Cryptography-Digest Digest #92, Volume #14 Fri, 6 Apr 01 08:13:00 EDT
Contents:
Re: COLOSSUS report on the Web (Frode Weierud)
Re: Problematic Patent (Bo D�mstedt)
Re: Compression-encryption with a key (Mok-Kong Shen)
Re: rc4 without sbox swapping/updating (Mok-Kong Shen)
Re: Would dictionary-based data compression violate DynSub? (Mok-Kong Shen)
Re: Would dictionary-based data compression violate DynSub? (Mok-Kong Shen)
Re: Dickson Polynomials? (Mark Wooding)
Just the story ... My separated (now ex) spouse, Finnish government and my
ex-relatives in Finland started deporting me to Finland .... this was in December,
1999 and Jan, 2000 ([EMAIL PROTECTED])
Re: How secure is AES ? (Mark Wooding)
Re: Dickson Polynomials? ("Tom St Denis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: COLOSSUS report on the Web
Date: 6 Apr 2001 08:54:28 GMT
Reply-To: [EMAIL PROTECTED]
Paul Rubin <[EMAIL PROTECTED]> writes:
>That's great, but for the pdf's, why not just make them from the
>original scans?
Because it is expected that most people would like to print the whole
or part of this report. Few people have printers with 'legal' paper
size which is what is needed to print the full original pages.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/frode/
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Problematic Patent
Reply-To: [EMAIL PROTECTED]
Date: Fri, 06 Apr 2001 09:06:43 GMT
> US patent 6165072
> (enter number here: http://164.195.100.11/netahtml/srchnum.htm)
>
> Claim 51 would seem to cover any situation in which one sends encrypted data
> and then later sends the plaintext.
[...]
> If you have prior art references for this common occurance, please post
> them. Likewise if you have references regarding the related claims 52-56.
Claim 51 only refer to information generated within the invention.
This looks very similar to an authentication system, using random
numbers and an encryption function, as described in [1] page 66,
last paragraph.
[1]
"Kryptering i ADB system"
SIS teknisk rapport 312 Utg�va 1
by Riksdataf�rbundet, SIS standardiseringsgrupp,
and S�RB S�rbarhetsberedningen, published by
SIS Standardiseringskommissionen i Sverige,
Box 3295, SE-103 66 Stockholm Sweden
in November 1985
ISBN 91-7162-191-1
ISSN 0282-6925
Bo D�mstedt
Chief Cryptographer
Protego Information AB
Ideon Gamma Science Park
SE - 223 70 Lund
SWEDEN
http://www.protego.se/sg100_en.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Compression-encryption with a key
Date: Fri, 06 Apr 2001 12:59:57 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
> >
> >The branches of a (static or adaptive) Huffman tree can
> >be arbitrarily labelled. You can use a PRNG with a secret
> >seed to effect that. Further you can employ a number of
> >Huffman trees similar to polyalphabetic substitutions.
> >If having a shorter ciphertext is not necessary, i.e.
> >the goal is solely encryption, you can also employ homophones and
> >include dummy symbols in the Huffman tree
> >and insert these at will into the ciphertext. The
> >encryption could thus be quite hard to analyze.
> >
>
> What makes adaptive huffman compression more nasty than a
> straight symbol substitution is that the attacker has
> far more porblems than straght substitution. Think
> of a trees with all lengths at 8 then you arbitrarily
> pick what leaf is what symbol. This is conventional
> encryption easy to break. Now all the sudden pick an arbitray
> tree some 8 some 3 some 16 bits in length. Unless the attacker
> can mount choosen plain text attacks he wont even know when one
> symbol starts and one ends.
>
> To make to more nasty use a carfully consturcted Arithmetic
> model its more nasty than huffman since the symbols don't even
> match bit boudaries.
