Cryptography-Digest Digest #129, Volume #14 Thu, 12 Apr 01 17:13:01 EDT
Contents:
Re: I got accepted (Mok-Kong Shen)
Re: _"Good" school in Cryptography ("was" I got accepted) (newbie)
Re: I got accepted ("Tom St Denis")
Re: _"Good" school in Cryptography ("was" I got accepted) ("AY")
Re: I got accepted (Mok-Kong Shen)
Re: _"Good" school in Cryptography ("was" I got accepted) (David A Molnar)
Re: Derived Key Generation (pjf)
Re: Elliptic Curves (Paul Rubin)
Re: I got accepted ("Tom St Denis")
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: _"Good" school in Cryptography ("was" I got accepted) ("M.S. Bob")
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: Elliptic Curves (DJohn37050)
Re: Elliptic Curves (DJohn37050)
Re: Crypto Books ("M.S. Bob")
Re: Elliptic Curves (DJohn37050)
RSA modulus size and bits ("Full Name")
Re: Dynamic Substitution Question (newbie)
Re: Dynamic Substitution Question (newbie)
Re: RSA modulus size and bits (Michael J. Fromberger)
Re: _"Good" school in Cryptography ("was" I got accepted) (newbie)
Re: Crypto Books (newbie)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 20:15:21 +0200
Tom St Denis wrote:
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> >
> >
> > Tom St Denis wrote:
> > >
> > > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> > [snip]
> > > > Did I do my job well?
> > >
> > > Since I am not an undergrad I need not apply. Hehehehehe
> >
> > He was evidently addressing the general public (viable
> > candidates in the group), not you in particular at all!!
>
> It's my thread though....
You intiated a thread. But others may talk with one
another. If you invite guests, they may be talking
to one another and barely every sentence is destined
to you. BTW, it is astonshing to see how many % of
the materials in this thread is really pertinent to
the science of crypto. I would certainly be among the
last people to be against having discussions on general
stuffs, eventually also matters rather unrelated. But
it seems that it has been a bit too much in this thread.
M. K. Shen
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 14:14:53 -0300
No good universities in other parts of the world?
Russia, China, India, Pakistan, etc...?
The big mistake is to underrate other people.
You will be very surprised if you take look to those countries.
Nicholas Hopper wrote:
>
> On Thu, 12 Apr 2001, kctang wrote:
>
> > Dear all,
> >
> > "Good" school in Cryptography wanted.
> > Any recommendations?
> >
> > Thanks,
> > kctang (for TOM)
>
> I'm not sure this is the question that Tom intended to ask, actually. But
> since you asked...
>
> My personal recommendation for an undergraduate university is any school
> with reasonably competent faculty in CS and math. Undergraduate education
> is what you make of it. So an inexpensive school where you can easily get
> involved with the research of the faculty (which need not be directly
> related to crypto) will allow you to excel, and won't be too hard on the
> pocket book.
>
> Almost no one pays for graduate studies in technical fields. I recall
> reading on this group some time ago about a list of schools with crypto
> researchers, but don't recall its location. In North America, there are at
> the very least (In no particular order):
>
> - MIT (Silvio Micali, Ron Rivest, Madhu Sudan, Shafi Goldwasser...)
> - Berkeley (David Wagner, Michael Luby, ?)
> - CMU (Manuel Blum, Steven Rudich)
> - Stanford (Dan Boneh, ? I think Moni Naor and maybe Cynthia Dwork are
> there sometimes?)
> - UC San Diego (Mihir Bellare, Daniele Micciancio, Russell Impagliazzo, ...)
> - Waterloo (Vanstone, Menezes, Stinson, ...)
> - Harvard (Michael Rabin, ?)
> - Princeton (Andrew Yao, Sanjeev Arora, Amit Sahai, ?)
>
> - Brown (The NTRU people; I think they're in the math dept. there)
> - University of Wisconsin, Milwaukee has a group
>
> Presumably there are others I can't recall. There are quite a few schools
> with crypto researchers in Europe; probably someone from that side of the
> Atlantic can list them. (There are at the least, Cambridge, UCL, EPFL,
> ETH Zurich, K.U. Leuven, KTH, ...)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Nicholas J. Hopper
> Ph.D. Student in Computer Science
> Carnegie Mellon University
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 18:27:26 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > Tom St Denis wrote:
> > > >
> > > > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> > > [snip]
> > > > > Did I do my job well?
