Cryptography-Digest Digest #267, Volume #14 Mon, 30 Apr 01 04:13:01 EDT
Contents:
A Question Regarding Backdoors (bob)
Re: A Question Regarding Backdoors ("Tom St Denis")
A few good books (RagyR)
Re: DSA in GF(2^W)? (jlcooke)
Re: EC encrypt/decrypt ("Jeffrey Walton")
Re: Secure Digital Music Initiative cracked? (wtshaw)
Re: Secure Digital Music Initiative cracked? (Sundial Services)
Re: A Question Regarding Backdoors (Chad Hogan)
Re: GF(2^m) ("Roger Schlafly")
Re: DSA in GF(2^W)? ("Roger Schlafly")
Re: Secure Digital Music Initiative cracked? (David Wagner)
Re: Censorship Threat at Information Hiding Workshop (David Wagner)
Re: Another keen symmetric cipher idea (David Wagner)
Re: Note on combining PRNGs with the method of Wichmann and Hill (Mok-Kong Shen)
Re: A keen symmetric cipher idea (David Wagner)
Re: ancient secret writing (Mok-Kong Shen)
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
Re: A Question Regarding Backdoors (Arturo)
----------------------------------------------------------------------------
Subject: A Question Regarding Backdoors
From: [EMAIL PROTECTED] (bob)
Date: Mon, 30 Apr 2001 02:20:21 GMT
I am dabbling with my own flavor of an encrypted email client utilizing
Rijndael 256-bit. I live in the States and am concerned about whether or
not a backdoor is needed or mandated by the govt.
Could someone please give me an informed reply? I get nervous easily and
don't want my door being broken in by overzealous Bush-Troopers.
Thank You
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Mon, 30 Apr 2001 02:52:21 GMT
"bob" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am dabbling with my own flavor of an encrypted email client utilizing
> Rijndael 256-bit. I live in the States and am concerned about whether or
> not a backdoor is needed or mandated by the govt.
>
> Could someone please give me an informed reply? I get nervous easily and
> don't want my door being broken in by overzealous Bush-Troopers.
Ok I know you live in the states and think you are the only people in the
world.
Rijndael WAS NOT MADE BY AMERICANS.
Cough cough.
Tom
------------------------------
From: [EMAIL PROTECTED] (RagyR)
Date: 30 Apr 2001 02:59:11 GMT
Subject: A few good books
29 April 2001
Classical Crypto Books is pleased to announce the following recent updates to
the CCB catalog.
SECRET MESSAGES: Concealment, Codes, and Other Types of Ingenious
Communications
by William S. Butler, L. Douglas Keeney
Published at $23.00.
HB, Simon & Schuster, 2001, 192 pp.
Nonmember $20.95, Member $18.95
CODE BREAKING: A History and Exploration
by Rudolf Kippenhahn
An overview of the history of cryptology with explanations of numerous code and
ciphers systems, including Enigma, as well as commentary on how many of the
systems are broken. The last three chapters cover DES, public keys, smart
cards, etc. Published at $29.95.
HB, Overlook Press, 1999, 283 pp.
Nonmember $27.95, Member $24.95
ENIGMA: The Battle for the Code
by Hugh Sebag-Montefiore
Perhaps the most comprehensive history ever of the battle to break the Enigma
codes. Reveals for the first time many tales of daring exploits of sailors,
spies, and agents who risked lives to obtain materials needed by the Bletchley
Park codebreakers. Published at $30.00.
HB, John Wiley & Sons, 2000, 432 pp.
Nonmember $26.95, Member $23.95
SECRET MESSAGES: Codebreaking and American Diplomacy, 1930-1945
by David Alvarez
Most complete account to date of the US Army Signal Intelligence Service:
creation, struggles, rapid growth, and contributions to the war effort. First
comprehensive analysis of the impact of SIGINT on American foreign policy and
strategy 1930-1945. Published at $35.00.
HB, University Press of Kansas, 2000, 304 pp.
Nonmember $32.95, Member $29.95
BATTLE OF WITS: The Complete Story of Codebreaking in World War II
by Stephen Budiansky
Relying on a wealth of recently declassified documents, this is the best
available history of codebreaking, by all parties, in WWII. Describes numerous
codes, ciphers, and machines and reveals when and how they were broken. CCB
Best Crypto Book of 2000. Published at
$27.50.
