Cryptography-Digest Digest #331, Volume #13 Thu, 14 Dec 00 21:13:01 EST
Contents:
Re: Protocol for computer go (David Wagner)
Re: Protocol for computer go (Paul Rubin)
Re: Vulnerability to Attack (Simon Johnson)
Re: Sr. Cryptographer/mathematician (Timothy M. Metzinger)
Re: ethical considerations ... (Simon Johnson)
Re: security by obscurity ... (Simon Johnson)
Re: Asymettric encryption in VB ("Adam Smith")
Re: Visual Basic Source Code ("Adam Smith")
Re: Asymettric encryption in VB (Paul Rubin)
Re: Visual Basic Source Code (Tom St Denis)
Re: discrete math textbook (John Myre)
Re: Unguessable sequence of unique integers? ("Brian Gladman")
Re: Crypto Program for HP48GX Calculator
Re: Visual Basic Source Code ("Adam Smith")
Re: Visual Basic Source Code (Tom St Denis)
Re: Crypto Program for HP48GX Calculator (Tom St Denis)
Re: Crypto Program for HP48GX Calculator (Tom St Denis)
Re: discrete math textbook (Scott Contini)
Re: ethical considerations ... (Tom St Denis)
Re: Homebrew Block Cipher: Moonshine (Tom St Denis)
Re: On using larger substitutions (Tom St Denis)
Re: Unguessable sequence of unique integers? (Bryan Olson)
Re: Sr. Cryptographer/mathematician (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Protocol for computer go
Date: 14 Dec 2000 22:26:40 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David Eppstein wrote:
>> Yes, I agree. (However, the example you gave is a bad one. There's a
>> trivial solution to that one: Use the cycle counter, not wall clock time.
>> All side inputs should be a deterministic function of the current execution
>> trace. Wall clock time does not satisfy this principle, but the cycle
>> counter does.)
>
>It does? Even on a modern superscalar machine, under an operating system
>with preemptive multitasking?
If it doesn't, pick something that does! :-)
Preemptive multitasking shouldn't hurt. You just need a per-process
cycle counter.
If superscalar hurts, then you put a barrier before you query the cycle
counter. Remember, "query cycle counter" can be a `privileged operation',
and thus the underlying computing infrastructure can enforce that it be
implemented in whatever way ensures that it will have the needed properties.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Protocol for computer go
Date: 14 Dec 2000 14:41:51 -0800
[EMAIL PROTECTED] (David Wagner) writes:
> >It does? Even on a modern superscalar machine, under an operating system
> >with preemptive multitasking?
>
> If it doesn't, pick something that does! :-)
>
> Preemptive multitasking shouldn't hurt. You just need a per-process
> cycle counter.
>
> If superscalar hurts, then you put a barrier before you query the cycle
> counter. Remember, "query cycle counter" can be a `privileged operation',
> and thus the underlying computing infrastructure can enforce that it be
> implemented in whatever way ensures that it will have the needed properties.
The cycle counter isn't enough. The number of cycles needed to do
something depends on the cache hit ratio, which in turn depends on
what other processes are doing. There is true physical randomness
involved: if some process does a disk operation, the time needed for
the operation is affected by chaotic airflow inside the disk drive,
which is sensitive to the thermal (random) motion of air molecules.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Vulnerability to Attack
Date: Thu, 14 Dec 2000 23:11:08 GMT
I've been wondering about this for a while, and i'm pretty sure its
been done.
Why not convert the key into a knapsack problem. Then instead of
sending the key in some hashed form to the server, why not use a zero-
knowledge proof that you own then know what the key is?
That way, eve would get zero-knowledge about the key, by listening in.
Clearly, there would be complications to make the entire construction
secure, but is my basic logic correct?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Timothy M. Metzinger)
Date: 14 Dec 2000 23:26:47 GMT
Subject: Re: Sr. Cryptographer/mathematician
In article <915fi8$fve$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]>
writes:
>In article <2IfZ5.17746$[EMAIL PROTECTED]>,
> "Kevin" <[EMAIL PROTECTED]> wrote:
>> WE ARE LOOKING FOR EXPERT CRYPTOLOGISTS
>> in Ottawa, Canada
SNIP
>> our tool set.
>
>Tamper proof encoding tools? Shaw right.
>
>
Tom must have met his tolerance level for fools early on in the day, he's just
been letting everybody have it! Gosh I hope I spelled everything I wrote
correctly.