> > > >
> > > > Since I am not an undergrad I need not apply. Hehehehehe
> > >
> > > He was evidently addressing the general public (viable
> > > candidates in the group), not you in particular at all!!
> >
> > It's my thread though....
>
> You intiated a thread. But others may talk with one
> another. If you invite guests, they may be talking
> to one another and barely every sentence is destined
> to you. BTW, it is astonshing to see how many % of
> the materials in this thread is really pertinent to
> the science of crypto. I would certainly be among the
> last people to be against having discussions on general
> stuffs, eventually also matters rather unrelated. But
> it seems that it has been a bit too much in this thread.
You mean I'm not the most important thing in this group? Ha who would have
known!
Muhahahahaha... well if they want to offer scholarships... hehheheheh
Or just spam about their schools...
Tom
------------------------------
From: "AY" <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 19:43:40 +0100
> kctang wrote in message <[EMAIL PROTECTED]>...
Any views on Chinese University in Hong Kong, Mr Tang? I happen to know
crypto is not bad at HKU.
For others this is a good place to start:
http://www.counterpane.com/courses.html
AY
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 20:46:50 +0200
Tom St Denis wrote:
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> >
> > Tom St Denis wrote:
> > >
> > > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > Tom St Denis wrote:
> > > > >
> > > > > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> > > > [snip]
> > > > > > Did I do my job well?
> > > > >
> > > > > Since I am not an undergrad I need not apply. Hehehehehe
> > > >
> > > > He was evidently addressing the general public (viable
> > > > candidates in the group), not you in particular at all!!
> > >
> > > It's my thread though....
> >
> > You intiated a thread. But others may talk with one
> > another. If you invite guests, they may be talking
> > to one another and barely every sentence is destined
> > to you. BTW, it is astonshing to see how many % of
> > the materials in this thread is really pertinent to
> > the science of crypto. I would certainly be among the
> > last people to be against having discussions on general
> > stuffs, eventually also matters rather unrelated. But
> > it seems that it has been a bit too much in this thread.
>
> You mean I'm not the most important thing in this group? Ha who would have
> known!
>
> Muhahahahaha... well if they want to offer scholarships... hehheheheh
>
> Or just spam about their schools...
It does sometimes well to take a mirror and see one's
counterfeit. Note such stuffs as your hehehe etc.
Coundn't one write a bit more seriously? What does your
acceptance by a university concern anybody in the group?
Why did you start the thread in the first place?
Would you next time announce your having birthday
and want others to congratulate you? This group is
not for such private matters. There may be some news
groups for that. I don't know.
M. K. Shen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: 12 Apr 2001 18:41:04 GMT
Nicholas Hopper <[EMAIL PROTECTED]> wrote:
Just one or two minor additions. This is the sort of thing that probably
should be kept up to date somewhere...but who has time? (not me)
> - Berkeley (David Wagner, Michael Luby, ?)
Doug Tygar
> - Stanford (Dan Boneh, ? I think Moni Naor and maybe Cynthia Dwork are
> there sometimes?)
Victor Shoup seems to be there this term. I don't know
if that's going to be a permanent thing or not.
> - Harvard (Michael Rabin, ?)
Salil Vadhan, Leslie Valiant (not crypto per se, but complexity
theory, combinatorics, and learning theory)
thanks,
-David
------------------------------
From: [EMAIL PROTECTED] (pjf)
Subject: Re: Derived Key Generation
Date: Thu, 12 Apr 2001 19:03:09 GMT
Thanks for all your suggestions.
As a result of this, I'll probably wind up using an AES Candidate for
the Symmetric Cypher, since the export regs are not an issue for
publicly available source code. Thanks for pointing that out.
Although, since the intended use for this library was going to be
internet gaming, I didn't really think that "Military Grade" crypto
was a total necessity. But since I can have it, why not use it? :)
I'll also probably wind up using the PRF-type Iterative methods
suggested for derived key generation. Thanks for introducing me to
those.
