Cryptography-Digest Digest #84, Volume #14 Thu, 5 Apr 01 20:13:01 EDT
Contents:
Re: Beginners guide to how encryption algorythms work? (Mouse)
Re: patent this and patent that (Robert Scott)
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
Re: Data dependent arcfour via sbox feedback (Mok-Kong Shen)
Re: patent this and patent that (Mok-Kong Shen)
Re: Beginners guide to how encryption algorythms work? (Mok-Kong Shen)
New newsgroup ? (Ichinin)
Re: Comment on SafeBoot's RC5 algorithm ("Joseph Ashwood")
Re: New newsgroup ? (Mok-Kong Shen)
Re: Data dependent arcfour via sbox feedback (John Savard)
Re: Beginners guide to how encryption algorythms work? ("Jack Lindso")
Re: Comment on SafeBoot's RC5 algorithm ("Tom St Denis")
Re: New newsgroup ? ("Tom St Denis")
Re: rc4 without sbox swapping/updating (Mok-Kong Shen)
Re: Would dictionary-based data compression violate DynSub? (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Mouse <[EMAIL PROTECTED]>
Subject: Re: Beginners guide to how encryption algorythms work?
Date: Thu, 5 Apr 2001 22:15:41 +0100
Thanks I'm downloading HAC now and I'll check if I can get hold of a copy
of AC (dont happen to know the ISBN number / publisher?).
Thu, 5 Apr 2001 20:10:08 +0100, Simon
Johnson([EMAIL PROTECTED]) wrote...
>
> Mouse <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > I'm looking for a site with fairly easy to understand explanations of how
> > the encryption works and some of the theory behind it, if possible
> > without too much higher math (I know some is inevitable).
>
> Two books... One can be downloaded the other cannot:
>
> "Handbook of Applied Cryptography (HAC)" (downloadable)
>
> "Applied Cryptography"
>
> HAC is more mathematical than Applied Cryptography... both are equally as
> good. Its up to you.
>
> Simon.
> Simon
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Robert Scott)
Subject: Re: patent this and patent that
Reply-To: [EMAIL PROTECTED]
Date: Thu, 05 Apr 2001 21:39:19 GMT
On 4 Apr 2001 17:30:40 -0600, [EMAIL PROTECTED] (Vernon
Schryver) wrote:
>They all seem to agree that many patents are as valid as
>the faster than speed of light idea described in
>http://www.delphion.com/details?&pn=US05446889__
>The existence of that patent either proves and an awesome ignorance of
>science and technology for at least one patent examiner or it disproves
>Mr. Ritter's description of the patent process.
If you go the the U.S. Patent and Trademark web site and look up
patent number 5446889 you will see that it has nothing to do
with the speed of light. It is entitled:
"Computer-based methods for determining the head of a linked list"
Don't believe everything you read!
Robert Scott
Ypsilanti, Michigan
(Respond through newsgroups, not by direct e-mail.)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Thu, 05 Apr 2001 23:46:42 +0200
Terry Ritter wrote:
>
> Bryan Olson<[EMAIL PROTECTED]> wrote:
> >You also went through the claim and showed DES obviously
> >does't match. Shouldn't this algorithm be handled the same
> >way?
>
> Yes, it should and was. DES is not a substitution table.
DES contains a substitution table (the S-boxes) and
can itself be considered as representing a substitution
table. For a fixed key, it maps n bits of input to
n bits of output, effecting a bijective substitution,
even though there is no 'physical' substitution table
for that mapping in the storage space of the computer.
If in a larger system I use DES as a component to do
such mapping and I employ a variable key for DES (a
variable that is obtained during processing, e.g. the
sum of the plaintext and ciphertext of the previous
block), then I also don't have any conflict with your
patent according to what you wrote elsewhere in this
thread. Please correct me, if I am wrong.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Data dependent arcfour via sbox feedback
Date: Thu, 05 Apr 2001 23:46:31 +0200
Terry Ritter wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >Right at the section on 'Dynamic Substitution' there is on
> >the left a diagram. The box labelled 'Changes Controller'
> >has an input from above. I understand that that input is
> >a quantity that results from the current processing state
> >(otherwise why 'dynamic' in the name of the scheme?).
>
> You should know very well why "dynamic" is in the name of the scheme,
> since I have explained that specifically several times. "Dynamic"
> means "changing," not "feedback." The heart of Dynamic Substitution
> is a substitution table whose contents change.
See below, for I want to make the issue absolutely clear.
> >Hence that's feedback control in the ordinary sense.
