Cryptography-Digest Digest #198, Volume #13 Tue, 21 Nov 00 14:13:00 EST
Contents:
Re: vote buying... (David Wagner)
Re: Going to NESSIE (Mack)
Sad News (Bob Silverman)
Re: "unsecure data structures" ? (Paul Crowley)
Re: Randomness from key presses and other user interaction (Mack)
Sad News (Bob Silverman)
Re: Total $ spent on voice encryption (Mack)
Re: Question regarding OS's. (Mack)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: More about big block ciphers (Manuel Pancorbo)
Re: simple proof (Mike Rosing)
Re: A Simple Voting Procedure (Paul Rubin)
Re: Total $ spent on voice encryption (Thomas Kellar)
Re: More about big block ciphers (Tom St Denis)
Re: Sad News (Tom St Denis)
Re: Proof of posession ([EMAIL PROTECTED])
Re: "unsecure data structures" ? (Bob Silverman)
Re: "unsecure data structures" ? ([EMAIL PROTECTED])
Re: simple proof (Tom St Denis)
Re: XOR: A Very useful and important utility to have (Tom St Denis)
Re: A Simple Voting Procedure (David Schwartz)
Re: More about big block ciphers (Tom St Denis)
Re: vote buying... (Shawn Willden)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: vote buying...
Date: 21 Nov 2000 16:13:20 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Jeffrey Williams wrote:
>Although I'll point out that voting in person doesn't prevent fraud.
But it does deter _large-scale_ fraud more effectively.
And, in most elections, only large-scale fraud is a real threat.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 21 Nov 2000 16:16:12 GMT
Subject: Re: Going to NESSIE
I'm back ....
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Sad News
Date: Tue, 21 Nov 2000 16:12:43 GMT
I am very sorry to have to announce that Rich Ankney passed
away on Sunday as the result of an accident in his home.
I am trying to find out his home address and will post more details
as I receive them.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: "unsecure data structures" ?
Date: Tue, 21 Nov 2000 16:22:03 GMT
Bob Silverman wrote:
> It is a dictionary attack; a different beast altogether.
There's no explicit mention of where the key material is coming from in
the article, but I guess you're making the reasonable assumption that
it's a passphrase (or some other low-entropy source).
> In this case, all an attacker need do is to encrypt
> 2^32 * 12 * 6 * (however many different values there are for the other
> variables)
> different possible messages and then see which one matches the
> ciphertext. i.e. the analyst guesses the possible different fields.
I'm loath to disagree with you, but I don't think the large random
number will necessarily frustrate the attack. For example, if they use
RC4 or OFB or CTR mode, they can seek straight to the data they plan to
check. Or there may be predictable content elsewhere in the archive
that CFB or CBC mode would show up. The legitimate program has to have
a way of knowing whether the passphrase used was correct, and this
method will be open to the attacker.
Instead, dictionary attacks should be made more difficult with key
stretching:
http://www.counterpane.com/low-entropy.html
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 21 Nov 2000 16:26:50 GMT
Subject: Re: Randomness from key presses and other user interaction
>
>Mack wrote:
>
>> But the thread was about the user interaction. There was
>> already a thread on oscillators.
>
> If timing keystrokes mines oscillator entropy, then it's a good source
>of entropy. If it doesn't, it may or may not be. You posted the original
>message, read it again.
>
> DS
>
The user key entry if properly limited does provide more entropy than
the oscillator skew. But as I said user entropy is probably limited to
about 54 bits / minutes.
As another branch pointed out. If the user can just hold down a key
then all of the entropy available is from the clock skew which is at most
a couple of bits per minute.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Sad News
Date: Tue, 21 Nov 2000 16:17:43 GMT
I am very sorry to have to announce that Rich Ankney passed
away on Sunday as the result of an accident in his home.
I am trying to find out his home address and will post more details
as I receive them.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 21 Nov 2000 16:54:30 GMT
Subject: Re: Total $ spent on voice encryption
Basic reason ...
Voice lines are generally buried
literally.
Data connections are generally
via the internet.
Tapping voice lines is actually easier
than tapping an internet connection but
not for someone 1000 miles away.
And most companies don't like the FBI
listening in either. Not because they have
something to hide but because if they are
investingating they will find something.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 21 Nov 2000 17:12:47 GMT
Subject: Re: Question regarding OS's.
>Thanks very much for telling me...
>I always wanted to try out unix...since I am
>running nt4 right now. I have used linux a
>little bit and I like what I am seeing.
>Juri
>
>Juri <[EMAIL PROTECTED]> wrote in message
>news:x92S5.660712$[EMAIL PROTECTED]...