If anyone likes synth-pop music, enjoy this as a thanks:
http://artists.mp3s.com/artist_song/799/799757.html
Cheers!
-pjf
--
[EMAIL PROTECTED]
http://www.staticengine.com
Developer, Know Wonder Inc.
Musician, Static Engine
---
Digital Certificates provide no actual security for
electronic commerce; it's a complete sham.
-Bruce Schneier, Secrets & Lies
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves
Date: 12 Apr 2001 12:09:09 -0700
"Robert Reynard" <[EMAIL PROTECTED]> writes:
> > I am looking for a good introduction on elliptic curves >
>
> Did you check out Dr. Mike's book at ==> http://www.manning.com/rosing
I don't recommend this book very much (no offense to Dr. Mike). At
best it's a reasonable guide to *implementing* ECC over GF(2) fields
at a detailed level. As an intro to the subject, it has some serious
math errors and doesn't go into the math enough anyway. I'll unload
my copy pretty cheap if you want it.
Neal Koblitz's "A Course in Number Theory and Cryptography" has some
material on ECC, and for a zero-cost basic introduction (that doesn't
go much further than a basic introduction), see the ECC whitepaper
online at www.certicom.com.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 19:42:05 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > >
> > > Tom St Denis wrote:
> > > >
> > > > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Tom St Denis wrote:
> > > > > >
> > > > > > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> > > > > [snip]
> > > > > > > Did I do my job well?
> > > > > >
> > > > > > Since I am not an undergrad I need not apply. Hehehehehe
> > > > >
> > > > > He was evidently addressing the general public (viable
> > > > > candidates in the group), not you in particular at all!!
> > > >
> > > > It's my thread though....
> > >
> > > You intiated a thread. But others may talk with one
> > > another. If you invite guests, they may be talking
> > > to one another and barely every sentence is destined
> > > to you. BTW, it is astonshing to see how many % of
> > > the materials in this thread is really pertinent to
> > > the science of crypto. I would certainly be among the
> > > last people to be against having discussions on general
> > > stuffs, eventually also matters rather unrelated. But
> > > it seems that it has been a bit too much in this thread.
> >
> > You mean I'm not the most important thing in this group? Ha who would
have
> > known!
> >
> > Muhahahahaha... well if they want to offer scholarships... hehheheheh
> >
> > Or just spam about their schools...
>
> It does sometimes well to take a mirror and see one's
> counterfeit. Note such stuffs as your hehehe etc.
> Coundn't one write a bit more seriously? What does your
> acceptance by a university concern anybody in the group?
> Why did you start the thread in the first place?
> Would you next time announce your having birthday
> and want others to congratulate you? This group is
> not for such private matters. There may be some news
> groups for that. I don't know.
Not this again. Bite my hairy butt. Everytime I post something serious I
get ignored and sometimes people are generous to help in private. Why? Cuz
this group blows goats. You can't maintain a serious tone without bringing
in the good ol' spookes.
If this group goes to hell in a hand basket, I want to leave my mark .
Tom
>
>
> M. K. Shen
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 20:08:09 GMT
newbie wrote:
> Did you analyze the effects of the table-size?
Yes.
> Is it more secure to use
> size-table bigger or not?
Yes.
>
> Did you analyze what the swap operation has as effects on the output?
Yes.
>
> Do it.
> Try to answer to those questions.
>
> "Trevor L. Jackson, III" wrote:
> >
> > newbie wrote:
> >
> > > Did you compare the result with OTP?
> > > Has someone independant of the inventor measure DS and OTP?
> >
> > What property of the system do you want measured? The throughputs are
> > approximately the same, typically being dominated by the IO. The key
> > distribution of DS is far simpler that that of OTP.
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 21:06:29 +0100
newbie wrote:
>
> No good universities in other parts of the world?
> Russia, China, India, Pakistan, etc...?
>
> The big mistake is to underrate other people.
> You will be very surprised if you take look to those countries.
Then please enlighten us.
My 2 cents would be Technion, Israel (Biham)
> > My personal recommendation for an undergraduate university is any school
> > with reasonably competent faculty in CS and math. Undergraduate education
> > is what you make of it. So an inexpensive school where you can easily get
> > involved with the research of the faculty (which need not be directly
> > related to crypto) will allow you to excel, and won't be too hard on the
> > pocket book.
