Cryptography-Digest Digest #872, Volume #13 Mon, 12 Mar 01 13:13:01 EST
Contents:
Re: Really simple stream cipher ("Henrick Hellstr�m")
Re: Super strong crypto (Joe H. Acker)
Re: OverWrite: best wipe software? ("Tom St Denis")
Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis")
Re: AIS (John Savard)
Re: Popularity of AES (John Savard)
Re: Noninvertible encryption ("Henrick Hellstr�m")
Re: Dumb inquiry.... (Doug Kuhlman)
Re: Potential of machine translation techniques? ("JCA")
Re: FIPS 140-2 PRG (John Myre)
Re: An extremely difficult (possibly original) cryptogram (Olivier Miakinen)
Zero Knowledge Proof ("Gustavo Brown")
Exportable key lengs & Mush algorithm (Randy Langer)
Re: Zero Knowledge Proof (Neil Couture)
Re: OverWrite: best wipe software? (William Hugh Murray)
Re: OverWrite: best wipe software? (Mok-Kong Shen)
Re: Super strong crypto (Mok-Kong Shen)
Re: Zero Knowledge Proof (Mok-Kong Shen)
Re: Dumb inquiry.... (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Really simple stream cipher
Date: Mon, 12 Mar 2001 12:30:01 +0100
You were more or less arguing that PCFB mode would be too complicated to use
for most software developers. So I reckoned that that was the strongest
argument you had against PCFB mode.
On the merits of error-propagating modes, then. To generate the MAC of a
message you encrypt it using some kind of feedback mode (a.g. CTS, CBC or
CFB), discard the cipher text of the message you generate by this procedure,
and keep the final state of the feedback vector as the authentication code
of the message. Basically, you could say that the internal state vector of
PCFB mode _is_ a MAC in a sense, or at least that your trust in the error
propagation of PCFB mode should be roughly proportional to your trust in a
MAC:
Firstly, let's assume that a regular MAC generated using PCFB mode would be
as reliable as a MAC generated using any other mode. (I don't see any reason
why this shouldn't be true, unless the underlying cipher has some weakness
making it unsuitable for this particular kind of MAC generation).
Secondly, it would obviously be improper that the CFB or CBC feedback
vector of a cipher used for actual encryption was also used as the MAC of
the
message. The cipher text itself would reveal the internal state
of the MAC at each position. However, the same is not true of PCFB-mode. In
PCFB-m/n mode, at each position n-m bits of the internal state vector are
not explicitly revealed by the cipher text. Theoretically speaking, those m
revealed bits should make it correspondingly easier to manipulate the
internal state vector of a PCFB mode cipher, compared to e.g. a CBC-MAC
where no bits of the internal state are revealed at all. In practice
however, the existence of a feasible way to perform such an attack would
most certainly coexist with a practical cryptoanalytical attack on the
underlying cipher, because it would imply that there was some kind of
significant correlation between the m lsbits of plain text blocks and the m
msbits of cipher text blocks.
Thirdly, by definition of PCFB mode, the bit difference between the cipher
text and the plain text of the message equals the concatenation of m lsbits
of the cipher text of the feedback vector. You could say that at any
position the bit difference between the plain text and the cipher text of
the message is congruent to the PCFB-MAC of the message prior to that
position. At any position, the probability that the cipher text will decrypt
into the right plain text is, after the m/n ratio and the weaknesses of the
cipher have been taken into account, proportional to the probability that
any
MAC generated using the underlying cipher would check out.
Lastly, if the plain text is not what is expected, then you have a proof
that the message has been tampered with. Conversely, assume that you expect
that the 32 character string beginning at some position in the message will
consist of the characters 'A'..'Z' or SPACE only. The probability that this
will happen by chance is equal to (27/256)**32 = ~2**-104. If you put
additional constraints on the format of the message, then the probability
will, of course, be even lower. Consequently, PCFB mode will, except for
very short or random looking messages, give you a reasonable degree of
continuous authentication not necessarily at the expense of the bandwidth
increment a MAC would force upon you. I think that is a sufficient
justification.
Furthermore, contrary to your beliefs, I think that PCFB mode actually is
easier to implement properly, than it is to implement the combination of a
CBC cipher and a MAC. To some part because the application/"crypto engine"
in the latter case has to be able to tell encrypted plain text from MACs.
