Cryptography-Digest Digest #362, Volume #14 Wed, 16 May 01 01:13:01 EDT
Contents:
function decomposition ("Tom St Denis")
Re: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) (Beretta)
Re: function decomposition ("Matt Timmermans")
Re: function decomposition ("Tom St Denis")
Re: function decomposition ("Paul Pires")
Re: function decomposition ("Tom St Denis")
Re: function decomposition ("Tom St Denis")
Re: information theoretic stream cipher (Benjamin Goldberg)
Re: Evidence Eliminator works great. Beware anybody who claims it doesn't work
(propaganda) ("Bernie Simmons")
Re: function decomposition ("Jeffrey Walton")
Re: function decomposition (SCOTT19U.ZIP_GUY)
Re: Quadibloc IX described on web site! (John Savard)
Re: Evidence Eliminator works great. Beware anybody who claims it ("Ken D.")
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: function decomposition
Date: Wed, 16 May 2001 00:21:17 GMT
In MISTY they decomposed the GF cubing operation into a set of gate logic.
How do they do that? I have seen a few bitslicer programs (like those for
DES) but often they are not elegant examples (i.e no source or poorly
written source).
What are the logical steps? I was trying to decompose GF inversion with a
4-bit field on paper by just say "ok bits 1 and 3 are set and the output bit
1 is on so it must be a function of those two..." but often there are
conflicts...
My goal is to decompose a GF inversion of eight bits that will lead to
hopefully a somewhat decent translation...
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: Beretta <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it doesn't
work (propaganda)
Date: Wed, 16 May 2001 00:27:30 GMT
On Tue, 15 May 2001 22:33:36 +0100, in alt.security.pgp you wrote:
>
>By now you will have witnessed the mass hysteria about Evidence Eliminator.
<snip>
V3.1 - Name: Snacker Serial: 1234567890-000084E21262
V3.1 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
V4.0 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
V4.5 - Name: Hazard , Serial: Hazard-000063515895
V5.0 - Code: EE10-44100004D012 (also allows upgrades)
You fags keep spamming, and I keep posting serial numbers to your software
PGP Key: 0x194DF369
Fingerprint: B777 DB2A FB11 55FA 509D CE63 F3DE D665 194D F369
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Tue, 15 May 2001 22:07:42 -0400
Since making ugly decompositions is easy, I assume you're interested in
finding small and elegant ones. You'll want to do a Google search on
"Karnaugh Maps".
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:1KjM6.102134$[EMAIL PROTECTED]...
> In MISTY they decomposed the GF cubing operation into a set of gate logic.
> How do they do that? I have seen a few bitslicer programs (like those for
> DES) but often they are not elegant examples (i.e no source or poorly
> written source).
>
> What are the logical steps? I was trying to decompose GF inversion with a
> 4-bit field on paper by just say "ok bits 1 and 3 are set and the output
bit
> 1 is on so it must be a function of those two..." but often there are
> conflicts...
>
> My goal is to decompose a GF inversion of eight bits that will lead to
> hopefully a somewhat decent translation...
> --
> Tom St Denis
> ---
> http://tomstdenis.home.dhs.org
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Wed, 16 May 2001 02:18:08 GMT
"Matt Timmermans" <[EMAIL PROTECTED]> wrote in message
news:sdlM6.1840$[EMAIL PROTECTED]...
> Since making ugly decompositions is easy, I assume you're interested in
> finding small and elegant ones. You'll want to do a Google search on
> "Karnaugh Maps".
Nice info. Even ugly ones would interest me now... I'm new to the
decomposition scene.
Tom
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Tue, 15 May 2001 19:35:55 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:ArlM6.103051$[EMAIL PROTECTED]...
>
> "Matt Timmermans" <[EMAIL PROTECTED]> wrote in message
> news:sdlM6.1840$[EMAIL PROTECTED]...
> > Since making ugly decompositions is easy, I assume you're interested in
> > finding small and elegant ones. You'll want to do a Google search on
> > "Karnaugh Maps".
>
> Nice info. Even ugly ones would interest me now... I'm new to the
> decomposition scene.
