Cryptography-Digest Digest #173, Volume #13 Fri, 17 Nov 00 04:13:00 EST
Contents:
Re: Why remote electronic voting is a bad idea (was voting through pgp) (Tommy the
Terrorist)
Re: DES question: Has this ever been proven before? (John Savard)
Re: Why remote electronic voting is a bad idea (was voting through pgp) (Paul Rubin)
Re: Book recommendation, please ("John A. Malley")
Re: My new book "Exploring RANDOMNESS" (Niek Sprakel)
help on user authentication protocol ([EMAIL PROTECTED])
Re: My new book "Exploring RANDOMNESS" (Richard Heathfield)
Re: Anyone has read / poses / is found of book by M.Schroeder(not the (Ariel
Burbaickij)
Re: My new book "Exploring RANDOMNESS" (Ron Larham)
Re: Anyone has read / poses / is found of book by M.Schroeder(not the (Ariel
Burbaickij)
----------------------------------------------------------------------------
From: Tommy the Terrorist <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Why remote electronic voting is a bad idea (was voting through pgp)
Date: 17 Nov 2000 04:33:04 GMT
In article <8uunia$loi$[EMAIL PROTECTED]> , [EMAIL PROTECTED]
writes:
>First a protocol goes beyond just a signature. In this case the
>protocol needs to contact a central server, negotiate secrecy with the
>server, authenticate the server, transfer the vote in some commonly
>agreed upon form, and assert that the person being claimed to vote
>really did want that vote. That is the bare minimum, to meet the
>requirements set forth by constitutional law there are a great many
>more requirements. This goes so far beyond a digital signature, or
>an "electronic signature" that one can barely see it's influence.
The "secrecy" is already established, as public key encryption. I am
very suspicious that the precise "encryption" they decide to use will
be "key escrow" in particular. The key will actually be generated by
the government or a [s]TTP, and then the user will get a copy, probably
contained in a "smart card" or similar device so that he can never even
see what his secret key is. The government's public key (and those
of other [s]TTP's) will probably be delivered in the same package.
Now, I admit, those details could vary, but the point is, once you
recognize that these interactions can occur off-line, either in a
voter registration interaction (which isn't secure, but it's already
accepted anyway) or a more secure commercial context, then you
should recognize that issues of key distribution and authentication
are peripheral --- they're essentially offline interactions and not
part of the vote itself. The question is only whether a vote is
delivered to the server which has a digital signature which is
recognized as being one of the ones on the list i.e. yours, yes or
no. If secrecy is actually required it can be layered on in any way
at all -- I doubt the government will care much HOW secret your
vote is, but they certainly would have given you a key you could
use to encrypt/sign with.
Now sure, you can say that this occurs within a certain site and
the web page has to look such-and-such a way and construct a
"voting protocol" around this, but all that is clearly very doable.
The MAJOR points are that a) there is a digital signature and b)
this digital signature is connected to an ENFORCEABLE method
of making a signature. The fact that the NSA can use their copy
of the secret key to intercept and change the vote is surely not
considered a negative factor by those who will ultimately push
forward the transition to electronic voting!!!
>This conversation has dealt with many things that if you didn't even
>understand the difference between digital signature and vote protocol,
>you probably missed. There was a very large discussion about the
>confliction of the requirements of anonymity and authenticity. There
The election administration will promise your vote is "anonymous",
which will probably amount to the usual U.S. definition of secret
which is that it's available only to law enforcement personnel...
I really doubt they'll implement it in hardware, though!
Even with the current punch card ballots, it would be trivial to
place some kind of secret serial number in a watermark or even a
simpler code in the ballots, then read it later on. If you don't
give the election commission blind faith, then they're not
anonymous now and I doubt they'll be anonymous in the future.
To give you an idea of HOW not anonymous they are now, Chicago
voters (not just me, I watched other people coming out) were
actually having their punched ballot LOOKED AT by some petty
official making out election receipts which he serial numbered
by hand, which presumably people who sell their vote show to a
democratic party 'precinct captain' or the like and which would
somehow indicate that they voted the right way. I mean, the
point is, you're trying to construct a palace in the air but what
you have now is a farce and the computer voting will surely be
a worse farce than that.
>was a great deal of discussion about attempts to meet both, and how
>they have rather entirely failed to deliver one or both. There has been
>the discussion about authenticity of the vote counter (almost certainly
>the weak link) and attempting to determine if there is a solution. Etc,
Vote counter would use public key encryption, and his public key would
go to the voter at the same time that the voter's public key (and I
strongly suspect his private key) will go to or be created by the vote
counter or representative thereof.
