Cryptography-Digest Digest #63, Volume #14 Mon, 2 Apr 01 18:13:01 EDT
Contents:
Re: Data dependent arcfour via sbox feedback (Terry Ritter)
Re: Is this a solution to the PGP flaw (lcs Mixmaster Remailer)
Re: Is this a solution to the PGP flaw (Lutz Donnerhacke)
Re: Idea - (LONG) (Mok-Kong Shen)
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
Re: Data dependent arcfour via sbox feedback (Ken Savage)
Re: GCHQ turned me away...(we didn't think they understood) (Mok-Kong Shen)
Begging .. "kerjays" increased in Helsinki ..just an example of how bad the
situation is in Finland ...this is as the result of the end of the Cold War ...
Finland is one huge loser ... and ([EMAIL PROTECTED])
accepted papers at CHES 2001 (Christof Paar)
Re: GCHQ turned me away...(we didn't think they understood) (Frank Gerlach)
Re: AES VS. DES ("Latyr Jean-Luc FAYE")
Re: Data dependent arcfour via sbox feedback (David Wagner)
Re: conferences? (David Wagner)
Re: keys and random (Gregory G Rose)
Re: Data dependent arcfour via sbox feedback (Gregory G Rose)
Crypto + Group Theory + Python (computer language) (Kirby Urner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 02 Apr 2001 19:19:35 GMT
On Mon, 02 Apr 2001 09:38:19 GMT, in <fMXx6.1$iy4.26@interramp>, in
sci.crypt "nospam"@"nonsuch.org" ("Bryan Olson") wrote:
>Terry Ritter wrote:
>>
>>Bryan Olson wrote:
>>
>>>In article <[EMAIL PROTECTED]>, Terry Ritter wrote:
>>>>[...]
>>>>However, the Dynamic Substitution claims do not require encryption by
>>>>substitution.
>>>
>>>All the claims on encryption methods require two data
>>>sources, the first of which is transformed by substitution
>>>to form the output or substitute values.
>>
>>OK, that's it. I can't make you read; or having read, understand; or
>>having understood, accurately represent the facts.
>
>And yet I have.
I can't say whether you have read it or not. But I can certainly say
whether you have understood, which you have not.
>[...]
>>So the claim that: "RC4 and the proposed modification do not encrypt
>>by substitution of the data characters; that's what makes Ritter's
>>patent inapplicable," is laughably ridiculous and clearly false to
>>anyone willing to actually read and understand the patent. We can be
>>sure that a court would be so willing.
>
>You also have to read and understand RC4 and the proposed
>modification.
Absolutely not; that is completely wrong.
Each patent claim is interpreted on its own -- perhaps by using the
body text of that patent to interpret particular words or phrases --
but definitely independent of any other patent or development.
Interpreting a design for infringement with respect to any patent
basically involves matching the words and phrases of the claim to the
design. If all of some claim does match, infringement is indicated.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Date: 2 Apr 2001 19:20:01 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: Is this a solution to the PGP flaw
Here is another variant on the attack which will still work even if
the recommended mathematical checks are done. However it leaks only a
small amount of information about the secret key.
We have g^q = 1 mod p; g^x = y mod p; q | (p-1), etc. Now suppose an
attacker wants to learn if x is even or odd.
He can toggle the low order bit of x by xoring into the ciphertext.
As is well known, in CFB mode, such an xor goes through to the
plaintext at the cost of disturbing the following block of plaintext.
(CBC has similar properties, but with the roles of the two plaintext
blocks reversed.)
Toggling the low order bit of x will either increment it or decrement
it, depending on whether x is even or odd. This will cause y to be
either multiplied by g, or divided by g.
The attacker makes a guess about x being even or odd, toggles the bit
and adjusts y accordingly. (He also has to adjust the checksum, which
he can do with 50% success.) The resulting key is perfectly
consistent mathematically, if his guess was correct.
Then he sees if the user is able to use the key, or if he gets an
error. If there is no error, the attacker knows he guessed right
about the low bit of x.
In some circumstances it may be possible for the attack to be mounted
repeatedly and gradually learn more bits. For example, if the attack
is possible because the key is stored on a network file system, as Dr.
