Cryptography-Digest Digest #128, Volume #14 Thu, 12 Apr 01 14:13:01 EDT
Contents:
Re: I got accepted ("Tom St Denis")
Hash tabel ("dexMilano")
Re: I'm having a problem with garbled messages... (Derek Bell)
Re: Hash tabel ("Tom St Denis")
Re: To the script kiddie (Derek Bell)
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: Hash tabel ("dexMilano")
Re: How to use Dynamic Substitution ("Trevor L. Jackson, III")
Re: Hash tabel ("Pietro F. Maggi")
Re: I got accepted (Mok-Kong Shen)
Re: How good is steganography in the real world? (Mok-Kong Shen)
Re: _"Good" school in Cryptography ("was" I got accepted) (David A Molnar)
Black & white .gifs? ("Stephen")
Re: How to use Dynamic Substitution (Mok-Kong Shen)
Re: _"Good" school in Cryptography ("was" I got accepted) (kctang)
Re: Kill-filter expression for script weenie (Derek Bell)
Re: Black & white .gifs? ("Paul Thomas")
Re: Black & white .gifs? (Mok-Kong Shen)
Re: I got accepted ("Tom St Denis")
Re: Black & white .gifs? (Jim Gillogly)
Re: Dynamic Substitution Question (newbie)
Re: I got accepted (Mike Rosing)
Re: How to use Dynamic Substitution ("Henrick Hellstr�m")
Re: Elliptic Curves ("Brice Canvel")
Re: Dynamic Substitution Question (newbie)
Re: Elliptic Curves ("Robert Reynard")
Re: digital signature for any file (Mike Rosing)
Re: Dynamic Substitution Question (newbie)
Re: _"Good" school in Cryptography ("was" I got accepted) (Nicholas Hopper)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 14:30:05 GMT
"Serge Vaudenay" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Serge Vaudenay wrote:
> > I think that almost all foreign students who apply for a full
> > scholarship to
> > our graduate scholl and who are accepted get one.
>
> To be more precise about our graduate school:
>
> - topics is "communication systems" in general
> - most of students are foreigners
> - courses are in English (area is the French speaking part of CH)
> - once application is accepted, scholarship is not usually a problem
> - applications for the next academic year (Oct01-Jul02) starts NOW!
> - information on http://dscwww.epfl.ch/EN/graduate/default.asp
> - bikinis are less than 1km away (say from May to September)
> - ski trails are less than 1h away (say from December to April)
> - good food and wine available (France is 5km away...)
>
> Did I do my job well?
Since I am not an undergrad I need not apply. Hehehehehe
Tom
------------------------------
From: "dexMilano" <[EMAIL PROTECTED]>
Subject: Hash tabel
Date: Thu, 12 Apr 2001 16:37:43 +0200
are SHA1 and MD5 (and variations) really one way (not crackable except
except with the brute force attack)?
thx
dex
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: I'm having a problem with garbled messages...
Date: 12 Apr 2001 15:47:08 +0100
Frank Gerlach <[EMAIL PROTECTED]> wrote:
: jtnews wrote:
:> What's going on with all the garbled messages
:> in sci.crypt?
: I think this is a computer scientist with some problems..
: He seems to have some trouble with someone named "Boschloo"... Difficult
: to filter, as this guy/gal even uses an anon remailer.
If nothing else, the spamming may suggest new features for
killfiles. *SIGH* Why oh why do some people have to take out their personal
problems on a whole newsgroup?
Derek
--
Derek Bell [EMAIL PROTECTED] |"Usenet is a strange place."
WWW: http://www.maths.tcd.ie/~dbell/index.html| - Dennis M Ritchie,
PGP: http://www.maths.tcd.ie/~dbell/key.asc | 29 July 1999.
|
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Hash tabel
Date: Thu, 12 Apr 2001 14:48:27 GMT
"dexMilano" <[EMAIL PROTECTED]> wrote in message
news:9b4ejm$7ejtg$[EMAIL PROTECTED]...
> are SHA1 and MD5 (and variations) really one way (not crackable except
> except with the brute force attack)?
No one knows for sure but it's strongly believed so. MD5 however does have
flaws in the compression function, I would stick with SHA1 or TIGER...
Tom
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: To the script kiddie
Date: 12 Apr 2001 15:48:23 +0100
In sci.crypt Grant Maw <[EMAIL PROTECTED]> wrote:
: We get the message. Now bugger off and stop killing the forum for everybody
: else with your own personal opinions!
Seconded!!
Derek
--
Derek Bell [EMAIL PROTECTED] |"Usenet is a strange place."