>etc. At no point would anybody with even the slightest clue about
>security allow a signature that was so easily fraudulent as the
>electronic signature law be used in voting, it would be equivalent to
>maintaining the public polls but loosening the requirement that all you
>needed to vote was to create a name that hadn't been entered in the log
>yet.
While your opinion of the electronic signature law is almost surely
valid (I've been relying on media reports which CLAIM it will be
implemented in some more rigorous fashion, but at the same time,
I've already seen the first of the $10,000 threats for false clicking
posted at a miserable little New World Order outpost by the name of
thawte.com) --- the fact remains that almost EVERYTHING that
people will be putting or NOT putting their electronic signatures
to will be MORE IMPORTANT than their lousy vote!!!!!! Which is more
important to you, how many fees you pay the bank for your mortgage
or which of those two damned upper-class creeps wins in December?
You think that the ramshackle volunteer-run voting operations
with punched cards will end up next year demanding something
MORE SECURE than how you sign your return with the IRS? Yeah,
you're clever, and you have a lot of nice theories, but what on
Earth do they have to do with this government?
--
"Williams said the officer went to the car and found a mouse, which had
been injured and was bleeding.
The officer took the mouse to an animal hospital for treatment."
"6 Arrested in Rodent-Tossing Case", _The San Diego Union-Tribune_,
October 5, 2000
"Animal-rights groups have been watching the case and have told police
they want stiff punishment meted out, police said."
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: DES question: Has this ever been proven before?
Date: Fri, 17 Nov 2000 05:34:54 GMT
On Fri, 17 Nov 2000 04:21:22 GMT, Raphael Phan <[EMAIL PROTECTED]>
wrote, in part:
>let x and y be a pair of plaintexts to DES such that the input XOR
>is x'. Would the corresponding output pair have the same XOR
>difference?
No, but there might be a _slight_ tendency for the output pair to have
a particular XOR difference, depending on what the key is, for a
particular input XOR difference - this is how differential
cryptanalysis works.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Why remote electronic voting is a bad idea (was voting through pgp)
Date: 16 Nov 2000 22:00:40 -0800
This subject is much harder than you think. Try typing "benaloh"
and "receipt-free voting" into a search engine, to see some of the
problems and an approach to solving them.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Book recommendation, please
Date: Thu, 16 Nov 2000 22:47:34 -0800
Rex Stewart wrote:
>
> I am surprised no one suggested "Handbook of Applied Cryptography"
> Should I take that to mean it would be overkill?
>
Ron Rivest's Forward in the book describes it as "a rigorous
encyclopedia of known techniques, with an emphasis on those that are
both (believed to be) secure and practically useful." And the authors
tell us in the Preface their work "is intended as a reference for
professional cryptographers"....as well as "to provide a solid
foundation for students and others first learning the subject."
It's a must-have reference for anyone studying cryptology or conducting
research in cryptology.
But a 16 year old would benefit from exposure first to basic
introductory books on cryptology perhaps with the HAC on hand to
investigate particular questions/issues in greater depth. I assume
everyone who gets the HAC eventually reads it from cover to cover in
some chapter order that best satisfies their needs :-)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Niek Sprakel <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.logic
Subject: Re: My new book "Exploring RANDOMNESS"
Date: Fri, 17 Nov 2000 06:49:26 GMT
In article <ln1R5.81759$[EMAIL PROTECTED]>,
"Matt Timmermans" <[EMAIL PROTECTED]> wrote:
>
> "Greggy" <[EMAIL PROTECTED]> wrote in message
> news:8v21tv$eoh$[EMAIL PROTECTED]...
> > [...]
> > In fact, have you considered making the book
> > online and free to read through? I for one have no curiosity for
such
> > a book if I have to pay for it. Sounds like snake oil. Or can I
get
> > my money back if I don't think it was worth the price?
>
> Heh. Did you actually notice _who_ wrote the book?
It doesn't matter who wrote the book. If it's not published online it
can safely be ignored.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: help on user authentication protocol
Date: Fri, 17 Nov 2000 07:06:27 GMT
Hi,
I am asking your help to understand a very basic protocol for user
authentication using symmtric key encryption:
Assuming A and B share a secret which is A's hashed password. B stores
this hashed password. A can generate its hashed password at run time
from A's real password.