I must say I agree with Nicholas Hopper's statement.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 20:12:00 GMT
newbie wrote:
> To be more clear give just numeric samples.
> You are talking about benefits. What you are saying is not what Ritter
> said.
> His goal is, using "new" combiner, to hide 2 things :
> - the statistical structure of the plain-text.
> - the structure of the used keystream. To make more difficult PRNG
> analysis.
> That's it.
> If you want to so. It is easy.
> Fisrt goal : you can break randomly the numeric value in two and
> encipher it separately. No chosen or plain text attack is possible.
You have a lot of reading yet to do. You need definitions for "randomly", "break in
two", "encipher", and attack. By the conventional definition of those terms your
conclusion, that no attack is possible, is trivially false.
>
> Second goal : you can use one way function to hide the structure of the
> keystream. Let k = keystream used. You use use one way function f(k) and
> you encrypt with f(k).
>
> Why create n tables, suffling n tables, using two keysteam ?????????
> I sincerely do not understand.
We agree on that.
There are not N tables. There is, in the simplest case, a single table that gets
slightly modified after every use.
>
>
>
>
> "Trevor L. Jackson, III" wrote:
> >
> > newbie wrote:
> >
> > > Ds is like replacing
> > >
> > > 7=9-2 by 7=8-6+9-5+2-1
> >
> > No. You have failed to understand the purpose of the technique. That purpose
> > cannot ever be illustrated with a single substitution operation.
> > Only a sequence of substitutions can demonstrate the two benefits of the
> > technique.
> >
> > Given a collection of messages to transform, the DS technique provides two
> > benefits over simple, static substitution. First, at the individual message
> > level, every character is transformed by a distinct image of the substitution
> > table (*), and second, at the collection of messages level, after the first
> > character every message is transformed by a distinct sequence of tables (*).
> >
> > The value of the DS technique lies in the fact that these benefits can be
> > achieved relatively inexpensively.
> >
> > (*) This is asymptotically false due to the finite number of permutations, but
> > valid for practical message sizes and message collections.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 20:15:17 GMT
newbie wrote:
> If it was published, give me just one reference. I will be glad to know
> it.
You published it here in sci.crypt.
>
> Obvious does not mean not novel.
> Why you do not talk about the effects of the swap operation in DS?
> Substituing dynamically, Otp is a table of two or more elements
> subtitued dynamically.
No. The classic XOR OTP applies the same transform to every message in the sense
that the Nth character of each message has the same operation applied. That
operation is not sensitive to any of the preceding message entropy. This is why
there is a strong emphasis on the ONE TIME within the name One Time Pad.
>
> Where is the novelty???
> It is an EMPTY idea
>
> "Trevor L. Jackson, III" wrote:
> >
> > newbie wrote:
> >
> > > You may patent my idea if you want.
> >
> > Where can I get some of what you are smoking? No one can patent anything that
> > has already been published. And no one can publish anything that is obvious.
> > "Your" idea is both published and obvious.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 12 Apr 2001 20:38:12 GMT
Subject: Re: Elliptic Curves
For some info on ECC in general, see the "ECDSA" paper by Alfred Menezes and
myself. For some advantages of ECC, see my paper "ECC, Future Resiliency and
High Security Systems"
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 12 Apr 2001 20:39:33 GMT
Subject: Re: Elliptic Curves
If you want a book on ECC arithmetic as used in cryptosystem, Alfred Menezes
wrote one, this is much more detailed and complex than the papers mentioned.
Don Johnson
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Subject: Re: Crypto Books
Date: Thu, 12 Apr 2001 21:34:59 +0100
Brice Canvel wrote:
>
> Hi,
>
> I am looking for a maths book that covers the necessary material needed to
> understand the workings of crypto algorithms like DES, AES, RSA, ... and
> that would allow me to create my own in my spare time.
Not knowing your mathematical savvyness makes it hard to say what is
appropriate.
With a undergraduate math background books like Cryptography: Theory and
Practice (Stinson) or A Course in Number Theory and Cryptography
(Koblitz), or An Introduction to Cryptography, by R. A. Mollin are
perhaps some of the more commonly recommended introductions of the math
rich intros to cryptography.