WWW: http://www.maths.tcd.ie/~dbell/index.html| - Dennis M Ritchie,
PGP: http://www.maths.tcd.ie/~dbell/key.asc | 29 July 1999.
|
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 14:57:08 GMT
newbie wrote:
> Ds is like replacing
>
> 7=9-2 by 7=8-6+9-5+2-1
No. You have failed to understand the purpose of the technique. That purpose
cannot ever be illustrated with a single substitution operation.
Only a sequence of substitutions can demonstrate the two benefits of the
technique.
Given a collection of messages to transform, the DS technique provides two
benefits over simple, static substitution. First, at the individual message
level, every character is transformed by a distinct image of the substitution
table (*), and second, at the collection of messages level, after the first
character every message is transformed by a distinct sequence of tables (*).
The value of the DS technique lies in the fact that these benefits can be
achieved relatively inexpensively.
(*) This is asymptotically false due to the finite number of permutations, but
valid for practical message sizes and message collections.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 14:58:43 GMT
newbie wrote:
> You may patent my idea if you want.
Where can I get some of what you are smoking? No one can patent anything that
has already been published. And no one can publish anything that is obvious.
"Your" idea is both published and obvious.
------------------------------
From: "dexMilano" <[EMAIL PROTECTED]>
Subject: Re: Hash tabel
Date: Thu, 12 Apr 2001 16:59:48 +0200
what's TIGER?
A new algoritm, have you some reference?
dex
"Tom St Denis" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:%ejB6.86492$[EMAIL PROTECTED]...
>
> "dexMilano" <[EMAIL PROTECTED]> wrote in message
> news:9b4ejm$7ejtg$[EMAIL PROTECTED]...
> > are SHA1 and MD5 (and variations) really one way (not crackable except
> > except with the brute force attack)?
>
> No one knows for sure but it's strongly believed so. MD5 however does
have
> flaws in the compression function, I would stick with SHA1 or TIGER...
>
> Tom
>
>
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: How to use Dynamic Substitution
Date: Thu, 12 Apr 2001 15:04:22 GMT
Mok-Kong Shen wrote:
> "Henrick Hellstr�m" wrote:
> >
> > Disregarding the patent issues, how should DS be applied should one choose
> > to use it? It seems as if it, in its basic form, is not a that much stronger
> > combiner than XOR.
> [snip]
>
> I suppose you could look at the matter as follows: XOR
> is a substitution of 1-bit units. A general substitution
> (in the classical sense) is a substitution of n-bit
> units using a static table and hence is more general
> than XOR. That there is enhancement of strength as n
> gets bigger is obvious. To rigorously quantify that
> relationship would however be difficult in general, I
> guess. Changing the table as the processing goes on adds
> more generality, thus further contributing to strength.
It appears to me that this particular attribute is worth of note in that the DS
technique is an efficient mechanism for incorporating the entropy of the plaintext
into the subsequent transforms or "downstream" state. Thus it is not only a
variable transform, but one that can easily be driven by external entropy, message
entropy, or both.
------------------------------
From: "Pietro F. Maggi" <[EMAIL PROTECTED]>
Subject: Re: Hash tabel
Date: Thu, 12 Apr 2001 17:13:51 +0200
"dexMilano" wrote:
>
> what's TIGER?
> A new algoritm, have you some reference?
>
This is what I've found:
http://www.cs.technion.ac.il/~biham/Reports/Tiger/
--
The pawn is the most important piece on the chessboard...
up to the pawn.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 17:32:35 +0200
Tom St Denis wrote:
>
> "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
[snip]
> > Did I do my job well?
>
> Since I am not an undergrad I need not apply. Hehehehehe
He was evidently addressing the general public (viable
candidates in the group), not you in particular at all!!
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: How good is steganography in the real world?
Date: Thu, 12 Apr 2001 17:53:15 +0200
"csbh@(TH+ESE)datahit.com Coridon Henshaw" wrote:
>
[snip]
> A non trivial proportion of spams (particularly usenet spams) contain some
> proprotion of seemingly random characters to evade identical-message spam
> detectors. These random characters are too mundane to attract much
> attention, and could contain utterly anything upto and including a short
> cyphertext.
I think it may be noted that 'spams' is a relative notion.
There are news groups whose 'normal' posts are just
blablababla and hence spams in the context of the more
serious groups. There is thus big freedom there to post
almost anything one wants and in any style and hence the
possibility of transmitting stegos. If the rate of the
hidden bits is low enough, then the method I suggested
in 'Steganography with ASCII text files' in sci.crypt,
11th Feb, could be advantageously applied. For real-time
communications, one could also consider chatrooms.
