Cryptography-Digest Digest #146, Volume #13 Sun, 12 Nov 00 21:13:00 EST
Contents:
ElGamal signature scheme and Digital signature Standard ("Jesper Stocholm")
Re: ElGamal signature scheme and Digital signature Standard ("Jesper Stocholm")
Re: On an idea of John Savard (Tom St Denis)
Re: Security of Norton YEO (Your Eyes Only) ("A [Temporary] Dog")
Re: monoalphabetic cipher (Seven-of-nine)
Re: voting through pgp ("John A. Malley")
Re: On an idea of John Savard (John Savard)
Re: help with website (Tom St Denis)
Re: Book recommendation, please (David A Molnar)
Re: RC6 Question (Scott Contini)
Re: Book recommendation, please (Dido Sevilla)
Re: Rotor Machines and Alan Turing the father of modren cryptography (Scott Contini)
Re: Q: Rotor machines (Scott Contini)
Re: Book recommendation, please (Paul Crowley)
Re: "Secrets and Lies" at 50% off (Nomen Nescio)
----------------------------------------------------------------------------
From: "Jesper Stocholm" <[EMAIL PROTECTED]>
Subject: ElGamal signature scheme and Digital signature Standard
Date: Sun, 12 Nov 2000 14:25:19 +0100
Hi all,
I am looking for some research-articles about the ElGamal signature Scheme and DSS
(not articles
with a more "point-by-point run-thru"-approach).
Can you give me some pointers in which direction to look ?
Jesper
--
You're fired ... :-)
------------------------------
From: "Jesper Stocholm" <[EMAIL PROTECTED]>
Subject: Re: ElGamal signature scheme and Digital signature Standard
Date: Sun, 12 Nov 2000 14:32:45 +0100
"Jesper Stocholm" <[EMAIL PROTECTED]> wrote in message
news:8um5o9$76h$[EMAIL PROTECTED]...
> Hi all,
>
> I am looking for some research-articles about the ElGamal signature Scheme and DSS
>(not articles
> with a more "point-by-point run-thru"-approach).
>
> Can you give me some pointers in which direction to look ?
>
I found the DSS on nist.gov, so I'll try go walk my way thru that ... the issue with
ElGamal still
remains unsolved, however ... :o(
/Jesper
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: On an idea of John Savard
Date: Sun, 12 Nov 2000 23:18:59 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> I remember that John Savard has mentioned in discussions on
> articles of others that the rounds (or cycles) of two different
> block ciphers may be interleaved. In my view this is indeed
> a very remarkable and useful generalization of the common
> multiple encryption through concatenation of the two ciphers
> and can be easily done in case of software implementations.
> It may be observed that, using additionally a suggestion of
> mine to permute the round keys of a block cipher, an extremely
> huge number of different constellations (to be chosen by some
> additional key material) may be thereby obtained. For, if the
> two ciphers have m and n rounds (or cycles) respectively, then
> there are (m+n)! different permutations of these. Of course,
> one can trivially generalize the scheme to the case with more
> than two block ciphers.
If you mean to interleave the rounds of one cipher with another I
strongly suggest against this. Some ciphers such as RC2 or MARS only
work well if used in a particular fashion because of the directed
avalanche affect caused by unbalanced data networks.
Generally I do not think multiple encryptions or "permutations on the
encryption" are good ideas. Just add more rounds or use a better
cipher.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "A [Temporary] Dog" <[EMAIL PROTECTED]>
Subject: Re: Security of Norton YEO (Your Eyes Only)
Date: Sun, 12 Nov 2000 18:45:50 -0500
On Sat, 11 Nov 2000 19:13:50 -0500, [EMAIL PROTECTED] painted a
red bull's eye on his forehead, ascended the altar of Fluffy and
shouted:
>Does anyone know of any security issues with Norton YEO? I know that the
>encryption methods that they use are good, but I'm wondering if there are any
>known bugs or if they left in a backdoor.
