Cryptography-Digest Digest #243, Volume #14 Thu, 26 Apr 01 22:13:00 EDT
Contents:
Re: What Is the Quality of Randomness? (John Wasser)
Combining two plaintexts into ciphertext (Ken Savage)
Re: Graphical representation of a public key (or fingerprint)? (Ian Goldberg)
Re: Combining two plaintexts into ciphertext ("Tom St Denis")
Re: Combining two plaintexts into ciphertext (Ken Savage)
Re: Combining two plaintexts into ciphertext ("Tom St Denis")
Re: Quantum Crypto ("Roger Schlafly")
Re: What Is the Quality of Randomness? ("Mark G Wolf")
Re: Censorship Threat at Information Hiding Workshop (Darren New)
Re: RC4 Source Code (Darren New)
Re: What Is the Quality of Randomness? ("Mark G Wolf")
Re: _Roswell_ episode crypto puzzle (Steve Roberts)
Re: What Is the Quality of Randomness? ("Mark G Wolf")
Re: RC4 Source Code (Bill Unruh)
Re: Quantum Crypto (Bill Unruh)
Re: Censorship Threat at Information Hiding Workshop ("Paul Pires")
----------------------------------------------------------------------------
Subject: Re: What Is the Quality of Randomness?
From: John Wasser <[EMAIL PROTECTED]>
Date: Fri, 27 Apr 2001 00:08:33 GMT
[[ This message was both posted and mailed. ]]
In article <9ca3gj$2gdm$[EMAIL PROTECTED]>, Mark G Wolf
<[EMAIL PROTECTED]> wrote:
> I agree that throughout the WHOLE pad every 8-bit group will have an equal
> probability, namely 1/256; and XORing the same 8-bit pattern will just
> simply "rearrange" where those 8-bit groups are,
> what if I take 4-bit groupings. Now each 4-bit grouping would have an equal
> probability of 1/16, but after XORing with my alternating 0000 and 1111 what
> would you get? 1/2 of the time you would leave the bits unchanged and 1/2
> of the time you would "flip" the bits,
Now to paraphrase your 8-bit statement:
Throughout the WHOLE pad every 4-bit group will have an equal
probability, namely 1/16; and XORing the same 4-bit pattern will just
simply "rearrange" where those 4-bit groups are.
Since it doesn't matter what pattern you choose you can see that
dividing the pad into two sections and using one pattern on each
section will produce two uniform distributions that will all add up to
one big uniform distribution.
Now expand that though to cover other scales:
A) Throughout the WHOLE pad every n-bit group will have an equal
probability, namely 1/(2^n); and XORing the same n-bit pattern will
just simply "rearrange" where those n-bit groups are.
B) Dividing the pad into 'm' sections and using one pattern on each
section will produce 'm' uniform distributions that will all add up to
one big uniform distribution.
Uniformly distributed random data will stay uniformly distributed if
you XOR it with any other bitstream: random, highly patterned or
anything inbetween.
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Combining two plaintexts into ciphertext
Date: Fri, 27 Apr 2001 00:12:49 GMT
Given:
uint8 plain1, plain2;
uint8 key1, key2;
uint16 x;
Is there a GOOD function f( x, key ) such that
f( x, key1 ) == plain1
f( x, key2 ) == plain2
and that f( x, anything_else ) is effectively a random uint8.
I've found a "bad" function f(x, key) that works about 55% of
the time. But I'm guessing that can be improved upon.
Subsequently, once the f(x, key) function has been defined,
is there a quick way of determining x = g( key1, key2, plain1, plain2 )
such that f( x, key[1|2] ) is the appropriate plaintext?
It doesn't matter if the f() function only works 75% of
the time, since error correcting codes can make up for any
errors that creep into the output stream.
Ken
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: 27 Apr 2001 00:13:36 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>Michael Schmidt wrote:
>>
>> Hi,
>>
>> I know that there has been research on the topic "graphical
>> passwords", i.e. keys being created from graphical user input.
>>
>> I'm wondering whether there has been any research conducted on the
>> topic "graphical representation of a public key" or the key's
>> fingerprint.