HB, Free Press, 2000, 446 pp.
Nonmember $25.50, Member $22.95
==============
HB = Hardbound
==============
All items above are in stock and available now. Member prices are available to
members of the American Cryptogram Association, the US Naval Cryptologic
Veterans Association, and full-time students. Shipping and handling are extra.
For complete ordering information, a free catalog of crypto books by return
e-mail (in Adobe pdf - portable document format), or for information about
membership in the American Cryptogram Association, please send e-mail to:
[EMAIL PROTECTED]
Best Wishes,
Gary
Gary Rasmussen
Owner, Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: jlcooke <[EMAIL PROTECTED]>
Subject: Re: DSA in GF(2^W)?
Date: Mon, 30 Apr 2001 03:01:03 GMT
> > > Is it possible to setup DSA for use in GF(2^W) instead of Z*p ?
> > >
> > > I.e
> > >
> > > let p be a 1024-bit irreducible polynomial
> > > let q be a a large factor of 2^1024 - 1
> > > let g be a generator such that g^((2^1024 - 1) / q) != 1
> > >
> > > What current attacks are there against GF(2^K) Discrete Log type
> > > problems? I will go look through my Eurocrypt collection.... any
> > > pointers would be nice :-)
> > ECDSA does this nearly. See PLM's responce to the GF(2^m) thread.
> > Peter's words are sage.
>
> My understanding is that all EC algorithms are based on multiply a secret
> key against a base point? Like you can do DH and ElGamal on EC systems.
> DSA involves discrete exponentiation. While I know DSA exists on EC systems
> would it be the same thing as DSA in Z*p?
There are many ways of doing EC. But they all get their strength from
some kind of DLP. Elgamal is in Z*p. DSA is a based on the same idea
as Elgamal. EC DLPs are a bit harder (infact some would be tempted to
call them Discrete Division Problems...but they're silly). But back
to your question of using GF(2^n) instead of GF(p) in - say - Elgamal
has a problem. It's fast to use and generate, but so proportionally
is the reverse operation. And how many irreducible poly's are there
in GF(2^n), other issues I'm not properly versed on currently.
Though I think it would be swell to have a faster public-key algorithm
using long (>2000y) established theory which seems to be the only
advantage here... the DLP becomes easier to break as it does to make.
No advantages seen from my end.
JLC
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: EC encrypt/decrypt
Date: Mon, 30 Apr 2001 00:14:41 -0400
>1. How do you map an arbitrary input (eg. digest hash, session key) to
>an elliptical point on a given curve? I hope there's something more
>clever than randomly augmenting the first 8 bits until you find a
>match.
See the Menezes - Vanthorne Method. I apologize I was not able to find a
link for you.
Apparently, these fellows supplemented EC to remove the awkwardness of "e ->
(10, 9) ". But the cost is the you send almost twice as much information.
"CrapMail Bait" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
Pardon my bothering you folk. I'm new to this NG and I'd have to say
that those who contribute are doing everyone a favour in spreading the
knowledge, keep it up!
I've implemented lots of finite integer crypto from the ground up.
I'd like to start putting together some EC (aka ECC) algorithms. Over
F_p and F_{2^n} fields.
1. How do you map an arbitrary input (eg. digest hash, session key) to
an elliptical point on a given curve? I hope there's something more
clever than randomly augmenting the first 8 bits until you find a
match.
2. What are the legal barriers to using EC crypto? GPL vs. BSD (aka.
non-profit vs. truly free)? Public vs. Royalties (aka. truly free vs.
slavery)?
Thanks a bunch.
Jean-Luc Cooke
Carleton Univ. (Canada, if you haven't guessed with the spelling)
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 21:47:55 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> "Few things in life are as difficult to remedy as bad law."
Bad laws tend to be ignored.
--
How many good wells were shut in by the VP's company so that oil
prices would raise? It's obvious who did what and why.
------------------------------
Date: Sun, 29 Apr 2001 22:30:03 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secure Digital Music Initiative cracked?
The Internet changes the game of music distribution ... permanently,
forever, irrevocably. A hit-song becomes just another 10-megabyte disk
file, at least technically speaking.
