Cryptography-Digest Digest #255, Volume #14 Fri, 27 Apr 01 14:13:00 EDT
Contents:
Re: LFSR Security ("Trevor L. Jackson, III")
Re: Censorship Threat at Information Hiding Workshop (Arturo)
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Reusing A One Time Pad ("Douglas A. Gwyn")
Re: Note on combining PRNGs with the method of Wichmann and Hill ("Brian Gladman")
Re: Reusing A One Time Pad ("Tom St Denis")
Re: Note on combining PRNGs with the method of Wichmann and Hill ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Shortcut ElGamal ("Tom St Denis")
----------------------------------------------------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: Fri, 27 Apr 2001 17:00:29 GMT
Benjamin Goldberg wrote:
> Trevor L. Jackson, III wrote:
> >
> > Ian Goldberg wrote:
> >
> > > In article <[EMAIL PROTECTED]>,
> > > Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> > > >With N unknown you just use Berlekamp-Massey. The invariant in BM
> > > >is that one always has the smallest configuration that explains the
> > > >sequence up to the current bit. By continuing this process through
> > > >the gaps, assigning each unknown bit the subsequent output of the
> > > >current machine, one can maintain the invariant and preserve the
> > > >validity of the result.
> > >
> > > So after reading this thread this morning, I spent the day studying
> > > the BM algorithm. I now Understand it.
> > >
> > > The above isn't true. For example, find the LFSR that generates:
> > >
> > > 1 0 0 0 ? 0 ? 0 1 1
> > >
> > > The answer is actually the LFSR of size 5: 111101 which generates
> > >
> > > 1 0 0 0 1 0 1 0 1 1
> > >
> > > But if you use Trevor's technique, you get that after the first 4
> > > bits, you're working with the LFSR of size 1: 10 which generates
> > >
> > > 1 0 0 0 0 0 0 0 0 0 ...
> > >
> > > and you'll only see a problem when you get to the 1's at the end,
> > > at which point you're forced to change it to the LFSR of length 8:
> > > 110000001.
> >
> > Not quite. You can assume that the most recent known bit is the
> > culprit, as in your example, but there's no reason to prefer that bit,
> > and good reason to believe that the culprit is earlier in the
> > sequence.
>
> Not only is there no reason to assume that it's the most recent known
> bit, there is no reason to believe that the culprit is earlier either.
>
> > So when a conflict is found one must backtrack by trying
> > (toggling) each of the assumed bits in turn and use the smallest
> > machine created.
>
> This reduces to brute force (ie, exponential work) on the assumed bits.
>
> To me, this indicates that the method is flawed -- we should have a way
> of doing it without having to make any assumptions about the bits.
>
> Suppose that we learn that the 1st, 57th, 61st, 90th bits are zero, and
> the 43rd, 100th, 201st and 1000th are zero. Surely there is some
> algorithm which can do this without having to make 992 assumptions about
> unknown bits, and then have to go back and flip them.
>
> [snip]
> > > i.e. the "Greedy Algorithm" isn't optimal.
> >
> > There's a terminology conflict here. First we need correctness. Then
> > we need efficiency. The technique you analyzed is not correct (did
> > not produce the smallest machine). An optimal algorithm would produce
> > the smallest machine is as few steps as possible.
>
> And even if it were correct, it would be exponential in the number of
> unknown bits, which can be much much greater than the number of taps in
> the LFSR.
>
> Here's a functional algorithm for finding the LFSR taps and state with
> known but irregular gaps.
>
> for L in (1 to #known bits) {
> foreach p in (all LFSR polys length L) {
> foreach B in (known bits)
> z[B] = x ** B.position mod 2 mod p
> // note that x above is the polynomial "1*x^1 + 0*x^0"
> foreach i in (all initial states length L) {
> foreach B in (known bits) {
> if( i * z[B] mod 2 mod p != B.value )
> next i
> }
> return (p,i)
> }
> } }
>
> I believe that this takes O(2**(2N)) time, where N is the number of
> known bits. An algorithm which does backtracking will take exponential
> time wrt the sizes of the gaps... and gaps can be 1000s of bits big.
I the worst case yes. But it appears to me that the minimal solutions may
be simply connected such that traversing the connections would be far less
than the full exponential over the unknown bits. One can also dismiss any
sequence of assumed bits that produces an LFSR of more than twice the number
of known bits, which prunes the list down to the same limit as simple brute
force.
But the connection I was trying to create fails because I cannot show that
any multibit transition to a minimal solution can be reached by hill
climbing over single bit transitions, and there's a convincing counter
example.
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 18:47:10 +0200
On Thu, 26 Apr 2001 15:22:58 GMT, "Roger Schlafly" <[EMAIL PROTECTED]>
wrote:
>"Gerhard Wesp" <[EMAIL PROTECTED]> wrote in message
>news:9c8vnv$45a$[EMAIL PROTECTED]...