One can indeed achieve something essential with compression
techniques. A problem is though that their contribution
to crypto strength is difficult to be treated in exact
mathematical terms. Other techniques like shuffling etc.
have the same problem. But on the other hand one should
certainly be conscious of the fact that many block ciphers
in actual use also don't have any rigorous 'proof' of
security. One has to operate with some subjectivity
in crypto applications and subjectivity always differs
among people.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: rc4 without sbox swapping/updating
Date: Fri, 06 Apr 2001 13:00:41 +0200
Terry Ritter wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >Ken Savage wrote:
> >>
> >> Recent discussions suggest that the ever-changing sbox in rc4
> >> could violate Ritter's Dynamic Substitution patent. Likewise
> >> any technique using "one or more invertable substitution tables"
> >> **and** "some way to change the arrangement of the values in the
> >> tables".
> >
> >Your 'and' is wrong. His recent posts clearly indicate
> >that using any tables doesn't violate his patent, only
> >modification of tables does.
>
> That's my belief, but I don't speak for my patent attorney. In the
> end, this is a legal process, not a technical process. My impression
> is that there is -- and can be -- no absolute certainty anywhere in
> our legal system, and patents are just part of the system.
Mmm, you are changing your positions? We all know that
a capable lawyer can often tweak things. Otherwise some
of them wouldn't be able to make big money. The novelty
of your patent has been claimed by you many times to lie
in 'modification' of a 'table'. If that weren't it, then,
as I said before, you seemed not to know yourself what your
patent actually IS.
> >If you could manage not to
> >use any tables (e.g. employing a piece of code to
> >directly compute a result equivalent to one that is
> >obtained from a table), that's even better, since no
> >'table' (that is to be changed) exists whatsoever.
>
> I think I directly addressed part of this possibility when I said that
> an attempt to essentially build a table out of individual storage
> elements or equations, and then claim it was not "really" a table,
> would be likely to fail. If it acts like a table, it probably is a
> table.
If something serves the same or approximately the same
purpose as a 'table' but is different in nature (as I have
tried to show with an example in a previous follow-up)
does that constitute a violation of the patent or not?
Could you explain? A horse coach acts the same as an
automobile in transporting persons and goods from one
place to the other, though with lower speed. Does a
coach violates the patent of a car because of that? If
anything, on the contrary, that would be prior art for
annulating the car patent.
> On the other hand, there may be some way to do it. I don't know; I am
> not the ultimate arbiter of all this. Indeed, if I sold the patent
> and was out of it tomorrow, the patent and the legal process would
> still remain.
>
> An actual determination of patent infringement probably requires
> reasoning in the context of far more law, rules, special cases,
> mind-numbing detail, and sneaky legal tactics than I will ever know.
> Fortunately, that is not my business.
This is evading discussions when one's arguments no
longer get hold of firm ground. We have seen enough
of such in disputes in all fields.
M. K. Shen
=================================
Was sich ueberhaupt sagen laesst, | Whatever can be said
laesst sich klar sagen; | can be clearly said;
und wovon man nicht reden kann, | and silence must be kept
darueber muss man schweigen. | on what one cannot tell.
|
Ludwig Wittgenstein | (a translation)
(1889 - 1951) |
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Would dictionary-based data compression violate DynSub?
Date: Fri, 06 Apr 2001 13:00:07 +0200
John Savard wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >> Hate to think about it, but why would dynamic dictionary (LZW, LZH,
> >> deflate)
> >> data compression techniques NOT violate DynSub?
>
> >Good point. An adaptive Huffman also use a table that
> >dynamically gets modified. One can further prime the
> >compressor with a secret initialization sequence, thus
> >achieving some encryption effect.
>
> LZW and adaptive Huffman may have come along before DynSub, and this
> would perhaps invalidate some of the broadest interpretations of its
> claims.
>
> But the basic innovation of DynSub is: the specific substitute in the
> table that was used last is randomized, thereby effectively preventing
> the same table entry from being used twice. So the main part of the
> patent would remain in force, even if it was nibbled around the edges.
I don't understand. If a table is updated, then that's
modification. The patent holder said that's his novelty.
So it clearly turns out that there isn't.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Would dictionary-based data compression violate DynSub?
