Cryptography-Digest Digest #199, Volume #13 Tue, 21 Nov 00 17:13:01 EST
Contents:
Re: vote buying... (Shawn Willden)
need help claasifying my progrma ("MyDimension")
Re: need help claasifying my progrma (Richard Heathfield)
Re: recurrence ("Douglas A. Gwyn")
Re: how can we show this ("Douglas A. Gwyn")
Re: A Simple Voting Procedure (David Wagner)
Re: A Simple Voting Procedure (David Wagner)
Re: vote buying... (David Wagner)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (David Schwartz)
Re: A Simple Voting Procedure (Paul Rubin)
Re: A Simple Voting Procedure (David Schwartz)
Re: [Question] Generation of random keys (Mok-Kong Shen)
Re: A poorman's cipher (Mok-Kong Shen)
Entropy paradox (Mok-Kong Shen)
Re: need help claasifying my progrma (Tom St Denis)
Legal issues for hobbiests (Steve Portly)
Re: My new book "Exploring RANDOMNESS" ([EMAIL PROTECTED])
Re: Legal issues for hobbiests (John Savard)
Re: Entropy paradox (David Schwartz)
Re: Entropy paradox (Tom St Denis)
Re: Legal issues for hobbiests (David Schwartz)
Re: Legal issues for hobbiests (Tom St Denis)
Pseudo random sequence generation for xor encryption (OTP) (Ivan Skytte
=?iso-8859-1?Q?J=F8rgensen?=)
Re: vote buying... (Jeffrey Williams)
Re: A poorman's cipher ("Michael Scott")
----------------------------------------------------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Tue, 21 Nov 2000 11:58:30 -0700
Paul Pires wrote:
> Your main point is the "Same risk as absentee ballots" the part
> that scares me most is the "in every state part". As in centralized
> control.
>
> In the US, that would also involve removing a key part of the
> separation of power between the Feds & States.
> This centralized control and coordination
> removes the impact, effect and management of the individual
> states, bad and good alike.
I don't think that "in every state" equates to centralized control.
Although the Electoral College system gets a lot of bad press, its purpose is to
ensure that it is the states, not the people (!), who select the president. Since
currently all states use popular elections to decide how to cast their electoral
ballots this fact isn't as obvious as it once was, but the EC is still doing the
job of keeping that portion of the power in the states' hands. And the EC will
continue doing that job even with electronic or mail-in balloting. If we abolish
the EC, however, we face the risk of centralizing the election infrastructure.
Shawn.
------------------------------
From: "MyDimension" <[EMAIL PROTECTED]>
Subject: need help claasifying my progrma
Date: Tue, 21 Nov 2000 19:21:31 GMT
I have created a program that encrypts using a chaotic signal instead of an
x-bit key. how can I classify this so I can export the program without
breaking export laws?
--
Brought to u by:
~~MyDimension~~
Email: [EMAIL PROTECTED]
AOL IM: mydmnsn16
It's not the long drop that scares me, it's the sudden stop at the end.
------------------------------
Date: Tue, 21 Nov 2000 19:53:11 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: need help claasifying my progrma
MyDimension wrote:
>
> I have created a program that encrypts using a chaotic signal instead of an
> x-bit key. how can I classify this so I can export the program without
> breaking export laws?
I'm tempted to suggest that you put the idea safely in your head, and
move to a free country. Then dig the idea out again and use it however
you like.
The trick is finding a free country.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: recurrence
Date: Tue, 21 Nov 2000 18:58:26 GMT
[EMAIL PROTECTED] wrote:
> That's about the 4th obvious homework problem that has been posted
> ... Have you ever thought of actually doing your own homework? What
> exactly are you in school for? To learn or to muddle through with
> others giving you the answers?