Applied Cryptography by Bruce Schneier is a very common book which is
more oriented to practical use of existing algorithms and protocols.
Handbook of Applied Cryptography
<http://www.cacr.math.uwaterloo.ca/hac/> is another excellent reference,
which is available online in PDF.
If you expect to be able to produce algorithms as resistant to
cryptanalysis as DES, AES, and RSA then you'll need far more then one or
two books.
This is explained in the sci.crypt FAQ (part 3 I think), PGP's
documentation (re: bass-o-matic), Applied Cryptography, and various
essays written by Bruce Schneier available from
<http://www.counterpane.com/labs.html>, Why Cryptography Is Harder Than
It Looks <http://www.counterpane.com/whycrypto.html>.
Now, if you meant which math topics, and what are some of the better
books to understand them, I am sorry I haven't answer that question very
well. Modern Algebra, Statistics, Number Theory, Information Theory,
Complexity, Finite Fields, Combinatorics, and Algorithm Analysis.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 12 Apr 2001 20:40:30 GMT
Subject: Re: Elliptic Curves
IEEE 1363 also has extensive section(s) on ECC, including arithmetic, security,
schemes, etc.
Don Johnson
------------------------------
From: "Full Name" <[EMAIL PROTECTED]>
Subject: RSA modulus size and bits
Date: Thu, 12 Apr 2001 10:07:32 -0700
What does one exactly mean by a 1024-bit RSA modulus? More precisely,
must such a modulus have its 1024th bit necessarily set to 1? If not, how much
leeway does one have when choosing a 1024-bit modulus? That is, how many
leading zero bits is one to tolerate?
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 16:46:26 -0300
"Trevor L. Jackson, III" wrote:
>
> newbie wrote:
>
> > To be more clear give just numeric samples.
> > You are talking about benefits. What you are saying is not what Ritter
> > said.
> > His goal is, using "new" combiner, to hide 2 things :
> > - the statistical structure of the plain-text.
> > - the structure of the used keystream. To make more difficult PRNG
> > analysis.
> > That's it.
> > If you want to so. It is easy.
> > Fisrt goal : you can break randomly the numeric value in two and
> > encipher it separately. No chosen or plain text attack is possible.
>
> You have a lot of reading yet to do.
Maybe. But even if you read all cryptographic books in the world, is
there something you can not find in books : new ideas.
You did not give me a single reference about breaking the plain text.
I'm still waiting.
Published in sci.crypt is not a reference. Something more precise,
please.
You need definitions for "randomly", "break in
> two", "encipher", and attack. By the conventional definition of those terms your
> conclusion, that no attack is possible, is trivially false.
You may use any PRNG because it is internal operation.
When sender break randomly using any PRNG it doesn't appear to anyone.
My message 1523152315263
I break it in two such as M1+M2 = M
No one knows how I broke it.
I can break using just a single opration without random
sample
m = 12031524601
M1 = 10030504001
M2 = 12031524601
I just convert the digit even to 0 or any value 1 or 5
It is easy
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 16:48:30 -0300
It depends how you apply Vernam principle.
If you lack imagination, reading is helpless.
"Trevor L. Jackson, III" wrote:
>
> newbie wrote:
>
> > If it was published, give me just one reference. I will be glad to know
> > it.
>
> You published it here in sci.crypt.
>
> >
> > Obvious does not mean not novel.
> > Why you do not talk about the effects of the swap operation in DS?
> > Substituing dynamically, Otp is a table of two or more elements
> > subtitued dynamically.
>
> No. The classic XOR OTP applies the same transform to every message in the sense
> that the Nth character of each message has the same operation applied. That
> operation is not sensitive to any of the preceding message entropy. This is why
> there is a strong emphasis on the ONE TIME within the name One Time Pad.
>
> >
> > Where is the novelty???
> > It is an EMPTY idea
> >
> > "Trevor L. Jackson, III" wrote:
> > >
> > > newbie wrote:
> > >
> > > > You may patent my idea if you want.