Date: Fri, 06 Apr 2001 13:00:27 +0200
Terry Ritter wrote:
>
>Ken Savage <[EMAIL PROTECTED]> wrote:
>
> >Hate to think about it, but why would dynamic dictionary (LZW, LZH,
> >deflate)
> >data compression techniques NOT violate DynSub?
>
> One issue might be that compression techniques do not have as their
> goal the technical field of cryptography. Also, DynSub is defined to
> be a combiner (or extractor), so I'm also not sure how one defines
> "compression" in terms of "combining."
>
> On the other hand, all this sort of thing is ultimately a legal issue,
> and stranger things have happened. Maybe I have been sitting on a
> gold mine all these years, and have just missed the wider implications
> because I wear the blinders of the inventor.
Compression has often been used for crypto purposes, only
that many people argue that its contribution is weak.
This issue has repeatedly been discussed in the group.
David Scott, for example, employs adaptive Huffman (which
has a 'table' that gets modified as the processing goes
on) in his encryption algorithm.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Dickson Polynomials?
Date: 6 Apr 2001 11:09:03 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> "Stefan Katzenbeisser" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Tom St Denis wrote:
> >
> > > What is a Dickson Polynomial? My web search has not turned up anything
> > > usefull...
> >
> > The dickson polynomial g_k(a,x) is defined by the following expressio
> (TeX-Notation);
> > k specifies the degree of the polynomial and a is a parameter:
> >
> > g_k(a,x) = \sum_{i=0}^{\lfloor k/2\rfloor}
> \frac{k}{k-i}{{k-i}\choose{i}}(-a)^i x^{k-2i}
>
> Can you write this just using ascii math? i.e ^ for exponents, +/*- etc..?
I think actually, you're much better off learning LaTeX. It's the
standard for both mathematical notation on Usenet and for submissions of
papers in the computer science and (particularly) cryptograpy
communities. You won't get far in academic crypto without LaTeX, I'll
wager.
It's not very difficult to read. x^y means the obvious thing. x_y is a
subscript rather than a superscript. { ... } group things for the
benefit of the typesetter, but are invisible. Hence x^{y+1} means
something different from x^y+1.
Most other magic is done with \commands, whose arguments are given in {
... }. For example, \lfloor and \rfloor are the `floor' brackets |_
... _|. \frac{x}{y} is x/y (you'll also see x \over y sometimes). The
rune {{k-i}\choose{i}} contains more braces than necessary, but
basically means the binomial coefficient
/ k - i \
| |
\ i /
Finally, `big' operators like \sum, \int, \prod and so on are given
superscripts and subscripts for their limits.
Just this once, I'll translate the whole thing into ASCII, so you can
compare.
floor(k / 2)
----
\ k k - i i k - 2 i
g (a, x) = > ----- ( ) (-a) x
k / k - i i
----
i = 0
(Produced using Emacs `calc' in Big mode and rearranged a little by hand.)
-- [mdw]
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security,comp.security,alt.2600
Subject: Just the story ... My separated (now ex) spouse, Finnish government and my
ex-relatives in Finland started deporting me to Finland .... this was in December,
1999 and Jan, 2000
Date: 6 Apr 2001 02:08:14 GMT
This is very funny .... the Finnish government would have even purchased the
plane ticket, although our combined equity (me and my ex-spouse) was around
300000 USD. Of course, the USA/Finnish government and my ex-relatives stole
from almost all of my half. My ex-mother even started sending me letters in
January, 2000 saying that I should borrow money from my separated spouse to
come back to Finland. And of course, I received letters and other
communications from
my separated spouse, Kathryn Goll Saarelainen (or Kathryn Goll), that the
embassy of Finland and the government of Finland would pay my trip back to
Finland. All these communications were during the divorce process that was
going on at the time. She also indicated that she had
talked with my ex-sister, Senja Saarelainen and ex-brother, Jukka Saarelainen.
This was all behind my back.
So these people really tried to hurt me .... this is the way it was.
Well, one day .. maybe not today but in another day, I shall go to the emabssy
of Finland and ask them to pay my trip to Finland .. after which I shall
directly walk to the social security office of Finland and start asking them
to pay for my living and life ... I just say this is the way you wanted.