Timothy Metzinger
Commercial Pilot - ASMEL - IA AOPA Project Pilot Mentor
'98 M20J - N1067W
Pipers, Cessnas, Tampicos, Tobagos, and Trinidads at FDK
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: ethical considerations ...
Date: Thu, 14 Dec 2000 23:17:04 GMT
In article <yX8_5.81600$[EMAIL PROTECTED]>,
"Peter Thorsteinson" <[EMAIL PROTECTED]>
wrote:
> > Maintenance of a secret? You encrypt it once and it's encrypted.
> > There is no maintenance.
>
> There better be maintenance! If your secret is not maintained, then
you must
> have not encrypted it very well.
>
>
Not exactly, i may disclose my secret (and therefore it hasn't been
maintained) without decrypting the file. So saying poor maintainance of
the secret is directly related to the strength of the cipher is not
correct.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: security by obscurity ...
Date: Thu, 14 Dec 2000 23:25:00 GMT
In article <n09_5.81601$[EMAIL PROTECTED]>,
"Peter Thorsteinson" <[EMAIL PROTECTED]>
wrote:
> > Unless you're really good, if you
> > just try to generate random ciphers, probably some fraction of them
are
> > weak, which is not so good.
>
> The same would go for random keys. Some fraction of them are weak.
However,
> I see your point. a good algorithm would have a small proportion of
keys
> that are weak. The problem is that it is not obvious which keys are
going to
> become weak due to mathematical break throughs in the future.
>
>
You are perfectly correct, but with algorithms which are generated from
the key the problem is more acute.
Say each bit of the 128-bit key controlled if one operation to the
plain-text. was done or not. This would would give 2^128 different
combinations of operation that could be performed on the plain-text.
The problem with making a good algorithm of this type, is that you have
to show that every single one of these operations works well with any
combination of the other operations to give a secure cipher. If this is
doesn't properly, there may be some drastically weak keys that produce
algorithms crackable by hand, for example.
When David said that designing a cipher of this type hard work, he
meant it :)
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Adam Smith" <[EMAIL PROTECTED]>
Subject: Re: Asymettric encryption in VB
Date: Thu, 14 Dec 2000 23:30:33 GMT
Pretty expensive!
Have any references to any others?
"Arnold Shore" <[EMAIL PROTECTED]> wrote in message
news:9197um$7ag$[EMAIL PROTECTED]...
> I'm using one of the available COM objects - in a web/VBScript
application.
> www.dyncrypto.com . there are others.
>
> Arnold Shore
> Annapolis, MD USA
>
>
> "Adam Smith" <[EMAIL PROTECTED]> wrote in message
> news:6lVZ5.172$[EMAIL PROTECTED]...
> > I need some kind of implementation of a PK system for VB to protect a
key
> > scheme...anyone know of anything I can use? I've tried some RSA
> > implementation, but as most of you probably know it can't handle the mod
> > functions (overload)....is my only option an ActiveX control? And if
so,
> > where can I get one? The only half-way decent thing I can find is
> RSAREF-VB
> > but it's pretty archaic it seems...in addition all of the RSA
> documentation
> > I can find anywhere was written when RSA Labs still had the patent for
> RSA,
> > so I can't find any new licensing information...and RSA's site doesn't
> seem
> > to be to helpful for this either...
> >
> > Any ideas or pointers?
> >
> > Thanks!
> > Adam Smith
> >
> >
>
>
>
------------------------------
From: "Adam Smith" <[EMAIL PROTECTED]>
Subject: Re: Visual Basic Source Code
Date: Thu, 14 Dec 2000 23:36:04 GMT
Note: Source code for crypto in VB is basically nonexistent because of the
restrictions that come along with the compiler...of course there are ActiveX
controls...which are like crap IMHO...I'm still looking for a good one...
Personally I have been programming with VB for FOUR years (probably in top
2% of VB programmers) and it's way past time to learn a lower level
language...I started to the other day but don't have time as of now...I
guess I'll make that my new years resolution : )
And...maybe once I learn it I can wrap up some good crypto algorithms into a
nice VB control for you guys ($10 shareware? : )
Adam
<[EMAIL PROTECTED]> wrote in message news:91b0mp$3gl$[EMAIL PROTECTED]...
> Does anyone know where i can get GOOD source code for MD4, MD5, SHA1,
> DES, IDEA, and CAST in VB??