Anonymity could be fairly well achieved through accessing
the net from internet cafes or shops.
M. K. Shen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: 12 Apr 2001 15:36:46 GMT
kctang <[EMAIL PROTECTED]> wrote:
> Dear all,
> "Good" school in Cryptography wanted.
> Any recommendations?
Undergraduate or graduate? Since you say you're asking for Tom it's not
clear...
> Might be the school let you copying something and allow you
> to graduate. This is good!
It is?
-David
------------------------------
From: "Stephen" <[EMAIL PROTECTED]>
Subject: Black & white .gifs?
Date: Thu, 12 Apr 2001 15:43:10 GMT
Does anyone know where I can find a supply of black & white .gifs on the
net, so I can use steganography on them?
Any help would be great thanks!!!
% �#�R���+R��*�mkJC�^���i��X3��D���5��'}H"
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: How to use Dynamic Substitution
Date: Thu, 12 Apr 2001 18:09:06 +0200
"Trevor L. Jackson, III" wrote:
>
> Mok-Kong Shen wrote:
>
> > I suppose you could look at the matter as follows: XOR
> > is a substitution of 1-bit units. A general substitution
> > (in the classical sense) is a substitution of n-bit
> > units using a static table and hence is more general
> > than XOR. That there is enhancement of strength as n
> > gets bigger is obvious. To rigorously quantify that
> > relationship would however be difficult in general, I
> > guess. Changing the table as the processing goes on adds
> > more generality, thus further contributing to strength.
>
> It appears to me that this particular attribute is worth of note in that the DS
> technique is an efficient mechanism for incorporating the entropy of the plaintext
> into the subsequent transforms or "downstream" state. Thus it is not only a
> variable transform, but one that can easily be driven by external entropy, message
> entropy, or both.
As I commented elsewhere, if DS is something special
(particular) in the general class of changing (time
varying) substitutions and can be shown to be beneficial
to crypto, then that special scheme (a special way
of modifying the classical substitution table, I guess
through certain form of feedback, which the patent holder
however disagreed) may very well worth patent protection.
But the 'general' idea of modification (the 'entire'
class of changing substitutions) cannot be protected by
a patent, being evidently prior art.
M. K. Shen
------------------------------
From: kctang <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Fri, 13 Apr 2001 00:09:05 +0800
David A Molnar wrote:
> kctang <[EMAIL PROTECTED]> wrote:
> > "Good" school in Cryptography wanted.
> > Any recommendations?
>
> Undergraduate or graduate? Since you say you're asking for Tom it's not
> clear...
Both, if it makes a difference! Anyhow an undergraduate
would become a postgraduate if he continued . . .
> > Might be the school let you copying something and allow you
> > to graduate. This is good!
>
> It is?
Forget it.
Yours, Kctang (for TOM)
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: Kill-filter expression for script weenie
Date: 12 Apr 2001 17:27:01 +0100
Ryan M. McConahy <[EMAIL PROTECTED]> wrote:
: I am only blocking those words. Umm... is it possible for the moderator to
: block out that crap? And if someone thinks thats too much censorship, he
: could just add the word [blocked] before it...
sci.crypt is unmoderated - it's a matter of finding out what
your killfile requires to get your newsreader to ignore the bozo.
Derek
--
Derek Bell [EMAIL PROTECTED] |"Usenet is a strange place."
WWW: http://www.maths.tcd.ie/~dbell/index.html| - Dennis M Ritchie,
PGP: http://www.maths.tcd.ie/~dbell/key.asc | 29 July 1999.
|
------------------------------
From: "Paul Thomas" <[EMAIL PROTECTED]>
Subject: Re: Black & white .gifs?
Date: Thu, 12 Apr 2001 17:40:57 +0100
> Does anyone know where I can find a supply of black & white .gifs on the
> net, so I can use steganography on them?
> Any help would be great thanks!!!
why not just take any old regular pictures you got lying around and convert
them to black and white in your fav. image editing tool and then use them..
Paul
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Black & white .gifs?
Date: Thu, 12 Apr 2001 18:48:37 +0200
Stephen wrote:
>
> Does anyone know where I can find a supply of black & white .gifs on the
> net, so I can use steganography on them?
I don't know. Maybe alt.binaries.pictures.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 16:58:38 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> [snip]
> > > Did I do my job well?
> >
> > Since I am not an undergrad I need not apply. Hehehehehe
>
> He was evidently addressing the general public (viable
> candidates in the group), not you in particular at all!!
