Cryptography-Digest Digest #445, Volume #14 Sat, 26 May 01 03:13:00 EDT
Contents:
Re: Getting back to the self-study Analysis ("bubba")
Re: RSA's new Factoring Challenges: $200,000 prize. ("Dik T. Winter")
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
Re: A generic feistel cipher with hash and gf(257) mixers (Jim Steuert)
Re: RSA's new Factoring Challenges: $200,000 prize. ("Michael Brown")
Re: Evidence Eliminator works great. Beware anybody who claims it (Don Ocean)
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a fool ?
("BenZen")
Re: Ideas for project (Paul Crowley)
Re: Combining functions for stream ciphers (Paul Crowley)
Re: Help with JAVA code for octet string ("Bob Deblier")
Re: survey (Dave Knapp)
Is There An Entanglement Memory Substance? ("Osher Doctorow")
----------------------------------------------------------------------------
From: "bubba" <[EMAIL PROTECTED]>
Subject: Re: Getting back to the self-study Analysis
Date: Fri, 25 May 2001 21:12:37 -0500
Tom,
OK, I guess I neglected the "I want to solve for K " part.
Also, in an attempt to hide my fuzzy thought, I did not
show my work. But this is what I did:
The first equation:
A xor K = B
just chooses names for the two inputs and one output
of the xor operation.
Here is the famaliar truth table using the above notation:
A K B
0 0 0
0 1 1
1 0 1
1 1 0
Now for A' xor K = B', I added new columns for A' and B':
A K B A' B'
0 0 0 1 1
0 1 1 1 0
1 0 1 0 0
1 1 0 0 1
Here, I noticed that that A' xor K = B' conforms to the
definition of xor in the first truth table when A' is
substituted for A and B' is substuted for B.
It seems that the second equation is consistent with the
first. But there is nothing th solve for. To solve for
three unknowns, you need three equations (if I remember
correctly).
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> bubba wrote:
> >
> > Tom,
> >
> > To me, what the two equations say is that if you have
> > an exclusive-or gate, a 2 input one in this example,
> > flipping a single input will flip the output.
> >
> > If you think of the exclusive-or operation as
> > calculating the parity of the inputs, it makes since
> > because parity detects single bit errors.
>
> The problem is that you don't know A,A' or K. It's three unknowns.
> Would three texts suffice to solve this? To me it would be
>
> 0A' + A + K = Y
> A' + 0A + K = Y'
>
> We will know if A' == A or not since B is known and K is fixed if A' ==
> A then Y == Y'.
>
> My problem is how do you exploit this to learn K from only Y/Y' and B/B'
>
> Tom
------------------------------
From: "Dik T. Winter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: Sat, 26 May 2001 02:15:38 GMT
In article <Q_DP6.3671$[EMAIL PROTECTED]> "Michael Brown"
<[EMAIL PROTECTED]> writes:
> As far as I can tell, you only need to make the 1st choice, and the rest will
> end up working. As I said on the site, I cannot prove that this will always
> be the case, although it has been so for all the numbers which I have tested
> (all 8 bit composites and a few 12 bit ones).
That is an, eh, small sample.
--
dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 22:21:59 -0400
John Savard wrote in message <[EMAIL PROTECTED]>...
>On Fri, 25 May 2001 20:05:40 -0400, "BenZen" <[EMAIL PROTECTED]>
>wrote, in part:
>
>>One thing I don't understand yet, is the necessity for 'randomness'.
>>I would be satisfied with a non-periodic sequence of sufficient lenght.
>>As long as it meets certain criterias; I can't express properly here.
>
>Well, if you use a biased sequence to combine with your plaintext,
>then partial information about your plaintext is not obscured by the
>fractal output: you have at least an extra likelihood that each byte
>is the byte that, XORed with the most common output of your generator,
>is the cipher byte that is seen.