Klima proposes, the user may re-run PGP repeatedly when he gets an
error, thinking he is typing his passphrase wrong. In some
configurations this will re-fetch the secret key ring each time, and
the attacker can modify a different bit of x each time. He can learn
almost 128 bits of x in the best case. With this advantage, brute
forcing the remaining bits of x may be possible.
------------------------------
From: [EMAIL PROTECTED] (Lutz Donnerhacke)
Subject: Re: Is this a solution to the PGP flaw
Date: 2 Apr 2001 19:32:44 GMT
* lcs Mixmaster Remailer wrote:
>Here is another variant on the attack which will still work even if
>the recommended mathematical checks are done. However it leaks only a
>small amount of information about the secret key.
Thanx, but I talked about RSA only. My knowledge about DSA is very limited.
>We have g^q = 1 mod p; g^x = y mod p; q | (p-1), etc. Now suppose an
>attacker wants to learn if x is even or odd.
DSA does not contain enough information in the secret part to rebuild the
public data. So only a check after signing test may reveal your modification.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Mon, 02 Apr 2001 22:06:05 +0200
Steve Portly wrote:
>
> In situations where an algorithm is to be used to encrypt both 7 and 8 bit
> content it is easier to code for the 8 bit content even if it is overkill for
> the 7 bit. Such an algorithm might use a preliminary round to evenly disperse
> however many bits of stuff to be encrypted into the 8 bit channel width. Its
> sort of like making pizza or taco shells you roll out the dough before you
> fold and pound it.
I am not sure that we are addressing a common point. My
view is that, in cases there is some possibility that the
opponent doesn't know certain particular patterns in
plaintexts or the like, there is a sense to encrypt as if
these were unknown to him. Further, for block ciphers,
CBC serves to eliminate patterns to some extent, if I
don't err.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 02 Apr 2001 22:12:11 +0200
Terry Ritter wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >>
> >
> >> I claim as my invention:
> >>
> >> 1. A mechanism for combining a first data source and a second data
> >> source into result data, including:
> >>
> >> (a) substitution means for translating values from said first
> >> data source into said result data or substitute values, and
> >>
> >> (b) change means, at least responsive to some aspect of said
> >> second data source, for permuting or re-arranging a plurality of the
> >> translations or substitute values within said substitution means,
> >> potentially after every substitution operation.
> >> "
> >>
> >> Notice the absence of the term "encryption method." All that is
> >> necessary for this patent to apply is that the stated things exist in
> >> the relationship described in at least one claim. And it doesn't
> >> matter how much other stuff is around.
> >>
> >> This is a "mechanism" -- a machine claim. The patent covers the
> >> described machine, wherever it exists, as hardware or software or any
> >> other implementation technology. That is quite similar to many other
> >> patents for digital logic systems.
> >
> >The problem with at least non-professinals of patents is,
> >I believe, that such a claim like the above is so general
> >that it appears to cover even stuffs like DES. Could
> >someone explain why DES is NOT covered by that claim?
> >Thanks.
>
> When we check for patent infringement, we don't look at the whole
> description and then just somehow form an impression one way or the
> other. Instead, we try to match the specific words of each
> requirement, phrase by phrase, with the design being checked, e.g.,
> "Does this fit? Does this fit," and so on.
>
> Suppose we start checking whether DES infringes Dynamic Substitution
> by finding a "substitution means" in DES: Well, we might say that
> corresponds to an s-box. So there is a "substitution means," so far
> so good. Now we need to show that the entries in said "substitution
> means" are "permuted or re-arranged." But nothing like that happens.
> Which means this particular interpretation of DES does not "read on"
> that claim, and so does not infringe that claim.
>
> Now, is there any other sort of "substitution means" in DES? Not that
> I see. Is there any "substitution means" in which the entries are
> permuted? I don't think so.
>
> The requirements in a patent claim are not abstract theoretical
> concepts. In a machine claim, the invention consists of actual
> realizations for the specified entities. To check for infringement,
> we try to find each requirement and check it off, one by one.
Substitution could be understood quite broadly. DES
substitutes an entire block of input to a block of output,
in principle analogous to a classical polyalphabetical
cipher that substitutes a character of plaintext to a
character of ciphertext. Via CBC etc. we have sort
of feedback originated from the plaintexts, which is
something that is not static in my humble view. So DES
appears to have violated the patent claims.
