Cryptography-Digest Digest #521, Volume #14 Tue, 5 Jun 01 04:13:01 EDT
Contents:
Re: Welcoming another Anti-Evidence Eliminator stooge to USENET (P. ("Trevor L.
Jackson, III")
Re: Def'n of bijection (JPeschel)
Re: National Security Nightmare? ("Trevor L. Jackson, III")
Re: WEB PAGES (those who know me have no need of my name)
Re: Def'n of bijection (Rob Warnock)
Re: RSA's new Factoring Challenges: $200,000 prize. (my be repeat) ("Michael Brown")
Re: WEB PAGES ("Michael Brown")
Re: WEB PAGES (JPeschel)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (David Hopwood)
Re: BBS implementation (Pascal Junod)
Re: Keyed hash functions ("Scott Fluhrer")
Re: Quantum Computers with relation to factoring and BBS ("Scott Fluhrer")
Re: RSA's new Factoring Challenges: $200,000 prize. (Sergei Lewis)
Re: Def'n of bijection (Mok-Kong Shen)
Re: National Security Nightmare? (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Welcoming another Anti-Evidence Eliminator stooge to USENET (P.
Date: Tue, 05 Jun 2001 03:16:03 GMT
John Savard wrote:
> On Mon, 04 Jun 2001 01:51:57 GMT, "Trevor L. Jackson, III"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >It implies that it is
> >possible to prove a falsehood. One typically proves truths.
>
> A "proven lie" is a statement that has been proven to be a lie.
>
> That means one has proven:
>
> the statement is false, and
> the person making the statement knew it to be false.
>
> It does _not_ mean the statement (despite being a lie) has been proven
> to be true.
Sure it does. "When I use a word it means exactly what I intend it to
mean, no more and no less" (RIP LC). An altered form of this applies to
usenet posts: "When I read a statement it means exactly what I interpret
it to mean, no more and no less".
Disputing EE's claims that people are lying about them is less productive
than challenging their ability to make such claims consistently.
> Although it is true that one could apply the rules of
> English grammar to the phrase "proven lie" and find it to be
> equivalent to "lie that has been proved", English is actually more
> complicated than that.
Yes, it is undecidable, but so are many less sophisticated languages.
That's no excuse.
>
>
> Thus, it is possible for statements to be proven lies, even if one has
> rather strong suspicions about any claims of that nature appearing in
> the particular post under discussion.
"Strong suspicions" is a very, ahem, gentle phrase.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 05 Jun 2001 03:24:12 GMT
Subject: Re: Def'n of bijection
"Tom St Denis" [EMAIL PROTECTED] writes, in part:
>If you're a regular you should know to read what I say with a grain of salt.
>I.e be cautious because I tend to make mistakes. Espescially with math
>notation I haven't formally learnt yet.
Reviewing, from time to time, the first few chapters from Menezes's book
might be a good way to reinforce the notation. Beats being corrected.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Tue, 05 Jun 2001 03:25:28 GMT
David Wagner wrote:
> Douglas A. Gwyn wrote:
> >As I said, it pretty much takes legal staff to issue accurate
> >interpretations.
>
> Maybe it does with today's laws, but it shouldn't. The intelligences
> community asks citizens to "trust them"; but when the guiding regulations
> are so unnecessarily vague that citizens can't verify for themselves
> how these agencies really operate, should anyone in the intelligence
> community be surprised when citizens don't trust them? We need clear
> and visible protection against violations of civil liberties, not vague,
> inaccessible, classified legalese.
>
> There is no reason that the latest executive orders couldn't include
> the clear language found in EO 11905. Moreover, it seems that the NSA
> could easily publish excerpts from its training manuals to substantiate
> claims that employees are instructed to treat civil liberties seriously.
>
> If electronic surveillance is so critical to national security, why can't
> the intelligence agencies spare 0.1% of their budget to openness and and
> transparency? One is led to the impression that this is not a priority
> for the intelligence community. It seems that the intelligence community
> has not taken any of these easy, no-cost, confidence-inspiring steps.