This shouldn't be such a big deal if both the client and the server are
based on the same crypto software, but if they're not that's just another
one of those tiny details that are prone to put you in trouble.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"David Wagner" <[EMAIL PROTECTED]> skrev i meddelandet
news:98harv$ff3$[EMAIL PROTECTED]...
> Henrick Hellstr�m wrote:
> >Anyway, we are not discussing the same thing.
>
> I thought we were discussing the merits of MAC's vs. error-propagating
> modes? Whether you use DLL's or not, checking somewhere that all messages
> are proper-authenticated seems to have inherent merits over not checking
> anywhere. I have yet to hear a good argument for implicit authentication
> (trusting the app to discard garbled messages) over explicit
authentication.
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Super strong crypto
Date: Mon, 12 Mar 2001 12:32:41 +0100
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> "Douglas A. Gwyn" wrote:
> >
> > Mok-Kong Shen wrote:
> > > I am afraid to define and qualtify 'propagation of
> > > information' is a task that is practically imfeasible in
> > > the rigorous sense (which a formal treatment requires),
> > > otherwise one could as well also decide whether a given
> > > bit source is perfectly random.
> >
> > I don't understand your reasoning at all.
>
> Sorry, I had a typo: 'qualify' should read 'quantify'. Is
> that clear to you now?
I jump in very late in this thread, so sorry if I got the sense in which
"information" is used here wrong again. I guess I've missed something,
because the answer is so obvious.
I think you can quantify propagation of information as boolean
functions. Consider first, the information conveyed by yes-no questions.
Bob: Was Peter at the British embassy yesterday at 15 PM?
Alice: Yes.
1 bit of "informational content" (probably the wrong term) has been
supplied by Alice. We now need a method to reduce any questions other
than yes-no questions to yes-no questions. I think it's possible to do
so, because there's a set of possible reasonably answers to any
question, and that set can often be considered finite. For example:
Bob: Who was at the British embassy yesterday at 15 PM?
Alice: Peter.
Suppose there are only 3 candidates {Peter, Steve, James} in question
for Bob. Then the question can be reduced to a finite set of yes-no
questions:
Bob: Was Peter at the British embassy yesterday at 15 PM?
Bob: Was Steve at the British embassy yesterday at 15 PM?
Bob: Was James at the British embassy yesterday at 15 PM?
The informational content provided by Alice answering "Peter" should be
3 bits *given the assumption of Bob that there are 3 candidates*.
Defining quantified informational content that way makes it dependant on
Bob's state of belief.
Some questions:
- Is it reasonable to assume that the sets of possible answers usually
are finite?
- When applied to questions in cryptograpy, is there a reliable method
of determining the set of possible answers?
- How do we compute the informational content provided by answers to
other types of questions?
- The sets of possible answers can be exclusive or non-exclusive (both
Peter and Steve may have been the embassy). How does this difference go
into the calculation of the informational content? (It seems the 3 bit
answer is for the non-exclusive case.) How about partly inclusive,
partly exclusive answers? How do we determine this property in practise?
- When based on a sign system, questions can have equivalent answers
that are relative to Bob's believe state (e.g. if Bob knows that "Peter"
IS "the guy with the strange hat", that description is an equivalent
answer). So we need additional assumptions about Bob's state of belief.
When applied to questions in cryptography, is there a way to find these
equivalence classes? If not, we cannot reliably calculate the
informational content provided, because the set of possible answers
might contain equivalent ones.
Just a few ideas, nothing particularly new I guess...
Regards
Erich
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 12:19:17 GMT
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Tell us now why OverWrite will not work.
> >
> > Reply to my reply of your OP.
> >
> > Tom
>
> Are you referring to your sarcastic ridiculing reply to my original
> post.
>
> I don't think such deserves a response.
Why I attack your suppose security claims. Back up your work man geez.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Mon, 12 Mar 2001 12:21:34 GMT
"Frodo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <toXq6.16407$[EMAIL PROTECTED]>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> >
> >
> > "Frodo" <[EMAIL PROTECTED]> wrote in
> message
> > news:[EMAIL PROTECTED]...
> > > In article <IrWq6.16068$[EMAIL PROTECTED]>
> > > "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > "Ryan M. McConahy" <[EMAIL PROTECTED]>
> wrote
> > > in message
> > > > news:3aac1d41$0$62147$[EMAIL PROTECTED]...
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > Actually, I was not asking for noise. I merely wanted an
> > > address. I
> > > > > knew that an electronic version was available. I am a
> > > teenager, and
> > > > > do not have much money, and would prefer it in an
> electronic
> > > version.