M. K. Shen
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 02 Apr 2001 20:23:08 GMT
Terry Ritter wrote:
> It is the permutation of the S-box by two quantities which is the
> problem. The patent does not require that one of the quantities be
> based on plaintext or ciphertext.
Thus does plain-jane RC4 violate the patent?
What if I did this:
struct rc4stuff
{
uint16 z;
char *sbox;
}
rc4( ... )
{
info->z += 0x0100;
info->z = (info->z & 0xff00) + info[sbox[info->z >> 8] + (info->z &
255)];
swap( sbox[info->z >> 8], sbox[info->z & 255] );
data[i] ^= ...
}
Any permutation (swap), is inherently going to be based on two
quantities. Swap the first with the second. From a coding
perspective though, I'm sure that swap( s[x], s[y] ), where x
and y are two separate variables, would fall into the broader
definition "two quantities". The above code only swaps two
elements (like all swaps do!!) based on (variations of) one
quantity, z.
It certainly accomplishes the same end result.
I understand people wanting to protect their intellectual property
(I work in that industry) -- but taking out broadly stroked
patents on obvious techniques is not protection. It's more of a
nuisance, often times foiled by clever trickery.
Ken
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GCHQ turned me away...(we didn't think they understood)
Date: Mon, 02 Apr 2001 22:52:08 +0200
Keill Randor wrote:
>
[snip]
> As I said, it was a test - and they FAILED.........
What happened actually? They ignored it (kept silent),
said something not very helpful/meaningful, banned it,
or what?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.2600,alt.security,comp.security
Subject: Begging .. "kerjays" increased in Helsinki ..just an example of how bad the
situation is in Finland ...this is as the result of the end of the Cold War ...
Finland is one huge loser ... and
Date: 2 Apr 2001 15:56:06 GMT
And Finnish military, General Hagglund, Tarja Halonen, Paavo Lipponen, Erkki
Liikanen, Esko Aho ... are just implementing processes to make Finland to
lose more ... and to lose the independency of Finland ...
There was no begging "kerjaysta" in Finland when I was in Finland in 1980s
...
�
Kerj�ys lis��ntynyt Helsingiss�
HELSINKI. Helsingiss� kerj�t��n nykyisin enemm�n kuin aikaisemmin. Vanhempi
konstaapeli Matti Rintam�ki rautatieaseman poliisista arvioi, ett� ilmi� on
yleistynyt viimeisten nelj�n viiden vuoden aikana.
Vakiokerj��ji� liikkuu Asematunnelissa ja
http://www.helsinginsanomat.fi/tuoreet/juttu.asp?id=20010402OL43&pvm=20010402
Perkele... asiat ovat helvetin huonosti ... saatana .....
Markku from Miami�
P.S. This is not the Finland I wanted Finland to be .... saatana ....
P.S. Authorization to remove from power any people in the government of
Finland who is supporting the process of joining the NATO is given ... any
person ....
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Christof Paar <[EMAIL PROTECTED]>
Crossposted-To: comp.arch.arithmetic,comp.arch.fpga
Subject: accepted papers at CHES 2001
Date: Mon, 2 Apr 2001 17:01:38 -0400
Workshop on Cryptographic Hardware and Embedded Systems
Espace Saint Martin, Paris, France, May 13-16, 2001
http://www.chesworkshop.org
for registration information, check CHES web site above
=======================================================
INVITED SPEAKERS
Ross Anderson, University of Cambridge, U.K.
Protecting Embedded Systems - the Next Ten Years.
Adi Shamir, Weizmann Institute, Israel.
TBA
=======================================================
LIST OF ACCEPTED PAPERS FOR CHES 2001
(contributions are ordered by date submitted)
Leone Manuel.
A new low complexity fast parallel multiplier for a
class of finite fields.
Pierre-Yvan Liardet and Nigel Smart.
Preventing SPA/DPA in ECC systems using the Jacobi form.
Mike Bond.
Attacks on cryptoprocessor transaction sets.
Louis Goubin.
A sound method for switching between boolean and
arithmetic masking.
Helena Handschuh and Christophe Tymen.
Fast primitives for internal data scrambling in tamper
resistant hardware.
Marc Joye and Christophe Tymen.
Protections against differential analysis for elliptic
curve cryptography: An algebraic approach.