>
>So instead of key from graphics, you want graphics from keys.
>
>> My goal is to authenticate a public key (or better: its fingerprint,
>> like with PGP) securely by creating and comparing its graphical
>> representation with an "original", which is unique enough for every
>> key/fingerprint, yet easy to be processed and compared by the human
>> brain.
>
>In otherwords, the same thing as comparing the hex version of the key's
>fingerprint, but visually. The "original" still has to be sent out of
>band, but by being graphical, it's something we can hope to remember
>easily, rather than having to write it down.
>
>I would suggest converting the fingerprint into a floating point number
>between 0 and 1, and using that as some parameter for some sort of
>fractal image. Or, perhaps using the fingerprint as the seed of some
>prng, which is then used to generate some distinctive piece of graphics.
Check out Raph Levein's "hex", or my "visprint".
http://www.horde.net/~jwm/software/hex/ has both.
http://www.redrival.com/ston/comp/visprint/ I was unaware of until
I just now did a Google search, trying to find my own (ancient)
program.
- Ian
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Combining two plaintexts into ciphertext
Date: Fri, 27 Apr 2001 00:16:27 GMT
"Ken Savage" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Given:
>
> uint8 plain1, plain2;
> uint8 key1, key2;
> uint16 x;
>
> Is there a GOOD function f( x, key ) such that
>
> f( x, key1 ) == plain1
> f( x, key2 ) == plain2
>
> and that f( x, anything_else ) is effectively a random uint8.
Why would you want equivalent keys? I believe Biham has done work along
these lines with the Chameleon scheme (I think that was Biham anyways since
it does use Tiger/192).
Tom
------------------------------
From: Ken Savage <[EMAIL PROTECTED]>
Subject: Re: Combining two plaintexts into ciphertext
Date: Fri, 27 Apr 2001 00:22:51 GMT
Tom St Denis wrote:
>
> "Ken Savage" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> > Given:
> >
> > uint8 plain1, plain2;
> > uint8 key1, key2;
> > uint16 x;
> >
> > Is there a GOOD function f( x, key ) such that
> >
> > f( x, key1 ) == plain1
> > f( x, key2 ) == plain2
> >
> > and that f( x, anything_else ) is effectively a random uint8.
>
> Why would you want equivalent keys? I believe Biham has done work along
> these lines with the Chameleon scheme (I think that was Biham anyways since
> it does use Tiger/192).
>
> Tom
x is a uint16 -- a "combination" of plain1 and plain2, enciphered
with rand1 and rand2. The keys are generally not equivalent.
Ken
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Combining two plaintexts into ciphertext
Date: Fri, 27 Apr 2001 00:25:10 GMT
"Ken Savage" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "Ken Savage" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > >
> > > Given:
> > >
> > > uint8 plain1, plain2;
> > > uint8 key1, key2;
> > > uint16 x;
> > >
> > > Is there a GOOD function f( x, key ) such that
> > >
> > > f( x, key1 ) == plain1
> > > f( x, key2 ) == plain2
> > >
> > > and that f( x, anything_else ) is effectively a random uint8.
> >
> > Why would you want equivalent keys? I believe Biham has done work along
> > these lines with the Chameleon scheme (I think that was Biham anyways
since
> > it does use Tiger/192).
> >
> > Tom
>
> x is a uint16 -- a "combination" of plain1 and plain2, enciphered
> with rand1 and rand2. The keys are generally not equivalent.
I don't get this. If X is a combo of plain1 and plain2 then it must be a
function of the two. The way you wrote it is backwards such that plain1 is
a function of x and key1...
You should write it as
x = f(plain1, plain2, key1, key2).
What would you use this for?
Tom
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Quantum Crypto
Date: Fri, 27 Apr 2001 00:15:29 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Roger Schlafly quoted:
> > So, even though quantum cryptography can't ensure that someone won't try
to
> > spy on you, it does mean that the recipient of your key can always tell
how
> > much a third party has been listening in.
> No, careful implementation of QC can guarantee that an eavesdropper
> cannot obtain information about the plaintext (*and* the legitimate
> receiver can detect the disruption).