>
> Thanks,
> Chad
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Asymettric encryption in VB
Date: 14 Dec 2000 15:45:14 -0800
"Adam Smith" <[EMAIL PROTECTED]> writes:
> I need some kind of implementation of a PK system for VB to protect a key
> scheme...anyone know of anything I can use? I've tried some RSA
> implementation, but as most of you probably know it can't handle the mod
> functions (overload)....is my only option an ActiveX control? And if so,
> where can I get one? The only half-way decent thing I can find is RSAREF-VB
> but it's pretty archaic it seems...in addition all of the RSA documentation
> I can find anywhere was written when RSA Labs still had the patent for RSA,
> so I can't find any new licensing information...and RSA's site doesn't seem
> to be to helpful for this either...
>
> Any ideas or pointers?
If you say more about what you're trying to do, I may be able to
suggest some things. You might be able to use a java applet, or an
ActiveX control, or code something in VB. Because of speed issues,
the only thing practical in VB is probably RSA encryption (not
decryption), but that might be enough for your application.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Visual Basic Source Code
Date: Thu, 14 Dec 2000 23:43:47 GMT
In article <rZ8_5.108332$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > In article <91b0mp$3gl$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> >> Does anyone know where i can get GOOD source code for MD4, MD5,
SHA1,
> >> DES, IDEA, and CAST in VB??
>
> > Why is everyone interested in VB? Arrg!
>
> Mainly because it's the largest market for software components
> ever. With sufficiently deep pockets, you can procure almost an entire
> application for next to nothing.
See that that's the irony of it. By taking components (dlls) written
in C you can make a VB app easily... um why not make it in C in the
first place?
VB is the programming language for the lame programmer. Now I am far
from being a math/compsci wiz but at least I don't fear some real
programming. VB also makes very inefficient applications. Hello world
should not take more then 4kb for a win app...
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: discrete math textbook
Date: Thu, 14 Dec 2000 16:49:35 -0700
[EMAIL PROTECTED] wrote:
>
> Can anybody recommend a decent textbook on discrete math? I have
> college-level math background (mainly calculus) and want to self-study
> some discrete math. It will be good if CS-oriented, but not necessary.
A "really abstract" one is by Preparata and Yeh ("Introduction to
Discrete Structures"). I liked it, but it's not that CS-oriented.
JM
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Fri, 15 Dec 2000 00:11:15 -0000
"Bryan Olson" <[EMAIL PROTECTED]> wrote in message
news:91b53l$7m3$[EMAIL PROTECTED]...
> John Savard wrote:
>
> > Well, since a cipher with a 32-bit block is vulnerable to a
> > chosen-plaintext attack of complexity 2^32, it is 'believed' insecure.
>
> Because even a random permutation of the 2^32 blocks
> is a poor data cipher, due to the small-codebook problem.
>
> Here, what we want is a pseudo-random permutation of
> 32-bit blocks, not a cipher.
I agree.
I admit to being uneasy about a short block, long key cipher but I cannot
yet see any obvious weakness in this specific application (not much of a
guarantee I admit).
Moreover, unless my maths is bad, the number of different permutations
available is (2^32)! and this suggests that we can have some pretty long
keys if we wish.
Hence, provided the cipher key is long enough, it is not obvious to me how
the sequence can be deduced from a sub-sequence (however, I am still unlear
whether this is the 'correct' interpretation of what 'unguessable' is
intended to mean).
So is there something fundamentally wrong with this algorithm?
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: comp.sys.hp48
Subject: Re: Crypto Program for HP48GX Calculator
Date: Fri, 15 Dec 2000 00:28:27 GMT
On Thu, 14 Dec 2000 20:29:33 GMT, Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>Tom St Denis wrote:
>> [EMAIL PROTECTED] wrote:
>> > I am looking for some crypto programs for the HP48GX. ...
>> Why can't anyone do something for THEMSELVES! Try writting your own
>> code and if you get stumped ask for help.
>
>Why do you assume that brice98 isn't already stumped?
>
>> For christ sake is everyone in this newsgroup incapable of their own
>> work?
>
>Some people might not be capable of some kinds of programming.
>Others might prefer standing on the shoulders of others to
>tripping over their own feet.
really. Don't reinvent the wheel. Steal the plans instead.
--
Remove 'wakawaka' and 'invalid' to e-mail me. You can thank spammers for this
inconvenience.
I didn't do it! Nobody saw anything! You can't prove anything! -- bart
------------------------------
From: "Adam Smith" <[EMAIL PROTECTED]>
Subject: Re: Visual Basic Source Code
Date: Fri, 15 Dec 2000 00:36:02 GMT
Look at what I found!