>
I already mentionned my intention to match the encryption pattern
as much as possible with the data to be encrypted, on a statistical
basis.. A Plain text would not match properly from its specific bits,
and byte distribution. Plain ASCII would leave too many bit 'gaps',
and might reveal too much about the encryption stream.
(Although I doubt it can be useful if the encoding domain is vast enough.)
That is why, for Text and most other data; I plan on using hashing,
or plain ZIP algorithm. But that is a guess, until I study an actual
fractal encryption stream that matches some basic requirements.
And compare for the same statistical bit distribution both.
I understand this idea might limit encryption for entire files, instead of
a steady data stream. But it's a preliminary phase in my study
and design of this newbie 'square wheel' Encryption system.
I think of this in a visual way.
If I want to 'hide' the picture of a forest.. Using a blue sky overlay won't do it.
What will best hide it, is an other similar picture of the forest.
Matching the apparent bit distribution.
I just hope it won't be too difficult to find a simple fractal derivative for these
properties.
There is nothing like a little demonstration and I shall post my results here,
as soon as I have some... Maybe that's a good way to go.
Try my newbie ideas; Fall flat on my face from a failure, and then read about
how it's really done.
Then the first thing in my Agenda, is to harnest these Fractal Equation
for my bitstream purpose.
Regards,
Ben
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Re: A generic feistel cipher with hash and gf(257) mixers
Date: Fri, 25 May 2001 22:48:15 -0400
Now I believe that I understand some of the
rationale for key schedules. The key be divided into smaller pieces,
and each different piece of the key can be xor's with one of the a,b,or c
digest variables ***at different rounds*** of the feistel network.
This "leak-around" and subsequent avalanche of information around
the key at those rounds can prevent the known-plaintext attacks.
It seems I am learning the hard way some of the "why" of conventional
cipher designs.
Are there some other principles of key scheduling which are relevant
to feistel ciphers like this? Thanks for your advice.
Jim Steuert wrote:
> Sorry, of course I stand corrected. The key should be
> mixed into such a cipher in a much different
> manner. Thanks for the response.
>
> David Wagner wrote:
>
> > If I understood correctly, your cipher can be expressed as
> > E_k(x) = G(F(x) xor k)
> > for some unkeyed, invertible functions F,G. If this is correct, the
> > cipher is trivially insecure: Given a single known plaintext/ciphertext
> > pair (x,y), one computes k = F(x) xor G^{-1}(y), and the cipher is broken.
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: Sat, 26 May 2001 15:04:49 +1200
"Dik T. Winter" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> In article <Q_DP6.3671$[EMAIL PROTECTED]> "Michael Brown"
<[EMAIL PROTECTED]> writes:
> > As far as I can tell, you only need to make the 1st choice, and the rest
will
> > end up working. As I said on the site, I cannot prove that this will always
> > be the case, although it has been so for all the numbers which I have
tested
> > (all 8 bit composites and a few 12 bit ones).
>
> That is an, eh, small sample.
4 bit inputs:
3x13, 5x7, 5x11, 7x13, 11x13
3 bit inputs:
3x5
Total of 6 numbers. Yeah, that is quite small :)
Just gotta find an A3 printer so I can wind up the nummber of input bits ...
It's a real pain drawing several hundered boxes by hand. Or implement it on my
computer.
Regard,
Michael
> --
> dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
> home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/
------------------------------
From: Don Ocean <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it
Date: Fri, 25 May 2001 22:11:55 -0500
Bull! I got the same reply, weeks ago.....
John Niven wrote:
> I've been alerting [EMAIL PROTECTED] - here's their reply:
>
> << begin >>
> Hi John -
>
> Thanks for your recent email.
>
> We are currently investigating a series of complaints relating to this
> issue. Please rest assured that once our investigations are complete
> that the appropriate action will be taken.
>
> Regards,
>
> Mike White
> Acceptable Use Policy Team
>
> ntl: Technology. Tamed.
> http://www.ntlworld.com
> << end >>
>
> John
> --
> John Niven
> (Reply through newsgroup)
>
> "Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > >>Thought this was just another forged post, but look at the headers.
