Cryptography-Digest Digest #69, Volume #14 Tue, 3 Apr 01 18:13:00 EDT
Contents:
Re: Data dependent arcfour via sbox feedback (Terry Ritter)
Re: Idea - (LONG) ("Douglas A. Gwyn")
Re: GCHQ turned me away...(we didn't think they understood) - Off Topic ("Douglas A.
Gwyn")
Re: GCHQ turned me away...(we didn't think they understood) ("Douglas A. Gwyn")
Re: Dynamic Substitution infringement? (Terry Ritter)
Re: A group ? ("Douglas A. Gwyn")
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
patent this and patent that ("Tom St Denis")
Re: Idea - (LONG) (Mok-Kong Shen)
Re: Royalty free use of Mars ("M.S. Bob")
Re: GCHQ turned me away...(we didn't think they understood) (John Savard)
Re: Chosen Plain Text Attacks in DES ("karl malbrain")
Re: DES C Source Code ("M.S. Bob")
Re: GCHQ turned me away...(we didn't think they understood) (Mok-Kong Shen)
Re: Royalty free use of Mars (Mok-Kong Shen)
Re: Newbie wants to shuffle... ("Frog2000")
Re: patent this and patent that (Mok-Kong Shen)
decomposition of a binary function ("Tom St Denis")
Re: patent this and patent that ("Tom St Denis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Data dependent arcfour via sbox feedback
Date: Tue, 03 Apr 2001 18:10:09 GMT
On Tue, 03 Apr 2001 10:05:32 +0200, in
<[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>>
>
>> I can't make anyone understand anything they don't want to. There is
>> a substantial body of expertise needed to deeply understand patent
>> claims, but many books and articles do discuss it, so you don't have
>> to depend upon me. Patents are not necessarily logical, except in the
>> details of patent law which you obviously do not understand. But,
>> with study, an ordinary person can begin to understand the legal
>> issues involved, although that means doing more than just arguing for
>> the way you think things ought to be.
>>
>> As the sole inventor of several fundamental cryptographic
>> technologies, I have had considerable experience with patents, but
>> that still does not make me in any way an expert in patent law.
>> Nevertheless, if you want to learn from the inventor himiself, you
>> will have to accept what I say, and work at understanding that, or
>> look into actual patent literature to correct errors I may have made.
>> I have not been keeping up with changes, so some things may be
>> different than they were.
>>
>> But, if -- as I suspect -- you just want to dispute, and complain
>> about the unfairness of it all, either go away uninformed, or else
>> find somebody who has time to waste.
>>
>> The concept of "substitution" is discussed throughout the patent, for
>> example:
>>
>> * "A substitution or inverse substitution would typically
>> be implemented as >>>addressable storage<<<, and realized with an
>> electronic memory device, or an addressable area of memory hardware in
>> an electronic digital computer or microprocessor."
>>
>> * "Substitution 12 can then be shuffled or randomized in any number of
>> ways; as long as the values in the >>>table<<< are simply re-arranged
>> or permuted, substitution 12 will remain invertible."
>>
>> * "Each plaintext character value selects an element in a
>> substitution >>>table<<< . . . ."
>>
>> A table is a form of computation, but hardly an ambiguous concept.
>
>Your statement that patents are not necessarily logical
>simply shows the fact that the patent office employees
>don't do their jobs properly.
On the contrary, the logic of the system escapes you because you don't
have the background to grasp it. I can personally attest that moving
from a scientific or technical background, where things are inherently
related by nature, to a legal environment, where some things "just
are," can be an astonishing experience. Tiny, easily-missed wordings
in the law can and do become the basis for major parts sections of the
system.
>That a patent holder can't
>clearly explain why his patent doesn't conflict with prior
>art,
I guess that would depend on your meaning of "clearly." I have
explained, and it was clear to me. Perhaps the patent is not the
problem. Perhaps I am not the problem.
>while the very generally formulated claims of his
>patent (unfortunately let through apparently without
>thought by the patent office employees) clearly shows it
>is, is extremely remarkable. Simply refering me to books
>and others is in my view an indication that you yourself
>don't fully know what your patent actually IS.
Referring you to books is to demand something from you. It is easy to
be some sort of wind-up parrot, where you repeat nonsense over and
over again, never learning reality, but instead always insisting that
you can decide about what you have no background to understand. We
see that all the time when newbies post on sci.crypt, but in most
cases they know they are newbies. If you want to know why the patent
system is the way it is (or even just what it is), you have to study
it. Why should that be a surprise?
>Like
>Hitachi's rotation patent, such stuffs are in my humble
>view against what the patent laws are principally intended
>for.
But no backround means no sense.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 3 Apr 2001 17:59:59 GMT
Mok-Kong Shen wrote:
> I pointed out that Gwyn was 'arguing about words'.