Your new is probably much sharper than mine.
If anyone is following this who needs a much more basic book,
can I suggest?
Beebop to the boolian boogie.
No Joke, that's the name.
It's a real primer but the author does a great job.
Paul
>
> Tom
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Wed, 16 May 2001 02:58:28 GMT
"Paul Pires" <[EMAIL PROTECTED]> wrote in message
news:SUlM6.124212$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:ArlM6.103051$[EMAIL PROTECTED]...
> >
> > "Matt Timmermans" <[EMAIL PROTECTED]> wrote in message
> > news:sdlM6.1840$[EMAIL PROTECTED]...
> > > Since making ugly decompositions is easy, I assume you're interested
in
> > > finding small and elegant ones. You'll want to do a Google search on
> > > "Karnaugh Maps".
> >
> > Nice info. Even ugly ones would interest me now... I'm new to the
> > decomposition scene.
>
> Your new is probably much sharper than mine.
> If anyone is following this who needs a much more basic book,
> can I suggest?
>
> Beebop to the boolian boogie.
>
>
> No Joke, that's the name.
>
> It's a real primer but the author does a great job.
I will look into it... nice site!
I manged to make an unoptimized copy of my TC15 box using pure boolean logic
gates (no sequential stuff). It's huge but what the heck...
http://tomstdenis.home.dhs.org/decomp.c
That source will decompose and output C code that implements the sbox.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Wed, 16 May 2001 03:08:43 GMT
"Paul Pires" <[EMAIL PROTECTED]> wrote in message
news:SUlM6.124212$[EMAIL PROTECTED]...
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:ArlM6.103051$[EMAIL PROTECTED]...
> >
> > "Matt Timmermans" <[EMAIL PROTECTED]> wrote in message
> > news:sdlM6.1840$[EMAIL PROTECTED]...
> > > Since making ugly decompositions is easy, I assume you're interested
in
> > > finding small and elegant ones. You'll want to do a Google search on
> > > "Karnaugh Maps".
> >
> > Nice info. Even ugly ones would interest me now... I'm new to the
> > decomposition scene.
>
> Your new is probably much sharper than mine.
> If anyone is following this who needs a much more basic book,
> can I suggest?
>
> Beebop to the boolian boogie.
Question.
Once you expand the function into the huge boolean functions don't you
simply factor and remove redundant terms?
For example my TC15 sbox turns into
Y0 = (x0 & x1 & x2 & x3) | (~x0 & ~x1 & x2 & x3) ........
Which can be written as
Y0 = x0x1x2x3 + ~(x0x1)x2x3 ...
or
Y0 = x2x3(x0x1 + ~x0x1) + ...
Y0 = x2x3(1) + ...
This turned 9 gates into 1 etc...
Essentially you factor the expression into sub expressions and recurse all
while trying to remove things that are constant ... for example a + ~a is
always 1, a~a is always 0, etc...
??? Hmm not bad for one night of study (while watching Star trek...)
Tom
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: information theoretic stream cipher
Date: Tue, 15 May 2001 23:31:37 -0400
Tom St Denis wrote:
>
> Ok no secret primes here :-)
>
> Pick a public prime (say >2^128) you then divide the message into
> blocks M_1, M_2, such that 0 < M_i < p, eg they are all units wrt to
> Z*p.
Why use Z*p, rather than GF(2^128)? Using a polynomial will eliminate
expansion, and would be faster in hardware.
>
> The cipher has two variables in it's state A and B both of which are
> the same magnitude as the prime. (say 128-bits). Both belong to Z*p
> as well.
> To encode a block you perform
>
> 1. C_i = M_i * A + B mod p
> 2. Update A
> 3. Update B
> 4. If A is zero goto 2
>
> Let's suppose the update in #2 and #3 is perfect, then to break this
> you have to either determine A or B from random. Since this is
> pair-wise decorrelated it's hard to tell. You know one impossible
> value of B, e.g. B = -C_i since the first part cannot be zero. Other
> than that I dunno.