>
>Thanks,
>
>Brad
I uninstalled YEO several years ago, and currently use Scramdisk to
preform the main function of YEO. While the choice of algorithms in
YIO was adequate (RC-4, RC-5, DEC, 3DES or 128 bit Blowfish) Scramdisk
also supports a variety of algorithms and, for me at least, worked far
better then YEO.
see http://www.scramdisk.clara.net/
Other programs worth having are Pgp, and Puffer
http://cryptography.org/getpgp.htm
http://www.briggsoft.com/
--
- A (Temporary) Dog |"Intelligent, reasonable
The Domain is *erols dot com* |people understand that -
The Name is tempdog |unfortunately, we're dealing
http://users.erols.com/tempdog/ |with elected officials"
Put together as name@domain | - name withheld
------------------------------
From: Seven-of-nine <[EMAIL PROTECTED]>
Subject: Re: monoalphabetic cipher
Date: Mon, 13 Nov 2000 00:23:38 GMT
In the past, to make monoalphabetic ciphers harder, I have used
digraphs and homophones. Are you sure that the plaintext is in English?
I've been caught out that way before. Some of the frequencies may be
the same, but nothing makes sense. Sorry if I'm being too simplistic.
Seven
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Sun, 12 Nov 2000 16:45:53 -0800
David Wagner wrote:
>
> Ok, I see. Witnessing helps with authenticating voters. But it doesn't
> help me if my computer has been silently infected with an "Election Day"
> virus which secretly changes my vote. (Crypto can't help if one of the
> endpoints is not trustworthy.) So it's not a silver bullet, but it still
> seems like it could be useful. Right?
Right. The witnessed-act protocol or something like it could be
developed into a viable means of on-line vote taking. I don't think it
will scale well, though, as the number of witnesses increases.
Your "Doppleganger" attack with a trojan horse/virus resident on the PC
and intercepting all of the voter's actions and the actions of the other
witnesses to the voting act is wickedly insidious and worth further
study/analysis. What we've discussed in this thread cannot defend
against such an attack.
The Doppleganger sits between the voter and the other witnesses in a
"man-in-the-middle" attack role. It knows everything the voter stores
on the local machine if it has the same access rights and privileges as
the voter. It can alter or pass through anything from the voter to the
witnesses and thus the witnesses authenticate it as the true voter. It
can alter what the voter thinks s/he sees on the local machine. It can
collect all the info from witnesses used to mark the decision made by
the voter. And, it can change the value of the decision made by the
voter before making the non-malleable decision.
Most interesting. Sort of a "spot the evil twin" problem. :-)
(Vague hunch this Doppleganger attack can be transformed into a
decidability problem of some kind, and that the decidability problem is
undecidable - there is no algorithm for it.)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: On an idea of John Savard
Date: Mon, 13 Nov 2000 00:44:21 GMT
On Sun, 12 Nov 2000 23:18:59 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote, in part:
>If you mean to interleave the rounds of one cipher with another I
>strongly suggest against this. Some ciphers such as RC2 or MARS only
>work well if used in a particular fashion because of the directed
>avalanche affect caused by unbalanced data networks.
Yes, one would have to choose the particular ciphers with care.
>Generally I do not think multiple encryptions or "permutations on the
>encryption" are good ideas. Just add more rounds or use a better
>cipher.
But this is a way of constructing a better cipher. Alternating rounds
- actually, for a Feistel cipher, pairs of rounds, but I think my
suggestion with respect to SAFER+ and Rijndael is perhaps what is
being referred to - by producing a cipher with a more varied structure
makes it harder, I would think, to find the sort of things that
differential and linear cryptanalysis can exploit.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: help with website
Date: Mon, 13 Nov 2000 00:50:27 GMT
In article <8un60u$hp2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> hello,
>
> im in the process of building a website on crypto, stego, theory,
> design, attacks, current crypto laws, discussions, mathmatics, etc
> if interested please contact me at [EMAIL PROTECTED]
> thanks
>
You seem to be a newbie enthusiast and that's very good. Could you
just try not to post about the same things three times a day (I know I
am not exactly the best to talk, but....)