Use the CryptoAPI!
So far it looks pretty cool...lots of functions with good algorithms!
http://msdn.microsoft.com/library/psdk/crypto/portalapi_3351.htm?RLD=290
<[EMAIL PROTECTED]> wrote in message news:91b0mp$3gl$[EMAIL PROTECTED]...
> Does anyone know where i can get GOOD source code for MD4, MD5, SHA1,
> DES, IDEA, and CAST in VB??
>
> Thanks,
> Chad
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Visual Basic Source Code
Date: Fri, 15 Dec 2000 00:55:23 GMT
In article <3a39439f$0$17729$[EMAIL PROTECTED]>,
"Jason Bock" <[EMAIL PROTECTED]> wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:91b151$404$[EMAIL PROTECTED]...
> > In article <91b0mp$3gl$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> > > Does anyone know where i can get GOOD source code for MD4, MD5,
SHA1,
> > > DES, IDEA, and CAST in VB??
> >
> > Why is everyone interested in VB? Arrg!
>
> Why not? Any good reasons why millions of VB programmers should give
up
> their tool of choice?
>
> Just curious.
Because most visual tools make unusually unrequired large programs out
of nothing? They are inefficient? They are expensive... hmm list
continues.
LCC-Win32 is small, free, makes compact programs that are reasonably
optimized. CygWin is free makes compact programs that are very well
optimized... hmm list continues... (Cygwin supports C++ apps btw)
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.hp48
Subject: Re: Crypto Program for HP48GX Calculator
Date: Fri, 15 Dec 2000 01:02:48 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > [EMAIL PROTECTED] wrote:
> > > I am looking for some crypto programs for the HP48GX. ...
> > Why can't anyone do something for THEMSELVES! Try writting your own
> > code and if you get stumped ask for help.
>
> Why do you assume that brice98 isn't already stumped?
Well why post programming questions to sci.crypt anyways?
>
> > For christ sake is everyone in this newsgroup incapable of their own
> > work?
>
> Some people might not be capable of some kinds of programming.
> Others might prefer standing on the shoulders of others to
> tripping over their own feet.
You don't see me posting in sci.brain.surgery asking for people to do
my operations. I ain't no surgene so I don't ask. If you can't
program then either read a book and teach yourself or get a new job.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.hp48
Subject: Re: Crypto Program for HP48GX Calculator
Date: Fri, 15 Dec 2000 01:01:22 GMT
In article <[EMAIL PROTECTED]>,
Richard Hutchinson <[EMAIL PROTECTED]> wrote:
> A real friendly fella.
Do you know how many people post "I am doing a shareware program can
someone do all the programming for me and submit it to my email".
Seriously folks do yer'own work once in a while. Plus if you used this
new fangled-thingy-jobler called a "SEARCH ENGINE" you may perchance
find something.
Eegad...
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: discrete math textbook
Date: 15 Dec 2000 01:11:49 GMT
In article <91b9h6$beg$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>
>
>Can anybody recommend a decent textbook on discrete math? I have
>college-level math background (mainly calculus) and want to self-study
>some discrete math. It will be good if CS-oriented, but not necessary.
>
>Many thanks,
>
>Neurite
>
>
I highly recommend "Elements of discrete mathematics" by C.L. Liu.
This was one of my favorite textbooks as an undergraduate.
Liu's book references two other great books which teach about
counting and probability. They are:
Whitworth, W.A. "Choice and Chance".
Whitworth, W.A. "DCC Exercises in Choice and Chance"
These are very old books, but excellent and fun to learn from.
They contain thousands of exercises with solutions for various
counting problems. Master these books and you will be an expert!
Scott
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: ethical considerations ...
Date: Fri, 15 Dec 2000 01:05:53 GMT
In article <yX8_5.81600$[EMAIL PROTECTED]>,
"Peter Thorsteinson" <[EMAIL PROTECTED]>
wrote:
> > Maintenance of a secret? You encrypt it once and it's encrypted.
> > There is no maintenance.
>
> There better be maintenance! If your secret is not maintained, then
you must
> have not encrypted it very well.
What on gods green earth are you talking about. I encrypt a bitstring
and send it to my friend. There is NO maintenance required. They just
read the bitstring and decrypt it.
Arrg!
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Homebrew Block Cipher: Moonshine
Date: Fri, 15 Dec 2000 01:16:04 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Hello!