> Posted
> > >>from ntl in Nottingham. Actual official spam.
> > >>
> > >[Shaun in alt.security.scramdisk]
> > >
> > >If anyone can Email me their address I'll drive down to Nottingham and
> > >tell them what I think.... EE had a fine reputation..... Which is now
> > >in tatters... Destroyed by those whose interests I would have thought
> > >would have been to protect it.
> >
> > Their address is public record. It is on their incorporation papers,
> > which another UK citizen helpfully mailed to me (what, you don't think
> > *I* care enough about these spamming fools to pay for a copy, do
> > you?). I can't re-post those incorporation papers because they are
> > under Crown copyright, but I can definitely post the info from those
> > papers, including who the two principals are, their date of birth, and
> > their address. See:
> >
> > http://badtux.org/eric/editorial/scumbags.html
> >
> > for the package.
> >
> > PS: They also said that Scramdisk has a back door in it. I'm sure that
> makes
> > YOU happy!
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Fri, 25 May 2001 23:47:05 -0400
Joseph Ashwood wrote in message ...
>I feel I am in a reasonable position to comment on your concept. I am also
>performing several responses in one to avoid extending the conversation by
>too much.
>
Well done Mr Ashwood.
>"BenZen" <[EMAIL PROTECTED]> wrote in message
>news:BakP6.532$[EMAIL PROTECTED]...
(..)
>I don't want to discourage you,
>but loss of information cannot be recovered from. The idea of having the
>user choose a "close" key is not the best of ideas, if the user does that
>the new key will have to be transferred, otherwise the information is
>(hopefully) permanently lost.
>
I apologize for my misuse of the term 'key'.
My false understanding of this term was similar to a 'password',
to gain access. The decryption using the key to restore the data.
I may not have been clear on that idea, of letting user select a 'key',
close to one proposed by the advanced version of my encoder.
The idea is that the 'encoder' scans the file to determine what
'best' parameters will match more closely the data distribution in
this original file... This requires some good understanding of a
fractal stream generator... I'm not there.. This was just an idealistic idea
I thought. Of course, if the encryption program is available to all;
Crackers could use this feature to their adventage.. Possibly because
user's data would be too similar from one user to another;
Leaving the 'encryptor' suggest better matching keys in a limited range.
Crackers could then target this range for best key in a brute force attack.
It's just an idea... Apologizing again for the wrong use of the term 'key'.
>[on establishing the period of the generator]
>Because the generator must be deterministic (otherwise the reader wouldn't
>be able to read it) it will have a period at some point. Proving this is a
>simple matter, you have a fixed maximum amount of RAM, which means you have
>a fixed maximum number of states, so you can only change states a certain
>number of times before the state repeats. Proving the period generally
>involves proving the ordering of states under all keys gaurentees a certain
>number of states will be reached before a repetition occurs.
>
I read you well... This must be true for finite-state machines driving common
cypher algorithms. But what about sampling plain mathematical functions ?
I don't think about a Fractal in terms of number of states; While there are
indeed states in this. But the sequence is somehow implied within the
Mathematical fundations of the Fractal equation.
For a moment I thought (again) about the PI algorithm (Pi-Hex); Then I realized it
was indeed an algorithm:
" SC* algorithms take about linear time, and polynomially logarithmic space. "
Contrary to the simple fractal equation that won't require any additionnal memory
to keep track of the states.
I'm not sure here: It might sound like another foolish idea of mine;
But I see the beauty of Fractal (If it works), is that the only periodicity I can
think of,
is the entire body of the fractal. May it be mapped in 2D, 3D or 1D for my purpose.
I appreciate your tip about the states being involved in determining the
periodicity of the algorithm.. I shall give it much more thoughts.
>[on establishing the security of the generator]
>To prove the best possible security of the generator you have to prove that
>given [0,n-1], [n+1, k] bits of the output the attacker can only determine
>the missing bit with probability 1/2+E, for all n<=k, for all k <
>periodOfGenerator. If you can prove that E is a very important value, as E
>tends to 0 the security increases. To simplify this you can simply prove for
>k = period, having less knowledge will not give the attacker an advantage.