I don't believe either of the above statements is true. Usually QC systems
are some sort of combination of QC with conventional crypto, and
offering less security than is commonly offered by conventional crypto.
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 20:19:01 -0500
> [[ This message was both posted and mailed. ]]
You know it'd be great if Prodigy wasn't messing with me so that I could see
that my posts actually post.
> In article <9ca3gj$2gdm$[EMAIL PROTECTED]>, Mark G Wolf
> <[EMAIL PROTECTED]> wrote:
>
> > I agree that throughout the WHOLE pad every 8-bit group will have an
equal
> > probability, namely 1/256; and XORing the same 8-bit pattern will just
> > simply "rearrange" where those 8-bit groups are,
>
> > what if I take 4-bit groupings. Now each 4-bit grouping would have an
equal
> > probability of 1/16, but after XORing with my alternating 0000 and 1111
what
> > would you get? 1/2 of the time you would leave the bits unchanged and
1/2
> > of the time you would "flip" the bits,
>
> Now to paraphrase your 8-bit statement:
> Throughout the WHOLE pad every 4-bit group will have an equal
> probability, namely 1/16; and XORing the same 4-bit pattern will just
> simply "rearrange" where those 4-bit groups are.
>
> Since it doesn't matter what pattern you choose you can see that
> dividing the pad into two sections and using one pattern on each
> section will produce two uniform distributions that will all add up to
> one big uniform distribution.
Yes but the reason that argument doesn't wash is, if you divide the pad
you're also taking away half of my message. Taking it to an absurdity
you'll eventually get down to individual bits. Yeah so each bit will be a 0
or 1 and taken individually they'll still be uniformly distributed, so what?
1-bit makes for a really ambiguous message. This is a case of missing the
forest amongst the trees. The message and resultant ciphertext has to be
taken in its entirety to have any meaning.
I'll give you a very visual representation of the hidden information. I'm
sure you've seen Close Encounters of the Third Kind (I think that was the
title, gosh I'm getting old). Remember at the end when "we" were
communicating with the aliens with that color grid screen. Picture a cipher
pad before and after being XORed with a message. Take any particular N-bit
pattern, find all of it's occurrences and put a color box around those
occurrences. Then do the same after you encrypt your message. At the very
least all of the colored rectangles will shift, and at the very worst will
form a pattern. Both the shift and any consequent pattern is useful
information, very useful. I think if you can picture that it will jump
right out at you.
> Now expand that though to cover other scales:
>
> A) Throughout the WHOLE pad every n-bit group will have an equal
> probability, namely 1/(2^n); and XORing the same n-bit pattern will
> just simply "rearrange" where those n-bit groups are.
>
> B) Dividing the pad into 'm' sections and using one pattern on each
> section will produce 'm' uniform distributions that will all add up to
> one big uniform distribution.
>
> Uniformly distributed random data will stay uniformly distributed if
> you XOR it with any other bitstream: random, highly patterned or
> anything inbetween.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 01:23:09 GMT
> > There is nothing natural about property per se,
> There most certainly is. Products require producers.
But the question becomes "who is the producer of the CD I have in my hand?"
You may have produced the music, but I produced the CD itself.
Anyway, I think the other half of the problem is that we're not talking
about copyright infringement. We're talking about what's now contractual
agreements turning into a different kind of law. Copyright law does not
give the owner of the copyright permission to prevent me from (for example)
reselling my copy, giving my copy away, talking *about* my copy, or playing
my copy in a country different from where I bought it. However, attempts are
being made to make all of these things illegal.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
schedule.c:7: warning: assignment makes calendar_week
from programmer_week without a cast.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: RC4 Source Code
Date: Fri, 27 Apr 2001 01:25:51 GMT
Tom St Denis wrote:
> No I think most used ARC4 because they think they are cheating the big mean
> RSA out of some doh.
No, it's because RSA owns the name "RC4" but they don't own the algorithm
(since they never patented the algorithm). Hence, RSA could sue you for
using the name "RC4" but not for using the algorithm.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
schedule.c:7: warning: assignment makes calendar_week
from programmer_week without a cast.