BTW... check out
http://www.counterpane.com/labs.html
for tons of papers/resources.
Check out Terry Ritter pages and Jon Savards pages for tons of
background and reference as well.
Good places to start.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Book recommendation, please
Date: 13 Nov 2000 00:51:54 GMT
John A. Malley <[EMAIL PROTECTED]> wrote:
> Where this my son, I'd start with just (1) "Cryptanalysis" by Helen
> Fouche Gaines and then (2) "Basic Methods of Cryptography" by Jan C.A.
> Van Der Lubbe and see what happens - gauge his appetite for the subject
> without risking "mental indigestion." And consider reading these two
I disagree. "Cryptanalysis" is a fine book, but it also covers a part of
the subject which lends itself to "mental indigestion."
At least, for me it does. It's fine to introduce him to it, but a copy
of _Applied Cryptography_ is a good idea as well.
Which do you find easier to think about - bit commitment, electronic
voting, and digital cash or the index of coincidence?
> books along with him - he's sure to have questions about the subject as
> he reads. You could explore the subject together. (Just a thought.)
Seconded. This is a great idea.
> Theory and Abstract Algebra. (In fact, Dover Publications feature many
> books on these subjects, all in paperback, most below $10 - $15 US,
> incredibly inexpensive for the density of knowledge therein!)
Seconded. I profited from an encounter with Oystein Ore's _Number Theory
and Its History_, despite the fact that the book was written before RSA.
Friends of mine have used Fraleigh's _Introduction to Abstract Algebra_
here for the "Math 101" course and liked it.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: RC6 Question
Date: 13 Nov 2000 01:10:19 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
>Vinchenzo wrote:
>>
>> In the RC6 specification one of the basics operations is defined as:
>>
>> "a<<<b rotate the w-bit word a to the left by the amount given by the least
>> significant log2(w) bits of b." What does that mean...anybody has already
>> implemented this algorithm? Please help me!
>
Here is an example for word size w = 32:
Let a be the binary value (most significant bits on the left):
1011 1001 0001 1001 0110 1010 0111 0100
Let b be the binary value:
0010 0110 1001 0101 1010 1110 0110 0101
The least significant 5 bits of b are:
00101
which represent the binary integer 5. That means we rotate a
left by 5 bits. The result is this:
0010 0011 0010 1101 0100 1110 1001 0111
As you can see, the most significant 5 bits (leftmost 5 bits) of the
input word a , which are 10111 , have moved to the least significant
5 bits (rightmost 5 bits) of the output word, and everything else has
been shifted left accordingly.
>You probably have to query the authors of RC6 why they
>choose the least significant bits of b instead of other
>bits. A possible reason is that these bits are or are
>considered to be more random. log2(2) should be clear,
>since there is no sense to rotate e.g. a 32-bit word
>by more than 31 bits and 5 bits provide that amount
>for rotation. RC6 implementation is in AES contest, if
>I am not mistaken.
>
>M. K. Shen
The reason for the least significant bits: recall before we do
the rotation, the value of b is the output of the function
(using word size w=32):
f(x) := (2*x^2 + x) <<< 5
The top 5 bits of 2*x^2 + x are, in a sense, the most random since
they depend upon all bits of x . The fixed rotate by 5 moves the top 5
bits to the least significant (low 5) bits, and they are used for the
data dependent rotate. This makes RC6 extremely resistant to differential
cryptanalysis. (The best attempts at attacking RC6 are linear cryptanalysis).
Scott
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: Book recommendation, please
Date: Mon, 13 Nov 2000 09:05:29 +0800
"[EMAIL PROTECTED]" wrote:
>
> My 16 year old son has become interested in cryptography (after
> reading Cryptonomicon). He is very computer literate, takes AP
> Computer Science in school, and does a fair amount of C++ programming
> in school and for fun. What book or books can this group recommend as
> an introduction to the science of Cryptography? I'd like to encourage
> his interest with a good introduction, without overwhelming him.