Adam Young and Moti Yung.
Bandwidth-optimal kleptographic attacks.
Nigel Smart.
The Hessian form of an elliptic curve.
Mehdi-Laurent Akkar and Christophe Giraud.
An implementation of DES and AES, secure against some
attacks.
Palash Sarkar and Subhamoy Maitra.
Efficient implementation of large stream cipher systems.
Karine Gandolfi, Christophe Mourtel, and Francis Olivier.
Electromagnetic analysis: Concrete results
Ocean Cheung, K. H. Tsoi, Philip Leong, and Norris Leong.
Tradeoffs in parallel and serial implementations of the
International Data Encryption Algorithm IDEA.
Thomas Pornin.
Transparent harddisk encryption.
Erkay Savas, Tom Schmidt, and Cetin K. Koc.
Generating elliptic curves of known order.
Hanae Nozaki, Masahiko Motoyama, Atsushi Shimbo, and
Shinichi Kawamura.
Implementation of RSA Algorithm based on RNS Montgomery
Multiplication.
Colin Walter.
Sliding windows succumbs to big mac attack.
Manfred Aigner and Elisabeth Oswald.
Randomized addition-subtraction chains as a countermeasure
against power attacks.
Maire McLoone and J. V. McCanny.
High performance single-chip FPGA Rijndael algorithm
implementations.
Katsuyuki Okeya and Kouichi Sakurai.
Efficient elliptic curve cryptosystems from a scalar
multiplication algorithm with recovering y-coordinate
on the Montgomery-form.
D. May, H. L. Muller, and Nigel Smart.
Random register renaming to foil DPA.
Viktor Fischer and Milos Drutarovsky.
Two methods of Rijndael implementation in reconfigurable
Hardware.
Christophe Clavier and Marc Joye.
Universal exponentiation algorithm: A first step towards
provable SPA-resistance.
Pradeep Dubey, Vijay Kumar, Atri Rudra, Charanjit Jutla,
Josyula R. Rao, and Pankaj Rohatgi.
Efficient implementations of Galois field arithmetic.
Henry Kuo and Ingrid Verbauwhede.
Architectural optimization for a 3Gbits/sec VLSI
Implementation of the AES Rijndael algorithm.
Nick Howgrave-Graham, Joan Dyer, and Rosario Gennaro.
Pseudo-random number generation on the IBM 4758 secure
crypto coprocessor.
Johann Groszschaedl.
A bit-serial unified multiplier architecture for finite
fields GF(p) and GF(2^m).
Gerardo Orlando and Christof Paar.
A scalable GF(p) elliptic curve processor architecture
for programmable hardware.
Marc Joye and Jean-Jacques Quisquater.
Hessian elliptic curves and side-channel attacks.
Werner Schindler.
Efficient online tests for true random number generators.
Alexandre F. Tenca, Georgi Todorov, and Cetin K. Koc.
High-radix design of a scalable modular multiplier.
Daniel V. Bailey, Daniel Coffin, Adam Elbirt,
Joseph H. Silverman, and Adam D. Woodbury.
NTRU in Constrained Devices.
=======================================================
Workshop on Cryptographic Hardware and Embedded Systems
Web: http://www.chesworkshop.org
E-Mail: [EMAIL PROTECTED]
Program Chairs: Cetin Kaya Koc <[EMAIL PROTECTED]>
David Naccache <[EMAIL PROTECTED]>
Christof Paar <[EMAIL PROTECTED]>
=======================================================
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: GCHQ turned me away...(we didn't think they understood)
Date: Mon, 02 Apr 2001 23:25:22 +0200
Mok-Kong Shen wrote:
> Keill Randor wrote:
> >
> [snip]
> > As I said, it was a test - and they FAILED.........
>
> What happened actually? They ignored it (kept silent),
> said something not very helpful/meaningful, banned it,
> or what?
>
> M. K. Shen
I guess they just did what they do three times a week :-)
------------------------------
From: "Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]>
Subject: Re: AES VS. DES
Date: Mon, 2 Apr 2001 22:27:54 +0100
> >The first time, I got a nice answer of someone on the NG with a link to
his
> >page about AES and I learnt lot of stuff.
>
> Was that me?
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
YES It was !
Thanks for your site and its quality.