>
> It is certainly *not* "feedback" in any sense I use. When I hear the
> term "feedback" I expect some result of computation to feed back into
> the computation itself and modify the computation. To me, "feedback"
> means a "circular" path or "loop," where the output goes back the
> input which produces an output and so on. In a digital system I
> suppose the computation might be delayed, but for "feedback," the
> output has to go back to the input.
What 'causes' the change of content of your substitution
table? Consider a block cipher where there is such a change
when each new block gets processed. Assume further that there
is a single 'value' that determines the change. Where does
that value come from? It must come from somewhere, right?
If that value is computed (determined) by the key of the
block cipher alone, then one can at start-up time compute a
substitution table that takes care of that value. If one
does that for all the values that will subsequently be used
(needed) in the encryption processing (these values can be
determined at start-up, since by assumption they are
independent of the plaintext), one has a 'static' table,
right? This means that one can avoid 'dynamic' changes of
substitution table through providing a 'static' table, i.e.
rather simply work around your patent (though there is a
trade-off of requiring more storage space).
[snip]
> >Patents apply only to the countries where these have
> >been submitted and granted and paid for (fees for the
> >patent offices). There is no free lunch. If you think
> >that protecting your invention in another country is
> >worthwhile from a business point of view, then it is
> >wise to spend some money to get a patent in that country.
> >It might be a good idea to have a single patent office
> >for the entire world. I am not sure. But that's totally
> >unrealistic before the United Nations succeed to unite
> >the nations in the real sense of the word.
>
> For years now, there has been a "point of view" which recommended
> changing US patent law to "conform" to mainly Japanese law, but also
> European law, and the name given to these changes was "world-wide
> convergence," as in joining into a common body of law. Many of these
> proposed changes would weaken US patent law considerably, reduce the
> advantages of patenting, and increase the risks. Nevertheless it is
> still discussed. I think we could reasonably expect similar
> discussion on the other side.
>
> The problem is not the manufacturers who get the patent, but instead
> the other manufacturers in the US who then appropriately pay for the
> research they are using, versus manufacturers in other countries, who
> reap the rewards from patent publication, but do not pay for that
> research, and so can undercut US prices. That could largely be
> avoided if the US government took each US application and prosecuted
> it in each foreign country. I don't seriously expect that to happen,
> of course, but the problem remains. Once consequence may be the
> growth of overseas manufacturing for our domestic companies, who thus
> hope to avoid domestic patents.
Many potitical issues are like coins that have two sides
and there are always pros and cons. International agreements
are even more difficult to get than national ones. See the
uncertain future of the UN Framework Convention on Climate
Change (Kyoto Protocol). Patents have entered into the
domain of heated discussions of the public in the relatively
recent time. I like to mention four topics: (1) human genomes,
(2) aids medicaments, (3) software, (4) business processes.
(There is currently a legal process concerning (2) in
South Africa.)
> >What I meant is sort of this stuff: I construct a
> >polyalphabetic substitution table with a very large number
> >of columns (each being a permutation). I can address the
> >columns with a numerical key which is a function of the
> >output of a PRNG and some value obtained in the current
> >state of processing (e.g. the sum of the last plaintext
> >and ciphertext character being processed). Now, what I
> >understand as dynamic would be constructing at the very
> >moment of use (i.e. in the middle of encryption processing)
> >one or more new columns for substitution based on some
> >value obtained in the current state of processing.
>
> OK, maybe that's the problem. You are not understanding the word
> "dynamic": "Dynamic" only means "changing," and does not imply either
> instantaneous change or feedback change; it is just change.
'Instantaneous change' or 'feedback change' are however
'changes', being subordinate to the general notion 'change'.
To assure that I understand your lines, I like to give a more
formal description of an example of what I had in mind. Let
there be a substitution table S[0..m-1, 0..n-1] that is
computed at the initialization time of the algorithm. I leave
that unchanged during subsequent encryption of the stream of
plaintext characters. If a plaintext character p_i is to be
encrpyted by a key value k_i (the key values are generated
from a PRNG for arbitrary values of i), I compute the
ciphertext character c_i as follows:
u := p_(i-1) + p_i mod m;
v := k_i + c_(i-1) mod n;
c_i := S[u, v];
If such kinds of use of a 'static' table doesn't conflict
with your patent, then I am satisfied, for I don't think
that there are plenty of situations where one needs to
change the array S dynamically. Otherwise, please say
something to explain your disagreement.
[snip]
> >Sorry. I didn't notice any good technical analysis of
> >the Hitachi patent in the group. All I learned is the
> >fact that the rotation does not use an amount of rotation
> >that is static (fixed) but dynamic (variable). What
> >essentially more did you read out from the posts?
>
> I thought the analysis was clear that it was not an issue, so I moved
> on. Maybe those posts will come back.