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 20:24:01 -0500
BTW, here's my original message:
Ok. First I was speaking of 7-bit ASCII, but 8-bits is fine too. I agree
that throughout the WHOLE pad every 8-bit group will have an equal
probability, namely 1/256; and XORing the same 8-bit pattern will just
simply "rearrange" where those 8-bit groups are, BUT, what about the sub
groups. For example, let's take a fictitious character that has an "ASCII"
representation of 00001111. Now let me do the same thing by just encrypting
a string of this same character. So I take 000011110000111100001111... and
XOR with my uniformly distributed random pad. Now if I started from the
"beginning" and took 8-bits at a time your same argument would apply. Each
8-bit grouping would have an equal probability of 1/256 so XORing with
00001111 nonstop would just rearrange where those 8-bit groups are. But
what if I take 4-bit groupings, starting from the "beginning". Now each
"original" 4-bit grouping would have an equal probability of 1/16, but after
XORing with my alternating 0000 and 1111 what would you get? 1/2 of the
time you would leave the bits unchanged, and 1/2 of the time you would
"flip" the bits, BUT, you would be doing it in a very predictable periodic
way. Now this is a very exaggerated condition, but nonetheless valid and
applicable.
------------------------------
From: [EMAIL PROTECTED] (Steve Roberts)
Crossposted-To: rec.puzzles
Subject: Re: _Roswell_ episode crypto puzzle
Date: Fri, 27 Apr 2001 01:23:53 GMT
yomgui <[EMAIL PROTECTED]> wrote:
>Steve Roberts wrote:
>>
>> This puzzle (with its million possible answers) prompts me to post THE
>> RIGHT QUESTION which you should ask entities that claim to be visiting
>> space aliens.
>>
>> Entity: G'day, we are from xxx xxx [distant civilisation]
>> You: Please tell me the factors of F20 (2^1048576+1)
>
>hello,
>
>first, thinks for your interresting extrapolations.
>can you tell me what is F20 ? is it an Hex number ?
It is the twentieth Fermat number
F0 = 2^(2^0)+1 = 3
F1 = 2^(2^1)+1 = 5
F2 = 2^(2^2)+1 =17
F3 = 2^(2^3)+1 = 257
F4 = 2^(2^4)+1 = 65537
These are all prime and poor old Fermat in about 1640 postulated that
all such numbers would be prime. However all the higher ones are
composite, at least all those that have been checked. (Otherwise we
could get prime numbers as large as we liked - think of a number N
then 2^(2^N)+1 is prime, etc.)
We (humanity) know that F20 is composite - there is a simple proof
that it is not prime - but we don't know what its factors are. We do
know that they are very big, as searches for small factors have
failed. However a civilisation with computing power (or maths)
slightly more advanced than ours would be able to recover the factors,
then we could verify the answer easily with our weedy old Earth
computers.
>the following is a message send by someone to some self claimed
>extraterrestrial.
>trying to verify with an eventual answer that the ET is effectivelly
>what he claims to be.
>
> 1011010111 100101 101000100111 - 110101111110 0100111
Wrong end - as this is sent by some human then we should ask them. If
the answer is available from a human, it's a waste of time trying to
guess it from this (as for cryptography analysis). If of ET origin,
it would certainly be worthy of analysis.
But for the academic exercise, my first observation is that it looks
runny and it may form a picture when written out at the right width.
Otherwise, the size of the groups goes 10,6,12 - 12,7 so we don't even
know the context of the data.
