Cryptography-Digest Digest #393, Volume #14 Sat, 19 May 01 22:13:00 EDT
Contents:
Re: Help with a message ("Jeffrey Walton")
Re: Comparing two encrypted numbers ("Martin Schweitzer")
Re: CIA Kryptos last 97 characters ("Bruce Adler")
Re: Apology to Cloakware (open letter) (wtshaw)
Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Algorithm) ([EMAIL PROTECTED])
Re: Questionable security measures (CIC and Cloakware!) ("Henrick Hellstr�m")
Re: What about SDD? ("Harris Georgiou")
Re: Comparing two encrypted numbers (David Wagner)
Re: CIA Kryptos last 97 characters (Gary Warzin)
Re: OFF-topic by now - UK crime statistics (was Re: Best, ("Trevor L. Jackson, III")
Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Algorithm) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Help with a message
Date: Sat, 19 May 2001 19:37:55 -0400
What is the language? It appears your IP is from GB...
English Index of Coincidence is 0.063. I would assume its a
monoalphabetic (not a Vigenere or a variant). Also, the period seems to
be 1.
And frequency analysis looks as thought its not English:
Plain Cipher
E(12.70) Z(17.5824)
T( 9.10) X( 6.9231)
A( 8.20) M( 5.8242)
O( 7.50) P( 5.6044)
I( 7.00) A( 4.9451)
N( 6.70) F( 4.7253)
S( 6.30) Y( 4.6154)
H( 6.10) J( 4.5055)
R( 6.00) K( 4.5055)
D( 4.30) N( 3.8462)
L( 4.00) E( 3.6264)
C( 2.80) U( 3.6264)
U( 2.80) C( 3.1868)
M( 2.40) O( 3.0769)
W( 2.40) Q( 2.8571)
F( 2.20) T( 2.7473)
G( 2.00) I( 2.6374)
Y( 2.00) V( 2.5275)
P( 1.90) S( 2.1978)
B( 1.50) B( 1.8681)
V( 1.00) H( 1.8681)
K( 0.80) D( 1.6484)
J( 0.20) L( 1.6484)
X( 0.20) G( 1.3187)
Q( 0.10) R( 1.2088)
Z( 0.10) W( 0.8791)
Most frequently occuring digrams and trigrams:
Common Diagram Counts
zn (17)
xz (15)
fz (12)
ma (12)
zy (12)
Common Trigram Counts
zym (7)
ixz (6)
zix (6)
fmz (5)
pfm (5)
tpf (5)
zma (5)
ztp (5)
zum (5)
dzt (4)
idz (4)
If cipher 'zn' is most common, I would expect it to equate to plaintext
'th'. Following from this, 'znx' would be 'the'. This does not appear
to be the case. Cipher 'zym' could be 'the'.
It could be an Anagrammed English (or another language for that matter).
Again, I don't like the frequency distribution.
"gp" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: I have a message from a newspaper report, I have been trying to read.
