Cryptography-Digest Digest #519, Volume #14 Mon, 4 Jun 01 21:13:01 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Def'n of bijection (Tim Tyler)
Re: Def'n of bijection ("Tom St Denis")
Re: Def'n of bijection ([EMAIL PROTECTED])
Re: Def'n of bijection ([EMAIL PROTECTED])
Re: Def'n of bijection (John Savard)
Re: Def'n of bijection ("Tom St Denis")
Re: Def'n of bijection ("Robert J. Kolker")
Re: Def'n of bijection ("Tom St Denis")
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: Def'n of bijection (SCOTT19U.ZIP_GUY)
Re: about DH parameters & germain primes (Gregory G Rose)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes
(Gregory G Rose)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 4 Jun 2001 22:56:28 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<L4US6.27321$[EMAIL PROTECTED]>:
>> Ideally for security, the cyphertext should contain no information
>> that suggests any plaintext is more likely than any other (Shannon's
>> perfect secrecy).
>
>yes I agree. If you have 256 states that's a prob of 1/256. Think
>about it. It must add up to 1 so 1/256 over 256 symbols is the lowest
>possible bound. (do the math)
>
>> Here we a have a case where the cyphertext eliminates every possible
>> plaintext *except* for 256. This is a *tiny* figure - and
>> may well represent a massive gain in information on the part
>> of the attacker upon observation of the cyphertext.
>
>Not really. Given a 8-bit message, if you can't tell it from any other
>8-bit message with a prob higher then 1/256 then ou have no advantage.
>(Note if this bound is followed it's equivalent to an OTP)
>
I think your suffering from a BRAIN FART. You seem to mistake
what the 8-bit message real is. Bit thats no surprise you don't
seem to learn anything. But if you use something so weak as CTR
and you get one byte output. You seem to realize that is 1 of 256
possible input values for a single byte input. Each of the values
could stand for a seperate messages. In the weak CTR case you have
only 256 seperate message that could have been sent. Your being
a complete ass on the use of a OTP. for any OTP system to have
"perfect security" You need to use a pad that outputs a file
of the length of the longest piece of information you need.
That means for short messages you need the same size pad as for
long messages. Your BRAIN FART has caused you to become stupid
and not see that. If you have thoussnad of messags assinged to
various lengths. And out of those message you assign 256 to
be used in a one byte file for a one byte cipher text output
you don't have anything close to perfect security. Your a fool
to belive that reduceing a large set of possible messages to
a pool of 256 makes no security difference. Your brain sees
the comparasion of CTR to an OTP and then your brain FARTS
and stops working. OK foolish child since 1 out of 256 makes
zero security difference. At what number of messages do you
stop worrying. If an attacker can limit it to two messages
is that still not a security issue according to your brain.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Reply-To: [EMAIL PROTECTED]
Date: Mon, 4 Jun 2001 23:42:02 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
: There are several variations on bijectivity that are used around here. The
: most fundamental is the bijective term as it applies in generic computer
: science [...]
: Scott often places different restrictions, restrictions which make sense in
: certain contexts but (like all of these) are inappropriate for some
: situations. I will call this B-bijectivity for now. B-bijectivity requires
: that Set A = Set B, this immediately implies |A| = |B|. Commonly Scott fixes
: the Set A to be the set of all n-OCTET length files.
That has nothing to do with bijectivity - as David Scott is well aware.
Look, here is David Scott in sci.crypt on March 25, 2001:
``It maps all messages made up of only letters A-Z to "ALL binary files"
you pick the number and values of bytes you want and when uncompressed
it goes to files of A-Z and is BIJECTIVE.''
A bijection that's not a permutation. It seems David Scott does not
restrict himself to bijections where the domain and range are equal.
Your multiple definitions of bijection seem bewildering.
This is a mathematical term - doesn't everyone agree on the mathematical
definition [e.g. http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=bijection]
...?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Tue, 05 Jun 2001 00:00:35 GMT
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>
> : There are several variations on bijectivity that are used around here.
The
> : most fundamental is the bijective term as it applies in generic computer
> : science [...]
>
> : Scott often places different restrictions, restrictions which make sense
in
> : certain contexts but (like all of these) are inappropriate for some
> : situations. I will call this B-bijectivity for now. B-bijectivity
requires
> : that Set A = Set B, this immediately implies |A| = |B|. Commonly Scott
fixes
> : the Set A to be the set of all n-OCTET length files.
>
> That has nothing to do with bijectivity - as David Scott is well aware.