Probably, it's to obtain a (fraudulent) certificate of educational
accomplishment so they can later fool people into hiring them.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: how can we show this
Date: Tue, 21 Nov 2000 19:00:04 GMT
[EMAIL PROTECTED] wrote:
> How can we show that
> f(n) = n lg n for n even
> = n^1.5 for n odd
> ==> f = O(n^2)
> Suggestions please
It would be simpler to learn what the O-notation
means then apply it to the problem than to post and
collect other people's work.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A Simple Voting Procedure
Date: 21 Nov 2000 20:05:47 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David Schwartz wrote:
> Well, what you're saying is meaningless anyway, since every system will
>allow you to establish how a voter voted with their consent. After all,
>you can simply ask them.
You're missing the point, and you're mis-paraphrasing the poster's remarks.
After-the-fact attacks are different. Also, if a voter can prove how
they voted, that's different than if they can only make claims without
evidence to back it up.
I'd like to emphasize that this has been pointed out several times already
in this thread.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A Simple Voting Procedure
Date: 21 Nov 2000 20:07:35 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David Schwartz wrote:
> You can buy votes now if you trust the voter to consent, so this
>changes nothing.
No, that is not true. Today, I can give you money, and ask you to
vote for Bush, but I have no way of verifying whether you have done
so or not. Thus, it would be irrational for me to do so. There is
no incentive to try to buy votes.
If you introduce some way for the voter to prove which way they've
voted, that changes the equation and introduces an incentive to buy
votes and a means to verify that the person you gave money voted the
way they said they would.
(I'm ignoring absentee ballots for the purposes of this discussion,
and so should you.)
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: vote buying...
Date: 21 Nov 2000 20:09:12 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Shawn Willden wrote:
>David Wagner wrote:
>> In comparison, some others have proposed to move the entire system
>> -- in every state -- to a system where every vote is at the same risk
>> of fraud as is found in absentee ballots. That, to me, represents an
>> increase in the exposure to the risk of large-scale voting fraud.
>
>Oregon has already done this. All voting in Oregon is done by mail.
Yes, I know -- it was mentioned here little while ago -- and I think
that, from the standpoint of voting fraud, it is a step backwards, and
not something that we should try to emulate.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 12:12:57 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> > Well, what you're saying is meaningless anyway, since every system will
> >allow you to establish how a voter voted with their consent. After all,
> >you can simply ask them.
>
> You're missing the point, and you're mis-paraphrasing the poster's remarks.
> After-the-fact attacks are different. Also, if a voter can prove how
> they voted, that's different than if they can only make claims without
> evidence to back it up.
But with a receipt scheme, they can only claim that the receipt is
their receipt. They can't prove it.
> I'd like to emphasize that this has been pointed out several times already
> in this thread.
As have I pointed out that the accuracy of the vote verification scheme
directly depends upon the voter's cooperation. This is true in present
schemes and is in no way different from asking a voter how they voted.
Yet the requirements as originally stated prohibit this. What this means
is that the requirements were poorly stated.
DS
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 12:15:57 -0800
David Wagner wrote:
>
> David Schwartz wrote:
> > You can buy votes now if you trust the voter to consent, so this
> >changes nothing.
>
> No, that is not true. Today, I can give you money, and ask you to
> vote for Bush, but I have no way of verifying whether you have done
> so or not. Thus, it would be irrational for me to do so. There is
> no incentive to try to buy votes.
>
> If you introduce some way for the voter to prove which way they've
> voted, that changes the equation and introduces an incentive to buy
> votes and a means to verify that the person you gave money voted the
> way they said they would.
The thing is, the proof only works if the voter cooperates. You can
prove votes with voter cooperation now, just ask the voter. If the voter
lies or deceives, the proof will fail and result in whatever outcome the
voter wishes. In fact, if all the voting receipts are made public, I can
produce any number of receipts to prove that I voted for a particular
candidate. The point is to prove _to_the_voter_ that his vote was in
fact counted for the candidate it was supposed to be counted for.
Even though this scheme is weak, it does prevent several forms of
potential mischief. For example, if I upload my receipt anonymously,
anyone can check to make sure my receipt's code number appeared on the
list of votes for my chosen candidate. So if I have a serial number, my
vote can't be ignored.