: It is in code but I cannot figure any of it out. Can anyone offer any
: hint or advice please ? Message is below:-
: YMAUVZTPFZIPCZKDXZXNUXJIPUTKEZIXZALSQS
: NUZJPJZUMPOBADVZFXZMADAMQZHAXEZYJZYPDSQHZB
: MYKAEZLAKXFZSMAZJPJZUMPOBADVZUJKZYXYDQFXS
: BQHZSPYVMOBAZIXZYSSZKZRXLCZIMBPJXZAGJPUIZNAZ
: JEAZIWPFVKQUZYMMAXZUMBNYZDAIZEAMKTZQ
: TOMIZNOZUMAYFYZSKZGSQZPRZIPFMZDFEHCFHZSE
: HZRNCITZOTEVKFZYCAUYAXINPQZOKLZKDCFAZM
: PUEMAEZTPFMZQXKYXMOZNFJXZJMEFQHZMASUZE
: JPJZQPGOFJZTVZUJKZUJJZOXYLCFZYM
: FZNCXXXVOZJIZNCXHFYMQCZXSMHYZJMKBZKFKPDAY
: TYKKBEZTVOFFZKZQPGOFJZTIZEJPZFTVDZIXZOFSNK
: TZPQFZEJPZGFVYZEFBTVAZSZVAGPJXZOAIWPEZX
: CZTECJMGTEVZFVZKQUZYMNOZNNQKZMAPPMCFZKEU
: MINPQAQZNXJVZAUEZAZXJEOXDLXEYZEFQSTZCJM
: ZOXYLCNYHZSLCSPYFOZNFZUXFHZIXZKWXMEZKDX
: ZOMYPOXZXCZGAJEVZMQZYMCYLKAYTXUZOTZNXMO
: JEOZJKPXMZYMAUZHXLCVAKIZYMFJXIPCFZPQBEZRN
: JYKZCTRAZNNQKZJPCHZYMFZJXVYZNNQK
: ZLAZWXMEZNYZNXLKUZRXZFKYNACZIPCZLPI
: WZPRZPOZIXZHCXNZHXLCZMAPPMCFGX
: EYZSKZKZUBKGFZPRZTPFMZXMXPYNUBZEPZMAUEXBX
: MOZNXLKUZRXZNUWXQWFHZNXJVNUBZ
: WKCUZPQZTPFMZNCXTXYYZUBASVAZGXURN
: JDZTPFMZHTMAGKMJEOZIXZJXVPKRAZJPJZUMPOBADV
------------------------------
From: "Martin Schweitzer" <[EMAIL PROTECTED]>
Subject: Re: Comparing two encrypted numbers
Date: Sun, 20 May 2001 09:52:45 +1000
I should have been more specific.
>From what I understood (which was brief, second hand and via an e-mail),
this algorithm (or it could have been a protocol) allowed to numbers to be
compared to see which was greater. The example that was given to me was
that if two bids were being given at an auction, then the auctioneer could
know which of the bids was higher without knowing the actual value of the
bids [and from that, I guess that the bidders would not know the value of
each others bid].
Hope this helps.
Paul Crowley <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Martin Schweitzer" <[EMAIL PROTECTED]> writes:
>
> > Is anyone aware of a technique that allows two encrypted numbers to be
> > compared without decryping them? I am told that there was a paper
> > presented at RSA 2000 which mentions this, but I cannot find any
> > reference to that paper.
>
> What do you mean by "compare"? Compare for identity, or for which is
> bigger?
>
> The former is easy. The latter...well, you'll have to specify much
> more precisely what you want...
> --
> __ Paul Crowley
> \/ o\ [EMAIL PROTECTED]
> /\__/ http://www.cluefactory.org.uk/paul/
> "Conservation of angular momentum makes the world go around" - John Clark
------------------------------
From: "Bruce Adler" <[EMAIL PROTECTED]>
Subject: Re: CIA Kryptos last 97 characters
Date: Sun, 20 May 2001 00:19:06 GMT
"Gary Warzin" <[EMAIL PROTECTED]> wrote in message
news:2uxN6.2372$[EMAIL PROTECTED]...
> I had a chance to see Kryptos up close a couple of weeks ago.
Can you pinpoint its location on this image:
http://terraserver.homeadvisor.msn.com/imageinfo.asp?S=10&T=1&X=1570&Y=21568&Z=18&W=2&O=3807707NE&P=McLean%2C+Virginia%2C+United+Sta
tes
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Apology to Cloakware (open letter)
Date: Sat, 19 May 2001 17:55:06 -0600
In article <PrlN6.28659$[EMAIL PROTECTED]>, "Matt
Timmermans" <[EMAIL PROTECTED]> wrote:
> Has anyone heard of a reasonably successful algorithmic method for
> identifying people by writing style?