>
> I've been lurking awhile, and thought I'd post my homebrew block
cipher,
> named Moonshine.
>
> I'll state up front: I'm an amateur, I have little or no experience
> (more the latter than the former) of cryptanalysis, I'm in no position
> to claim that this homebrew cipher is in any way secure.
>
> Anyway, as for 'sales blurb', let me say:
>
> * It's heavily inspired by Rijndael
> (http://csrc.nist.gov/encryption/aes/rijndael).
Why? Rijndael is very efficient but not among the most fuzzy-warm
secure ciphers. It has known diffusion problems and is too highly
structured.
> * It's heavily inspired by hypercubes.
>
> * It's slightly inspired by Rubic's cube.
Right... well inspiration can come from anywhere I suppose :-)
> * Variable block and key sizes (at least, at the moment).
This is a good feature, however, it's best to either focus on a
specific size for the momement or do cryptanalysis in general.
> * Potential for lots of implementation optimisations.
Always a plus.
> * Doesn't use a Feistel structure.
Why not? Why do you feel that a Feistel is bad?
> So as to keep this post from being excessively lengthy (if it isn't
> already), I won't say everything I could (like stuff about ways to
> optimise implementations).
>
> If anyone's interested in this enough to want demonstrative source
code
> (in C), I'm happy to post it here.
How about a formal description of it (i.e in PDF/PS format)?
> Again, I'm an amateur, and this is a homebrew cipher.
All good, I'm an amateur too :-)
> BLOCK SHUFFLING
>
> Block shuffling is based on slice arrays. A slice array is a kind of
> subarray of an array, where the subarray starts at some 'offset' in
the
> array, and successive subarray elements are separated in the array by
> some 'stride'. (Slice arrays also have a size, which is just the
number
> of array elements in the slice array. For this cipher, the size is
> always the maximum that would fit in the array being sliced.)
Are the "offset/stride" pairs key dependant? If so I smell WEAKKEYS...
> BYTE SUBSTITUTION
>
> I'm stealing this straight from Rijndael. It's Rijndael's S-box,
> applied to each and every byte in the block. The inverse of this is
the
> inverse of Rijndael's S-box (unsurprisingly).
Well why not trying to invent your own sbox? You may learn something.
> DIFFUSION
>
> A diffusion step is done with two steps. Bytes are first reordered in
> the block, and then pairs of bytes are mixed together. Rounds of
these
> two steps are intended to produce rapid diffusion of bytes throughout
> the block. (This is the hypercube inspired bit, but the effective
> structure is only hypercubic for certain block sizes.)
Permutations are not forms of diffusion. They are catalysts for it
however. A permutation is nothing more then a sparse linear system.
> The inverse is the inverse of byte pair mixing, followed by the
inverse
> of byte reordering.
>
> BYTE REORDERING
>
> Indexing the bytes in a block from 0 to Nb-1, all the bytes indexed
with
> an even number end up at the front (low indexes) of the block, and all
> the bytes indexed with an odd number end up at the back of the block.
>
> For example:
>
> a0 a1 a2 a3 a4 a5 a6 a7
>
> becomes:
>
> a0 a2 a4 a6 a1 a3 a5 a7
>
> The inverse is quite easy to work out from this. Starting with the
> first byte of the old block and taking successive bytes, first fill up
> the even indexed bytes of the new block, then fill up the odd indexed
> bytes of the new block.
Again this seems fairly regular. There could be unsettling patterns in
the diffusion. You should analyze the movement of a difference for
potential weaknesses.
> BYTE PAIR MIXING
>
> For byte pair mixing, the block is split into two subblocks. If there
> is an even number of bytes in the block, the two subblocks are of
equal
> length, otherwise the second is one byte longer. Pairs of
corresponding
> bytes in the two blocks are then mixed (except the last byte of the
> block, if the block has an odd number of bytes).
>
> For example:
>
> a0 a1 a2 a3 a4 a5 a6
>
> gets treated as:
>
> a0 a1 a2
> a3 a4 a5 a6
>
> Byte pair mixing is similar to column mixing in Rijndael, except that
> there are only two bytes, and byte mixing is done modulo x^2+1. Using
> [0] and [1] indexes to signify 'top subblock byte' and 'bottom
subblock
> byte' respectively, byte pair mixing can be expressed as:
>
> b[1]x + b[0] = ( c[1]x + c[0] )( a[1]x + a[0] ) mod x^2 + 1
>
> where:
> a: original byte pair
> b: result byte pair
> c: constant byte pair, where c[1]='02' and c[0]='01'
>
> It boils down nicely to:
>
> b[1] = a[1] + xtime( a[0] )
> b[0] = a[0] + xtime( a[1] )
>
> where 'xtime' is Rijndael's xtime function (and '+' is bitwise XOR, of
> course).