DS
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: 21 Nov 2000 12:23:46 -0800
David Schwartz <[EMAIL PROTECTED]> writes:
> > David Schwartz wrote:
> > > Well, what you're saying is meaningless anyway, since every system will
> > >allow you to establish how a voter voted with their consent. After all,
> > >you can simply ask them.
> >
> > You're missing the point, and you're mis-paraphrasing the poster's remarks.
> > After-the-fact attacks are different. Also, if a voter can prove how
> > they voted, that's different than if they can only make claims without
> > evidence to back it up.
>
> But with a receipt scheme, they can only claim that the receipt is
> their receipt. They can't prove it.
DUH, then they can't establish how they voted.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: A Simple Voting Procedure
Date: Tue, 21 Nov 2000 12:29:43 -0800
Paul Rubin wrote:
> > But with a receipt scheme, they can only claim that the receipt is
> > their receipt. They can't prove it.
>
> DUH, then they can't establish how they voted.
Sure they can. They can, for example, take a photograph of the receipt
being printed with them in the picture and in the voting booth. Look, we
can discuss the relative merits of different schemes or we can discuss
requirements, but we really can't do both at the same time.
DS
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: [Question] Generation of random keys
Date: Tue, 21 Nov 2000 21:41:58 +0100
Alan Rouse wrote:
>
> The original post on this thread was requesting source code to generate
> a random key. I've never seen source code that could flip a coin or
> roll dice.
But you can perform the physical actions and then compute
the needed random key.
I suppose that throwing a bunch of dice is not only
mechanically more convenient than coins but also
computationally more efficient, with each die delivering
2.58 bits. It is rather simple to have a code converting
the base 6 digits to binary. (BTW, there is a historical
German-made device in the form of a violin containing
balls to generate random digits.) As to bias of the dice,
I don't think that that's overly important in the present
case. The relatively large number of throws and of the
dice involved tend to iron the bias out in the result
obtained to be satisfactory for 'practical' purposes, I
suppose. (Note also the effect of base conversion on the
binary result obtained.)
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A poorman's cipher
Date: Tue, 21 Nov 2000 21:41:49 +0100
Addendum (III)
Globally, it may be observed that, while the common block
ciphers work vertically in the sense of first attempting
to achieve as much diffusion as possible within a small
number of bits inside a block and then attempting to
achieve diffusion throughout the message via block chaining,
the simple scheme we described functions oppositely in
principle in that it works horizontally in the sense of
first attempting to achieve as much diffusion as possible
throughout the message in the individual rounds via the
block chaining mechanism and then attempting to achieve
successively better results via repeating the process in a
number of rounds. The scheme also recalls the fuzzy nature
of the boundary between stream and block encryptions. We
note that autokey is generally considered to be a stream
technique. (BTW, a two-way autokey operation has also been
used as a component of rounds of a PRNG-driven block cipher
designed by me. See my web page.) On the other hand, in
terms of block encryption, it could be named a block cipher
(with blocks of our unit of e.g. 32 bits) with non-linear
block chaining and with a (degenerate) 'null' block
algorithm. It may be remarked that the resulting very small
code size may be desirable in applications that are
extremely memory-critical.
As mentioned, the chaining value has the general form
S:= S + f(P[i],C[i]) (mod 2^m);
where f is an arbitrarily chosen non-linear function that
is to be easy to implement and efficient to compute in
order to well satisfy our purpose of maximizing simplicity.
We could, of course, alternatively have a linear function
f for computing the value S but obtain non-linearity
through modifying the other code statement e.g. as follows:
C[i]:= P[i] + S^2 (mod 2^m);
M. K. Shen
==============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Entropy paradox
Date: Tue, 21 Nov 2000 21:42:07 +0100
This is a re-formulation of an issue that I questioned
previously. Suppose one has m perfectly random bits and
uses that in some appropriate way to get a BBS generator
to generate u bits, with u >> m. We know that (accepting
certain plausible assumptions) the u bits are provably
secure. It seems thus that we have obtained more entropy
that way, i.e. having obtained an amount of additional
entropy from nothing. How is this apparent paradox to be
properly explained? (Or does each bit of the generated
sequence have in average m/u bits of entropy?) Thanks in
advance.
