Cryptography-Digest Digest #734, Volume #13 Thu, 22 Feb 01 15:13:01 EST
Contents:
Re: Fractal encryption? (John Myre)
Re: What does tempest stand for. (Steve Portly)
Re: Is there an algorithm to sequentially enumerate all transcendental ("Douglas
A. Gwyn")
Re: What does tempest stand for. ("Douglas A. Gwyn")
Re: Super strong crypto ("Douglas A. Gwyn")
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and ("Douglas A.
Gwyn")
Re: What does tempest stand for. ("CMan")
Re: super-stong crypto, straw man phase 2 ("Henrick Hellstr�m")
Re: A seriously different cipher concept (long) ("Paul Pires")
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys
("Randoman")
Re: Super strong crypto (Jerry Coffin)
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and (Mok-Kong
Shen)
Re: What does tempest stand for. ("Jamie Ste Laurent")
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys
("Xavier Onassis")
Re: Is there an algorithm to sequentially enumerate all transcendental (jtnews)
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and (Jim D)
----------------------------------------------------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption?
Date: Thu, 22 Feb 2001 08:37:49 -0700
"John A. Malley" wrote:
<snip>
> if ever x or x' takes on the value of zero, then all subsequent values
> of x or x' remain zero and the "perturbation" of one chaotic sequence by
> another ceases.
<snip>
(Nit:
That's true for x' but not x, since the ciphertext is fed
back into x.)
> It's an interesting idea, mixing chaotic sequence this way, but I don't
> trust using it without seeing more rigorous cryptanalysis.
Seconded.
JM
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: What does tempest stand for.
Date: Thu, 22 Feb 2001 10:44:13 -0500
Mark Healey wrote:
> I know that "tempest" is an acronym (really T.E.M.P.E.S.T.) but I
> forgot what it stands for. Surprisingly this isn't in any of the
> online sources I could find.
>
> Could someone please tell me.
>
> Mark Healey
> marknews(the 'at' thing)healeyonline.com
As you pointed out TEMPEST stands for Transient Electromagnetic Pulse
Emanation Standard. It is an old acronym used more prior to 1980.
Although there were several interpretations associated with it, the best
interpretation from a physics standpoint would be in reference to the
emanations from Faraday shielding of communications quipment.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Is there an algorithm to sequentially enumerate all transcendental
Date: Thu, 22 Feb 2001 16:50:07 GMT
jtnews wrote:
> Can you give some references on the web
> or in a book that goes over Godel numbering.
Learn to use Web search services and/or libraries.
It's a basic topic well-covered even in books on
recreational mathematics for the layman.
> I'm very interested in how to sequentially enumerate
> all possible mathematical expressions.
Define the complete set of N symbols that you will
allow to be used in such expressions.
Then merely iteratively increment three counters,
an outer loop for the length of a result string from
1 on up, a middle loop over the positions in that
string, and an inner loop through each symbol in the
set, assigning the symbol into that position.
Each result string is then an expression, and any
valid finite expression will eventually be generated
(you can even calculate how many iterations it will
take before that happens). Now, some result strings
will be "meaningless" jumbles of symbols, in the jargon
"not Well Formed Expressions". You will need a test
for WFEs if you want to actually put just the WFEs to
some use. However, this sort of exercise is almost
never done as a practical matter, just as a
demonstration that it could be done *in principle*.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What does tempest stand for.
Date: Thu, 22 Feb 2001 16:53:24 GMT
John Savard wrote:
> ... claims it is "an acronym for Transient Electromagnetic Pulse
> Emanation Standard", but the page itself states that it is
> (officially claimed to be) a codename and not an acronym;
Indeed, TEMPEST was just a codename; any interpretation as an
acronym was devised afterwards. EMP is a different, although
related, phenomenon.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 22 Feb 2001 16:56:46 GMT
Bryan Olson wrote:
> If you read my post, you'll see I was specifically asking
> for justification for what you had written. You had a
> "natural lifetime" for a key, somehow related to unicity
> distance. I don't see what responding with yet another
> unjustified proclamation is supposed to accomplish.
If you had read *my* post, you might see that I wasn't
talking about "key changes ... to limit the damage from
exposed keys". Others seem to have gotten the point..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and
Date: Thu, 22 Feb 2001 17:07:37 GMT
You guys are making it harder than it has to be.
