long as you did for the last bit. Just how long do you think
>> this can possibly be a reasonable source?
>>
>
> The entropy is roughly the same for each 20 microsecond interrupt timing.
>I agree that Xoring bytes together is going to give you diminishing returns.
>The point that needs to be proven or not is whether the initial quality of raw data
>has enough
>entropy to be usable. My tests were too small to prove this obviously. Your site
>has some very
>good links, and I think following the back button link on the electronic daily news
>magazine would
>give some additional insight.
First of all, we cannot prove the amount of the sort of entropy we
want by measurement. No measurement and no statistical tests can tell
us that no complex but predictable relationship exists between values.
As far as I know, the *only* way to at least minimize the possibility
of trouble (from sequences which look unpredictable but are not) is to
use a source of quantum randomness. Various options are available,
but I prefer noise because we can in practice measure this with close
to the expected theoretical distribution, thus validating the source.
Noise is also cheap, and relatively fast.
We can and do see a confusing form of "jitter" in which one periodic
process samples another, but if we know the frequency and the sampling
period, we can predict most of this. This is pretty much the same as
watching two gears with different numbers of teeth, each driven on the
edge from the same shaft. The gears rotate at different rates, and
yet are absolutely correlated to the drive shaft. If we use a
particular tooth on one gear to sample the "number" of the top tooth
on the other, we can get an apparently "random" sequence. But this
sequence is absolutely predictable.
In electronic sampling, we do have tiny noise-jitter variations in
"gear size." So that *IF* the sampling occurs within picoseconds of
making a different "tooth" selection, the noise could push us into a
different value. Or it could hold us back. Or it could create a
metastability that will last for a while. But cycles (our "teeth
size") are in 10's of nanoseconds, while the noise is in picoseconds.
So not one measurement in 1,000 could be affected by noise jitter, we
get at most a bit, and to even show we have done that we must first
predict the alternate value to picosecond precision. Noise-jitter is
a transient effect; it does not affect subsequent cycles from the same
oscillator, and so does not "add" so we can measure it easier.
The problem is that we do not have a clean two-gear system. We seek
to measure hardware events to picosecond precision with software, in a
software environment. Unfortunately, multitasking jitter, interrupt
jitter, refresh jitter, disk jitter and on and on, are vastly, vastly
larger effects. So we end up measuring those effects, which are
essentially deterministic, and then claiming that what is being
measured is really quantum noise.
I am very aware of oscillator noise jitter, and most comments about it
have been way off base. Noise jitter becomes important in precision
communications systems because it tends to spread the RF signal. It
has thus lately caused a lot of discussion in the trade rags, but that
does not apply to us. Noise jitter is not cumulative over time; it is
instead a bipolar normally-distributed instantaneous effect. It will
be in the picosecond range, does not add so that we can detect it with
coarse measurement, and so cannot be measured by software loops on a
conventional computer in the presence of a tasking OS, interrupts and
refresh. Oscillator noise jitter is just way, way off the map.
One uncertainty is oscillator drift, but this is a small effect, which
is generally constant change over hours, and which is generally
repeatable anyway.
>
>--------------F797E294A3E8B40E82A9FB2C
>Content-Type: text/html; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
><!doctype html public "-//w3c//dtd html 4.0 transitional//en">
><html>
>
Please turn off your HTML for posting to newsgroups. Thanks.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Rijndael and PGP
Date: Fri, 10 Nov 2000 19:31:38 GMT
[snip commentary on my misspelling/pun]
While I had decided I was going to let this one be for a while. I can't
resist any more. Yes I do have a weird sense of humor. Yes I am
perfectly capable of creating really nasty puns. However, this one in
particular was unintentional. Basically, if I was going to insult ds in
such a way, there are so many better ways, the most fun of course would
be calling him D/s. I'm fairly sure he won't understand it, so he won't
know whether or not to ask for more.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "ajd" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: Fri, 10 Nov 2000 14:34:36 -0000
Are we a republican by any chance Scott?
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Runu Knips) wrote in <[EMAIL PROTECTED]>:
>
> >"SCOTT19U.ZIP_GUY" wrote:
> >> For those of you not in the US let my explain.
> >> The Clinton machine has decided to make GORE president.
> >> Many elctions in my country are rigged. Chicago Daly city
> >> is famous for having rigged elections. They use to have
> >> a saying. In chicago the dead not only vote they vote
> >> many times.
> >> Apparently they didn't stuff enough ballots in FLorida.
> >> They obviously added or exchanged more ballots in the last
> >> recount. But You can bet your sweet ass the longer it takes
> >> to recount the democrats will perfect the stuffing until
> >> Gore wins. Cheating is a way of government in my country.
> >> But we have the balls to tell everyone else how to run an
> >> election. By the way the democrats desinged the ballot
> >> there bitching about.
> >> THe next recount if necessary will be desinged to give it
> >> to GORE.
> >
> >If the elections in Florida would have been rigged, the
> >result would be CLEAR. Or the people which manipulated
> >it are very incompetent losers.
>
> It is rigged it is run by democrats. For Dalys kin is just
> not as good as rigging elecltion as it is in Chicago.
> But its not over and I feel the crooks will still win.
> They know have to readjust the count to wait for the
> military ballots to come in so that the proper final
> adjustments can me made.
>
> >
> >And if the US would have a reasonable election system,
> >Gore would be president now anyway.
> >
>
>
> If the US had just laws Clinton and Gore would both
> be rotting in prison right now. Instead as Jay Leno says
> the confusion is giving the Chinese trouble of where to
> send their payola checks. The election system to quite
> fair. IF it was on pure majority vote. Rural areas would
> have no say in our government at all. Also the effect of
> rigged elections would be far greater. At least now the
> crooks need to fix the ballots in more than one place,
> but that may change if they get there way.