>> In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]>
>wrote:
>
>It was a new idea when the US constitution was written 210 years ago,
>but I wouldn't call it new anymore.
>
>The idea that copyright infringement should be a criminal offense is
>relatively new. In the US, it started only about 10 years ago. Only
>about 2 years ago did it become illegal to publish circumvention info.
>Today, some legitimate crypto research was withdrawn from a
>conference because of RIAA threats. The info is here:
>
>http://cryptome.org/sdmi-attack.htm
>
Years ago, some guy from the NSA told crypto researchers not to talk
about their research at a crypto conference or else. He was finally rebuffed.
Are we seeing a similar move from the RIAA? Perhaps they are just probing the
ground, to see if they can cope with the academic community.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:16:28 +0200
Darren New wrote:
>
> Trevor L. Jackson, III wrote:
> > Hardly. By the purchase the library obtains the right to use _that_copy_ of
> > the book for any purpose it chooses.
>
> And that is exactly, 100% the right that started this thread. SMDI is trying
> to make it illegal to loan your copy of the music to someone else, yes?
I haven't looked into SMDI. Is it really so as you said?
If yes, then I'll consider that SMDI is inappropriate/wrong.
One shouldn't produce more copies and give these to others.
But certainly there can be nothing illegal to loan one's
own copy to someone else, any more than one loans one's car
to someone else.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 17:24:03 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
>
> > "Mark Wooding" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> > >
> > > > Of course one can take Stallman's position and deny the
> > > > possibility of intellectual property. It appears TStD
> > > > routinely makes this mistake.
> > >
> > > I think you're maligning both Richard Stallman and Tom St
> > > Denis.
> > >
> > > Stallman doesn't deny the possibility of intellectual property
>
> Sure he does. There was a discussion of this topic with Stallman
> in which I participated. In response to my question "Do you
> believe in any form of intellectual property" he responded "No".
> Now that was a while ago and I can't speak for what might have
> changed since then.
>
> > , just its
> > > utility. And I think labelling this position a `mistake' is
> > > somewhat presumptious.
>
> OK, it is presumptuous. But I still consider most of his
> statements on the topic to be errors.
>
> > I missed the OP but it's not that I don't believe in IP, I just
> > think some patents are stupid and should be withheld.
>
> Yup. The grapefruit shield is my favorite.
>
> > I also disagree on for-profit
> > patents on not-for-profit projects. I think if you are in the
> > field for money you should pay some to make some.
>
> You've made comments to the effect that working for money is a
> position low on the ethical scale. Care to clarify?
Well I feel if you want todo some good for the world and release free
software (i.e GNU type of free) then you shouldn't be slapped in the
face for using technology that has merit. I.e RC5. Specially when
you live in Canada (but that's another story). I think (for example)
if you want to use RC5 in a free project that has some use (other
than just including RC5) such as a DC chat or secure phone then you
shouldn't have to pay money.
It's only through the sharing of knowledge and technology that we are
to ever survive as a species. Imaginary pieces of paper called
"money" will not feed or house, or entertain people indefinately.
That's just my opinion I could be wrong (tm)
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumqmwULrT+pXe8cEQItnACg3w2fPFSFRtXIC+xGH1mmMIdrJCwAoKDV
lzzOHj8Qhyrx+7th+9W+HkWV
=0RJj
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 17:24:11 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Darren New" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Trevor L. Jackson, III wrote:
> > Hardly. By the purchase the library obtains the right to use
> > _that_copy_ of the book for any purpose it chooses.
>
> And that is exactly, 100% the right that started this thread. SMDI
> is trying to make it illegal to loan your copy of the music to
> someone else, yes?
Essentially that and more. Such as pay-per-use and controlled
viewing (ads etc). Personally I think if I buy a 80gb disk to house
my music I shouldn't have to pay repeatedly to listen to it. I agree
that ripping songs (that aren't yours) is wrong but this is the wrong
way of going about it.
- From a comment on Slashdot a long time ago.
[paraphrased] "Shutting down AOL [in germany] due to the traffic of
MP3s between it's users is like shutting down a state highway because
of people transporting drugs on it".
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumrOgULrT+pXe8cEQLg2gCfaPUtLFSMEwX9ux7vnycGkxJdDwgAn0Mb
Hu47RcwjBJVNqLO9iuUfl+c9
=Y709
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 17:26:35 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Darren New wrote:
> >
> > Trevor L. Jackson, III wrote:
> > > Hardly. By the purchase the library obtains the right to use
> > > _that_copy_ of the book for any purpose it chooses.
> >
> > And that is exactly, 100% the right that started this thread.
> > SMDI is trying to make it illegal to loan your copy of the music
> > to someone else, yes?