> Should anyone be surprised if people view this as an indication that
> maybe the intelligence community doesn't care about civil liberties as
> much as it should?
>
> The nation deserves intelligence agencies that not only respect civil
> liberties but also can be seen to do so. Without this trust, we risk a
> backlash that could endanger the legitimate benefits we accrue from the
> nation's intelligence community, and I'm disappointed that the stewards
> of our intelligence agencies do not seem to be taking this as seriously
> as they (IMHO) should be.
The dispute over the actual meaning of the rules distracts from the attention
due the actual actions of the organizations subject to those rules. There is
no dispute over the existence of speed limits, but a few minutes on any
highway demonstrate that those rules are irrelevant to the actual behavior of
drivers.
Note that the attitude of the rule enforcers is a critical component of the
relevance of the rules to the control of the organizations' activities. Most
cops will give a driver 10 or 15 MPH before intervening. What degree of rule
"bending" does the intelligence establishment allow, and just where is _that_
codified? There is an inexplicable lack of indictments against intelligence
organizations. Might this resemble the unnaturally low incidence of
citations speed < 5 MPH over the limit?
The law is not what is written. The law is what is enforced.
------------------------------
From: those who know me have no need of my name <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: WEB PAGES
Date: 05 Jun 2001 03:42:47 GMT
<[EMAIL PROTECTED]> divulged:
>I have been having a terible time even accessing my site
>at http://members.nbci.com/ecil/index.htm
seems to work, at least right now.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Def'n of bijection
Date: 5 Jun 2001 04:30:57 GMT
<[EMAIL PROTECTED]> wrote:
+---------------
| > Scott often places different restrictions...
|
| He seems to be trying to create a scheme w.r.t. which every message of
| size <n is the possible compression of a meaningful message. He seems to
| be bothered that the domain of an encryption function is a strict subset
| of the codomain, and he seems to want a pre-encryption step to remedy
| this. In particular, he seems to think that BICOM is such a step.
|
| If I've understood his aims right, I sincerely doubt he has succeeded. Such
| a ``compression'' scheme is possible--for example, by enumerating the set
| of English messages and the set of all possible messages--but I'd be
| willing to bet that no such scheme would be practical.
+---------------
Ditto. For every definition of "meaningful English messages" you create,
I can give him a plaintext that *I AS A USER* might want to transmit that
would violate the definition of "meaningful". E.g., as a trivial example,
if "meaningful English message" implies correct grammar and vocabulary,
then how do I send this message?
Den he sez, "'SLKJXYJ HE&T(*&TD*CDC& *#&', darlin'", like I give
a flip, him & his warez d00ds think they're so l33t n all, fuggid.
In fact, smells to me like there's some sort of Godel/Kolmogorov/Chaitin
incompleteness out there waiting to bite (or should I say "byte"?) anyone
who thinks they can define "meaningful"...
-Rob
=====
Rob Warnock, 31-2-510 <[EMAIL PROTECTED]>
SGI Network Engineering <URL:http://reality.sgi.com/rpw3/>
1600 Amphitheatre Pkwy. Phone: 650-933-1673
Mountain View, CA 94043 PP-ASEL-IA
[Note: Please don't use [EMAIL PROTECTED] or [EMAIL PROTECTED] ]
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: RSA's new Factoring Challenges: $200,000 prize. (my be repeat)
Date: Tue, 5 Jun 2001 16:51:56 +1200
"Louis Lavery" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Michael Brown wrote in message ...
>
> [snip]
>
> >First, go read my page at http://odin.prohosting.com/~dakkor/rsa
>
> Doesn't it worry you that you can't handle numbers ending in 01?
Not really. This algorithm was designed to work for numbers ending in ...11. It
does exactly that. Feel free to extend it to handle numbers ending in ...01
(which I have a method to do, but seeing how few people seem to look at the
current idea, it seems a little pointless ...)
> What about numbers ending in something like ...00000011?
This will factor fine as long as it is a product of two primes :)
>
> >
> >Then have a quick look at the 1024, 896, 704, or 576 bit numbers.