Hmm? If A is evenly distributed in the range 0 < A < p, and M_i is
evenly distributed in the range, 0 <= M_i < p, then we can conclude that
M_i*A (mod p) is also evenly distributed in the range 0 <= M_i < p.
Since M_i*A can be anything, how can we conclude that the first part
cannot be zero?
Unless of course you are talking about restricting M_i to being values
greater than zero... This wouldn't work great with GF(2^128), but might
work ok with Z*p, since you can simply replace the zero value with some
special number between 2^128 and p-1 (inclusive).
> As for #2 and #3 what would be required. Off the top of my head I am
> thinking of a simple LCG. This is vulnerable to a divide and conquer
> attack though wher you guess either A and B and see if it holds (i.e
> the update rules make sense). If A and B are 128-bits each this
> shouldn't be a problem.
If you use an LCG for A, then you don't need step 4, since A will never
be 0. Note that for GF(2^128), you would likely want an LFSR, not an
LCG.
> Another problem is how to encode zero blocks. I would say that if you
> have p>2^128 you could simply encode them as 128-bit blocks and do the
> transform C_i = (M_i + 1) * A + B mod p. This would chop off a whole
> bunch of values of A and B since we know M_i is <= 2^128 but I doubt
> it would be enough to tell em from random.
In Z*p, you can simply replace any 0-valued M_i with a constant greater
than the max allowed M_i, but less than p. For example, you could use
either 2^128, or p-1, or something chosen randomly.
> Yet another final problem is that the ciphertext would be a bit longer
> than the plaintext. In this case it would be a single bit larger
> which really shouldn't cause a problem.
If you change to GF(2^128), then the expansion disappears. Of course,
you then have a problem of getting a value to replace zero; you'll just
have to deal with the fact that M_i=0 will reveal the B stream.
--
Customer: "I would like to try on that suit in the window."
Salesman: "Sorry sir, you will have to use the dressing room."
------------------------------
From: "Bernie Simmons" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it doesn't
work (propaganda)
Date: Wed, 16 May 2001 03:23:21 GMT
Overpriced program. Windows Washer from Webroot does the same thing and
more with the pluggins that can be downloaded and is priced at about 1/3
that of your program.
DOS batch files and a freeware program such as Scorch work just as well or
better.
Scorch Link:
http://www.bonaventura.free-online.co.uk/realdelete/
It's free and can be used in batch and it's the fastest I've seen. It can
wipe my swap file one time in about 10 seconds. I imagine my door could
hold the minute it takes to overwrite it seven times.
Mine is set up so all I have to do is type clean and press enter at a DOS
prompt then the batch file exits to Windows when done. The only way to
make data permanently unrecoverable is to disassemble the hard drive and
place the platters on a belt sander till the recording media is a pile of
dust.
The only folks buying your product are fools with deep pockets.
Especially after sinking to the level of a Spammer on Usenet.
Bernie
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: function decomposition
Date: Tue, 15 May 2001 23:45:36 -0400
> Essentially you factor the expression into sub expressions and recurse
all
> while trying to remove things that are constant ... for example a + ~a
is
> always 1, a~a is always 0, etc...
Factoring expressions like that is fine for the reduction (just double
check your work - its easy to make a mistake). K-maps tend to be less
error prone. If you're eventually looking for a hardware solution, you
may reduce too much and build a race condition into the logic gates.
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:%amM6.103248$[EMAIL PROTECTED]...
:
: "Paul Pires" <[EMAIL PROTECTED]> wrote in message
: news:SUlM6.124212$[EMAIL PROTECTED]...
: >
: > Tom St Denis <[EMAIL PROTECTED]> wrote in message
: news:ArlM6.103051$[EMAIL PROTECTED]...
: > >
: > > "Matt Timmermans" <[EMAIL PROTECTED]> wrote in
message
: > > news:sdlM6.1840$[EMAIL PROTECTED]...
: > > > Since making ugly decompositions is easy, I assume you're
interested
: in
: > > > finding small and elegant ones. You'll want to do a Google
search on
: > > > "Karnaugh Maps".
: > >
: > > Nice info. Even ugly ones would interest me now... I'm new to
the
: > > decomposition scene.
: >
: > Your new is probably much sharper than mine.