>
> I haven't looked into SMDI. Is it really so as you said?
> If yes, then I'll consider that SMDI is inappropriate/wrong.
> One shouldn't produce more copies and give these to others.
> But certainly there can be nothing illegal to loan one's
> own copy to someone else, any more than one loans one's car
> to someone else.
No you're actually wrong here. You can't for example lend your debit
card to a friend in Canada since it is a violation of the terms of
agreement.
If you purchase music, movies the intent is private viewing. Of
course it doesn't say "where" the private viewing is held....
Fundamentally I think people like the MPAA and RIAA make the scene
out to be much worse then it really is.
... Hmm let's see the avg movie star makes 20M$ per shot. So about
35M$ a year (depending). I make 22.5G$ a year so.... who is worse
off?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumrywULrT+pXe8cEQJLWwCgjpZyrboLdcrz4BaYG1O+u3a7sGwAoNTm
QN2YW+pBH0hri3cE/k4WN/Ey
=5omc
=====END PGP SIGNATURE=====
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Reusing A One Time Pad
Date: Fri, 27 Apr 2001 16:43:31 GMT
Mark G Wolf wrote:
> Um, yes? Mark is... Mark has, progressed beyond the "OTP", sort of. The
> truth is anyone can have "perfect" security right now, with their very own
> computer. I guess you have to realize that whenever there is an almost
> zealous attitude towards a particular subject, like the "reuse" of an OTP,
> there has been a willful effort in the body politic to make that way.
The important thing is to *understand* the issue, not just parrot
what somebody else has said about it. No expert would seriously
consider that a OTP system could be cracked on the basis of a
tiny bit of reuse; the general principle against reuse is not an
absolute go/no-go issue, but just guidance for safe use of OTP.
Too much reuse is definitely bad; a tiny amount of reuse is
pointless; therefore any reuse one would actually consider would
fall into the "bad" category.
What is wrong with the following argument (which *is* wrong):
Here is my one-time pad key: 01101001010111001011100010101111010
Hey, all the bits except the first 2 can be considered "reuse" of
one of the first 2 bits. A lot of reuse => bad.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Fri, 27 Apr 2001 18:38:38 +0100
"Bob Harris" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mok-Kong Shen wrote:
> > ... The PRNGs used are indicated by M (mwcg of Marsaglia), C (cong of
> > Marsaglia), P (of Park and Miller) and E (of L'Ecuyer).
>
> Howdy. Can you give references for those PRNGs?
>
> Thanks,
> Bob Harris
I took the generators I used in this test off Terry Ritter's page at:
http://www.io.com/~ritter/NEWS4/RANDC.HTM
This provides a copy of an email from George Marsaglia in which he published
quite a number of simple PRNGs in around 20 or so lines of C.
Brian Gladman
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Reusing A One Time Pad
Date: Fri, 27 Apr 2001 17:32:11 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Mark G Wolf wrote:
> > Um, yes? Mark is... Mark has, progressed beyond the "OTP", sort
> > of. The truth is anyone can have "perfect" security right now,
> > with their very own computer. I guess you have to realize that
> > whenever there is an almost zealous attitude towards a particular
> > subject, like the "reuse" of an OTP, there has been a willful
> > effort in the body politic to make that way.
>
> The important thing is to *understand* the issue, not just parrot
> what somebody else has said about it. No expert would seriously
> consider that a OTP system could be cracked on the basis of a
> tiny bit of reuse; the general principle against reuse is not an
> absolute go/no-go issue, but just guidance for safe use of OTP.
> Too much reuse is definitely bad; a tiny amount of reuse is
> pointless; therefore any reuse one would actually consider would
> fall into the "bad" category.
>
> What is wrong with the following argument (which *is* wrong):
> Here is my one-time pad key: 01101001010111001011100010101111010
> Hey, all the bits except the first 2 can be considered "reuse" of
> one of the first 2 bits. A lot of reuse => bad.
Let me take a shot at it :-)
Knowledge of the Alphabet does not reveal the message unless the
message is predictable and deterministic?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumtGwULrT+pXe8cEQI9zACfdgaVlpyIkk9HP9Euay1M7EaSu08An0NK
XfBdSffuvy4jyaCLUUtYxnco
=+dtO
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Fri, 27 Apr 2001 17:33:03 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Brian Gladman" <[EMAIL PROTECTED]> wrote in message
news:02iG6.105$f61.3763@stones...
>
> "Bob Harris" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Mok-Kong Shen wrote:
> > > ... The PRNGs used are indicated by M (mwcg of Marsaglia), C
> > > (cong of Marsaglia), P (of Park and Miller) and E (of
> > > L'Ecuyer).
> >
> > Howdy. Can you give references for those PRNGs?