M. K. Shen
==============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: need help claasifying my progrma
Date: Tue, 21 Nov 2000 20:38:59 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> MyDimension wrote:
> >
> > I have created a program that encrypts using a chaotic signal
instead of an
> > x-bit key. how can I classify this so I can export the program
without
> > breaking export laws?
>
> I'm tempted to suggest that you put the idea safely in your head, and
> move to a free country. Then dig the idea out again and use it however
> you like.
>
> The trick is finding a free country.
The trick is to decipher the guys goobly-gook. "Chaotic Signal" is not
a recognized scientific term for ANYTHING! It could be a highly
compressed analogue signal or perhaps some TTY that has errors...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Legal issues for hobbiests
Date: Tue, 21 Nov 2000 15:39:05 -0500
What are the legal issues if an amateur crypto hobbyist in the USA
creates an encryption program that falls outside of the guidelines for
accepted key spaces? Certainly the program could not be sold
commercially. I also read somewhere that if the program is posted on
the internet in a useable form, NIST would need to be notified. Is
there any legal reason why the program could not be shared amongst
friends within the USA via private Email?
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.logic
Subject: Re: My new book "Exploring RANDOMNESS"
Date: Tue, 21 Nov 2000 21:02:55 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Counter-examples, all of which (IMHO) are relevant to sci.crypt: >
> "The Art of Computer Programming" - Knuth
> "The C Programming Language" - Kernighan and Ritchie
> "Applied Cryptography" - Schneier
>
> If any of these /are/ available online, I'd be astonished (and I want
> the URL!).
Why would that be surprising ? Is it not logical to spread
best books first ? Nowadays most of security and computer related
best-sellers are available in electronic format : from your list,
at least AC2 and K&R do exist (.htm and .txt, respectively). However,
for obvious reasons you will have to search a bit to get them.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Legal issues for hobbiests
Date: Wed, 22 Nov 2000 09:06:03 GMT
On Tue, 21 Nov 2000 15:39:05 -0500, Steve Portly
<[EMAIL PROTECTED]> wrote, in part:
>What are the legal issues if an amateur crypto hobbyist in the USA
>creates an encryption program that falls outside of the guidelines for
>accepted key spaces? Certainly the program could not be sold
>commercially.
There are no such restrictions on products, as long as they are not
*exported*. So if you sell something in a physical box marked "Not for
Export", you can write software with as long a key as you like.
It's when you are a little guy who wants to let people download off
the Internet that you have a problem.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Tue, 21 Nov 2000 13:06:32 -0800
Mok-Kong Shen wrote:
> This is a re-formulation of an issue that I questioned
> previously. Suppose one has m perfectly random bits and
> uses that in some appropriate way to get a BBS generator
> to generate u bits, with u >> m. We know that (accepting
> certain plausible assumptions) the u bits are provably
> secure. It seems thus that we have obtained more entropy
> that way, i.e. having obtained an amount of additional
> entropy from nothing. How is this apparent paradox to be
> properly explained? (Or does each bit of the generated
> sequence have in average m/u bits of entropy?) Thanks in
> advance.
The paradox is resolved by using a consistent definition of entropy.
DS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Tue, 21 Nov 2000 21:24:09 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> This is a re-formulation of an issue that I questioned
> previously. Suppose one has m perfectly random bits and
> uses that in some appropriate way to get a BBS generator
> to generate u bits, with u >> m. We know that (accepting
> certain plausible assumptions) the u bits are provably
> secure. It seems thus that we have obtained more entropy
> that way, i.e. having obtained an amount of additional
> entropy from nothing. How is this apparent paradox to be
> properly explained? (Or does each bit of the generated
> sequence have in average m/u bits of entropy?) Thanks in
> advance.