But I wasn't. You said that Shannon said that an r-bit key could
not be used to encrypt more than r bits of plaintext with absolute
secrecy, and I pointed out that that is wrong. Shannon didn't say
that (to the best of my recollection) and would have been mistaken
if he had said that. Counterexamples have already been posted.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: GCHQ turned me away...(we didn't think they understood) - Off Topic
Date: Tue, 3 Apr 2001 18:02:25 GMT
"John A. Malley" wrote:
> Intuitive or "folk" physics and mathematics (especially naive concepts
> of probability) prior to education trip people up in simple hands-on
> experiments. These experiments hint at basic cognitive processing we all
> share. It's hypothesized these intuitive concepts of physics and
> mathematics improved our survivability as a species, but, these
> intuitions are not strictly mathematically or physically correct.
The sad thing is that 12 years of compulsory education (in the US
at any rate) don't seem to convey even such basic knowledge to the
victims.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: GCHQ turned me away...(we didn't think they understood)
Date: Tue, 3 Apr 2001 18:04:48 GMT
newbie wrote:
> Mister Mok-Kong Shen,
> Read this article :
> http://www.isi.ee.ethz.ch/publications/massey_cd/pdf/BI316.pdf
> It was written in 1990.
So what is your point?
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Dynamic Substitution infringement?
Date: Tue, 03 Apr 2001 18:36:51 GMT
On Tue, 03 Apr 2001 07:50:23 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt Benjamin Goldberg
<[EMAIL PROTECTED]> wrote:
>In a recent [still active] thread about an RC4 variant, there was some
>discussion about what kinds of things infringe on Terry Ritter's patent.
>
>I would like some comments on what people believe should be covered by
>the patent, and what shouldn't.
"What people believe should be covered" is irrelevant. This is not up
for vote. The patent is what it is, whether "people believe it should
be" or not.
It doesn't take a rocket scientist to match the wording of the claims
with a proposed design, so wringing your hands about whether does or
does not infringe seems a bit sad. If you are looking for clear
distinctions in a legal system, you would be well-advised to not try
to get as close to the edge as you possibly can.
>Also, I would like to see some
>suggestions on what might be the simplest infringing cipher or cipher
>component.
>
>Here's one suggestion:
>
>byte mix2(byte x, byte y) {
Two inputs, one output, fine.
> static bool state = 0;
> byte output;
> output = state ? (x+y) : (x^y);
> state ^= output & 1;
> return output;
But without a look-up table, and with no permutation of elements in
that table, it is certainly not the classic Dynamic Substitution
scheme.
That said, the more we get into that sort of thing, the more it
becomes a legal argument rather than a technical argument. I suppose
there might be some sort of construction where a table is represented
as individual computations specifically in an attempt to get around
the patent, and that could be a problem.
It is easy to get around the Dynamic Substitution patent: Just don't
do the patented thing. Use XOR. Use substitution tables without
changing their internal contents. The closer one comes to doing the
protected thing in some sneaky way to get away with it, the more one
is going to have a legal ambiguity about the result. What a surprise.
>}
>
>Does this infringe on the Dyn Sub patent?
I don't see that it "reads" on Dyn Sub.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: A group ?
Date: Tue, 3 Apr 2001 18:07:55 GMT
Jack Lindso wrote:
> Hey, to all I'm just starting to learn cryptology and i've gotten to the
> need of
> finding out :
> if we know that F(P,K1)==>C1
> and F(C1,K2)==>C2 {C1!=C2}
> then can we find K3 such that F(P,K3)=C2
So what do you want us to do? The answer is, it depends on F.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Tue, 03 Apr 2001 22:01:08 +0200
John Savard wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >Further, as I pointed out in another follow-up, many
> >schemes in Chap. 16 and 17 of Schneier's AC combine two
> >or more pseudo-random streams, i.e. two (or more) confusion
> >sources, to produce a stream that is presumably stronger.
> >i.e. a more-complex confusion result. Are these not in
> >clear and unambiguious conflict with the patent?
>
> Dynamic Substitution is a _particular way_ of combining two streams.
> XORing them together does not conflict with his patent.
It is to be noted that xor is also a substitution and,
if one utilizes feed back, then the substituion is
'dynamic'. As I noted elsewhere, any block cipher is
substitution (of the block) and that CBC etc. introduces
'dynamics' in them, there being feedback. Further, a
classical polyalphabetical substitution effects a
combination of the key stream and the plaintext stream.