Steve
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Thu, 26 Apr 2001 20:29:26 -0500
Ok. First I was speaking of 7-bit ASCII, but 8-bits is fine too. I agree
that throughout the WHOLE pad every 8-bit group will have an equal
probability, namely 1/256; and XORing the same 8-bit pattern will just
simply "rearrange" where those 8-bit groups are, BUT, what about the sub
groups. For example, let's take a fictitious character that has an "ASCII"
representation of 00001111. Now let me do the same thing by just encrypting
a string of this same character. So I take 000011110000111100001111... and
XOR with my uniformly distributed random pad. Now if I started from the
"beginning" and took 8-bits at a time your same argument would apply. Each
8-bit grouping would have an equal probability of 1/256 so XORing with
00001111 nonstop would just rearrange where those 8-bit groups are. But
what if I take 4-bit groupings, starting from the "beginning". Now each
"original" 4-bit grouping would have an equal probability of 1/16, but after
XORing with my alternating 0000 and 1111 what would you get? 1/2 of the
time you would leave the bits unchanged, and 1/2 of the time you would
"flip" the bits, BUT, you would be doing it in a very predictable periodic
way. Now this is a very exaggerated condition, but nonetheless valid and
applicable.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RC4 Source Code
Date: 27 Apr 2001 01:57:37 GMT
In <HR0G6.67478$[EMAIL PROTECTED]> "Tom St Denis"
<[EMAIL PROTECTED]> writes:
>> By the way, a source for arc4 is available at
>> ftp://sable.ox.ac.uk/pub/crypto/misc/rc4.tar.gz
>Ironic that this is called "rc4.tar.gz"
Yes.
>No I think most used ARC4 because they think they are cheating the big mean
>RSA out of some doh. Let's face reality. If RC4 and ARC4 output the same
No. RC4 is trademarked. You cannot use that just like you cannot use
Coca Cola to describe a sweet brown carbonated liquid you make and sell.
You might call is something like Crack Cola since Cola is a generic
term, just as you might call the other ARC4.
Note that RSA has no rights whatsoever to ARC4, even if it was obtained
by someone violating their non-disclosure agreement. They apparently do
have a right to the name RC4.
>stuff for the same keys chances are they are the same algorithm. Even
Chances are. Yes. But there is also a chance they are not-- especially
after a large number of output bytes which I do not think has been well
tested. If you were to ask me to bet, I would give good odds that it is
indeed equivalent, but not infinite odds.
>Schneier admits that it's RC4 in AC2.
admits? Schneier had nothing to do with developing RC4 so, unless he has
seen the source code for RC4 and is violating his Non-Disclosire
agreement, or he has reverse engineered a version of true RC4, his
opinion is just that.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Crypto
Date: 27 Apr 2001 02:00:47 GMT
In <BS2G6.597$[EMAIL PROTECTED]> "Roger Schlafly"
<[EMAIL PROTECTED]> writes:
]> No, careful implementation of QC can guarantee that an eavesdropper
]> cannot obtain information about the plaintext (*and* the legitimate
]> receiver can detect the disruption).
]I don't believe either of the above statements is true. Usually QC systems
]are some sort of combination of QC with conventional crypto, and
]offering less security than is commonly offered by conventional crypto.
On what basis? QC uses conventional crypto. QC is used to generate a
random shared key between the two parties. A key which is known with
high probability not to have been eavesdropped. HOw is this less
security than is commonly offered by conventional crypto?
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Thu, 26 Apr 2001 19:04:24 -0700
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> An Metet wrote:
> > There is nothing natural about property per se,
>
> There most certainly is. Products require producers.
You should not even have to defend that.
No one is questioning the OTHER side of this issue.
The reason or merit for this kind of protection is in
question and the "right", wish or privilege it
inconvienences is not?
Let's say Bob copies a copyrighted work, "Fame" By David Bowie.
Illegal but, Who's gonna catch him? Let's say he makes twenty copies
and sells them. Is it fair to arrest or sue him???? Wait a minute,
What did Bob do to earn the money he made? Best case it's
fraud and worst, it is THEFT. Why does BOB deserve it? Let's say
he gives it away for "free" (no such thing) What did he do to earn
the right to do this? Why can't he give away your car? It's not for profit.
(happy Tom?) The only thing that says it's yours is a pink slip. That's
just information. Could even be considered art. Why should this convey
any firmer ownership than a copyright?
Why is this never questioned? It's obvious to
some why it should be so but the logic just escapes me. Who really
gives a hoot what happens to the Bob's and the Bob-like? Don't
go there...Don't even say that it is fear of some Orwellian boogieman,
Some higher social concern.
Paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