>
> Look, here is David Scott in sci.crypt on March 25, 2001:
>
> ``It maps all messages made up of only letters A-Z to "ALL binary files"
> you pick the number and values of bytes you want and when uncompressed
> it goes to files of A-Z and is BIJECTIVE.''
>
> A bijection that's not a permutation. It seems David Scott does not
> restrict himself to bijections where the domain and range are equal.
>
> Your multiple definitions of bijection seem bewildering.
>
> This is a mathematical term - doesn't everyone agree on the mathematical
> definition [e.g.
http://foldoc.doc.ic.ac.uk/foldoc/foldoc.cgi?query=bijection]
Yeah I admit I goofed on my original assumption.
My question now is ... replace A..Z with 0..255. Now why isn't CBC mode
encryption a "BIJECTIVE" operation? It maps all files with letters from the
alphabet 0..255 to another file (ok replace "file" with "message" for std
terminology) in 0..255
Tom
------------------------------
Subject: Re: Def'n of bijection
From: [EMAIL PROTECTED]
Date: 04 Jun 2001 20:11:10 -0400
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
>
> There are several variations on bijectivity that are used around here.
Maybe. But there is only one definition of bijectivity, period. If you want
to add constraints, you have to call it something else--which is why we
have terms like ``isomorphism'', ``homeomorphism'', ``diffeomorphism'',
etc..
> The most fundamental is the bijective term as it applies in generic
> computer science...
``bijective'' is a mathematical term. Computer scientists sometimes use it.
> ...simply stated this is:
Your definition is too complicated. A function f, mapping A->B, is
bijective if and only if:
1. Whenever f(x) = f(y), then x = y. (I.e., f is ``one to one'', or
``injective''.)
2. For every b in B, there is some a in A such that f(a) = b. (i.e.,
f is ``onto'', or ``surjective''.)
> Other common variations here include adding certain constraints, for
> example we very commonly add the constraint of the value k being known
> to perform the mapping, otherwise generating an undefined...
You're not talking about bijectivity anymore. Apparently you are
talking about functions f:A x K -> B, where K is some reference set
(usually called a ``key space''). The right way to think of this is as
a one-parameter family of functions, indexed by the key space. The
functions f_k can be thought of as bijections between all possible
plaintexts and all possible ciphertexts.
On the other hand, most possible plaintexts are not meaningful--so if
we consider the domain of functions f_k as, say, ``Grammatically
possible messages in English,'' then the encryption functions are
injective but not necessarily surjective. This fact can be exploited
in cryptanalysis, by trying to find characterizations of the actual
range of the encryption functions.
> Scott often places different restrictions...
He seems to be trying to create a scheme w.r.t. which every message of
size <n is the possible compression of a meaningful message. He seems to
be bothered that the domain of an encryption function is a strict subset
of the codomain, and he seems to want a pre-encryption step to remedy
this. In particular, he seems to think that BICOM is such a step.
If I've understood his aims right, I sincerely doubt he has succeeded. Such
a ``compression'' scheme is possible--for example, by enumerating the set
of English messages and the set of all possible messages--but I'd be
willing to bet that no such scheme would be practical.
> If you can keep stright which subclass of bijectivity is being called simply
> bijective it tends to make things a bit easier.
It's easiest of all if everyone simply meant ``bijective'' when he says
``bijective''. The word has a meaning which can be looked up.
Len.
--
Don't be silly. Every minute there's a UNIX system crashing somewhere.
-- Dan Bernstein
------------------------------
Subject: Re: Def'n of bijection
From: [EMAIL PROTECTED]
Date: 04 Jun 2001 20:14:29 -0400
"Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> My question now is ... replace A..Z with 0..255. Now why isn't CBC mode
> encryption a "BIJECTIVE" operation?
If you are now defining a message as ``any possible array of bites'', and
you are viewing CBC mode as a mapping from possible messages to possible
messages, then it is indeed a bijection.
What sticks in Scott's craw is that encryption is not (necessarily) a
bijection between the set of *meaningful* messages and the set of
*possible* messages. He proposes to ``remedy'' that by first applying
a bijection between meaningful messages and possible messages, which he
calls ``bicom compression''.
Len.
--
Frugal Tip #28:
Designate one day each week as "Nude Day" to cut down on your laundry
expenses.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Def'n of bijection
Date: Tue, 05 Jun 2001 00:11:58 GMT
On Mon, 4 Jun 2001 23:42:02 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
part:
>A bijection that's not a permutation. It seems David Scott does not
>restrict himself to bijections where the domain and range are equal.
No, he doesn't. And there's no particular reason he needs to.