>> Hello,
>> I am just curious, why OS do you, cryptographers, use?
>> Windows, Linux, Unix or something else?
>> If Unix, what distributor of Unix? Thanks very much.
>> Juri
>>
>>
>
NT4 is more stable than Win2k plus there are more drivers.
Linux is very nice for programming work.
Win98 does better multimedia.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:44:03 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > But I really didn't want to get into another round of refuting
> > arguments from lack of imagination. I really wanted an answer to my
> > question -- do you have an objection to a system where an election
> > official and a voter can, with mutual consent, establish how a voter
> > voted and whether his vote was correctly tabuluated for the candidate he
> > voted for?
>
> Yes, I object to that. I've already told you that at least three times,
> and explained the reason.
You've only answered the question where it's without the voter's
consent. You haven't answered the question if it's WITH the voter's
consent.
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:43:28 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > They can do that now. The Captain can insist you present a photograph
> > of yourself filling out the ballot. Of course, you may not have made a
> > photograph.
>
> No he can't (unless you voted by absentee ballot). You normally vote
> in an enclosed voting booth and cameras are not allowed in the polling
> areas. Also, we're assuming the election was honestly conducted and
> the Captain didn't come into power until sometime later.
Exactly. Same with receipts, after all, you may not have kept yours,
and the Captain doesn't come into power until sometime later.
> In most states, absentee voting is nominally permitted only if you're
> unable (not just unwilling) to vote at the polls, but more and more
> people are voting absentee just as a convenience (avoid standing in
> line etc). This is bad.
I agree. That's why we need to come up with better voting schemes.
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:46:50 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> >[EMAIL PROTECTED] wrote:
> >> Captain of the Guard comes knocking on your door, points a gun at your
> >> head and politely requests your assistance is solving whether or not
> >> you voted a particular way. If you voted wrong he'll shoot you, if you
> >> refuse to cooperate he'll shoot you. I personally would not want it to
> >> be possible to forcibly coerse someone like that. Also if you cannot
> >> prove how you voted, someone cannot reliably buy your vote.
> >
> > They can do that now. The Captain can insist you present a photograph
> >of yourself filling out the ballot. Of course, you may not have made a
> >photograph.
>
> But people today don't routinely take such photographs.
> In your proposal, people would routinely generate such receipts.
> This makes a difference. After-the-fact attacks are important to
> defend against.
Yes, but the receipts are anonymous and you can always present someone
else's if you want.
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:47:47 -0800
Jon Haugsand wrote:
>
> * David Schwartz
> > Your answer didn't address my question about whether an official could
> > or couldn't pair a vote with the voter WITH THAT VOTERS HELP. I don't
> > think an oppressive regime could count on its opponents help!
>
> But it can count on its supporters. If all supporters reveale their
> votes, what's left is... (Negative information is also information.)
Sure, but you can do that now, I guess. If you can really count on
everyone who voted for you telling you who they are, anyone who doesn't
tell you didn't vote for you. And what stops me from presenting someone
else's voting receipt?
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:45:46 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> > Your answer didn't address my question about whether an official could
> >or couldn't pair a vote with the voter WITH THAT VOTERS HELP.
>
> Yes it did! See the vote buying thread. If a voter can reveal
> his vote, he can sell his vote...
Who said a voter could reveal their vote?
> If revealing a voter's vote is an extremely public process, then
> this may deter vote buying. But special precautions surely have
> to be taken.
Absolutely. For one thing, there could be no way to pair a receipt with
a particular person, and there could be a number of dummy receipts
issued (an equal and known number for each candidate). Also, all the
receipts could be made publically available as part of the results of
the election. That way, I can as easily provide your receipt as mine if
anyone ever asks for it.
What the receipt does do, however, is allow me to ensure (if I wish to)
that my actual vote is among the roster of votes for a particular
candidate.
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 09:46:23 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> > Now, the question I'm asking is, is there any objection to a system
> >where the voter and an official can, with mutual consent, determine how
> >the voter voted?
>
> Yes. Vote buying.
You can buy votes now if you trust the voter to consent, so this
changes nothing.
DS
------------------------------
From: Manuel Pancorbo <[EMAIL PROTECTED]>
Subject: Re: More about big block ciphers
Date: Tue, 21 Nov 2000 18:02:58 GMT
In article <8vdneg$959$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <8vdg9j$48m$[EMAIL PROTECTED]>,
> Manuel Pancorbo <[EMAIL PROTECTED]> wrote:
> >
> > <answer> This apply when x is 8-bit and S acts on 8-bits words. But
in
> > this case x is 32-bit and there is 4 8bit-sboxes; so the
intermediate
> > rotation is usefull. </answer>
>
> <smarteranswer>Consider any difference that has input/output under 5
> bits and is in the lsb position.</smarteranswer>
Ok. Suppose such an input unit (4 bytes)
OO OO OO OO
Then we change a single bit
OO OO OO O.