>However E is likely to vary with k, so having a proof of relationship would
>be very good. There is also a useful variation of the proof where you set n
>= k.
>
Thanks,.. I'm lost with this right now.
I hope once I seriously browse the 'Handbook of Applied Cryptography';
by A.Menezes, P.van Oorshot, and S.Vanstone, CRC Press, 1996.
http://www.cacr.math.uwaterloo.ca/hac
I shall understand what this challenge represents.
>Throughout this I have assumed that you are building a stream cipher. If you
>want to use fractals to build a block cipher there are differing
>requirements.
> Joe
>
It's mainly intended as a 'block' cypher; since I plan on using it on files mainly.
But I shall read the details about block vs stream in section 1.5.1 of the
book I just mentionned.
Regards,
Ben
"The universe is a big place, perhaps the biggest." -- Kurt Vonnegut, Jr.
------------------------------
From: "BenZen" <[EMAIL PROTECTED]>
Subject: Re: Crypto NEWBIE, wants to create the 100% SAFE FRACTAL encoding... Am I a
fool ?
Date: Sat, 26 May 2001 00:03:25 -0400
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>BenZen wrote:
(..)
>> http://www.infosyssec.org/infosyssec/cry1.htm
>> http://www.infosyssec.org/infosyssec/cry2.htm
>
>Thanks for the very comprehensive source of links.
>
>M. K. Shen
Danke Sehr !
You are welcome Mr Shen,
And don't miss on this one too: CLASSICAL CRYPTO,
http://www.fortunecity.com/skyscraper/coding/379/lesson1.htm
Have you noticed how good John Savard site is too:
http://home.ecn.ab.ca/~jsavard/frhome.htm
Oh, I found your Web page.... I am more than impressed.
I love challenges...
Your Problem of Complexity will occupy my mind tonight;
I just don't understand what this: g(m) := max { n | H(m,n) > 0 } means
for combinatronics in neophite language.
Regards,
Ben
------------------------------
Subject: Re: Ideas for project
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sat, 26 May 2001 05:34:32 GMT
[EMAIL PROTECTED] (Simon West) writes:
> What I am seeking are ideas, from those of you more
> learned in the subject, as to suitable iteresting applications
> which could be developed during a two month project.
> I intend to learn Java in the course of the project.
I can think of two projects that would do the world good:
(*) Make an open-source port of PureTLS to the JSSE bindings (this is
a Java project)
(*) Write an open-source implementation of SPKI, perhaps in Java.
Ask Google about the keywords. Let me know of this is the sort of
thing you were looking for, or whether you wanted more theory.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
Subject: Re: Combining functions for stream ciphers
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sat, 26 May 2001 05:34:32 GMT
[EMAIL PROTECTED] (Laura) writes:
> > Laura wrote:
> > >
> > > I am currently working on improving the ORYX stream cipher, [snip]
>
> I am attempting to improve the cipher's security against the divide
> and conquer approach that was used to break the system.
Are you doing this for fun, or do you plan to field the result in a
real system?
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
------------------------------
From: "Bob Deblier" <[EMAIL PROTECTED]>
Subject: Re: Help with JAVA code for octet string
Date: Sat, 26 May 2001 06:21:27 GMT
The easiest way to do this type of conversion is with the
java.math.BigInteger class. You can convert an arbitrary length byte[] to a
BigInteger through one of the constructors and get an array of bytes
representing the same integer through the getBytes() method.
Sincerely,
Bob Deblier
Virtual Unlimited
------------------------------
From: Dave Knapp <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Sat, 26 May 2001 06:34:42 GMT
On Tue, 22 May 2001 21:43:34 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
>I don't want to be pushy, I know you guys are busy (I am out of the house
>most of the day too). But most of my papers are under 15 pages (in fact all
>my LaTeX formated papers are 15 or under) so they should only take about 10
>mins to read.