> Would Applied Cryptography by Bruce Schneier be the way to go ?
>
The problem is, your son may very well lack the proper mathematical
background to understand much of the theory that underlies cryptography,
and often not even that. Abstract algebra and group theory are
important to understand even just how an algorithm like Rijndael is to
be implemented, never mind the motivations behind its design choices.
The big problem is, most abstract algebra texts require a background in
linear algebra, and most linear algebra texts require a background in
calculus and analytic geometry. Admittedly, though, such background in
mathematics is not really required, as a well-known text in Abstract
Algebra (by John B. Fraleigh) asserts in the introduction. He says that
linear algebra and calculus are mathematical maturity prerequisites
rather than subject matter prerequisites. Maybe there is another text
out there that treats abstract algebra in a more standalone manner, or
at the very least, requires only high school level math. From my
understanding of the subject matter, it really is possible. Maybe other
people on the list can suggest another book besides Fraleigh's.
Number theory is another difficulty, and that's a prereq. for public key
cryptography. You have to go quite deep into abstract algebra and
algebraic field theory to understand this well. But by the time you've
studied abstract algebra properly, it shouldn't be too hard.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Rotor Machines and Alan Turing the father of modren cryptography
Date: 13 Nov 2000 01:11:49 GMT
In article <8ujcuh$rok$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>
>
>In 1939, British intelligence, with the help of Polish spies, managed to
>obtain a working replica of a new and secret coding
>machine known as Enigma. Unfortunately, the Germans changed the machine
>settings (the key) on a daily basis. The British
>equivalent of the NSA, the Government Code and Cipher School, formed a
>Top Secret group set up for the purpose of developing
>a method for extracting the daily Enigma key from the morning messages,
>or traffic. Alan Turing, a brilliant mathematician and
>an expert in Boolean algebra, invented a computer, the Turing Bombe,
>which accomplished this feat. The first encrypted messages
>obtained in the morning with the new daily key (machine settings) were
>fed into the Bombe and when the relays quit clicking a
>clerk would read out the new key (machine settings), and then check it
>on a replica of the Enigma machine. The key was then
>passed on to other clerks using working replicas of the Enigma machine,
>who would decrypt the German messages as they came
>in for the rest of the day.
>
>Turing derived his mathematical logic functions from a knowledge of the
>internal electrical logic of the Enigma, then designed the
>Bombes (the first special purpose digital computers) to do an automated
>key extraction attack. When the daily key had been
>derived, it was passed on for decryption with a standard Enigma machine.
>The Bombes did not do exhaustive searches (of all possible keys), as
>some writers have suggested. Instead, by deriving Boolean functions for
>the rotor key set logic, the first messages of the day provided the
>input to test for only "logical" key sets with the "illogical" sets
>skipped
>altogether.
>
>This is very much the basis of modren day cryptography as practiced by
>the "Pros". Much of the Work of Alan Turing has been secret and
>confidential and never published to this day.
>
>
Let's not overlook the contributions of the Polish! It was Marian Rejewski
and his two assistants that first showed that Enigma had weaknesses that
could be exploited by the application of group theory. They also built
the first bombe!
Scott
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Q: Rotor machines
Date: 13 Nov 2000 01:14:19 GMT
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
>On Fri, 10 Nov 2000 22:44:20 +0100, Mok-Kong Shen
><[EMAIL PROTECTED]> wrote, in part:
>
>>I remember having seen elsewhere several people claiming to
>>have good computer simulations of rotor machines. If the
>>rotors are not for the normal natural language alphabet but
>>for a larger alphabet of 256 characters (8-bit ASCII) and if
>>there are a fairly large number, say 16 or more, of rotors,
>>how easy is it nowadays to crack such a system with computers?