Let's consider the action of F-function. The XOR opperation doesn't
diffuse. But the first box substitution diffuses the change to a full
byte.
OO OO OO XX
Then <<< 4 is applied
OO OO Ox xO
A new box substitution...
OO OO XX XX
plus an implicit <<< 8
OO XX XX OO
So a single bit change in the input affects the output in 16 bits. Last
XOR S1 doesn't matter.
If we follow also the change in the S1 state unit (G-function):
input ^ output
OO XX XX O.
Substitution
OO XX XX XX
>>> 4
xO Ox XX XX
So 24 bits are affected in the S1 state unit.
Because S1 state unit acts as S0 for the following unit let's follow
the diffusion through the packet.
Next unit process. Input ^ S0 (old S1):
xO Ox XX XX
Substitution
XX XX XX XX
... and so on.
Conclusion: a single bit change in the i-th plaintext unit affects 16
bits in this ciphertext unit and 32 bits in the (i+1)-th one. This is
the propagation mechanism, is this really so difficult to understand?
Because there is other cipherpass that goes backwards, it "harvest" all
the diffusion produced before in the forward pass and put it in the
final i-th ciphertext (and in (i-1)-th...).
See this two testpackets, encrypted with the same key, with single bit
difference.
Plaintext packet:
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Ciphertext packet:
833a9b70 f7e503fb 52b5c09c 6f385e05
ae3f32cc d784f9ea a047fa2d 213c2974
80324b09 45e327d5 73a37a4b 6136f9f9
a4f4472c 8ffac8b7 3829e34b a8439523
402fb0f8 e2d523cb aa277c5f f059e110
7933804e 6bef7826 14f41501 9db65bf6
4bdcaae2 d74915df 904c64f4 4654a35d
7cfc2e62 370c681f 6a0c3afe 7b0f3bd2
=======
Plaintext packet:
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 20000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Ciphertext packet:
22fc4c75 f0960a0b f8cffb43 03f6cdb6
edf3d5a5 d27c8cb8 4fe03c6a cd2f6164
bf35cf6d adabcc95 f5fa4e1b 29205553
f5a0d7d8 80736a4b 8bd9c139 f4eeebe8
e900e20a b5cb8de1 e66242c3 6887166b
82ab2986 fc8817e1 cfaa3cea e24c464e
106a58e7 36d9fa5c 547dc651 4947d246
5712460e b6298bdb fb821a22 6b47be3c
>
> > Of course the mixing is not complete but the cipher is not only its
> > stream engine but the way this is applied on the packet. Please
take a
> > glance at the source code (bfly.c).
>
> If the mixing is not 'complete' then your diffusion is hardly "ideal".
>
If you don't understand now how diffusion is attained, I can't help you
much more. The fact is that diffusion is close to ideal (under
statistic point of view) and it can be measured easily.
Manuel Pancorbo
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: simple proof
Date: Tue, 21 Nov 2000 12:10:14 -0600
Gregory G Rose wrote:
> Write the equations on a piece of paper using
> special electrically conductive ink. Make sure you
> use cursive writing, as separate printed characters won't
> work properly. Draw a thick closed line around the
> equations.
>
> Now mount a very large rotating magnet above the
> piece of paper. A field of a couple of Tesla
> should work. Make sure it rotates fast, say
> 2000RPM.
>
> If you've done it right, the paper will burn up,
> proving the results by induction.
Best homework proof I ever heard of! It does prove
you're an engineer Greg :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 21 Nov 2000 10:25:20 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> > > But I really didn't want to get into another round of refuting
> > > arguments from lack of imagination. I really wanted an answer to my
> > > question -- do you have an objection to a system where an election
> > > official and a voter can, with mutual consent, establish how a voter
> > > voted and whether his vote was correctly tabuluated for the candidate he
> > > voted for?
> >
> > Yes, I object to that. I've already told you that at least three times,
> > and explained the reason.
>
> You've only answered the question where it's without the voter's
> consent. You haven't answered the question if it's WITH the voter's
> consent.
I thought that was what I answered. Yes, I object if there's any way
to establish after an election how a voter voted, with or without the
voter's consent. How many times do I have to repeat this?
------------------------------
From: Thomas Kellar <[EMAIL PROTECTED]>
Subject: Re: Total $ spent on voice encryption
Date: Tue, 21 Nov 2000 13:26:55 -0500
On 21 Nov 2000, Mack wrote:
[..]