Regards
Latyr
---
Latyr Jean-Luc FAYE
http://faye.cjb.net
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Data dependent arcfour via sbox feedback
Date: 2 Apr 2001 21:38:55 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
John Savard wrote:
>Of course, with an enormous (2^32 blocks, birthday paradox) amount of
>known plaintext, [...]
2^32 blocks is not enormous. (If it were, we wouldn't need an AES.)
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: conferences?
Date: 2 Apr 2001 21:41:34 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Paul Rubin wrote:
>Working well on very small processors is one of the few reasons I can
>think of to bother designing yet another 64 bit block cipher. There
>aren't very many good ones out there.
Yeah. Another might be very low gate-count / very low power.
(e.g., same order of magnitude as A5/1 -- and that's not an easy task!)
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: keys and random
Date: 2 Apr 2001 14:51:59 -0700
Still not quite right.
In article <[EMAIL PROTECTED]>,
Brian D Jonas <[EMAIL PROTECTED]> wrote:
> I want to thank those that answered my original post concerning
>diffie hellman key exchange. The site I got my info from was a bit
>confusing. So hardcoding the 2 in a=2^x mod p is a-ok. Hardcoding the
>prime p is a bad idea. x is the random number of size less than p, but IS
>NOT prime. a and p are sent to the receiver. Receiver calcs a1=2^x1 mod p.
1. The only known disadvantage to hardcoding
(standardising) P is that it makes a single large target
for people to work on. IPsec standardises P for
example.
2. You want 2 to be a generator of the order-q
(p=2*q+1) subgroup, or choose a different p or g.
3. P doesn't have to be Sophie-Germaine, so long
as it has a large (about 160 bits or more) prime
factor. Then you want g to generate the subgroup
of that order.
4. x is a member of a (sub-)group, and as such
there is no applicable concept of "prime".
5. (I could easily be wrong but) I thought a
Sophie Germaine prime was q, not p, in the above.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: Data dependent arcfour via sbox feedback
Date: 2 Apr 2001 14:56:37 -0700
In article <9aarhf$si8$[EMAIL PROTECTED]>,
David Wagner <[EMAIL PROTECTED]> wrote:
<John Savard wrote:
<>Of course, with an enormous (2^32 blocks, birthday paradox) amount of
<>known plaintext, [...]
<
<2^32 blocks is not enormous. (If it were, we wouldn't need an AES.)
Correct. I point out to people that it's just over
a minute for a gigabit router...
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: Kirby Urner <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.python
Subject: Crypto + Group Theory + Python (computer language)
Reply-To: [EMAIL PROTECTED]
Date: Mon, 02 Apr 2001 15:07:58 -0700
An introductory 4-part essay beginning at:
http://www.inetarena.com/~pdx4d/ocn/crypto0.html
This essay provides a fairly standard slice through crypto
+ group theory, at an introductory level, with the added
benefit of working Python source code providing an interactive
command line experience (once you have Python set up on your
own computer that is -- it's not interactive over the web).
The approach is to start with simple letter substitions, in
order to introduce cyclic notation for permutations (also
presented as substitution dictionaries). This thread is
developed to where we get an Enigma-style encryption machine
(in software of course) by Part 4.
I also get into residue classes as a good alternative example
of a group, and touch on fields and rings briefly (including
Galois fields). This thread is developed into a presentation
of the RSA algorithm (in simple form, minus any worries about
block chaining etc.).
Any feedback welcome. The main point of the paper is to show
how a computer language like Python has gotten us to the point
of being able to teach/learn/explore these concepts without to
much noise/static coming from the language itself.
We get an object-oriented paradigm to the extent we need it
(the ciphers.py module is also procedural), plus we get access
to the big numbers (e.g. those 100 digit probable primes).
And finally, Python provides the ability to override primitive
operators (e.g. *), which helps simplify the command line
syntax and make it look pretty much like regular text book
math (except, unlike math typography, it also executes).