Do you mean that Hitachi's claim (that the AES finalists,
excepting Rijndael, conflict with its patent) is invalid?
I didn't remember any post demonstrating that there is
no conflict with the wordings of the patent, only the opinion
that the patent was not properly/correctly awarded, since
rotation, whether of fixed or variable amount, is considered
by most of us to be prior art. This does not mean that one
wouldn't get troubles with Hitachi, only that one has
presumably a fairly good chance to win in court, 'if' one has
enough money to engage patent lawyers for disputing with
Hitachi in a legal process. (If one doesn't have enough money,
then good night.)
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: patent this and patent that
Date: Fri, 06 Apr 2001 00:03:48 +0200
Robert Scott wrote:
>
> [EMAIL PROTECTED] (Vernon Schryver) wrote:
>
> >They all seem to agree that many patents are as valid as
> >the faster than speed of light idea described in
> >http://www.delphion.com/details?&pn=US05446889__
> >The existence of that patent either proves and an awesome ignorance of
> >science and technology for at least one patent examiner or it disproves
> >Mr. Ritter's description of the patent process.
>
> If you go the the U.S. Patent and Trademark web site and look up
> patent number 5446889 you will see that it has nothing to do
> with the speed of light. It is entitled:
>
> "Computer-based methods for determining the head of a linked list"
Schryver apparently made a mistake. A weird patent involving
speed of light (boring a hole to penetrate into the fifth
dimension) is:
http://www.delphion.com/details?pn=US06025810__
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Beginners guide to how encryption algorythms work?
Date: Fri, 06 Apr 2001 00:08:17 +0200
Mouse wrote:
>
> Thanks I'm downloading HAC now and I'll check if I can get hold of a copy
> of AC (dont happen to know the ISBN number / publisher?).
AC is published by John Wiley, ISBN 0-471-11709-9.
M. K. Shen
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: New newsgroup ?
Date: Fri, 06 Apr 2001 01:26:25 +0200
How about sci.crypt.patents?
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: Thu, 5 Apr 2001 11:41:05 -0700
Let's deal with the factual incorrectness first. You have not been "thinking
and using RC5 for about 10 years," in fact according to
http://www.rsasecurity.com/rsalabs/faq/3-6-4.html you will find record of
RC5 only existing since 1994. You will also find that you cannot use RC5
with any key size, only those up to 2040 bits.
Now for the rest of this I won't need any cutting edge information, so I'm
just going to go back to
ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n3.pdf which is a 1997
reference and has a small article on RC5. By taking a look at page 15, upper
right quarter of the page you will see the resistances known at the time,
you will see that 12 round RC5 offers nothing even approximating the
security of a 1024-bit key. In fact you would need a minimum of 16 rounds
with a 64-bit block to gain a measure of security where 1024-bit begins to
be meaningful, 28-rounds for 128-bit block. On the same page you will find
proper references to the quoted material.
I believe the mistakes you made that allow you to claim you have been
"thinking and using RC5 for about 10 years" are the same mistakes that led
you to believe that 12 rounds of RC5 is secure, or that your 1024-bit key
was at all worthwhile.
Joe
"Simon Hunt" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[big snip]
> >My problem is that it says a 1024-bit key and only uses 12 rounds.
> >Personally anything under 16 rounds is not a good idea, and you can't
> >use 1024-bit keys with RC5, well you could, but I wouldn't.
>
> >It doesn't seem like a well thought out use of RC5.
>
> >Tom
>
> you can use whatever key size you like with RC5! who told you otherwise?
> 1024 bits is a nice number (128 bytes) and is easy to handle. Why use
short
> keys if you don't have to?
>
> the last comment, well - We've been thinking about and using RC5 for about
> 10 years now - so I guess that gives us a bit more experience and
commercial
> know-how than perhaps you on this matter :-)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: New newsgroup ?
Date: Fri, 06 Apr 2001 01:36:04 +0200
Ichinin wrote:
>
> How about sci.crypt.patents?
I don't think that's a good idea. The only subgroup till
now, sci.crypt.random-numbers, has not yet been a big
success in my humble view.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Data dependent arcfour via sbox feedback
Date: Thu, 05 Apr 2001 22:58:19 GMT
On Wed, 4 Apr 2001 01:13:19 +0200, "Henrick Hellstr�m"
<[EMAIL PROTECTED]> wrote, in part:
>"Terry Ritter" <[EMAIL PROTECTED]> skrev i meddelandet
>news:[EMAIL PROTECTED]...
>> In particular, I think the US government should undertake to prosecute
>> every granted US patent in foreign countries so that the same
>> limitations will apply across the global marketplace. I also think
>> the US government should have a department to help enforce the patent
>> grant. As I see it, the main problem with patents is not that they
>> are too strong and intrusive, but that they are not strong enough.