: > If anyone is following this who needs a much more basic book,
: > can I suggest?
: >
: > Beebop to the boolian boogie.
:
: Question.
:
: Once you expand the function into the huge boolean functions don't you
: simply factor and remove redundant terms?
:
: For example my TC15 sbox turns into
: Y0 = (x0 & x1 & x2 & x3) | (~x0 & ~x1 & x2 & x3) ........
:
: Which can be written as
: Y0 = x0x1x2x3 + ~(x0x1)x2x3 ...
:
: or
: Y0 = x2x3(x0x1 + ~x0x1) + ...
: Y0 = x2x3(1) + ...
:
: This turned 9 gates into 1 etc...
:
: Essentially you factor the expression into sub expressions and recurse
all
: while trying to remove things that are constant ... for example a + ~a
is
: always 1, a~a is always 0, etc...
:
: ??? Hmm not bad for one night of study (while watching Star trek...)
:
: Tom
:
:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: function decomposition
Date: 16 May 2001 04:11:32 GMT
[EMAIL PROTECTED] (Jeffrey Walton) wrote in
<3b01f72d$0$[EMAIL PROTECTED]>:
>> Essentially you factor the expression into sub expressions and recurse
>all
>> while trying to remove things that are constant ... for example a + ~a
>is
>> always 1, a~a is always 0, etc...
>
>Factoring expressions like that is fine for the reduction (just double
>check your work - its easy to make a mistake). K-maps tend to be less
>error prone. If you're eventually looking for a hardware solution, you
>may reduce too much and build a race condition into the logic gates.
>
Get a good book on asyncronus state machines they will tell
you how to avoid the possible static and dynamic hazards that
can arise from race conditions.
I no longer have my old computer books when I left california
only took one box of books. That was one that I left and the
book on cubical complexes it coverd the krano mapping and cool
things like the sharp operator. You would have found it fun.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quadibloc IX described on web site!
Date: Wed, 16 May 2001 04:33:49 GMT
On Mon, 14 May 2001 13:10:56 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>Well, after having a long rest, I've come up with a new cipher design:
>http://home.ecn.ab.ca/~jsavard/crypto/co040714.htm
>This time, I've decided to give people a sporting chance to prove it
>insecure: the design has only four rounds.
In addition to putting a splash of color on the page, I have modified
the specification: the order in which the four intermediate results
from the encipherment of the left half are assembled into two blocks
to be enciphered has been changed. This change has been made to
improve the diffusion properties of the cipher.
In the text, the four intermediate results, in the order they are
generated, are designated B, A, D, and C. Originally, the two blocks
to be enciphered in the second step were (C,A) and (D,B). Now, they
are instead (B,C) and (D,A). (This modification seems to have also
cleared up an error in the text description, where it did not match
the diagram, since C instead of D remained unchanged when modifying
the text description.)
In this way, B and D, the two early intermediate results of the
f-function, in which not every bit depends on every bit of the input,
are both input to the left side of the two Feistel rounds of the
subsequent encipherment, so that they will be the ones to be modified
by the f-function of the other half of the block after it has been
modified by an f-function of themselves. A and C already depend on
every bit of the input to their f-functions, and thus they only need
to depend on every bit of the other half of their block.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: "Ken D." <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it
Date: Wed, 16 May 2001 04:33:03 GMT
Beretta wrote:
>
> On Tue, 15 May 2001 22:33:36 +0100, in alt.security.pgp you wrote:
>
> >
> >By now you will have witnessed the mass hysteria about Evidence Eliminator.
> <snip>
>
> V3.1 - Name: Snacker Serial: 1234567890-000084E21262
> V3.1 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
> V4.0 - Name: Snacker\MiSSiON Serial: 1234567890-0001EDC79005
> V4.5 - Name: Hazard , Serial: Hazard-000063515895
> V5.0 - Code: EE10-44100004D012 (also allows upgrades)
>
> You fags keep spamming, and I keep posting serial numbers to your software
>
i hope these keys invoke their 'protection code'.
i need a working example of that 'protection' to write my EE
danger "demonstration" program.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