>
>That depends. A simple rotor system, where the rotors move in odometer
>fashion, won't be saved by having 256-contact rotors or 16 rotors,
>since the isomorph method could still be used.
>
>Let the rotor wirings be a function of the key and IV; let the motion
>of the rotors be controlled by something like RC4; then you'll have a
>system strong enough to withstand modern attack, I think.
>
>>P.S. A recent article of F. L. Bauer noted that, according
>>to dpa, Prince Andrew, who presented on 18th Sep an original
>>Enigma to the prime minister of Poland, Jerzej Buzek,
>>stressed that the crypto experts of the Allies would not
>>have broken the encryption of the German military, had there
>>not been the help from the Polish scientists.
>
>This is true, although it might seem debatable. The British made many
>advances, and accomplished impressive feats beyond anything the Poles
>had done. But they might never have gotten started without the Polish
>contribution.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
John,
Can you give me a reference that gives the mathematical details of how
the British broke Enigma? I have a brilliant article written by
Rejewski which shows what the Polish did. I'm interested in something
similar to that which describes what the British did. Thanks,
Scott
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Book recommendation, please
Date: Mon, 13 Nov 2000 01:17:33 GMT
Dido Sevilla wrote:
> The problem is, your son may very well lack the proper mathematical
> background to understand much of the theory that underlies cryptography,
> and often not even that. Abstract algebra and group theory are
> important to understand even just how an algorithm like Rijndael is to
> be implemented, never mind the motivations behind its design choices.
> The big problem is, most abstract algebra texts require a background in
> linear algebra, and most linear algebra texts require a background in
> calculus and analytic geometry.
Eek. Don't take fear: I understand how Rijndael works pretty well, and
I didn't tread this terrifying course. My understanding of those parts
of mathematics that involve real numbers is pretty weak, and I don't
think I even know what analytic geometry is.
Everything I know about abstract algebra comes from Green's "Sets and
Groups". Well, nearly everything; Galois fields I only understand from
this newsgroup and private emails...
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Nomen Nescio <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Mon, 13 Nov 2000 02:30:10 +0100 (CET)
In article <8umrp8$bb7$[EMAIL PROTECTED]>
[EMAIL PROTECTED] (Bill Unruh) wrote:
>
> In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Stuart Krivis) writes:
>
> ]I vote that David A Scott be henceforth banned from Usenet. He's as bad as
> ]that Sternlight guy that hangs around the encryption groups and has a
> ]woodie about pgp.
>
> Actually Sternlight has not been heard from in a long long time. Hope he
> is OK.
He hasn't been OK for years. Maybe his caregiver can give us a
report. Most recently he's claiming to be an environment expert
as an "energy economist" and still telling everyone he has a PhD
and closing his posts with the usual putdown. Not much progress
on his inferiority issues.
He wrote this below.
>George Gilder is a distinguished economist and economics
writer, who knows
>what he is talking about. I, too, am expert in this subject,
and most of the
>objections below to Gilder's piece are sheer nonsense, largely
due to
>ignorance.
>
>For example, that China has an exemption from the Kyoto treaty
does not in
>any way reduce the loading on the atmosphere as they
industrialize and load
>the planet; to the contrary, because of the exemption they
have little
>incentive to husband the relevant resources.
>
>That Global temperatures were HIGHER 1000 years ago suggests
that the
>current fear, which is due to absolute temperature increases
and not
>incremental increases as the rejoinder suggests, will not
"destabilize" the
>planet. Ice melts at an absolute temperature and not an
incremental
>difference, for example, and since New York wasn't under water
in the year
>1000, nor come to that coastal Europe, the present "chicken
little" story of
>the world's coastal cities being inundated due to anticipated
global warming
>is simple nonsense. Just so with most of the exaggerated fears.
>
>David Sternlight, Ph.D.
>
>and yes, I'm a REAL energy economist, unlike most of the
poseurs who
>pronounce on this topic.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