> Last 2 bits
> >for each of these are ....11 (eg: Last 8 bits of the 1024 bit number
> are
> >....11001011). Look closely at the second to last digit. A perfect
> example of
> >where the algorithm will work.
> >
>
> I used a magnifying glass to study the second to last digit and,
> although
> 99.999% sure it is a 1 (one), have taken a photograph of it. So far,
> everybody
> I've shown it to agrees that the second to last digit is a 1 (one).
Excellent! Your point being ....
>
> >Based on my previous tests, the about of RAM required will be about
> 128 meg
> >maximum, and the factoring time should be about 8 minutes (for the
> 1024 bit
> >one).
> >
> >Cya. Gotta fire up Delphi and start coding like mad ... =P
>
> Well, it's mad programming before you've worked out the alogorithm ;-)
Uhh, did you even read the pages? I state again: the algorithm is designed to
factor numbers ending in ....11 (binary). I consider it complete at this point
in time.
>
> >
> >Regards,
> >Michael
> >
> >PS: If you do find a fault with the algorithm please tell me so I
> don't waste my
> >time :)
>
> What algorithm?
Oh. You didn't read the pages. Well, come back again once you have ...
>
> Louis.
>
>
Michael
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: WEB PAGES
Date: Tue, 5 Jun 2001 16:57:25 +1200
I use FreeHosting at http://free.prohosting.com.
Little plug coming up:
My little factoring site is http://odin.prohosting.com/~dakkor/rsa, and my
student company site is http://storm.prohosting.com/conundrm
I find them quite good (50 meg, CGI, ftp uploads etc).
Michael
PS: I have nothing to do with them, I'm just a user :)
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Dear Anyone
> I have been having a terible time even accessing my site
> at http://members.nbci.com/ecil/index.htm
> it seems problems are only getting worse. Does
> anyone have recomendations as to where a alternative
> free webpage hosting occurs.
> Thank You.
>
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
> http://www.jim.com/jamesd/Kong/scott19u.zip
> My website http://members.nbci.com/ecil/index.htm
> My crypto code http://radiusnet.net/crypto/archive/scott/
> MY Compression Page http://members.nbci.com/ecil/compress.htm
> **NOTE FOR EMAIL drop the roman "five" ***
> Disclaimer:I am in no way responsible for any of the statements
> made in the above text. For all I know I might be drugged or
> something..
> No I'm not paranoid. You all think I'm paranoid, don't you!
>
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 05 Jun 2001 05:01:21 GMT
Subject: Re: WEB PAGES
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes, in part:
> Does
>anyone have recomendations as to where a alternative
>free webpage hosting occurs.
Have you tried fortunecity?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Mon, 04 Jun 2001 17:58:06 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
=====BEGIN PGP SIGNED MESSAGE=====
Tim Tyler wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : CTR mode is just a bloody xor of some random bits against a
> : message. How can that possibly be less secure than BICOM?
>
> To repeat David Scott's example, consider a 1 byte cyphertext message.
>
> In CTR mode it maps to one of 256 possible plaintexts.
>
> With BICOM it maps to one of *billions* of possible messages.
>
> You tell me which is more likely to be secure.
The only way BICOM (with a 128-bit block cipher) can produce a 1 byte
ciphertext with probability greater than 2^-120, is if you decrypt a
1 byte ciphertext and call the resulting junk the plaintext.
IOW, David Scott's example is of no practical relevance.
If you want to disguise the plaintext length (in CTR mode or in any
other secure mode), that is quite easy, and does not require "bijective"
encryption in the sense meant by Scott; it simply requires padding
the original plaintext.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOxu99jkCAxeYt5gVAQFurQf/XeSra2OkC79rusMKOD+NlMPKrUawC7s0
UmqkrVPAOh2x3P0qISdhlRTqnp5oL702zPSmxp2U3ga8bhcUWFSRAcnNUZAnFHB+
mP6dQ+nOoL+HdMbXL7dr93yHt2huH6EIk5v4zymnjcV8WM1WQHf4o/0YdIfi1hYp
iglaw2sMmOKD/V4u6IurVZa7UEOzLERWfAGVFj8jHaTRuzKw7v+QLpwuHPFF/dTz
ajpDrE8FJBbnsEbrKdg4BwnNIhptGX8kbaB/o7w1n6GmMLbJeP9TUSL13VjrF2Hc
5YlcL+1aUhT840F96o5JgyyLPJB+bOB+4ILyiZJ0ZJEu0bzNaDIxxA==
=lp9e
=====END PGP SIGNATURE=====
------------------------------
Date: Tue, 5 Jun 2001 08:21:59 +0200
From: Pascal Junod <[EMAIL PROTECTED]>
Subject: Re: BBS implementation
On Sat, 2 Jun 2001 [EMAIL PROTECTED] wrote:
> Where can I find some info on practical BBS implementation?