> > > >
> > > > Big deal? I got a job when I was 15 and bought my own
> copy.
> > > It's called
> > > > the "real world".
> > >
> > > Suit yourself.
> > >
> > > I got a copy from the posted URL.
> > >
> > > That's the real world, too.
> >
> > The url doesn't goto Applied Crypto. It goes to the US Field
> Manual....
>
> Applied Cryptography: Schneier
> http://134.155.63.117/quantico/TE/appliedcrypto.zip
>
> ...and thanks for asking.
Right. Trust me the book is easier to read since you don't have the stupid
ads and stuff around.
Tom
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: AIS
Date: Mon, 12 Mar 2001 12:53:26 GMT
On Mon, 12 Mar 2001 09:16:21 +0100, Soeren Gammelmark
<[EMAIL PROTECTED]> wrote, in part:
>I've heard about an algorithm called AIS (I think). Does anyone have any
>links to how it works?
Probably what you heard about is AES, the Advanced Encryption
Standard. Selected as that standard was the algorithm Rijndael. I
describe it on my web site, at:
http://home.ecn.ab.ca/~jsavard/crypto/co040801.htm
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Popularity of AES
Date: Mon, 12 Mar 2001 12:54:21 GMT
On Mon, 12 Mar 2001 09:33:29 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Does anyone know why AES is not
>on the list? Thanks.
Could be because the AES spec is not yet finalized and official, so
the best they could have done would be to put Rijndael on the list.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Noninvertible encryption
Date: Mon, 12 Mar 2001 15:06:05 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> "SCOTT19U.ZIP_GUY" wrote:
> > Who cares if its gibberish. You can say it was output from
> > a random number generator. If you give a key that works I think
> > its up to them to prove its false.
>
> I think it would be very easy to convince almost anyone that you
> didn't really go to all the trouble of encryption to secure gibberish.
Why not? Maybe it was intended to be used as an OTP.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Mon, 12 Mar 2001 08:10:06 -0600
Mok-Kong Shen wrote:
> PHT (I have never been able to know where the name
> comes from)
Psuedo-Hadmard Transform
------------------------------
From: "JCA" <[EMAIL PROTECTED]>
Subject: Re: Potential of machine translation techniques?
Date: Mon, 12 Mar 2001 06:50:38 -0800
In article <[EMAIL PROTECTED]>, "Mok-Kong Shen"
<[EMAIL PROTECTED]> wrote:
>
> Now that machine translation of natural languages has reached a fairly
> advanced state,
I guess the keyphrase here is "fairly advanced". Lacking as they do any
understanding of what they are translating, automatic translators do a
pitiful job when compared to a human.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: FIPS 140-2 PRG
Date: Mon, 12 Mar 2001 08:04:13 -0700
Benjamin Goldberg wrote:
<snip>
> If you run a filter on it so that any \r\n sequence is
> replaced with just a \n, and THEN run your tests, the
> problem should be fixed.
Well - but the data will still be wrong (if less so).
Any "real" \r\n sequences are now gone...
JM
------------------------------
From: Olivier Miakinen <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: An extremely difficult (possibly original) cryptogram
Date: Mon, 12 Mar 2001 15:47:18 +0100
Reply-To: [EMAIL PROTECTED]
Jared Karr wrote:
>
> Maybe you should post a shorter message in the same code. I don't think
> anybody wants to decode half a million characters by hand.
>
> JK
> "daniel mcgrath" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Tysoizbyjoxs, this may be the most complicated code anyone has ever
> > done!
> > 46567 20100 55156 10094 65145 75046 57645 59555 04266 79241
> > 36544 08141 85644 59210 07144 57510 08444 57646 75044 36945
[followed by half a million characters]
Was it *absolutely* necessary to quote the entire original message ?
[fu2]
--
Halte aux abus du mail : <http://marc.herbert.free.fr/mail/>
Mais aussi: <http://www.cict.fr/net/ErreursMel.html>
Au fait, merci de ne pas doubler par mail une r�ponse faite dans les
news, et evitez de m'envoyer des fichiers en formats propri�taires.
------------------------------
From: "Gustavo Brown" <alegus#QUIT_THIS#@adinet.com.uy>
Subject: Zero Knowledge Proof
Date: Mon, 12 Mar 2001 13:45:39 -0300
Reply-To: "Gustavo Brown" <alegus#QUIT_THIS#@adinet.com.uy>
This is a multi-part message in MIME format.