It isn't hard to set up such a public random-bit stream
so that parties can agree which bit is which.
The proposed scheme then, as I understand it, has
the communicants generating *in any way they wish,
so long as both parties do the same thing and the
enemy can't guess how*, locations in the public stream
of the bits that are to be assembled into a one-time-pad
key, which is then used the usual way.
For example, the location generator could produce a
series of *skip counts* which are taken as the number
of bits to skip between the bits taken for the key,
starting at some publicly announced synch point.
Any standard crypto-quality sequence generator could
be used to generate those skip counts.
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: What does tempest stand for.
Date: Thu, 22 Feb 2001 10:40:45 -0700
TEMPEST is an unclassified cover name for a highly classified area dealing
with compromising emanations. These emanations may or may not be
electromagnetic, may or may not be pulsed. Therefore attempts to form an
acronym involving "Pulse" are obviously not correct. The same is true for
the word "Electromagnetic".
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Mark Healey" <[EMAIL PROTECTED]> wrote in message
news:dxKndd8YehcW-pn2-9NqEFsXxruy2@localhost...
> I know that "tempest" is an acronym (really T.E.M.P.E.S.T.) but I
> forgot what it stands for. Surprisingly this isn't in any of the
> online sources I could find.
>
> Could someone please tell me.
>
> Mark Healey
> marknews(the 'at' thing)healeyonline.com
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: super-stong crypto, straw man phase 2
Date: Thu, 22 Feb 2001 19:15:03 +0100
There is a limit to the extent that Douglas A. Gwyns mode of
operation would foil known-plain text attacks. For instance, brute-force
attacks are theoretically possible:
Obviously, for each cipher text CT0 = E_K0(PT0|Batch0), not all keys TrialK0
are expected to be such that the lower bits of D_TrialK0(CT0) would be equal
to PT0. For each key TrialK0 such that the lower bits of D_TrialK0(CT0) are
equal to PT0, the attacker could extract the unequivocal value TrialBatch0
from D_TrialK0(CT0), and hence obtain a unique value TrialK1. If the lower
bits of D_TrialK1(CT1) are unequal to PT1, the attacker would continue with
the next value of TrialK0 - otherwise he would compute TrialBatch1, TrialK2
and D_TrialK2(CT2), etc.
The size and the randomness of the batch is not an issue in this case. A
known plain text attack would eventually succeed anyway, at least in theory.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"Douglas A. Gwyn" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> Now that you've assimilated my initial straw man, note that the
> idea is much the same applied to stream or to block ciphers.
> You can express this as another kind of "block chaining mode":
> each block encrypts PT plus a new batch of random key bits,
> which are (perhaps) shifted into the key register before
> encrypting the next block. The idea is to keep injecting
> fresh entropy into the channel; note that if the batch size
> is nonnegligible, it foils known-plaintext attacks.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: A seriously different cipher concept (long)
Date: Thu, 22 Feb 2001 10:13:32 -0800
"Bryan Olson" <"nospam"@"nonsuch.org"> wrote in message
news:c7Lk6.9$vm1.93@interramp...
> Paul Pires wrote:
> >Before I go further, It looks like you got me.
>
> Scott Fluhrer's attack is conclusive - good work Scott.
> Nevertheless....
And I thank you also for the attention. I really mesed
up here. Awhile back I was dismayed about the lack
of opportunity to watch how folks go about cryptanalysis
on stream ciphers. Watching you and Scott work has really
been a joy. I still think that there are parts of a good idea
in the approach I was trying but it is not a trivial task to
make the parts all stand together. I did get the experience
I was hoping for and I do appreciate the effort.
Thanks,
Paul
------------------------------
Reply-To: "Randoman" <[EMAIL PROTECTED]>
From: "Randoman" <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep
Boys
Date: Thu, 22 Feb 2001 18:20:02 -0000
Sorry - I'm new to this but...
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> You guys are making it harder than it has to be.
> It isn't hard to set up such a public random-bit stream
> so that parties can agree which bit is which.
> The proposed scheme then, as I understand it, has
> the communicants generating *in any way they wish,
> so long as both parties do the same thing and the
> enemy can't guess how*, locations in the public stream
> of the bits that are to be assembled into a one-time-pad
> key, which is then used the usual way.
I thought that, you should assume the algorithms/mechanisms used were known
by an enemy when analysing the security of a cryptosystem.