Surely. People do tend to write with categorical style, word frequencies
and syntax. Someimes it is obvious that two parts may be written by two
people. One can even be aware of a style marker; I use semicolons from
time to time and know none other who do the same.
On a subtile marking method, have a list of 100 words and always include
three or more of them in a message in the order on the list. An imposter
trying to be cute is apt to use the words but hazzard them in wrong
order. There can be other protocols to handle subtile identification.
--
George W. Bush is the weakest link...guh bye.
------------------------------
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Algorithm)
From: [EMAIL PROTECTED]
Date: 19 May 2001 20:37:21 -0400
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
>
> Its not so reasonable to use lethal force against a burglar because
> he has not presented a threat to life or limb.
You mean if I find a man unlawfully in my house, I am not entitled to
assume he presents a threat? I disagree. The law sometimes backs me,
and sometimes backs you. (The Bible backs me, BTW; see Ex 22:2.) If a
man doesn't want to find himself on the receiving end of lethal force,
he should stay out of people's houses.
> But the fact is that burglars tend to flee.
If he flees when the homeowner presents arms, good for him. An intelligent
homeowner will refrain from shooting him in the back, since it's hard to
sustain a claim of self-defense in that case.
> One searches for the simplest, most general rule that applies, and
> then refines it in light of special circumstances.
The most general rule: ``Anyone having broken and entered is presumptively
a threat to life and limb, and may be met with lethal force.''
Special cases:
(1) The burglar is ten (ninety) years old.
(2) The ``burglar'' is your mother (ex-girlfriend/BATF Agent).
(3) The burglar drops to his knees and begs for mercy.
...
It's really not that complicated. Having violated my assumption of
security in my own home, the burden rests on the burglar to prove he
is *not* a threat. I'm not required to gamble my life, nor that of my
wife and child, on the chance he's really Caspar the Friendly Burglar.
> This is murky ground.
s/is/can be/ ;# see above
Len.
--
I don't believe in investing in gold -- that's dug up out of the ground
in South Africa and put back in the ground at Fort Knox.
-- Warren Buffett, 2000
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Sun, 20 May 2001 02:49:25 +0200
"John A. Malley" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
>
> "Henrick Hellstr�m" wrote:
> >
> > "Tom St Denis" <[EMAIL PROTECTED]> skrev i meddelandet
> > news:HReN6.127805$[EMAIL PROTECTED]...
> > >
> > > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > "I fought the Law, and the Law won"
> > > > - What song was that?
> > >
> > > I've heard of it but I can't remember the name
> >
> > Some group feat. Mick Jones (The Clash), I think the title is "bank
robber".
> > Correct me if I'm wrong.
>
> The Bobby Fuller Four released "I FOUGHT THE LAW" in 1966.
>
> See http://www.tsimon.com/fuller.htm
>
> Lyrics at
>
> http://www.execpc.com/~suden/fought_law.html
>
> The Clash released their own version in 1979 (in the US) on their album
> "The Clash."
>
> See http://londonsburning.org/alb_clash_us.html
Wonderful! There's no dead-give-away for what generation you belong to, like
believing a cover you heard when you were young was the original. ;-)
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: What about SDD?
Date: Sun, 20 May 2001 03:40:17 +0300
� Mok-Kong Shen <[EMAIL PROTECTED]> ������ ��� ������ ���������:
[EMAIL PROTECTED]
>
> Harris Georgiou wrote:
> >
> > Of course it is not stego, but not clearly cryptography either, because
the
> > original plaintext is still there scattered between noise. My guess is
that
> > a scheme like this (SDD) will come somewhere between encryption and
stego,
> > as it has the property of key-dependence (like crypto) while at the same
> > time access is prevented by hiding (like stego) rather than transforming
> > into ciphertext.
> > Is there any s/w implementing something like broad-spectrum comms for
> > ordinary PC applications (like mail for example)?