If one employs auto-key with such substitution one again
has 'dynamics'. Anyway, the extremely general formualtion
in the patent of combining two streams to generate a more
complicated stream has certainly at least the problem of
confounding the readers. If the patent specifies a very
particular encryption that is really new, then there is
nothing against the patenting. But then the formulation
of the patent should also be correspondingly special and
not use such general terms as we have seen in previous
posts. Note that the patent holder doesn't seem to be
considering that his patent is about a very special scheme
at all. In fact in a number of his posts he claimed that
the patent has rather general coverage. That's the problem.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: patent this and patent that
Date: Tue, 03 Apr 2001 20:07:30 GMT
Who the F$$$ cares about terry's (or anyone elses) patent anyways? They
just are artificial means of getting in the way of serious coding.
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Tue, 03 Apr 2001 22:08:47 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I pointed out that Gwyn was 'arguing about words'.
>
> But I wasn't. You said that Shannon said that an r-bit key could
> not be used to encrypt more than r bits of plaintext with absolute
> secrecy, and I pointed out that that is wrong. Shannon didn't say
> that (to the best of my recollection) and would have been mistaken
> if he had said that. Counterexamples have already been posted.
Bits that are constant and known to the opponent don't
belong to the proper message to be encrypted. A cleartext
header is similar. These do not belong to the 'r bits'
that need to be encrypted. If for convenience etc. the
sender does nevertheless encrypt these, that is irrevant
to the current issue, isn't it?
M. K. Shen
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: Royalty free use of Mars
Date: Tue, 03 Apr 2001 21:10:06 +0100
Sami wrote:
>
> I've been trying to confirm is Mars royalty free or not, meaning am I
> free to use it in a shareware application? IBM's service responds and
> has been responding several times, but they simply forward my question
> to the experts who seem to have time to answer.
Let's see, let's go to the MARS home page at IBM
<http://www.research.ibm.com/security/mars.html>.
Oh, what's the link at the top of the page...
"MARS is now available worldwide under a royalty-free license from
Tivoli. Read the press release or contact Ron Silletti at 914-765-4373
for more details"
<http://www.tivoli.com/news/press/pressreleases/en/2000/mars.html>
Enjoy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: GCHQ turned me away...(we didn't think they understood)
Date: Tue, 03 Apr 2001 20:32:25 GMT
On Tue, 3 Apr 2001 18:04:48 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>So what is your point?
My guess is that he is showing that a serious academic researcher can
actually get a paper published for an 'unbreakable' cipher.
In this case, the idea is to modify Huffman coding so that each symbol
has several possible substitutes _of different lengths_. This allows a
closer fit between symbol probabilities and the tree, among other
things. After this preprocessing step, the plaintext is now supposed
to be so 'random' that it can be enciphered with any reasonable block
cipher (say even single-DES?) and be *totally unbreakable*.
Lots harder to break, sure, but the claim that this cipher is in some
sense 'perfect' is, I believe, unfortunate and unwarranted.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: Chosen Plain Text Attacks in DES
Date: Tue, 3 Apr 2001 14:04:42 -0700
"Raymond Lee" <[EMAIL PROTECTED]> wrote in message
news:Vp1y6.21481$[EMAIL PROTECTED]...
> In fact, I am quite confused what is "Chosen Plain Text Attacks?"
>
> Thanks
The idea is that you have free access to the ENCRYPTING device and can ASK
it to encrypt your CHOSEN plaintext for examination. Karl M
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: DES C Source Code
Date: Tue, 03 Apr 2001 22:15:46 +0100
Adrian Planinc wrote:
>
> > You are going to "analyze and modify" DES? Do you feel qualified to do so?
>
> Yes. I'm doing a Cryptography course at University and essentially
> understand how the DES works, and now have been set the task to re-write
> intefaces in a specific way to take input thru stdin on the command line
> or to encrypt text files on Linux.
So you are not modifing the DES algorithm, just creating a program...
> > http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
> > http://www.itl.nist.gov/fipspubs/fip81.htm
>
> I found most of these myself...but thanks anyway.....haven't found all
> of these.....will look at them....:)
>
> ********
>
> I was merely hoping that there is someone out there who has an
> academic-like original educational implementaion (this is what I mean by
> simple) of DES which would be the purest and easiest to analyse and
> modify, rather than the cumbersome ones I've been fininding which are
> not pure DES and have particular applications.
http://www.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/docs/des-how-to.txt
(How to implement the DES)
http://www.cryptopp.com/ (C++)
http://www.cs.umbc.edu/~stephens/crypto/minides.c
http://www.cs.umbc.edu/~stephens/crypto/daglucifer.c
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GCHQ turned me away...(we didn't think they understood)
Date: Tue, 03 Apr 2001 23:17:19 +0200
John Savard wrote:
>
> "Douglas A. Gwyn" <[EMAIL PROTECTED]>wrote:
>
> >So what is your point?
>
> My guess is that he is showing that a serious academic researcher can
> actually get a paper published for an 'unbreakable' cipher.