It's my thread though....
Tom
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Black & white .gifs?
Date: Thu, 12 Apr 2001 10:02:47 -0700
Paul Thomas wrote:
>
> > Does anyone know where I can find a supply of black & white .gifs on the
> > net, so I can use steganography on them?
> > Any help would be great thanks!!!
>
> why not just take any old regular pictures you got lying around and convert
> them to black and white in your fav. image editing tool and then use them..
This is a much better idea. I once decrypted something and found
a JPEG. I suspected stego, and looked around the web until I found
the picture that had been used. It turned out to be bit-for-bit
identical, so I stopped looking for further secrets in that one.
If they hadn't been identical, that would be a great start for c/a.
--
Jim Gillogly
Highday, 21 Astron S.R. 2001, 17:00
12.19.8.2.7, 8 Manik 5 Pop, Second Lord of Night
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 13:13:33 -0300
If it was published, give me just one reference. I will be glad to know
it.
Obvious does not mean not novel.
Why you do not talk about the effects of the swap operation in DS?
Substituing dynamically, Otp is a table of two or more elements
subtitued dynamically.
Where is the novelty???
It is an EMPTY idea
"Trevor L. Jackson, III" wrote:
>
> newbie wrote:
>
> > You may patent my idea if you want.
>
> Where can I get some of what you are smoking? No one can patent anything that
> has already been published. And no one can publish anything that is obvious.
> "Your" idea is both published and obvious.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 12:16:41 -0500
Serge Vaudenay wrote:
> To be more precise about our graduate school:
>
> - topics is "communication systems" in general
> - most of students are foreigners
> - courses are in English (area is the French speaking part of CH)
> - once application is accepted, scholarship is not usually a problem
> - applications for the next academic year (Oct01-Jul02) starts NOW!
> - information on http://dscwww.epfl.ch/EN/graduate/default.asp
> - bikinis are less than 1km away (say from May to September)
> - ski trails are less than 1h away (say from December to April)
> - good food and wine available (France is 5km away...)
>
> Did I do my job well?
I'll say! Too bad it's too late for me to apply, but in a few
years I'll try to convince my kids :-) Visiting will be nicer
than going to school!
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: How to use Dynamic Substitution
Date: Thu, 12 Apr 2001 19:22:34 +0200
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> It appears to me that this particular attribute is worth of note in that
the DS
> technique is an efficient mechanism for incorporating the entropy of the
plaintext
> into the subsequent transforms or "downstream" state. Thus it is not only
a
> variable transform, but one that can easily be driven by external entropy,
message
> entropy, or both.
Dynamic substitution is efficient in terms of performance, but it is not
necessarily secure (although it may be secure in some applications, hence my
original question). There are certainly more secure ways, generally
speaking, to incorporate the entropy of the plain text into the the
subsequent transform, e.g. PCFB mode or ABC mode. It is easier to hide plain
text entropy in a feedback buffer. The state of DS is revealed by a minimal
effort chosen plain text attack.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Brice Canvel" <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves
Date: Thu, 12 Apr 2001 18:16:43 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Thank you for your help.
Brice.
"Brice Canvel" <[EMAIL PROTECTED]> wrote in message
news:l1cB6.5415$[EMAIL PROTECTED]...
> Hi,
>
> I am looking for a good introduction on elliptic curves and also
> maybe something a bit more detailed too once i have understood the
> generalitites of it. I did a search on Google but it came up with
> hundreds of pages and i thought one of you might have come across
> something good.
>
> Thank you,
>
> Brice.
>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOtXi+MFxN8+cI7QXEQLrLACg1AyMxHND9QHhz9t+x1TcAgpvDYcAoN9b
wLVU+Y/mxr4HKsPmCR5+lnzZ
=FgkT
=====END PGP SIGNATURE=====
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 13:21:46 -0300
Did you analyze the effects of the table-size? Is it more secure to use
size-table bigger or not?
Did you analyze what the swap operation has as effects on the output?
Do it.
Try to answer to those questions.
"Trevor L. Jackson, III" wrote:
>
> newbie wrote:
>
> > Did you compare the result with OTP?
> > Has someone independant of the inventor measure DS and OTP?
>
> What property of the system do you want measured? The throughputs are
> approximately the same, typically being dominated by the IO. The key
> distribution of DS is far simpler that that of OTP.
------------------------------
From: "Robert Reynard" <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves
Date: Thu, 12 Apr 2001 13:26:28 -0400
"Brice Canvel" <[EMAIL PROTECTED]> wrote in message
news:l1cB6.5415$[EMAIL PROTECTED]...