>
> My poor knowledge failed for me to capture what you meant
> by 'broad-spectrum comms' above. I have a program that
> does the following: The user can choose the percentage
> of the average amount of information bits in the total
> of bits sent. A PRNG determines whether to emit a dummy
> (pseudo-random) bit or an information bit according to
> that percentage. If it decides to emit an information bit,
> then it sends the xor of the next plaintext bit with a bit
> from a bit stream that is also generated by the PRNG. (The
> PRNG I used is a compound one of my own humble design,
> consisting of an arbitrary number of component PRNGs which
> are activated in a pseudo-random order determined according
> to outputs from these PRNGs themselves.)
>
> M. K. Shen
I've done some research and I found it: broad-spectrum comms are really
referred to as UWB (Ultra Wide Band) communications. The general idea is
that, while normal comms use some band range to do some form of modulation
(AM, FM, etc) in order to propagate a signal, in UWB the whole available
spectrum is used to carry teh signal without any kind of modulation. The
(digital) signal is broadcasted as ultra-narrow pulses much like the Morse
code (bit sequences), which in fact generates an ultra-wide frequency
spectrum. To avoid interference with current systems the power used is very
low so that the actual signal appears as white noise on normal
communications. The problem is that only one such system can be used at the
same area and it's power spectrum should be low enough to avoid problems
with normal modulation schemes. This technique has actually been on the
drawing board of many communications companies but due to the possibility of
interference with other radio comm systems only recently it has been
approoved for further testing and only for applications covering areas 100m
at most (internal building comms, wireless LANs, etc). Currently, the
proposed cellular system that uses this technology is known as W-CDMA.
"Scientific American" has published an article regarding 3rd generation
cellphone networks and has many details about these issues.
The bit-level model you are proposing is interesting, although I do not
fully understand how the message is restored/extracted correctly on the
other side of the line. However, it is much similar to what I've thought,
only mine works on byte-level and has a PRNG run-length offsets table as a
(private) key. The important thing here is what R. Rivest addresses in his
small article in "Chaffing and Winnowing"
(http://theory.lcs.mit.edu/~rivest/chaffing.txt), that is how to easily
achieve confidentiality without using encryption. Given the exponentially
growing capacity in storage and communications over time, I think gives a
whole new area of interest in secure storage and exchange of sensitive data.
Using certification and authentication techniques, or huge PRNG-based
distributions, it is possible to ensure confidentiality by means of
information distribution (SDD) rather than hiding (stego) or sealing
(crypto). I don't think it is a coincidence that NSA and other similar
organizations around the world keep research studies regarding information
statistics to cryptanalysis still classified back even to WW-II (see FAQ).
I would really value some comments from the experts on this.
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Comparing two encrypted numbers
Date: 20 May 2001 00:58:25 GMT
Martin Schweitzer wrote:
>From what I understood (which was brief, second hand and via an e-mail),
>this algorithm (or it could have been a protocol) allowed to numbers to be
>compared to see which was greater. The example that was given to me was
>that if two bids were being given at an auction, then the auctioneer could
>know which of the bids was higher without knowing the actual value of the
>bids [and from that, I guess that the bidders would not know the value of
>each others bid].
Well, one can say that a secure non-interactive protocol for this
is unlikely to exist, because binary search would then suffice to
reveal all of the encrypted data (and hence such a scheme can hardly
be considered a secure form of encryption).
Secure interactive protocols are known to exist, by general results
on multi-party computation. So I guess the only remaining question
I can see is whether one can find an efficient interactive protocol
for this task. I believe the answer is yes, using, e.g., results
on zero-knowledge proofs of inequalities between encrypted values
from Brands, Camenisch, and others.
------------------------------
Subject: Re: CIA Kryptos last 97 characters
From: [EMAIL PROTECTED] (Gary Warzin)
Date: Sun, 20 May 2001 01:04:32 GMT
In article <_3EN6.960$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
>
>"Gary Warzin" <[EMAIL PROTECTED]> wrote in message
news:2uxN6.2372$[EMAIL PROTECTED]...