>
> In this case, the idea is to modify Huffman coding so that each symbol
> has several possible substitutes _of different lengths_. This allows a
> closer fit between symbol probabilities and the tree, among other
> things. After this preprocessing step, the plaintext is now supposed
> to be so 'random' that it can be enciphered with any reasonable block
> cipher (say even single-DES?) and be *totally unbreakable*.
>
> Lots harder to break, sure, but the claim that this cipher is in some
> sense 'perfect' is, I believe, unfortunate and unwarranted.
I think that 'newbie' was writing outside of context of
this thread and was referring to a discussion in a thread
initiated under the name 'amateur' (concerning OP's claimed
new 'idea'), in which I mentioned a post of mine of last year
where I discussed a general substitution scheme employing a
number of Huffman codes with homophones and dummies, much in
the fashion of polyalpabetic substitutions. Obviously he
wanted to say that this material has been treated before by
Jendal, Kuhn and Massey. I haven't yet carefully studied
the paper, but it seems that 'newbie' is right (or at least
largely so).
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Royalty free use of Mars
Date: Tue, 03 Apr 2001 23:30:23 +0200
"M.S. Bob" wrote:
>
> Let's see, let's go to the MARS home page at IBM
> <http://www.research.ibm.com/security/mars.html>.
> Oh, what's the link at the top of the page...
>
> "MARS is now available worldwide under a royalty-free license from
> Tivoli. Read the press release or contact Ron Silletti at 914-765-4373
> for more details"
>
><http://www.tivoli.com/news/press/pressreleases/en/2000/mars.html>
The other finalists of AES seem also to be free. However,
remember that Hitachi has raised claims of conflict of
these with its rotation patents. (See the web page of
AES.) So one needs to clarify the patent issue before
employing such algorithms in countries where Hitachi's
patents are in force.
M. K. Shen
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Tue, 3 Apr 2001 17:47:05 -0400
--
http://welcome.to/speechsystemsfortheblind
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Frog2000) wrote in
<3ac34c6d$[EMAIL PROTECTED]>:
>
> >>
> >> Sorry to say something that I hesitated very long to say.
> >> I was asking something about the math of proving that
> >> the two algorithms are equivalent. And you jumped in
> >> to praise the merit of your codes, which is not relevant
> >> to my question as such. From what I saw in other threads,
> >> you seem to be very diligent in making that publicity.
> >> Too much publicity could have a negative effect in my
> >> humble view. My apology for expressing my minds directly.
> >>
> >> M. K. Shen
> >
> >I must apologize. 1st, I was a bit late, and must have missed something.
> >2nd, I obviously misunderstood something, or I wouldn't have bothered to
> >post a totally irrelevent piece of code.
> >
>
> No need to apologize Moks insults and hate were directed at me
> not you. We don't get along to well sorry you felt it was aimed
> at you.
Well, I must be paranoid :)
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: patent this and patent that
Date: Tue, 03 Apr 2001 23:50:25 +0200
Tom St Denis wrote:
>
> Who the F$$$ cares about terry's (or anyone elses) patent anyways? They
> just are artificial means of getting in the way of serious coding.
Patents are protected by laws. You have to care, if your
designs have conflicts with some patents that are in
force in your country. If you can show that the patents
have not been properly granted because the materials
are prior art, i.e. have no novelty, then you may win in
court. Note however that one needs money to engage
lawyers before one wins. If you don't have sufficient
money, you are out from the very beginning in all cases.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: decomposition of a binary function
Date: Tue, 03 Apr 2001 21:51:24 GMT
I want to make a simple 128-bit block cipher for a 8032 based on the usage
of a decomposed 4x4 sbox in bitslice mode followed by a linear transform.
The idea is much like serpent except that the sbox is an involution such
that the same substitution is it's own inverse. I.e to Encrypt you perform
L(G(L(G(x + k1)) + k2) ...etc
Where G sbox and L is the linear transform....The nice thing is that the
linear transform from Serpent should do fine ...
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: patent this and patent that
Date: Tue, 03 Apr 2001 21:59:56 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > Who the F$$$ cares about terry's (or anyone elses) patent anyways? They
> > just are artificial means of getting in the way of serious coding.
>
> Patents are protected by laws. You have to care, if your
> designs have conflicts with some patents that are in
> force in your country. If you can show that the patents
> have not been properly granted because the materials
> are prior art, i.e. have no novelty, then you may win in
> court. Note however that one needs money to engage
> lawyers before one wins. If you don't have sufficient
> money, you are out from the very beginning in all cases.
I would rather go to prison then have my thoughts dictated by some person
obsessed with this fictional thing called "money". I think giving credit
where credit is due is a good thing but restricting thought and development
so you can be the only owner of something you thought of first...
When it boils down to it I am penalized because I am younger... I could have
thought of those ideas given the time and need. Of course this could
promote "new" development it's still silly to have to re-invent the wheel
because adding or xor or rotations are patented...
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