> > >
> > > Where can I get some of what you are smoking? No one can patent anything that
> > > has already been published. And no one can publish anything that is obvious.
> > > "Your" idea is both published and obvious.
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: RSA modulus size and bits
Date: 12 Apr 2001 20:53:24 GMT
In <9b4nck$hvu$[EMAIL PROTECTED]> "Full Name" <[EMAIL PROTECTED]> writes:
>What does one exactly mean by a 1024-bit RSA modulus? More precisely,
>must such a modulus have its 1024th bit necessarily set to 1? If not,
>how much leeway does one have when choosing a 1024-bit modulus? That
>is, how many leading zero bits is one to tolerate?
Hi there,
The term "a 1024-bit RSA modulus" means "an integer with 1024
significant bits which is the product of two large prime integers."
Typically, one might pick two 512-bit primes.
If the 1024th bit (assuming you number bits from 1) is zero, then
there are at most 1023 significant digits. So, if you are speaking
precisely, then yes, such a modulus must have its 1024th bit set to 1.
You cannot tolerate any leading zero bits if you want to retain the
property that your modulus has 1024 significant bits.
(Actually, you can think of any integer as having an infinite number
of leading zero bits to the left of the most significant 1).
Cheers,
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
Don't steal. The Government hates competition.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 16:53:32 -0300
Ethnocentrism and arrogance is not the way to improve knowledge.
You do not know what the Chinese or Russian had invented.
What is published is NOT the real knowledge.
FBI spend more than a year to decipher letters encrypted by single
amateurs.
Good day
"M.S. Bob" wrote:
>
> newbie wrote:
> >
> > No good universities in other parts of the world?
> > Russia, China, India, Pakistan, etc...?
> >
> > The big mistake is to underrate other people.
> > You will be very surprised if you take look to those countries.
>
> Then please enlighten us.
>
> My 2 cents would be Technion, Israel (Biham)
>
> > > My personal recommendation for an undergraduate university is any school
> > > with reasonably competent faculty in CS and math. Undergraduate education
> > > is what you make of it. So an inexpensive school where you can easily get
> > > involved with the research of the faculty (which need not be directly
> > > related to crypto) will allow you to excel, and won't be too hard on the
> > > pocket book.
>
> I must say I agree with Nicholas Hopper's statement.
------------------------------
From: newbie <[EMAIL PROTECTED]>
Subject: Re: Crypto Books
Date: Thu, 12 Apr 2001 16:57:42 -0300
" Stop secret " of Tchayatin Olga ( russian )
Not published yet.
"M.S. Bob" wrote:
>
> Brice Canvel wrote:
> >
> > Hi,
> >
> > I am looking for a maths book that covers the necessary material needed to
> > understand the workings of crypto algorithms like DES, AES, RSA, ... and
> > that would allow me to create my own in my spare time.
>
> Not knowing your mathematical savvyness makes it hard to say what is
> appropriate.
>
> With a undergraduate math background books like Cryptography: Theory and
> Practice (Stinson) or A Course in Number Theory and Cryptography
> (Koblitz), or An Introduction to Cryptography, by R. A. Mollin are
> perhaps some of the more commonly recommended introductions of the math
> rich intros to cryptography.
>
> Applied Cryptography by Bruce Schneier is a very common book which is
> more oriented to practical use of existing algorithms and protocols.
> Handbook of Applied Cryptography
> <http://www.cacr.math.uwaterloo.ca/hac/> is another excellent reference,
> which is available online in PDF.
>
> If you expect to be able to produce algorithms as resistant to
> cryptanalysis as DES, AES, and RSA then you'll need far more then one or
> two books.
>
> This is explained in the sci.crypt FAQ (part 3 I think), PGP's
> documentation (re: bass-o-matic), Applied Cryptography, and various
> essays written by Bruce Schneier available from
> <http://www.counterpane.com/labs.html>, Why Cryptography Is Harder Than
> It Looks <http://www.counterpane.com/whycrypto.html>.
>
> Now, if you meant which math topics, and what are some of the better
> books to understand them, I am sorry I haven't answer that question very
> well. Modern Algebra, Statistics, Number Theory, Information Theory,
> Complexity, Finite Fields, Combinatorics, and Algorithm Analysis.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