Then if they want to put me to a jail or something for some reasons whatever,
I just say .. excellent I can eat few meals a day, sleep well on a bed and
read ... and think ... I am fucking lucky ..
But this is the way it would be. It is just so ironic that I was the
self-employed business person and then these other people (UU & Finnish
government, and my ex-relatives in Finland and USA) started trying to make me
basically lose all and everything. And this was without any cause.
Then on March 9, 2000 Superior Court Judge Oxendyne forced me to leave my
house based on some invalid evidence. Basically, some of the evidence he used
in his court were my writings on the USENET. Actually, these were
communications regarding the game I played with one Finn, Markku Juhani
Saarinen - a person who did not want me to write messages using my own name.
They used these communications against me, which was totally wrong.
But this is the way it was .... and quite frankly I had never done anything
wrong, bad or illegal ....
Markku J. Saarelainen
from Miami
P.S. Actually, I feel like I am not living very long - I may die before 38.
But I think that I may just ask either Finnish or USA governments fly me back
to Finland and then to enjoy social benefits of the Finnish government...
It is funny that they wanted me to do this - I was just an independent
business person.
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: How secure is AES ?
Date: 6 Apr 2001 11:18:24 GMT
Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote:
> I've read stuff about linear cryptanalysis, differential cryptanalysis and
> the weakness of DES with these methods.
> What about AES ???
The Rijndael algorithm, which has been selected to be AES, is resistant
to the standard forms of both differential and linear cryptanalysis
after only four rounds.
There is a specialized differential attack against Rijndael's
structure. Even this doesn't work against the complete cipher (although
it's quite close -- it breaks 8 of the 10 rounds used with a 128-bit
key).
There is no known attack against the full Rijndael which is better than
brute-force search.
-- [mdw]
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Dickson Polynomials?
Date: Fri, 06 Apr 2001 11:21:55 GMT
"Mark Wooding" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > "Stefan Katzenbeisser" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Tom St Denis wrote:
> > >
> > > > What is a Dickson Polynomial? My web search has not turned up
anything
> > > > usefull...
> > >
> > > The dickson polynomial g_k(a,x) is defined by the following expressio
> > (TeX-Notation);
> > > k specifies the degree of the polynomial and a is a parameter:
> > >
> > > g_k(a,x) = \sum_{i=0}^{\lfloor k/2\rfloor}
> > \frac{k}{k-i}{{k-i}\choose{i}}(-a)^i x^{k-2i}
> >
> > Can you write this just using ascii math? i.e ^ for exponents, +/*-
etc..?
>
> I think actually, you're much better off learning LaTeX. It's the
> standard for both mathematical notation on Usenet and for submissions of
> papers in the computer science and (particularly) cryptograpy
> communities. You won't get far in academic crypto without LaTeX, I'll
> wager.
>
> It's not very difficult to read. x^y means the obvious thing. x_y is a
> subscript rather than a superscript. { ... } group things for the
> benefit of the typesetter, but are invisible. Hence x^{y+1} means
> something different from x^y+1.
>
> Most other magic is done with \commands, whose arguments are given in {
> ... }. For example, \lfloor and \rfloor are the `floor' brackets |_
> ... _|. \frac{x}{y} is x/y (you'll also see x \over y sometimes). The
> rune {{k-i}\choose{i}} contains more braces than necessary, but
> basically means the binomial coefficient
>
> / k - i \
> | |
> \ i /
>
> Finally, `big' operators like \sum, \int, \prod and so on are given
> superscripts and subscripts for their limits.
>
> Just this once, I'll translate the whole thing into ASCII, so you can
> compare.
>
> floor(k / 2)
> ----
> \ k k - i i k - 2 i
> g (a, x) = > ----- ( ) (-a) x
> k / k - i i
> ----
> i = 0
>
> (Produced using Emacs `calc' in Big mode and rearranged a little by hand.)
Yeah I should learn latex, and the ascii art isn't legible due to a
non-fixed width font. What would be cool is a free tool where you can copy
paste that stuff and see what it is.....
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