> Hi,
>
> I am looking for a good introduction on elliptic curves >
Did you check out Dr. Mike's book at ==> http://www.manning.com/rosing
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: digital signature for any file
Date: Thu, 12 Apr 2001 12:28:31 -0500
Thimo von Rauchhaupt wrote:
> I wondered if there is a concept how to sign any file digitaly, so that it
> is usable without seperating it from the signature. I�ve seen something like
> this in XML files, where the signature is just a tag, that can be ignored.
What do you mean "without separating"? Usually the signature of a file is
totally independent of the file. It doesn't have to be of course, but there's
good reasons to send/store signatures in a different place than the file.
An electronic signature combines a hash of the file with a private key. The
public key and hash (of what you think is the right file) can be used to check
the signature. You can sign twice - and combine the first signature with the
file to form a new hash which you'd need to use to create a new signature. But
I'm not sure what good it does.
Patience, persistence, truth,
Dr. mike
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 13:56:56 -0300
To be more clear give just numeric samples.
You are talking about benefits. What you are saying is not what Ritter
said.
His goal is, using "new" combiner, to hide 2 things :
- the statistical structure of the plain-text.
- the structure of the used keystream. To make more difficult PRNG
analysis.
That's it.
If you want to so. It is easy.
Fisrt goal : you can break randomly the numeric value in two and
encipher it separately. No chosen or plain text attack is possible.
Second goal : you can use one way function to hide the structure of the
keystream. Let k = keystream used. You use use one way function f(k) and
you encrypt with f(k).
Why create n tables, suffling n tables, using two keysteam ?????????
I sincerely do not understand.
"Trevor L. Jackson, III" wrote:
>
> newbie wrote:
>
> > Ds is like replacing
> >
> > 7=9-2 by 7=8-6+9-5+2-1
>
> No. You have failed to understand the purpose of the technique. That purpose
> cannot ever be illustrated with a single substitution operation.
> Only a sequence of substitutions can demonstrate the two benefits of the
> technique.
>
> Given a collection of messages to transform, the DS technique provides two
> benefits over simple, static substitution. First, at the individual message
> level, every character is transformed by a distinct image of the substitution
> table (*), and second, at the collection of messages level, after the first
> character every message is transformed by a distinct sequence of tables (*).
>
> The value of the DS technique lies in the fact that these benefits can be
> achieved relatively inexpensively.
>
> (*) This is asymptotically false due to the finite number of permutations, but
> valid for practical message sizes and message collections.
------------------------------
From: Nicholas Hopper <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 14:01:20 -0400
On Thu, 12 Apr 2001, kctang wrote:
> Dear all,
>
> "Good" school in Cryptography wanted.
> Any recommendations?
>
> Thanks,
> kctang (for TOM)
I'm not sure this is the question that Tom intended to ask, actually. But
since you asked...
My personal recommendation for an undergraduate university is any school
with reasonably competent faculty in CS and math. Undergraduate education
is what you make of it. So an inexpensive school where you can easily get
involved with the research of the faculty (which need not be directly
related to crypto) will allow you to excel, and won't be too hard on the
pocket book.
Almost no one pays for graduate studies in technical fields. I recall
reading on this group some time ago about a list of schools with crypto
researchers, but don't recall its location. In North America, there are at
the very least (In no particular order):
- MIT (Silvio Micali, Ron Rivest, Madhu Sudan, Shafi Goldwasser...)
- Berkeley (David Wagner, Michael Luby, ?)
- CMU (Manuel Blum, Steven Rudich)
- Stanford (Dan Boneh, ? I think Moni Naor and maybe Cynthia Dwork are
there sometimes?)
- UC San Diego (Mihir Bellare, Daniele Micciancio, Russell Impagliazzo, ...)
- Waterloo (Vanstone, Menezes, Stinson, ...)
- Harvard (Michael Rabin, ?)
- Princeton (Andrew Yao, Sanjeev Arora, Amit Sahai, ?)
- Brown (The NTRU people; I think they're in the math dept. there)
- University of Wisconsin, Milwaukee has a group
Presumably there are others I can't recall. There are quite a few schools
with crypto researchers in Europe; probably someone from that side of the
Atlantic can list them. (There are at the least, Cambridge, UCL, EPFL,
ETH Zurich, K.U. Leuven, KTH, ...)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Nicholas J. Hopper
Ph.D. Student in Computer Science
Carnegie Mellon University
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