> Data connections are generally
> via the internet.
The company I work for had a large private data network long before
Internet became popular and has a large private data network still (frame
relay) that is central to their data communications. Internet is not
really used at all. I am sure that most large companies have the same.
Thomas
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: More about big block ciphers
Date: Tue, 21 Nov 2000 18:18:47 GMT
In article <8vedcb$s8d$[EMAIL PROTECTED]>,
Manuel Pancorbo <[EMAIL PROTECTED]> wrote:
>
> Ok. Suppose such an input unit (4 bytes)
>
> OO OO OO OO
>
> Then we change a single bit
>
> OO OO OO O.
>
> Let's consider the action of F-function. The XOR opperation doesn't
> diffuse. But the first box substitution diffuses the change to a full
> byte.
>
> OO OO OO XX
Must the entire byte change? (hint hint hint hint!)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Sad News
Date: Tue, 21 Nov 2000 18:20:29 GMT
In article <8ve6tj$m5q$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> I am very sorry to have to announce that Rich Ankney passed
> away on Sunday as the result of an accident in his home.
>
> I am trying to find out his home address and will post more details
> as I receive them.
I'm afraid I don't know who he is, perhaps we could best grieve the
loss through remembering who he was?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Proof of posession
Date: 21 Nov 2000 10:37:50 -0800
[EMAIL PROTECTED] (Matthew Skala) writes:
> Well, verifying that a file is correct can't really be done until after
> it's all downloaded. We could improve things a little bit by having the
> authority sign chunks of the file, and then the receiver can verify each
> one as soon as it's downloaded before bothering to download the rest.
> But that's limited by how big we're willing to make the signatures, an
> attacker could cause a whole lot of annoyance by giving out all the
> chunks except the last one, and it sure looks like it's the best we can do.
The Freenet project (freenet.sourceforge.net) uses a similar idea.
Files are stored and addressed by hashes. So if you get an address
from a trusted source (like, from a web page of someone you trust) you
can have confidence that the downloaded file is the one he directed
you to.
Furthermore the hash is a streaming one so that you can check each
unit of the download to make sure it is valid. You don't have to wait
until the whole file is downloaded to find out if it matches the hash.
The worst a cheater can do to you is to give you a truncated version
of the file. Then in principle you could just look for the remainder
somewhere else, like resuming an aborted FTP transfer, so you haven't
been harmed much by the cheater (although Freenet doesn't currently
support resuming downloads).
The weakness of this system is learning the hash in a secure way, and
they have been discussing using some kind of cryptographic signatures
to link hashes to meta-data like artist and title for MP3 music. This
would be done using a web of trust model rather than a centralized
source as the goal of Freenet is to avoid centralization.
> Is there a way to prove posession of a *large* secret, with a *small*
> public key? I'm guessing that there may be a simple information theoretic
> proof that this is impossible, but I'd be interested to hear anyone else's
> thoughts on it.
Just do a standard proof of knowledge of a secret, but using a public
RSA modulus N whose factorization is unknown to anyone (recent papers
have shown various efficient ways for cooperating groups to construct
these, or you can just do it in a box and blow it up after it spits
out the modulus). Your private key is the large secret. This is
effectively the same as the secret mod phi(N), but since no one knows
phi(N) you have to store the whole secret. Now let the public key be
g^secret mod N for some appropriate g. Engage in a proof of knowledge
of the discrete log of the public key and you prove that you know the
secret.
Of course this doesn't prove that you'll actually deliver the secret
on demand...
Ob
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: "unsecure data structures" ?
Date: Tue, 21 Nov 2000 18:26:12 GMT
In article <[EMAIL PROTECTED]>,
Paul Crowley <[EMAIL PROTECTED]> wrote:
> Bob Silverman wrote:
> > It is a dictionary attack; a different beast altogether.
>
> There's no explicit mention of where the key material is coming from
in
> the article, but I guess you're making the reasonable assumption that
> it's a passphrase (or some other low-entropy source).
Yes. If the entropy in bits of the passphrase * number of different
possible plaintexts is small then this is a lot easier than bruteforce.
> I'm loath to disagree with you, but I don't think the large random
> number will necessarily frustrate the attack. For example, if they
use
> RC4 or OFB or CTR mode, they can seek straight to the data they plan
to
> check. Or there may be predictable content elsewhere in the archive
> that CFB or CBC mode would show up. The legitimate program has to
have
> a way of knowing whether the passphrase used was correct, and this
> method will be open to the attacker.
Yes. I had failed to think about this last point.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "unsecure data structures" ?