Example:
******************** Permutations
>>> p1 = P()
>>> p2 = P()
>>> p1
Permutation: [('X', 'S', 'I', 'B', 'H', 'A', 'P', 'Q', 'N', 'C'),
('V', 'E', 'F', 'K', 'L', 'U', 'J'), ('T', 'O', 'D'), ('R', 'G', 'M')]
>>> p2
Permutation: [('Z', 'B', 'H', 'G', 'Q', 'K'), ('X', 'Y', 'D', 'L', 'W',
'O', 'S', 'J', 'C', 'T', 'M', 'A', 'P', 'N', 'R', 'U'), ('V', 'F')]
>>> p1*p2
Permutation: [('Z', 'B', 'G', 'A', 'N', 'T', 'S', 'I', 'H', 'P', 'K',
'W', 'O', 'L', 'X', 'J', 'F'), ('Y', 'D', 'M', 'U', 'C'), ('V', 'E'),
('R', 'Q')]
>>>
******************** Residue Classes
>>> r19 = Rgroup(19) # integers 0<n<19 relatively prime to 19
>>> r19.table() # multiplication table a*b = (a*b) mod 19
* 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
----------------------------------------------------------
1| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
2| 2 4 6 8 10 12 14 16 18 1 3 5 7 9 11 13 15 17
3| 3 6 9 12 15 18 2 5 8 11 14 17 1 4 7 10 13 16
4| 4 8 12 16 1 5 9 13 17 2 6 10 14 18 3 7 11 15
5| 5 10 15 1 6 11 16 2 7 12 17 3 8 13 18 4 9 14
6| 6 12 18 5 11 17 4 10 16 3 9 15 2 8 14 1 7 13
7| 7 14 2 9 16 4 11 18 6 13 1 8 15 3 10 17 5 12
8| 8 16 5 13 2 10 18 7 15 4 12 1 9 17 6 14 3 11
9| 9 18 8 17 7 16 6 15 5 14 4 13 3 12 2 11 1 10
10| 10 1 11 2 12 3 13 4 14 5 15 6 16 7 17 8 18 9
11| 11 3 14 6 17 9 1 12 4 15 7 18 10 2 13 5 16 8
12| 12 5 17 10 3 15 8 1 13 6 18 11 4 16 9 2 14 7
13| 13 7 1 14 8 2 15 9 3 16 10 4 17 11 5 18 12 6
14| 14 9 4 18 13 8 3 17 12 7 2 16 11 6 1 15 10 5
15| 15 11 7 3 18 14 10 6 2 17 13 9 5 1 16 12 8 4
16| 16 13 10 7 4 1 17 14 11 8 5 2 18 15 12 9 6 3
17| 17 15 13 11 9 7 5 3 1 18 16 14 12 10 8 6 4 2
18| 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
>>> r19.powers() # successive powers of the elements
** 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
-------------------------------------------------------------
1| 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
2| 1 2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
3| 1 3 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 1
4| 1 4 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 1
5| 1 5 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 1
6| 1 6 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 1
7| 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1
8| 1 8 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 1
9| 1 9 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 1
10| 1 10 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 1
11| 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1
12| 1 12 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 1
13| 1 13 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 1
14| 1 14 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 1
15| 1 15 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 1
16| 1 16 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 1
17| 1 17 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 1
18| 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1
Note: generators 2,3,10,13,14,15; alignment of 1s on phi(19)=18.
******************** Enigma
>>> enigma = Enigma((P(),P(),P()))
>>> enigma
Enigma-class object: rotors of order [70, 25, 28]
>>> c = enigma.encrypt("The quick brown fox jumped over the lazy dog")
>>> c
'CUJ IDQCP DWNWO RHL EORPVM JKKZ FRV MUNU DQK'
>>> enigma.reset()
>>> enigma.decrypt(c)
'THE QUICK BROWN FOX JUMPED OVER THE LAZY DOG'
******************** RSA
>>> n,d = rsasetup()
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.174154779666 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.105195360298 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.122132452772 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.0577088117498 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.0670225783215 seconds
OK!
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.16886974304 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.21835934226 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.150248076567 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.20220084145 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.13931678372 seconds
Working...
Percent chance of being prime: 99.9999999999
Elapsed time: 0.0668842923951 seconds
OK!
>>> n
6791173138720358549442154196955776087284943351022541074
90752646923705763811166100361667415958202764041289309L
>>> c = rsaencrypt("Able was I ere I saw Elba",n)
>>> c
26224534259193152535566751829861677229300074664466780250
5662323822190595176483491971842171889130264573428281L
>>> rsadecrypt(c,d,n)
'Able was I ere I saw Elba'
Kirby
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