Hmm there can't be any more entropy then that contained in the factors
of the BBS modulus. The outputted bits may appear random but are no
more random then the size of the modulus. Look at RC4 for example. It
may be able to output 2^30 bits, but in reality there are only 2^k bits
required to distinguish the output from random (k << 2^30).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Legal issues for hobbiests
Date: Tue, 21 Nov 2000 13:24:02 -0800
John Savard wrote:
> It's when you are a little guy who wants to let people download off
> the Internet that you have a problem.
It depends upon how little. If you can get enough download volume, you
may be able to get your product classified as 'retail', in which case
there are no key-length limits. Unless your key length is your selling
point, you should be able to make a restricted key length version, build
volume, and then apply for retail status.
DS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Legal issues for hobbiests
Date: Tue, 21 Nov 2000 21:27:58 GMT
In article <[EMAIL PROTECTED]>,
Steve Portly <[EMAIL PROTECTED]> wrote:
> What are the legal issues if an amateur crypto hobbyist in the USA
> creates an encryption program that falls outside of the guidelines for
> accepted key spaces? Certainly the program could not be sold
> commercially. I also read somewhere that if the program is posted on
> the internet in a useable form, NIST would need to be notified. Is
> there any legal reason why the program could not be shared amongst
> friends within the USA via private Email?
Well most often amateurs (like me) make what seem like cool ciphers and
tend not to be so (well TC5 is still secure but that's another story).
I would seriously doubt that an amateur could create a cipher that
could merit "non-export status" that is also efficient and practical.
You're best bet if you are playing around is to IGNORE the laws and
just play around. If you are in serious business then use a trusted
algorithm (there are plenty to go around).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Ivan Skytte =?iso-8859-1?Q?J=F8rgensen?=
<[EMAIL PROTECTED]>
Subject: Pseudo random sequence generation for xor encryption (OTP)
Date: Tue, 21 Nov 2000 22:38:41 +0100
What is the best way of producing a pseudo random sequence for use with
xor encryption?
Huge precomputed sequences stored on each computer seem impractical.
I was thinking of seeding a random generator with a shared secret
combined with a reasonably sized per-session "unique" seed, and
periodically re-seeding the random generator with pieces of the
cleartext.
Both ends of the encryption channel is considered secure. The cleartext
has some structure, so some of the cleartext are will be known by
attackers, but not all of it.
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Tue, 21 Nov 2000 15:52:32 -0600
"Trevor L. Jackson, III" wrote:
> Jeffrey Williams wrote:
>
> > Although I'll point out that voting in person doesn't prevent fraud. According
> > to my American friends, to get a voter registration card, one needs a valid
> > picture id (driver's licence, for example) and a social security card. I have a
> > Texas driver's licence and a social security number. I'm a Canadian living in
> > Texas.
> >
> > Even those qualifications are suspect; I know people who presented neither and
> > were given voter registration.
> >
> > It would seem to me that foreigners can vote, and that it is possible for anyone
> > to register to vote multiple times. I do not see how your system is fair,
> > honest, or trustworthy. I do not see how it can be without some form of national
> > (or state-wide) identification card.
>
> So people will be able to register to vote without showing their national ID cards?
> How does this help?
Sorry if I wasn't clear. I believe that to be fair, honest, and trustworthy, a voter
would have to present a national ID card containing a picture of the owner and an
indication of the citizenship of the owner (the latter could be implicite if, and only
if, such cards were issued only to US citizens). The card would presumably be a
smartcard which the voting authority could validate with a central database.
Would almost certainly be an improvement. But I'd hate to consider the rancor that
would occur should some poor soul make an official proposal of such an idea.
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: A poorman's cipher
Date: Tue, 21 Nov 2000 21:51:34 -0000
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Addendum (III)
>
> Globally, it may be observed that, while the common block
> ciphers work vertically in the sense of first attempting
> to achieve as much diffusion as possible within a small
> number of bits inside a block and then attempting to
> achieve diffusion throughout the message via block chaining,
>......
That's why Rijdael/Square is such a nice idea. By arranging the state as a
block of 4x4 bytes much tighter coupling is acheived between the individual
elements and hence much quicker diffusion. I wonder has anyone extrapolated
the idea to "CUBE", or perhaps a tesseract?
Mike Scott
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