Date: 21 Nov 2000 10:43:43 -0800
Bob Silverman <[EMAIL PROTECTED]> writes:
> Correct. But what we have here ISN'T a known plain text attack.
>
> It is a dictionary attack; a different beast altogether.
>
> In this case, all an attacker need do is to encrypt
> 2^32 * 12 * 6 * (however many different values there are for the other
> variables)
>
> different possible messages and then see which one matches the
> ciphertext. i.e. the analyst guesses the possible different fields.
> This is far less computation than any other known method of
> attack.
????
Encrypts under WHAT KEY? Are you assuming the attacker knows the key?
Gee, in that case I think I know an easier attack... like, how about
just decrypting the message with the key?
Ob
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: simple proof
Date: Tue, 21 Nov 2000 18:39:11 GMT
In article <8vbfs5$dqv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Let's say that we have a function, such that
>
> f(n) = Sum{i =0, n-1} 2^i
>
> how can we show these two:
> one:
> f(n) = f(n-1) +2^(n-1)
>
> second:
> f(n) = 2f(n-1) +1
>
> any suggestion for a good start
For starters review your math textbook chapter. Second post in a math
oriented group such as sci.math or alt.math.
BTW the first F(n) = F(n-1) + 2^(n-1) is very easy to prove (just
expand the F(n) logically).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: XOR: A Very useful and important utility to have
Date: Tue, 21 Nov 2000 18:40:44 GMT
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> XOR: A Very useful and important utility to have
>
> A few people in this news group said any XOR program is less than
> useless.
<snip>
Mr Szopa,
Do you know how to use a newsreader? I just realized that your OP was
cross-posted to about five different NG's ... Try picking only *one*
group to focus on.
Geez. And we are suppose to trust your software when you don't even
know how to use your computer? Hmm not likely!
Tom
p.s XOR POWER!
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 10:48:51 -0800
Paul Rubin wrote:
>
> David Schwartz <[EMAIL PROTECTED]> writes:
> > > > But I really didn't want to get into another round of refuting
> > > > arguments from lack of imagination. I really wanted an answer to my
> > > > question -- do you have an objection to a system where an election
> > > > official and a voter can, with mutual consent, establish how a voter
> > > > voted and whether his vote was correctly tabuluated for the candidate he
> > > > voted for?
> > >
> > > Yes, I object to that. I've already told you that at least three times,
> > > and explained the reason.
> >
> > You've only answered the question where it's without the voter's
> > consent. You haven't answered the question if it's WITH the voter's
> > consent.
>
> I thought that was what I answered. Yes, I object if there's any way
> to establish after an election how a voter voted, with or without the
> voter's consent. How many times do I have to repeat this?
Well, what you're saying is meaningless anyway, since every system will
allow you to establish how a voter voted with their consent. After all,
you can simply ask them.
DS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: More about big block ciphers
Date: Tue, 21 Nov 2000 18:45:05 GMT
In article <8vee9t$t85$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <8vedcb$s8d$[EMAIL PROTECTED]>,
> Manuel Pancorbo <[EMAIL PROTECTED]> wrote:
> >
> > Ok. Suppose such an input unit (4 bytes)
> >
> > OO OO OO OO
> >
> > Then we change a single bit
> >
> > OO OO OO O.
> >
> > Let's consider the action of F-function. The XOR opperation doesn't
> > diffuse. But the first box substitution diffuses the change to a
full
> > byte.
> >
> > OO OO OO XX
>
> Must the entire byte change? (hint hint hint hint!)
Ok to clarify. My point is let's say I change the lsb
00 00 00 0.
And after the sbox look up we get a change in only one/two/three/four
of the lsb bits...
00 00 00 0.
And after the rotate <<<4
00 00 00 .0
And in the next round we find a difference .0 -> 0. etc...
So I could very easily form a change of differentials that only involve
one sbox. Given you are using the sboxes from Rijndael they are
bounded by a max prob of 4/256... so my attack on a single F(x) call
(both layers of substitution) will work with a probability of no more
then 16/65536 (or 2^-12). In theory though the "weak diffusion" will
occur with much higher frequency (note my 2^-12 is a differential
attack and not a form of diffusion modelling).
So nadadadada!
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Tue, 21 Nov 2000 11:51:30 -0700
David Wagner wrote:
> In comparison, some others have proposed to move the entire system
> -- in every state -- to a system where every vote is at the same risk
> of fraud as is found in absentee ballots. That, to me, represents an
> increase in the exposure to the risk of large-scale voting fraud.
Oregon has already done this. All voting in Oregon is done by mail.
Shawn.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