A typical Physical Review letter is 4 pages long, and a thorough
reading usually takes a half hour.
If you seriously believe that anyone can give you useful feedback on
your algorithm with a 10-minute scan of a 15-page paper, then either
(a) the information content of the 15-page paper could be condensed to
less than 1 page, or (b) you don't consider your algorithm worthy of
serious consideration.
Reading a crypto paper is not like reading a novel.
-- Dave
------------------------------
From: "Osher Doctorow" <[EMAIL PROTECTED]>
Subject: Is There An Entanglement Memory Substance?
Date: Sat, 26 May 2001 00:48:07 -0700
From: Osher Doctorow [EMAIL PROTECTED], Fri. May 25, 2001 10:57PM
To proceed with quantum cryptography, we need to understand entanglement,
and it seems as though to understand entanglement we may have to understand
the universe as a whole (globally) better. Let's see what happens if we
try to *cryptographically decode* the universe itself by a type of
*propositional entanglement* which simply consists of relating similar
knowledge in different contexts.
Radiation is implicated in entanglement, since we direct a beam of green
laser light toward a crystal of potassium dihydrogen phosphate (KDP) for
example. Correlation of pairs of photons but especially their polarization
(direction of motion) properties is implicated. We intuitively feel that
the waves of the particles are entangled in some sort of substantial sense
but also in the sense of fitting together/intersecting to form a whole.
Global knowledge is implicated.
What is most similar to this situation in different contexts? I am
reminded of human consciousness and sensorimotor perception/action. We
feel intuitively that consciousness is global and somehow
expandable/contractable (the latter say during sleep or when tired). We
intuitively feel that sensation/perception/action has a global and somehow
expandable/contractable characteristic but of a less concrete type than a
solid body - roughly, like a wave or field. In fact, when we try to
concentrate or focus, we have distinct feelings of expanding outward either
in a particular direction or more interestingly in several *entangled*
directions. There are even some strange hologram indications that this
occurs.
What if there really is a wave-fieldlike substance associated with both the
brain and entangled photons? T. Y. Cao of Boston University in his late
1990s analyses of quantum field theories concluded that there is actually
such a substance, but he described it as a field with geometric properties
and attributed its recognition to Einstein. Cao showed quite clearly, howev
er, that Steven Weinberg became fed up with the anomalies of quantum field
theory and moved over to string theory with considerable justification at
least in terms of rejecting field theory (string theory itself has a number
of unanswered fundamental questions). If the substance is not literally a
field, what if it is an ether associated locally with particles? In other
words, what if the old ether theory works in the neighborhood of a particle,
and if two particles enter each other's ether and then diverge, the ether
merges and stretches with both of them?
What form would the ether (or whatever we want to call the substance) take?
If the analogy with the brain is anything more than an analogy, I would
guess that it is spherical or better still a solid ball of waves - a
wave-ball that can expand or contract. If it stretches/expands without
breaking as in entanglement, we get a quantum computer and ultimately
quantum cryptography. If it breaks after stretching, we get bosons, a
particle-antiparticle pair, virtual particles, etc., where the intersection
of wave-balls stretches to form the *force carrier* and then breaks to allow
the particles to go off in various directions as fermions.
All this would be pure speculation perhaps if it were not for Memory (M)
Theory, which is based on (a) spherical/ball expansion/contraction (or its
homeomorphs), (b) knowledge, logic, and memory of two or more past times,
(c) continuous-global rather than discrete local properties including global
influence.
Aside from all this, we have the universe itself acting like an expanding
accelerating sphere or its homeomorph, and I have shown elsewhere that
proximity functions enormously simplify the equations of such expansion.
Thus, M Theory is implicated in the universe's expansion as well if
simplicity has a role in the universe. As for why the universe is
expanding, I would just throw out the possibility that it is looking for
knowledge/perception. Now back to the drawing boards.
Osher Doctorow Ph.D.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