>You are joking, right? France would declare nuclear war on USA for less. ;-)
I think that by 'prosecute', he merely means make it easier for
American companies to apply for patents worldwide, maybe even
subsidizing such applications. I trust he did not mean to enforce
patents not granted by foreign countries, nor enforceable there by
means of treaty obligations.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Jack Lindso" <[EMAIL PROTECTED]>
Subject: Re: Beginners guide to how encryption algorythms work?
Date: Fri, 6 Apr 2001 01:40:51 +0200
Well it ain't difficult "Applied Cryptography" by Bruce Sheiner.
You won't need no ISBN number since the book can be easily found , hmm well
anywhere (Amazon ,.,.....!?).
"Mouse" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Thanks I'm downloading HAC now and I'll check if I can get hold of a copy
> of AC (dont happen to know the ISBN number / publisher?).
>
>
> Thu, 5 Apr 2001 20:10:08 +0100, Simon
> Johnson([EMAIL PROTECTED]) wrote...
> >
> > Mouse <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > I'm looking for a site with fairly easy to understand explanations of
how
> > > the encryption works and some of the theory behind it, if possible
> > > without too much higher math (I know some is inevitable).
> >
> > Two books... One can be downloaded the other cannot:
> >
> > "Handbook of Applied Cryptography (HAC)" (downloadable)
> >
> > "Applied Cryptography"
> >
> > HAC is more mathematical than Applied Cryptography... both are equally
as
> > good. Its up to you.
> >
> > Simon.
> > Simon
> >
> >
> >
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: Thu, 05 Apr 2001 23:47:39 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:u5rS9EgvAHA.198@cpmsnbbsa09...
> Let's deal with the factual incorrectness first. You have not been
"thinking
> and using RC5 for about 10 years," in fact according to
> http://www.rsasecurity.com/rsalabs/faq/3-6-4.html you will find record of
> RC5 only existing since 1994. You will also find that you cannot use RC5
> with any key size, only those up to 2040 bits.
Again this is wrong too. The max keysize should be exactly 2(R+1) W bit
words. With RC5-32 that's 2R+2 32-bit words. In the case of R=12 that's
26*4=104 bytes er... 832 bits.
> Now for the rest of this I won't need any cutting edge information, so I'm
> just going to go back to
> ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n3.pdf which is a 1997
> reference and has a small article on RC5. By taking a look at page 15,
upper
> right quarter of the page you will see the resistances known at the time,
> you will see that 12 round RC5 offers nothing even approximating the
> security of a 1024-bit key. In fact you would need a minimum of 16 rounds
> with a 64-bit block to gain a measure of security where 1024-bit begins to
> be meaningful, 28-rounds for 128-bit block. On the same page you will find
> proper references to the quoted material.
>
> I believe the mistakes you made that allow you to claim you have been
> "thinking and using RC5 for about 10 years" are the same mistakes that led
> you to believe that 12 rounds of RC5 is secure, or that your 1024-bit key
> was at all worthwhile.
I agree, this OP was on some bad pepsi.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: New newsgroup ?
Date: Thu, 05 Apr 2001 23:48:28 GMT
"Ichinin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> How about sci.crypt.patents?
Why not just use
alt.imaloon.crazy.patents
???
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Fri, 06 Apr 2001 01:49:18 +0200
Ken Savage wrote:
>
> Recent discussions suggest that the ever-changing sbox in rc4
> could violate Ritter's Dynamic Substitution patent. Likewise
> any technique using "one or more invertable substitution tables"
> **and** "some way to change the arrangement of the values in the
> tables".
Your 'and' is wrong. His recent posts clearly indicate
that using any tables doesn't violate his patent, only
modification of tables does. If you could manage not to
use any tables (e.g. employing a piece of code to
directly compute a result equivalent to one that is
obtained from a table), that's even better, since no
'table' (that is to be changed) exists whatsoever.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Would dictionary-based data compression violate DynSub?
Date: Fri, 06 Apr 2001 01:58:04 +0200
Ken Savage wrote:
>
> Hate to think about it, but why would dynamic dictionary (LZW, LZH,
> deflate)
> data compression techniques NOT violate DynSub?
>
> You have a table (containing strings of chars), which determines
> the output (position, len).
>
> As you compress more data, the table (dictionary) updates itself,
> removing some elements, adding others (a LOOSE term for "re-arrangement"
> ???).
>
> It's invertible. You're combining one data stream (uncompressed text)
> with
> another (possibly a password??)
Good point. An adaptive Huffman also use a table that
dynamically gets modified. One can further prime the
compressor with a secret initialization sequence, thus
achieving some encryption effect.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