Even including messages of arbitrary finite length, his domain and
range aren't equal; he is mapping messages with arbitrary length in
bits to messages whose length is in whole bytes.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Tue, 05 Jun 2001 00:17:03 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> writes:
> >
> > My question now is ... replace A..Z with 0..255. Now why isn't CBC mode
> > encryption a "BIJECTIVE" operation?
>
> If you are now defining a message as ``any possible array of bites'', and
> you are viewing CBC mode as a mapping from possible messages to possible
> messages, then it is indeed a bijection.
>
> What sticks in Scott's craw is that encryption is not (necessarily) a
> bijection between the set of *meaningful* messages and the set of
> *possible* messages. He proposes to ``remedy'' that by first applying
> a bijection between meaningful messages and possible messages, which he
> calls ``bicom compression''.
The problem with this logic is that not all messages with A-Z will resemble
a coherent english message.
I would say if he could map one english message to a random english message
that would be very cool. (Without wasting tons of memory)
Tom
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Mon, 04 Jun 2001 20:31:52 -0400
Tom St Denis wrote:
> http://www.dictionary.com/cgi-bin/dict.pl?term=bijection
>
> Aha. One-to-one and onto.
>
> That means it's invertible and closed right (i.e from set A to set B, A=B)?
No. All it means is that mapping from from A to B is 1 to 1 and onto.
The domain and range need not have any other connection.
Another name for a bijection is a 1-1 correspondence with inverse.
The domain of the inverse function = the co-domain of the original
function.
This is the standard mathematical useage.
Bob Kolker
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Tue, 05 Jun 2001 00:38:11 GMT
"Robert J. Kolker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
>
> > http://www.dictionary.com/cgi-bin/dict.pl?term=bijection
> >
> > Aha. One-to-one and onto.
> >
> > That means it's invertible and closed right (i.e from set A to set B,
A=B)?
>
> No. All it means is that mapping from from A to B is 1 to 1 and onto.
> The domain and range need not have any other connection.
>
> Another name for a bijection is a 1-1 correspondence with inverse.
> The domain of the inverse function = the co-domain of the original
> function.
>
> This is the standard mathematical useage.
Um no offense but please keep up with the posts. I already admitted I was
wrong and was corrected 23 times already.
If you're a regular you should know to read what I say with a grain of salt.
I.e be cautious because I tend to make mistakes. Espescially with math
notation I haven't formally learnt yet.
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 5 Jun 2001 00:37:08 GMT
[EMAIL PROTECTED] wrote in <[EMAIL PROTECTED]>:
>"Tom St Denis" <[EMAIL PROTECTED]> writes:
>>
>> My question now is ... replace A..Z with 0..255. Now why isn't CBC mode
>> encryption a "BIJECTIVE" operation?
>
>If you are now defining a message as ``any possible array of bites'', and
>you are viewing CBC mode as a mapping from possible messages to possible
>messages, then it is indeed a bijection.
actaully its not since Tom is refering to common CBC as in AES which
for a 128 bit block does not readily match files of odd byte lengths.
The common fix to make it work for all byte lengths is to pad the file.
The common padding methods which are a PK(something standard) don't
padd in a bijective way. If one wants any false key when tested lead
to a file that could have been padded. Of course you can say its bijectvie
to your defination of padding. But that defination doesn't really map to
the fill input set that the block cipher is using.
>
>What sticks in Scott's craw is that encryption is not (necessarily) a
>bijection between the set of *meaningful* messages and the set of
>*possible* messages. He proposes to ``remedy'' that by first applying
>a bijection between meaningful messages and possible messages, which he
>calls ``bicom compression''.
Well I don't think of it this way but I don't totally follow what you
just said. Maybe its right I don't know. I know few like my ideas of
compression and encryption. But BICOM is Matt Timmermans code that
combines a bijective PPM compressor with full block RIJNDAEL. And
Matt writes and codes clearer than me. Many reject my stuff because
they can't read what I do. But they should not reject Matt for those
reasons. I suspect the so called crypto club does not want
competition. Matts BICOM is really the first combination program
that does serious compression with what the crypto GODS think is
a good cipher.
It allows any file ( all are 8-bit byte files) to be used eihter
as input or output with any key. Even if you had a one byte output
file it would have at least 2**128 different possible input messages.
Its fully bijective no KEY can be eliminated for not working since
all keys work. Something not found in other implimentaions of
RIJNDEAL. Wagner and people I truely belive have looked at it but
plead ignorance. I feel they are doing a disserive by not making
honest comments about it. But I suspect its in his nature to lie
to the little people. Like when he claimed he looked at scott19u
but later admited he could not read it when some one actually tried
his slide attack on my code.