Unfortunately for Napster, while they proved the viability of this
distribution medium (and of public demand for it), they stomped upon the
core idea of copyright and made no bones about doing it. They made
enemies.
In due time, and probably in a very short time, music -will- be
distributed electronically and the CD will become a thing of the past.
But this won't happen until the people who produce the stuff, and who
promote the stuff, have a way to get paid. It's only fair that the
artists and other professionals who bring us the music in the first
place get paid for doing so. The economics will change but the fairness
won't. Napster isn't fair. And Napster won't be allowed the chance to
be fair; it has too many enemies now.
But electronic distribution of music will rise like a phoenix from the
ashes of Napster.
>Roger Schlafly wrote:
>
> I think the issue is one of control more than compensation. Napster has
> offered money, but the music label will not accept a Napster at any price.
>
> A reasonable solution to the current conflict would be to require
> mandatory licensing of MP3s, with royalties going to authors and
> performers. But that is not what the labels want -- they want control
> of distribution.
>
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
From: Chad Hogan <[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Mon, 30 Apr 2001 05:44:12 GMT
> > Could someone please give me an informed reply? I get nervous easily and
> > don't want my door being broken in by overzealous Bush-Troopers.
>
> Ok I know you live in the states and think you are the only people in the
> world.
>
> Rijndael WAS NOT MADE BY AMERICANS.
Thanks for the public-service announcement, Tom. Rather than looking
for a snooty reply, however, Bob was asking a simple question regarding
back doors in cryptographic software as (may be) required by American
law.
Bob, perhaps you'll get some answers to your questions by looking at a
few sites describing ITAR. ITAR talks about export, which doesn't seem
to be exactly what you're looking for, but it might give you a starting
point that will lead to your answers. Bill Unruh has an interesting
cryptography page at http://axion.physics.ubc.ca/crypt.html which
includes pointers to ITAR and other legal information.
If it *really* really matters, you should find yourself a good lawyer.
I am not a lawyer, so I can't tell you authoritatively that no such
requirements exist. However, I've never heard that you are currently
required to insert back doors in software that you create, FWIW. I've
heard stories about TLAs making "arrangements" with software companies
to insert a backdoor on the sly, but I don't think it's a requirement.
-Jack
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.arch.arithmetic
Subject: Re: GF(2^m)
Date: Mon, 30 Apr 2001 05:31:19 GMT
"Eric M" <[EMAIL PROTECTED]> wrote in message
news:9ciem8$vea$[EMAIL PROTECTED]...
> It should be emphasized here that if somebody breaks the DLP over GF(p)
*for
> a particular number p* any system using that value of p will no longer be
> secure. This does not preclude one from using a p' that is that the same
> length (Floor(ln p') = Floor(ln p)) as p, since the DLP over GF(p') will
> require the same precomputation as breaking DLP over GF(p).
You mean it requires the same amount of precomputation. It is not the
same precomputation, as the precomputation for GF(p) is of no use
for GF(p').
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: DSA in GF(2^W)?
Date: Mon, 30 Apr 2001 05:33:59 GMT
"jlcooke" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Though I think it would be swell to have a faster public-key algorithm
> using long (>2000y) established theory which seems to be the only
> advantage here... the DLP becomes easier to break as it does to make.
> No advantages seen from my end.
I'm not sure I follow. What public-key algorithm uses theory that is
over 2000 years old? Arithmetic is that old, but that's about all.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Secure Digital Music Initiative cracked?
Date: 30 Apr 2001 06:41:07 GMT
M.S. Bob wrote:
>I admit, I'm not certain of the details behind the Netscape RNG effort,
>I believe it was without Netscape's/ Mosaic Communication's blessing.
You are correct.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 30 Apr 2001 06:45:11 GMT
Leonard R. Budney wrote:
>However, copyright expresses the basic belief that an idea's originator
>is entitled to profit from his ideas.
Well, in the US, the basic principle has been a bit different: The
bottom-line goal is to serve the public good, and copyright tries to do
this by giving people an incentive to create ideas.