See
http://www.eskimo.com/~weidai/cryptlib.html
A+
Pascal
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Pascal Junod, [EMAIL PROTECTED] *
* Security and Cryptography Laboratory (LASEC) *
* INF 240, EPFL, CH-1015 Lausanne, Switzerland ++41 (0)21 693 76 17 *
* Place de la Gare 12, CH-1020 Renens ++41 (0)79 617 28 57 *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Keyed hash functions
Date: Mon, 4 Jun 2001 23:11:58 -0700
Mark Wooding <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tim Tyler <[EMAIL PROTECTED]> wrote:
>
> > Are such "keyed hash functions" recognised as a primitive cryptographic
> > type, distint from MACs?
>
> I believe that your idea of a `keyed hash' is attempting to capture what
> is usually referred to as a `pseudo-random function family'. A PRF
> family is suitable for use as a MAC. However, not all MACs are good
> PRFs. (Choose any MAC F; define F'(x) = F(x) || 0 -- this is trivially
> distinguishable, but is just as good a MAC as F was.)
>
> To this extent, MACs and PRFs are distinct things. However, I think
> there is a hope (rather than anything better informed) that HMAC with a
> decent hash function is a passable PRF. I suspect that there isn't a
> great deal of interest in MACs which definitely aren't PRFs.
Actually, if you take a look at UMAC or Bernstein's hash127, neither are
PRFs, but that are quite interesting as MACs.
--
poncho
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers with relation to factoring and BBS
Date: Mon, 4 Jun 2001 23:21:50 -0700
Bill Unruh <[EMAIL PROTECTED]> wrote in message
news:9fh2e2$6pb$[EMAIL PROTECTED]...
> In <9f0g0e$o10$[EMAIL PROTECTED]> "Scott Fluhrer"
<[EMAIL PROTECTED]> writes:
> ]> simply returns its input would be a "factoring algorithm".
> ]I did say I elided a lot of the details: here's a few more details: NP is
a
> ]set of decision problems (that is, problems that give a "Yes" or "No"
> ]answer), and so to turn factorization into a decision problem, one method
is
> ]to make the problem "given integers n and m, does n have any factors p
such
> ]that 1<p<m?". Now, we can see that this decision problem is obviously in
> ]NP, because a "Yes" answer can be proved by demonstrating such a p, which
> ]can be quickly (i.e. in polynomially time) be verified that is is a
factor
> ]of n, and that 1<p<m. Note that p needed be verifed to be prime, and
hence
> ]the question of whether primality testing is NP or not is irrelevant.
>
> p does not have to be verified to be a prime. A factoring algorithm
> simply needs to provide any factor, prime or composite, less than the
> number itself. Then since the same algorithm can be reapplied, one can
> eventually discover all the prime factors ( that just takes polynomial
> extra time). (of course it is possible that your "p needed be" was
> supposed to read "p need not be" in which case I am in perfect agreement
> with you.)
Oops. You are, of course, correct. I would plead that I meant to write
"Note that p need not be verified to be prime...", but my fingers obviously
weren't listening...
>
>
> ]What primality testing gives you is a way of showing that the
factorization
> ]problem is in coNP; that is, if there is no such p, then there's a short
> ]proof of that as well, by giving the complete factorization (with
primality
> ]proofs for all of the factors).
>
> As above if you have a factoring algorithm you also have a primality
> algorithm. m is prime is the test for its factors smaller than itself
> returns no factors.