=======_NextPart_000_006A_01C0AAFA.B99F3AA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi:
Can you tell me where to find info about Zero Knowledge Proof, and =
its relationship with Cryptography.
What I need is some info concerning how Zero Knowledge Proof is used =
within Cryptosystems, etc
Thanks in Advance,
Gustavo Brown
=======_NextPart_000_006A_01C0AAFA.B99F3AA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Hi:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Can you tell me =
where to find=20
info about Zero Knowledge Proof, and its relationship with=20
Cryptography.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>What I need is some info concerning how =
Zero=20
Knowledge Proof is used within Cryptosystems, etc</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in Advance,</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2> =20
=
=20
Gustavo Brown</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV></BODY></HTML>
=======_NextPart_000_006A_01C0AAFA.B99F3AA0==
------------------------------
From: Randy Langer <[EMAIL PROTECTED]>
Subject: Exportable key lengs & Mush algorithm
Date: Mon, 12 Mar 2001 17:03:10 GMT
Two questions for the group:
1) What is tha actual key length restriction for export now? I've heard
every possible stoty on this now (40 bits, 56, 128, unlimited), and no
compelling reason to believe one over the others. Our application is
embedded crypto with no public crypto API (ie., our product is not a gen
purpose crypto product like PGP), used in OEM cores for dev by 3rd
parties (including extraterritorial) for mass-market consumer products.
2) What happened to DJ Wheeler's Mush algorithm, as covered in
Schneier's book? No peer review (or anything else) found in Google
search. Did it just fall off the radar screen? Insecure? Lack of
interest?
Thanks in advance.
Randy Langer
[EMAIL PROTECTED]
------------------------------
From: Neil Couture <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Zero Knowledge Proof
Date: Mon, 12 Mar 2001 17:33:12 GMT
this is a good book ( i just bought it a week ago )
O Goldreich
Modern Cryptography, Probabilistic Proof and Pseudo-Randomness
Springer.
you can look out a this url also::( all the lecture notes )
http://crypto.CS.McGill.CA/~crepeau/CS647/
Gustavo Brown wrote:
> Hi: Can you tell me where to find info about Zero Knowledge Proof,
> and its relationship with Cryptography. What I need is some info
> concerning how Zero Knowledge Proof is used within Cryptosystems,
> etc Thanks in Advance, Gustavo Brown
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 17:35:18 GMT
Mok-Kong Shen wrote:
> Benjamin Goldberg wrote:
> >
> [snip]
> > If I've got data on a floppy, and I want it securely erased, I copy the
> > stuff I want to save to a new floppy, and burn the old one. Floppies
> > are cheap. The cost of buying new floppies is lower than the security
> > risk of downloading binaries from your website.
>
> Removable media, since they are now all quite cheap, should
> be physically destroyed for preventing recovery. For hard
> disk drives there are firms specialized in recovering deleted
> data. According to posts in the group long back, overwriting
> a couple of times isn't secure.
Not a properly formed assertion. Not secure against whom? To protect what?
Overwriting a couple of times with random data may not remove all residual
information. However, it dramatically raises the cost of recovery and
reduces the quality of the product. It also reduces the population of
laboratories with the resources necessary to decode the remanence. "Nothing
useful can be said about the security of a mechanism except in the context of
a specific application and environment." --Robert H. Courtney
> I remember also reading a
> newspaper article saying that a firm succeeded to recover
> most of the informations stored on hard drives of a lab
> that were demaged by fire.
My disk doctor performs miracles and charges accordingly. How badly do you
want the data?
> M. K. Shen
William Hugh Murray, CISSP
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 18:44:23 +0100
William Hugh Murray wrote:
>
> Mok-Kong Shen wrote:
>
> > Benjamin Goldberg wrote:
> > >
> > [snip]
> > > If I've got data on a floppy, and I want it securely erased, I copy the
> > > stuff I want to save to a new floppy, and burn the old one. Floppies
> > > are cheap. The cost of buying new floppies is lower than the security
> > > risk of downloading binaries from your website.
> >
> > Removable media, since they are now all quite cheap, should
> > be physically destroyed for preventing recovery. For hard
> > disk drives there are firms specialized in recovering deleted
> > data. According to posts in the group long back, overwriting
> > a couple of times isn't secure.
>
> Not a properly formed assertion. Not secure against whom? To protect what?