> For example, the location generator could produce a
> series of *skip counts* which are taken as the number
> of bits to skip between the bits taken for the key,
> starting at some publicly announced synch point.
> Any standard crypto-quality sequence generator could
> be used to generate those skip counts.
But how do both sender and receiver agree on the skip counts in a secure
way - standard crypto?
The benefit of this seems to be that I can't re-open a message later when
"requested" by a third-party. However, that means I can't re-open it either
unless I store the bit-stream which defeats the purpose! So why not use
standard crypto and have the client automatically delete a message (and
overwrite memory/disk images) after it's read?
I just don't get it.
But that's probably me (wry grin).
Let me ask it another way. Does anyone see much (any) benefit to this new
scheme
Gerald
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 22 Feb 2001 11:52:13 -0700
In article <xP5l6.1$T23.59@interramp>, "nospam"@"nonsuch.org" ("Bryan
Olson") says...
> Douglas A. Gwyn wrote (in the entirety):
> >Bryan Olson wrote:
> >> The key changes in real systems are there to limit the damage
> >> from exposed keys; ...
> >
> >No.
>
> If you read my post, you'll see I was specifically asking
> for justification for what you had written. You had a
> "natural lifetime" for a key, somehow related to unicity
> distance. I don't see what responding with yet another
> unjustified proclamation is supposed to accomplish.
I doubt that most people base it on unicity distance, but I suspect
that quite a few people change keys, not due to limit damage from
exposed keys, but to (attempt to) limit the possibility of an
opponent collecting enough encrypted text to be able to mount an
attack. I won't try to provide a lot of justification for that
viewpoint -- a quick read of almost any of the many books on the use
of encryption throughout history will provide many examples. Just
for example, during the second world war, there are fairly clear
records of the Japanese assuming that their communications were still
secure, but worrying about continuing to use the same codes for a lot
longer because they might eventually be broken. Of course, in
reality they'd often been broken LONG before the Japanese started to
worry, but that's a whole different story.
Even when keys have been exposed, it does NOT appear to have been
considered as a likely problem very often. E.g. there was no
wholesale revamping of codes following the capture of U-571.
Obviously, great care was taken to assure the secrecy (and continued
viability) of the information that was captured, but I don't recall
having ever read anything about the Germans expressing concern over
the possibility of the keys having been exposed, even though they
clearly changed and updated their machines a few times, moving to
larger and most sophisticated keying, apparently from the fear that
they encryption itself might get broken (again, well after it really
had).
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and
Date: Thu, 22 Feb 2001 20:00:36 +0100
"Douglas A. Gwyn" wrote:
>
> You guys are making it harder than it has to be.
> It isn't hard to set up such a public random-bit stream
> so that parties can agree which bit is which.
> The proposed scheme then, as I understand it, has
> the communicants generating *in any way they wish,
> so long as both parties do the same thing and the
> enemy can't guess how*, locations in the public stream
> of the bits that are to be assembled into a one-time-pad
> key, which is then used the usual way.
> For example, the location generator could produce a
> series of *skip counts* which are taken as the number
> of bits to skip between the bits taken for the key,
> starting at some publicly announced synch point.
> Any standard crypto-quality sequence generator could
> be used to generate those skip counts.
Dumb questions: Employing a crypto-qualtiy generator,
(1) Why doesn't one use that directly to do encryption?
(2) Couldn't the public stream be simply 01010101....
instead of a random one?
Thanks.
M. K. Shen
------------------------------
From: "Jamie Ste Laurent" <[EMAIL PROTECTED]>
Subject: Re: What does tempest stand for.
Date: Thu, 22 Feb 2001 18:57:52 -0000
Technology for Electronically Monitoring PEST's
Mark Healey <[EMAIL PROTECTED]> wrote in message
news:dxKndd8YehcW-pn2-9NqEFsXxruy2@localhost...
> I know that "tempest" is an acronym (really T.E.M.P.E.S.T.) but I
> forgot what it stands for. Surprisingly this isn't in any of the
> online sources I could find.
>
> Could someone please tell me.
>
> Mark Healey
> marknews(the 'at' thing)healeyonline.com
------------------------------
From: "Xavier Onassis" <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep
Boys
Date: Thu, 22 Feb 2001 13:36:49 -0600
Reply-To: "Xavier Onassis" <[EMAIL PROTECTED]>
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> You guys are making it harder than it has to be.