There is no claim that there is some god-given right to profit from your
ideas via copyright protection. Rather, the claim is that appropriate
copyright protection serves the public good. If copyright protection
stopped serving the public good, then under this theory there would be
no further justification for the existence of copyright.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Another keen symmetric cipher idea
Date: 30 Apr 2001 06:50:54 GMT
Tom St Denis wrote:
>The users pick a random n-bit prime p and a number k. These are
>fixed as secret.
>
>To encode simply do
>
>C = (M + k)^-1 mod p
>M = C^-1 - k mod p
This doesn't work.
Request the decryption of ciphertext C=1; this reveals k.
Now you have an oracle for inversion mod p, and from such an oracle you
can readily recover p as follows: if x = y^{-1} mod p, then p divides
xy - 1, so if (x_1,y_1), (x_2,y_2) are two such pairs, then with good
probability p = gcd(x_1 y_1 - 1, x_2 y_2 - 1).
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Mon, 30 Apr 2001 08:51:00 +0200
David Hopwood wrote:
>
[snip]
>
> We assume that there is *at least one* uniform independent stream.
> Bryan Olson's point is absolutely correct: it is obvious that the
> modified Wichmann-Hill scheme, with weights that are not all
> non-zero integers, does not have the property stated above.
>
> (Counter-example: if the only uniform stream has a weight that is not
> a non-zero integer, then after weighting it is not uniform. If the
> other streams are also non-uniform, then in general the sum is not
> uniform either.)
In a rather early follow-up I already mentioned that from
theory the result is uniform if one of the streams is
uniform. The question concerned whether in the general case,
where this assumption does not hold, the deviation from
uniformity of the result is practically negligible as I
originally believed. There I was wrong. See my follow-up
of Tue, 24 Apr 2001 18:00:29 +0200 in this thread, which
you apparently overlooked.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: A keen symmetric cipher idea
Date: 30 Apr 2001 06:53:07 GMT
Tom St Denis wrote:
>1. Both users pick two large primes p and q, then form N = pq
>2. To encode a message you take 0 < M < N and do, c1 = M mod p, c2 =
>M mod q
This is utterly silly.
p divides M - c1, so if you have two known plaintexts (M,(c1,c2)),
(M',(c1',c2')), then you can recover p as gcd(M - c1, M' - c1').
You might want to study a bit more number theory before proposing any
more such ciphers.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ancient secret writing
Date: Mon, 30 Apr 2001 08:51:18 +0200
Mok-Kong Shen wrote:
[snip]
> I meant stuffs like the Diskos of Phaistos (see Bauer's
> book). There are, if I don't err, also quite a number of
> written remnants of comparatively recently died-out cultures
> of small isolated tribes, the 'decryption' of which could
> certianly be of some scientific value.
[snip]
A reader of this thread has kindly provided me with a
pointer to recent literatures about the disk:
http://www.geocities.com/dilos.geo/v002.htm
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Mon, 30 Apr 2001 09:15:37 +0200
Xcott Craver wrote:
>
[snip]
> The government is swayed by arguments that american industry
> is hurt by a law. This same argument is not going to
> make the entertainment industry release its grip on the
> DMCA, or cause the industries who support UCITA to ease off.
That was my point, if I understood you. If the government
sees that its industry is hurt by a law, i.e. the national
revenue is going to be negatively affected, e.g. when crypto
products could not profit from the overseas market, then
that law is going to be amended. Note that it is always the
international competition that is a strong driving force and
that that competition could take place in diverse manners,
including even the eventual emergence of products of new
forms that could supercede the original products in question.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Mon, 30 Apr 2001 09:20:09 +0200
Sundial Services wrote:
[snip]
> Unfortunately for Napster, while they proved the viability of this
> distribution medium (and of public demand for it), they stomped upon the
> core idea of copyright and made no bones about doing it. They made
> enemies.
I haven't followed the issue of Napster but recently read
that it has got quite a number of competing firms.
M. K. Shen
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Subject: Re: A Question Regarding Backdoors
Date: Mon, 30 Apr 2001 09:16:53 +0200
On Mon, 30 Apr 2001 02:20:21 GMT, [EMAIL PROTECTED] (bob) wrote:
AES candidates have been scrutinized and are open for everybody to see,
so I doublt Rijndael could have any backdoor without anybody realizing it. I
certainly don�t think that a backdoor was included in AES requirements.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