>
> >Just my 0.02$ of logic ...
> >
>
> While you 2 cents ain't worth much. My 2 cents thinks
> people in Germany may be seeing great parallels as to
> historical events in your own country.
>
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Paul Lutus" <[EMAIL PROTECTED]>
Crossposted-To: sci.optics,sci.physics
Subject: Re: Photons, polarization and quantum crypto
Date: Fri, 10 Nov 2000 19:44:31 GMT
<[EMAIL PROTECTED]> wrote in message news:8uhgt6$efb$[EMAIL PROTECTED]...
> During this interaction, a torque is imparted on the plate in order to
> preserve angular momentum. Now, this torque may be vanishingly small,
> but *hypothetically* I propose that it could be measured. Furthermore,
> the magnitude of this torque would be proportional to the angle between
> the photon polarization. Thus, one could know, certainly to within 90
> degrees, what the state of the photon was just prior to entering the
> plate.
You managed to miss the point of the original text. If you observe the
photon sufficiently to make this statement about it, you have collapsed its
wave function and this eavesdropping can be detected.
To say it simply, if you find out what state the photon has, you have
harvested the photon -- its wave function has collapsed.
> Following the first half-wave plate would be another, identically
> aligned half-wave plate. This would then reverse the effects of the
> first plate, leaving the photon in its initial state, or at least very
> close to its intitial state.
"Very close" isn't good enough. You've detected the photon's state. This is
like trying to detect which slit the single photon goes through in the
classic two-slit experiment -- the detection prevents the effect to be
measured.
--
Paul Lutus
www.arachnoid.com
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: 10 Nov 2000 19:53:29 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <3A0C2DC6.338715A2@t-
online.de>:
>
>
>Runu Knips wrote:
>>
>> If the elections in Florida would have been rigged, the
>> result would be CLEAR. Or the people which manipulated
>> it are very incompetent losers.
>>
>> And if the US would have a reasonable election system,
>> Gore would be president now anyway.
>
>I can't see how the current US election has anything to
>do with crypto, excepting that the system is probably void
>of any 'security' which however as a general topic could
>be claimed to concern our group. (In a previous thread
>quite a time ago I learned that there is nothing to
>prevent anyone in US to give more than one vote through
>going to different voting locations, there being no
>identity cards or registrations to rigourously control the
>voters. If that is indeed true -- I don't exactly know --,
>then the election could just as well be replaced by casting
>a die, like in lottery.)
>
>M. K. Shen
Actually your right. In El Paso anyone can register to vote.
The problem is that many mexicans who are legal residents can't
vote but when an election comes they don't know they can't vote.
I suspect Florida it's the same way I would not be surprised that
many of the democrat votes came from non citizens who don't even
know they can't vote. I voted in the early election. I could go to
one of many places. And was never asked to show identifaction at
all. All they want was me to sign my name and address. I could of
said I was a neighbor or I could have voted at many places. The
US really does give a shit how they run the elections. My wife
from mexico who I would not let vote was shocked how easy it was
for me to vote. In Mexico they are a lot more careful these last
few years. We in the US could learn a lot from the last MExican
election. The problem is the deomcrats will most likely win and
since they count on the ignorant masses with no education many
of whom are felons and not citizens the system will not change
for the better if it changes at all. Oh I do have a registration
card anyone can get one. But I was never asked to show it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: Fri, 10 Nov 2000 19:54:45 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> For those of you not in the US let my explain.
> The Clinton machine has decided to make GORE president.
> Many elctions in my country are rigged. Chicago Daly city
> is famous for having rigged elections. They use to have
> a saying. In chicago the dead not only vote they vote
> many times.
> Apparently they
> didn't stuff enough ballots in FLorida. They obviously
> added or exchanged more ballots in the last recount. But
> You can bet your sweet ass the longer it takes to recount
> the democrats will perfect the stuffing until Gore wins.
> Cheating is a way of government in my country. But we have
> the balls to tell everyone else how to run an election. By the
> way the democrats desinged the ballot there bitching about.
> THe next recount if necessary will be desinged to give it
> to GORE.
This "posting" has no bearing on sci.crypt whatsoever. Why not move
your political rants to another group please?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: The Freedom to Communicate the Power to Protect
Date: Fri, 10 Nov 2000 19:52:48 GMT
http://www.winvista.com
Electronic Officedocument Protection Interface� from WinVista�
represents the next generation of enterprise content protection,
providing a range of author-configured controls that stay with a
document throughout the information lifecycle, from composition to
distribution to iteration and propagation to termination.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Help - Microsoft CryptoAPI and SDK
Date: Fri, 10 Nov 2000 19:51:26 GMT
I just started using Microsoft and used CryptAcquireContext() to
acquire a context, using NULL as a default CSP (Service Provider),
however, this method never succeeds. Do I need to load additional
SDKs to support this?
Any help will be appreciated.
David Su
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Request for code
Date: Fri, 10 Nov 2000 19:53:35 GMT
In article <loXO5.191032$[EMAIL PROTECTED]>,
"binary digit" <[EMAIL PROTECTED]> wrote:
> ok asshole, how do you know he has to do this for homework, what if
he just
> wants to learn how to use crypto++ library, and just because hes
using MSVC
> doesnt mean he's developing a app that will have a gui, he could be
writing
> a console app. Instead of being so arrogant you could have simply not
even
> responded to the post cause you had nothing good to say to him anyway.
Well his post was OT. Anyways....
If he wants to learn how to use Wai Dai's library, why doesn't he ask
him directly?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