To run this protocol:
1. A sends its id
2. B finds A's hashed password by A's id. B then uses A's hashed
password to encrypt a random number and send the result to A.
3. A decrypts the random number with its hashed password, then uses the
random number to encrypt A's hashed password and send the result to B.
4. B will then be able to verify if this is A because B knows the random
number and A's hashed password.
Now, assuming B can securely store A's hashed password, meaning no one
can steal A's hashed password from B. Now a attacker can only attack
network to break this protocol. But is it easy to break this protocol
with dictionary attack or other methods of attack? It seems to me that
this protocol is very secure as long as B can safeguard A's hashed
password. But this also seems not to be true because otherwise DH-key
scheme would be useless.
Please let me know if I missed something here. Your comments will be
greatly appreciated.
c6ap
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 17 Nov 2000 07:46:16 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.logic
Subject: Re: My new book "Exploring RANDOMNESS"
Niek Sprakel wrote:
>
> In article <ln1R5.81759$[EMAIL PROTECTED]>,
> "Matt Timmermans" <[EMAIL PROTECTED]> wrote:
> >
> > "Greggy" <[EMAIL PROTECTED]> wrote in message
> > news:8v21tv$eoh$[EMAIL PROTECTED]...
> > > [...]
> > > In fact, have you considered making the book
> > > online and free to read through? I for one have no curiosity for
> such
> > > a book if I have to pay for it. Sounds like snake oil. Or can I
> get
> > > my money back if I don't think it was worth the price?
> >
> > Heh. Did you actually notice _who_ wrote the book?
>
> It doesn't matter who wrote the book. If it's not published online it
> can safely be ignored.
Counter-examples, all of which (IMHO) are relevant to sci.crypt:
"The Art of Computer Programming" - Knuth
"The C Programming Language" - Kernighan and Ritchie
"Applied Cryptography" - Schneier
If any of these /are/ available online, I'd be astonished (and I want
the URL!).
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: Ariel Burbaickij <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Fri, 17 Nov 2000 08:39:05 +0100
"John A. Malley" wrote:
>
> To those who read postings at Deja.com, my attempts in prior posts to
> render the capitalized sigma summation symbol cobbled together out of
> dashes and front/back slashes will unfortunately look like garbage and
> may make the post hard to read. It comes out fine on a text-based News
> reader. So if you see strange clutter be aware it's intended to be the
> summation symbol.
Let us stick to LaTeX source files ?
Regards
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
Date: Fri, 17 Nov 2000 07:59:02 +0000
From: Ron Larham <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.logic
Subject: Re: My new book "Exploring RANDOMNESS"
Niek Sprakel wrote:
>
> In article <ln1R5.81759$[EMAIL PROTECTED]>,
> "Matt Timmermans" <[EMAIL PROTECTED]> wrote:
> >
> > "Greggy" <[EMAIL PROTECTED]> wrote in message
> > news:8v21tv$eoh$[EMAIL PROTECTED]...
> > > [...]
> > > In fact, have you considered making the book
> > > online and free to read through? I for one have no curiosity for
> such
> > > a book if I have to pay for it. Sounds like snake oil. Or can I
> get
> > > my money back if I don't think it was worth the price?
> >
> > Heh. Did you actually notice _who_ wrote the book?
>
> It doesn't matter who wrote the book. If it's not published online it
> can safely be ignored.
>
> >
> >
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
plonk ..
--
Ignorance is the most delightful of the sciences ...
------------------------------
From: Ariel Burbaickij <[EMAIL PROTECTED]>
Subject: Re: Anyone has read / poses / is found of book by M.Schroeder(not the
Date: Fri, 17 Nov 2000 08:40:16 +0100
"John A. Malley" wrote:
>
> Ariel Burbaickij wrote:
>[snip]r
>
> Many higher math textbooks include abbreviated tables of primes and
> appendices of integrals, differentials, definite integrals and series.
> Some publishers print handbooks of common math formulas and tables for
> engineering, physics and mathematics (such as CRC.) If you don't have
> one yet, consider picking one up (I found mine at a used book store) -
> you'll find it's as important to engineers/physicts/mathematicians as a
> dictionary or thesaurus is to a writer.
What book would you recommend ?
>
> > hat is r.h.s.
>
> Mr. Heathfield's response in this thread covered this well, so I'll just
> reiterate the abbreviation is short hand for "right hand side"
>
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