>
>Len.
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 5 Jun 2001 00:49:13 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<TRVS6.27914$[EMAIL PROTECTED]>:
>
>"Robert J. Kolker" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>>
>>
>> Tom St Denis wrote:
>>
>> > http://www.dictionary.com/cgi-bin/dict.pl?term=bijection
>> >
>> > Aha. One-to-one and onto.
>> >
>> > That means it's invertible and closed right (i.e from set A to set
>> > B,
>A=B)?
>>
>> No. All it means is that mapping from from A to B is 1 to 1 and onto.
>> The domain and range need not have any other connection.
>>
>> Another name for a bijection is a 1-1 correspondence with inverse.
>> The domain of the inverse function = the co-domain of the original
>> function.
>>
>> This is the standard mathematical useage.
>
>Um no offense but please keep up with the posts. I already admitted I
>was wrong and was corrected 23 times already.
>
>If you're a regular you should know to read what I say with a grain of
>salt. I.e be cautious because I tend to make mistakes. Espescially with
>math notation I haven't formally learnt yet.
>
Gee Tom but what do you mean keep up wiht the posts
this is first time I see you say you didn't know what your
talking about as to defination of "bijection" Does this mean
you inderstand yet that having several thousands of thousands
of possuble messages is more secure than trying to find the
right one out of 256 messages. Or do you grap the problem yet.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Def'n of bijection
Date: 5 Jun 2001 00:43:44 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On Mon, 4 Jun 2001 23:42:02 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
>part:
>
>>A bijection that's not a permutation. It seems David Scott does not
>>restrict himself to bijections where the domain and range are equal.
>
>No, he doesn't. And there's no particular reason he needs to.
>
>Even including messages of arbitrary finite length, his domain and
>range aren't equal; he is mapping messages with arbitrary length in
>bits to messages whose length is in whole bytes.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/frhome.htm
>
Yeah I guess strangely we agree here. Which one of
us is over looking something.
I see it now. Tim says "Scott does not ... are equal"
then you answer NO. I think Tim was right so anwser should
have been YES. But I get confused you then type on as if
you ansered YES but you anwsered NO. So not totally sure
what you meant. But yet I like what you typed.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: about DH parameters & germain primes
Date: 4 Jun 2001 18:00:45 -0700
In article <[EMAIL PROTECTED]>, Anton Stiglic <[EMAIL PROTECTED]> wrote:
>The trick is to simply work in a subgroup of prime order q
>of Z*p, for some large q.
Correct.
>So if p is such that (p-1)/2 is also prime, than the order
>of the group Z*p will be 2*(p-1). Since the order of any element
Wrong, unless you're confusing your p's and q's.
The order of the group Z*p is phi(p), which is p-1
assuming p is prime. I don't know where you got
the factor of two from. Note that p-1 is even for
almost all prime p (the exception being p=2, which
is uninteresting).
>must divide 2*(p-1), all element have order 1, 2, (p-1) or 2*(p-1).
>(since p-1 is prime).
Dunno where you get that p-1 is prime, given that
it's even. There is one element of order 1 (that
is 1), one of order 2 (that is -1), and defining
that q=(p-1)/2, there are q-1 elements of order q,
and q-1 of order 2*q.
>You simply want to avoid the subgroups of order 1 and 2 (the other
>two are large enough), so you
>can choose any g except one that generates one of these two subgroups.
>g = 1 generates the group of one element {1}, and -1 := p-1
>generates the group of order 2, consisting of elements {1, -1},
>so you simply want to avoid these two generators.
You've contradicted your first statement, which
was correct. One *does* want to choose an element
of prime order for g.
The reason for this is that using a g of order 2*q
allows the parties to infer one bit of information
about the other party's secret key. Let Alice and
Bob be the parties, and they choose a and b as
their secrets. Alice chooses an a with order 2*q
intentionally. When she calculates g^(ab), she can
check its order. If it is of order 2*q she knows
that Bob chose b with the least bit clear ("even").
If it is of order q, then b has the least bit
set ("odd"). But if g is constrained to always
be in the order-q subgroup, no such information is
leaked (well, actually, she can tell if b was
a^-1, but that's negligible).
To find a g of order q, choose one and check it.
If it is not of order q, square it. Check that it
isn't 1. Simple.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large
Primes
Date: 4 Jun 2001 18:03:00 -0700
In article <ebvtZ6S7AHA.201@cpmsnbbsa09>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>make things easy, RSA looks easy enough, once the Wide Trail Strategy has
>been developed it makes development fairly straight forward. OTOH
What is this Wide Trail Strategy?
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