> Overwriting a couple of times with random data may not remove all residual
> information. However, it dramatically raises the cost of recovery and
> reduces the quality of the product. It also reduces the population of
> laboratories with the resources necessary to decode the remanence. "Nothing
> useful can be said about the security of a mechanism except in the context of
> a specific application and environment." --Robert H. Courtney
Oh yes, you are right. To protect against the eyes of
my eight year old neffew, a simple del is certainly more
than sufficient.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Mon, 12 Mar 2001 18:44:30 +0100
"Joe H. Acker" wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > "Douglas A. Gwyn" wrote:
> > >
> > > Mok-Kong Shen wrote:
> > > > I am afraid to define and qualtify 'propagation of
> > > > information' is a task that is practically imfeasible in
> > > > the rigorous sense (which a formal treatment requires),
> > > > otherwise one could as well also decide whether a given
> > > > bit source is perfectly random.
> > >
> > > I don't understand your reasoning at all.
> >
> > Sorry, I had a typo: 'qualify' should read 'quantify'. Is
> > that clear to you now?
>
> I jump in very late in this thread, so sorry if I got the sense in which
> "information" is used here wrong again. I guess I've missed something,
> because the answer is so obvious.
>
> I think you can quantify propagation of information as boolean
> functions. Consider first, the information conveyed by yes-no questions.
>
> Bob: Was Peter at the British embassy yesterday at 15 PM?
> Alice: Yes.
>
> 1 bit of "informational content" (probably the wrong term) has been
> supplied by Alice. We now need a method to reduce any questions other
> than yes-no questions to yes-no questions. I think it's possible to do
> so, because there's a set of possible reasonably answers to any
> question, and that set can often be considered finite. For example:
>
> Bob: Who was at the British embassy yesterday at 15 PM?
> Alice: Peter.
>
> Suppose there are only 3 candidates {Peter, Steve, James} in question
> for Bob. Then the question can be reduced to a finite set of yes-no
> questions:
>
> Bob: Was Peter at the British embassy yesterday at 15 PM?
> Bob: Was Steve at the British embassy yesterday at 15 PM?
> Bob: Was James at the British embassy yesterday at 15 PM?
>
> The informational content provided by Alice answering "Peter" should be
> 3 bits *given the assumption of Bob that there are 3 candidates*.
> Defining quantified informational content that way makes it dependant on
> Bob's state of belief.
>
> Some questions:
>
> - Is it reasonable to assume that the sets of possible answers usually
> are finite?
>
> - When applied to questions in cryptograpy, is there a reliable method
> of determining the set of possible answers?
>
> - How do we compute the informational content provided by answers to
> other types of questions?
>
> - The sets of possible answers can be exclusive or non-exclusive (both
> Peter and Steve may have been the embassy). How does this difference go
> into the calculation of the informational content? (It seems the 3 bit
> answer is for the non-exclusive case.) How about partly inclusive,
> partly exclusive answers? How do we determine this property in practise?
>
> - When based on a sign system, questions can have equivalent answers
> that are relative to Bob's believe state (e.g. if Bob knows that "Peter"
> IS "the guy with the strange hat", that description is an equivalent
> answer). So we need additional assumptions about Bob's state of belief.
> When applied to questions in cryptography, is there a way to find these
> equivalence classes? If not, we cannot reliably calculate the
> informational content provided, because the set of possible answers
> might contain equivalent ones.
My point is essentially the following: If one can define and
quantify 'propagation of information' (rigorously), then
one must be able to measure the information content in
an arbitrarily given bit sequence in exact terms. If one
could do that, then one could also decide whether a given
bit source is perfectly random, for in case of perfect
randomness the information content of that source must be
exactly zero. Now the question is whether one could have
such a rigorous measure in practice. My guess is no.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Zero Knowledge Proof
Date: Mon, 12 Mar 2001 18:44:41 +0100
> Gustavo Brown wrote:
>
> Can you tell me where to find info about Zero Knowledge Proof, and
> its relationship with Cryptography.
The stereotype answer is to look into textbooks, e.g. that
of Schneier.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Mon, 12 Mar 2001 18:44:37 +0100
Doug Kuhlman wrote:
>
> Mok-Kong Shen wrote:
> > PHT (I have never been able to know where the name
> > comes from)
>
> Psuedo-Hadmard Transform
I know PHT is shorthand for that. But why Hadamard and
why pseudo?
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