Of course this becomes a MDS matrix so at least diffusion is optimal
here :-)
I really haven't looked at it deeply. But it seems neat from an
offset. What were your goals? More secure? Faster?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: On using larger substitutions
Date: Fri, 15 Dec 2000 01:20:59 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Tom St Denis wrote:
> >
>
> > Creating MDS matrices is a matter of choosing a non-cyclic field
such
> > as GF(2^w), a irreducible polynomial modulus and elements inside a
> > matrix such that no sub-matrix is singular. For a 4x4 such as in
> > Square/Rijndael/Twofish it is a matter of randomly making a matrix
and
> > stepping through all possible sub-matrices (i.e cutting 0,1,2,3
> > rows/cols from the matrix). I haven't written a program todo this
> > before but I imagine I could over the x-mas holiday.
>
> What is the difference in knowledge/experience/time needed
> to do that im comparison to accessing a substitution table
> and doing a cyclic shift?
Your method is potentially weak. I told you this 8 times already. Sha-
Whatever.
> > I never said posting inferior stuff is a waste of time. I said
posting
> > stuff you know is inferior is a waste of time. Of which I tried to
> > inform you your design was weak. Listen to me or not. In the end
you
> > will get some hotshot cryptographer shoot you down. It's better to
> > learn now then after you work on it.
>
> You continue to igrnore my point that different stuffs
> can be advantageously used in different circumstances
> and one doesn't need the best of all in ALL cases. I
> said in my original post that it is only (believed by me)
> an improvement of Playfair. Hence no cryptographer,
> who knows how strong/weak Playfair is, will shot me
> down, unless he wants to argue just for the argumentation's
> sake, like a few people who are often observed to do with
> the intention to simply show-off their (self-supposed) very
> deep knowledge in all matters on all possible occasions.
Well (if I perceive the hint correctly) I never say "I am the king of
the crop". I just point out things that make me stop and say "Nope
doesn't seem right".
Believe it or not but what I originally pointed out IS VALID. Why
would you use a primitive that is weak? It's like replacing the sboxes
in DES with addition because you know it's faster and ignore the fact
it's weaker. Sure you could do it but why?
Sure playfair (never seen it before btw) may be interesting. But
you're proposed construction IS NOT secure. Why be inefficient.
Heck if I make a feistel cipher with
F(x, k) = ((x + k) <<< x) as the round function (assuming 64-bit block
cipher) all I need is about 250 rounds before it's secure against
linear/diff attacks (secure against linear after about six rounds).
Would I propose such a cipher?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Unguessable sequence of unique integers?
Date: Fri, 15 Dec 2000 01:20:54 GMT
Brian Gladman wrote:
>
> Maybe, John, but as you have just pointed out elsewhere, implicit
> assumptions are likely to put us on dangerous ground :-)
I do not think it would have made sense to bloat the post with
assumptions unrelated to the issue in question.
Savard wrote that he'd have a hard time believing the
technique could be secure with a 32-bit block. I disagreed.
If you are saying it can't be secure with a short key, then I
agree, but that's a different issue. Are there some
techniques to generate the stream from short key that are
secure?
> I hence wanted to make this assumption explicit and
> hence to pose the question of the possible security
> limitations that come with short block, long key ciphers.
Are you asking if the security could be adequate for use as a
general purpose cipher, or to solve the problem that is the
subject of this thread?
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Sr. Cryptographer/mathematician
Date: Fri, 15 Dec 2000 01:25:56 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Timothy M. Metzinger) wrote:
> In article <915fi8$fve$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]>
> writes:
>
> >In article <2IfZ5.17746$[EMAIL PROTECTED]>,
> > "Kevin" <[EMAIL PROTECTED]> wrote:
> >> WE ARE LOOKING FOR EXPERT CRYPTOLOGISTS
> >> in Ottawa, Canada
>
> SNIP
>
> >> our tool set.
> >
> >Tamper proof encoding tools? Shaw right.
> >
> >
>
> Tom must have met his tolerance level for fools early on in the day,
he's just
> been letting everybody have it! Gosh I hope I spelled everything I
wrote
> correctly.
I tri vary herd evury dai two due mi best!
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