> It isn't hard to set up such a public random-bit stream
> so that parties can agree which bit is which.
> The proposed scheme then, as I understand it, has
> the communicants generating *in any way they wish,
> so long as both parties do the same thing and the
> enemy can't guess how*, locations in the public stream
> of the bits that are to be assembled into a one-time-pad
> key, which is then used the usual way.
> For example, the location generator could produce a
> series of *skip counts* which are taken as the number
> of bits to skip between the bits taken for the key,
> starting at some publicly announced synch point.
> Any standard crypto-quality sequence generator could
> be used to generate those skip counts.
I don't get the claim that the key vanishes.
Suppose I'm Eve. I collect the ciphertext as transmitted.
As I understand the proposal, the ciphertext isn't necessarily
hidden.
Then I obtain, abscond with, use rubber hose umm interrogation
to get the plaintext.
Do I not then retrieve the key? It doesn't really disappear
because it is implicit in k = g(ciphertext,plaintext).
Or am I misunderstanding something?
--
Dave O'Reilly
------------------------------
Date: Thu, 22 Feb 2001 14:48:54 -0500
From: jtnews <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Is there an algorithm to sequentially enumerate all transcendental
Oh, I understand that method. But there are
constraints that make such an algorithm impractical
to implement for performance reasons.
Intuitively I suspect that running through
a list of all possible symbolic permutations would
lead to an exponential rise in the number of
syntactically incorrect expressions as the
number of symbols in the expression increases.
Now if there's some way of running sequentially
through all possible symbolic permutations
which *are* syntactically correct, that's something
I'd be *extremely* interested in. Because that
potentially could be used to defeat a passphrase
generation method that involved the use of mathematical
expressions to generate long passphrases made out of
transcendental numbers.
Vaughan Pratt wrote:
>
> In article <[EMAIL PROTECTED]>,
> jtnews <[EMAIL PROTECTED]> wrote:
> >
> >Can you give some references on the web
> >or in a book that goes over Godel numbering.
> >I'm very interested in how to sequentially enumerate
> >all possible mathematical expressions.
>
> If you don't mind assuming that the alphabet in which all expressions
> are written is finite, say 237 symbols, there is a particularly simple
> way of Goedel-numbering expressions. Just treat each expression as a
> number written in base 237. Not every number in that base will be a
> mathematical expression, but those that are, when arranged in numerical
> order, will constitute a sequential enumeration of all possible
> mathematical expressions.
>
> If the alphabet is infinite but countable, replace the n-th letter of
> the alphabet by a string of n 0's followed by a 1 (or any other coding
> that uses only finitely many letters). This constitutes an unambiguous
> translation of expressions from an infinite alphabet to a finite one.
> Now use the previous method.
>
> If the alphabet is uncountable and irredundant (every letter appears in
> some mathematical expression), there must be uncountably many
> mathematical expressions, i.e. they can't be enumerated sequentially.
>
> Vaughan Pratt
> --
> My mind and my body keep playing tricks on each other.
> When I tell them to cut it out, they just say "Who are you?"
--
My U.S. Federal Gov't Budget Proposal for 2001 and Beyond
http://geocities.com/jtnews_bellatlantic_net/budget.html
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and
Reply-To: Jim D
Date: Thu, 22 Feb 2001 20:03:29 GMT
On Thu, 22 Feb 2001 04:27:58 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
>Obviously, any single signal with bandwidth that can be handled by
>digital circuitry can be recorded on a souped-up videotape recorder,
>so we're talking about something fairly exotic; say an optical signal
>with thousands of different wavelengths of light each modulated by a
>complex signal involving hundreds of individual digital channels, each
>on their own subcarrier. Now: is it possible to record, say, a million
>simultaneous T1 connections?
>
>*Unbreakable?* Maybe by Joe Hacker. But the technology to break this
>is _precisely_ what the NSA is quite good at, because they've needed
>special tape recorders to record - at once - all the radio signals in
>a large chunk of the radio spectrum for ages.
True. The whole HF spectrum at once for a period. Then browse it
at leisure for short-term (burst) transmissions.
--
___________________________________________
Posted by Jim Dunnett
dynastic at cwcom.net
nordland at lineone.net
'We have to control the number of people
travelling' -- GNER spokesman.
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