>> I had a chance to see Kryptos up close a couple of weeks ago.
>
>Can you pinpoint its location on this image:
>
>http://terraserver.homeadvisor.msn.com/imageinfo.asp?S=10&T=1&X=1570&Y=21568&Z
=18&W=2&O=3807707NE&P=McLean%2C+Virginia%2C+United+Sta
>tes
>
Based on the coordinates in the photo, I'd say it was 38N 57'08" 77W 08'44"
It's in the north west corner of the courtyard between the old and new
headquarters buildings. I guess that means that the point referenced in the
message must be in that same courtyard, but a little to the south of Kryptos.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best,
Date: Sun, 20 May 2001 01:15:10 GMT
[EMAIL PROTECTED] wrote:
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> >
> > Its not so reasonable to use lethal force against a burglar because
> > he has not presented a threat to life or limb.
>
> You mean if I find a man unlawfully in my house, I am not entitled to
> assume he presents a threat? I disagree.
A potential threat, yes. But one must distinguish between pointing a firearm
and discharging it. The former is absolutely justified. The latter requires
a whole lot more than unlawful presence.
> The law sometimes backs me,
> and sometimes backs you. (The Bible backs me, BTW; see Ex 22:2.) If a
> man doesn't want to find himself on the receiving end of lethal force,
> he should stay out of people's houses.
>
> > But the fact is that burglars tend to flee.
>
> If he flees when the homeowner presents arms, good for him. An intelligent
> homeowner will refrain from shooting him in the back, since it's hard to
> sustain a claim of self-defense in that case.
>
> > One searches for the simplest, most general rule that applies, and
> > then refines it in light of special circumstances.
>
> The most general rule: ``Anyone having broken and entered is presumptively
> a threat to life and limb, and may be met with lethal force.''
No.
Such an intruder may be met with the muzzle, but not with a bullet. The two
are not even remotely similar.
>
>
> Special cases:
> (1) The burglar is ten (ninety) years old.
> (2) The ``burglar'' is your mother (ex-girlfriend/BATF Agent).
> (3) The burglar drops to his knees and begs for mercy.
> ...
>
> It's really not that complicated. Having violated my assumption of
> security in my own home, the burden rests on the burglar to prove he
> is *not* a threat. I'm not required to gamble my life, nor that of my
> wife and child, on the chance he's really Caspar the Friendly Burglar.
>
> > This is murky ground.
>
> s/is/can be/ ;# see above
>
> Len.
>
> --
> I don't believe in investing in gold -- that's dug up out of the ground
> in South Africa and put back in the ground at Fort Knox.
> -- Warren Buffett, 2000
------------------------------
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Algorithm)
From: [EMAIL PROTECTED]
Date: 19 May 2001 21:32:53 -0400
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
>>
>> The most general rule: ``Anyone having broken and entered is
>> presumptively a threat to life and limb, and may be met with lethal
>> force.''
>
> No.
Yes.
> Such an intruder may be met with the muzzle, but not with a bullet. The
> two are not even remotely similar.
You are advancing an opinion (see above). The law in some jurisdictions
agrees with you, and in others agrees with me. Since I presume you know
this, I guess you must be advancing your own moral viewpoint. In turn I
have advanced mine, referencing the scriptural precedent.
(Due to other scriptural considerations, BTW, I neither possess a
handgun nor consider myself authorized to take lethal measures under
any circumstances. Ex. 22:2 merely bounds the civil right of self defense
by granting the presumption that an intruder poses a mortal threat.)
And note that I explicitly stated several conditions under which
killing the intruder is not permissible, so I'm *not* advocating a
``kill on sight'' protocol, nor for example the deployment of
robotic search and destroy units. (Though I'd love to buy some of the
machines from RoboCop, and deploy them around the house with empty
magazines. ``You have ten seconds to comply.'')
Len.
--
Frugal Tip #27:
Embezzle.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