> >
> > Thanks,
> > Bob Harris
>
> I took the generators I used in this test off Terry Ritter's page
> at:
>
> http://www.io.com/~ritter/NEWS4/RANDC.HTM
>
> This provides a copy of an email from George Marsaglia in which he
> published quite a number of simple PRNGs in around 20 or so lines
> of C.
A decent long perioded LFG (lagged fibonacii generator) can be done
in about 20 lines of C too.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumtTQULrT+pXe8cEQL5mACglVQoBM1NfZ4QwHqjeXnEzOhLV+gAoIOe
R9c+lu0fkHrYjvYUCZ3FiNeW
=m4x2
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:46:58 +0200
Tom St Denis wrote:
>
[snip]
> It's only through the sharing of knowledge and technology that we are
> to ever survive as a species. Imaginary pieces of paper called
> "money" will not feed or house, or entertain people indefinately.
>
> That's just my opinion I could be wrong (tm)
I would say that right/wrong is not applicable here. You
could similarly say that it is only through living entirely
in peace with one another (in particular throwing away
all military equipments) that we are to ever survive as
a species. Reformulations of same under the dress of
any religion are evidently possible. The problem is that
one has certain given situations which are practically
impossible to be turned into any idealistic ones and
there can, by the nature of humans, even be no unanimously
accepted common ideal situations to be strived at, at
least before the time point where there would be one
single religion on earth. One has to think and handle
more realistically, even though in discussions like
crypto here some people prefer to take a very idealistic
standpoint about security.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 19:46:44 +0200
Tom St Denis wrote:
>
> No you're actually wrong here. You can't for example lend your debit
> card to a friend in Canada since it is a violation of the terms of
> agreement.
Sorry for my big ignorance. I don't know what a 'debit card'
is. Is it a credit card, e.g. MasterCard? In that case one
has to sign and it is impossible for my friend to put my
signature on any document.
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 17:57:44 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
>
> > No you're actually wrong here. You can't for example lend your
> > debit card to a friend in Canada since it is a violation of the
> > terms of agreement.
>
> Sorry for my big ignorance. I don't know what a 'debit card'
> is. Is it a credit card, e.g. MasterCard? In that case one
> has to sign and it is impossible for my friend to put my
> signature on any document.
No debit as in interac etc... it's like taking money that you already
have i.e cheqing or savings..(not credit).
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumzGQULrT+pXe8cEQKLSgCfb/XcnKTcH5gRnBNVqz3pANbc05sAoKB2
1jlpXV2D1VaMLSHxDEbdIako
=275c
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 18:01:54 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> [snip]
> > It's only through the sharing of knowledge and technology that we
> > are to ever survive as a species. Imaginary pieces of paper
> > called "money" will not feed or house, or entertain people
> > indefinately.
> >
> > That's just my opinion I could be wrong (tm)
>
> I would say that right/wrong is not applicable here. You
> could similarly say that it is only through living entirely
> in peace with one another (in particular throwing away
> all military equipments) that we are to ever survive as
> a species. Reformulations of same under the dress of
> any religion are evidently possible. The problem is that
> one has certain given situations which are practically
> impossible to be turned into any idealistic ones and
> there can, by the nature of humans, even be no unanimously
> accepted common ideal situations to be strived at, at
> least before the time point where there would be one
> single religion on earth. One has to think and handle
> more realistically, even though in discussions like
> crypto here some people prefer to take a very idealistic
> standpoint about security.
I agree. A lot of "distinctions" between cultures are imposed by the
people. I.e religion and government styles.
The problem is that 99% of the world still believes in a magic ghost
thingy that lives in the sky and is called "god". When we can't take
responsibilty for our own faults and problems (i.e "it's gods will")
we will never be anything more than a destructive force in the
universe.
Although this isn't a theology forum so this is ot...
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOumzoQULrT+pXe8cEQLCxgCg0tV3h4ti12ZCNLBAxr4xB2g82QEAoNSh
MrNWGy5q8iQynHgTH7pmFAhx
=peQa
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Shortcut ElGamal
Date: Fri, 27 Apr 2001 18:08:23 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Just trying to figure this out. In DSA you pick a large prime p
(1024 bits etc..) such that p-1/2 has a large prime factor q (of at
least 512 bits) and such that g is a generator for the subgroup Z*q
of Z*p. (Is that remotely right?)
This is such that one can use log2(q) bit exponents and speed up the
computations (i.e signatures).
Can't this trick also be used for ElGamal encryption?
- --
Tom St Denis
- ---
http://tomstdenis.home.dhs.org
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOum1lwULrT+pXe8cEQKQ9ACgznV+O2QBZRLs5BRdgNVdwxbf4SoAoIf8
IN/4esq2le92xeCJDN1CZWIl
=70Kh
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