Except that, (assuming that we didn't known that primality testing was in NP
by other methods), the above argument does not yield a simple proof that
primality testing is in NP. Note that we were not discussing a factoring
algorithm, but a factoring verification method (which is used to show that
factorization is in NP). The lack of such a factor does not yield a quickly
verifiable proof -- we need to look elsewhere.
--
poncho
------------------------------
From: Sergei Lewis <[EMAIL PROTECTED]>
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: Tue, 05 Jun 2001 08:34:06 +0100
Sergei Lewis wrote:
> Michael Brown wrote:
> > > I concur. What I wonder, not having studied this algorithm yet,
> > > is the rate of growth of work-per-box as the problem size is
> > > increased.
> > With a decent implementation of the algorithm (see below), the number of
> > operations per box should remain much the same (actual number of instructions
> > depends on instruction set).
> Hm. I was bored over the weekend so wrote a quick hack to naively
> implement the space-hungry reverse adder logic part of Michael's
> algorithm. It's on http://members.tripod.co.uk/Folken/f.c
> To sum up my understanding of the whole thing:
> You need O (((log n)^2)/2) space. For RSA, that's in the megabytes
> rather than the gigabytes unless I'm missing something obvious ^^;;
I was. Each bit introduced into the ripple tree generates its own ripple
of carries. So you need something closer to O((log n)^3) space, which is
also your upper bound on operations.
--
Sergei Lewis - http://members.tripod.co.uk/~Folken
"I'm not falling - this is how I fly.."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Def'n of bijection
Date: Tue, 05 Jun 2001 09:47:46 +0200
John Savard wrote:
>
> Tim Tyler <[EMAIL PROTECTED]> wrote:
>
> >A bijection that's not a permutation. It seems David Scott does not
> >restrict himself to bijections where the domain and range are equal.
>
> No, he doesn't. And there's no particular reason he needs to.
>
> Even including messages of arbitrary finite length, his domain and
> range aren't equal; he is mapping messages with arbitrary length in
> bits to messages whose length is in whole bytes.
It was long time ago that I discussed with Scott, so that
I was a bit wrong in a recent follow-up of mine. Scott is
mapping from whole bytes to whole bytes. (These are
commonly natural constraints.) A normal compression
algorithm that treats bytes as input (uncompressed) units
will in general produce an output (compressed) bit
sequence that is not on byte boundary, so that one has to
do padding. On decompression, the padding cannot be
properly decoded into valid symbols so that a problem
arises. One could have the convention that this is simply
ignored. But then, if one compresses the decompressed
stuff once again, there is the issue of not adding the
same padding, in case the material to be decompressed
is not the result of compression of an actual file but
an arbitrary bit sequence (of the same length in bytes
as the compressed result of the actual file) obtained
through applying a wrong key to decrypt a ciphertext.
(I remember that, among others, a simple but not elegant
solution to this was discussed previously. Scott's
bijective compression is supposed to offer the best
solution.) This is the phenomenon that, as far as I
understand, Scott calls 'non-bijectivity' which gives
information to the opponent that the guessed key is
wrong.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Tue, 05 Jun 2001 09:47:39 +0200
"Trevor L. Jackson, III" wrote:
>
[snip]
> The law is not what is written. The law is what is enforced.
Very true, just like a good person is not determined by
what he says he does but what he actually does. (Clothing
doesn't make the person, as a proverb says.) Notable
examples are to be found in priesters of some, if not
many, religions. In another direction, certain extremely
repressive regimes have expressedly named their countries
'democratic'. Because of the nature, secret agencies are
(trivially) difficult to be controlled, for their internal
stuffs can never be handed over to a public body for
examination. One should remember that even normal
governmental organs are very often not perfectly under
control by control bodies, e.g. in matters of finance
(possible corruptions in placing their purchasing orders,
etc.) The world is simply complex. Mafia and equivalents
abound. Often works of agents are difficult to be
distinguished from mafia, e.g. in producing traffic
accidents to kill people. Afterall, sometimes it is
even claimed that they intentionally 'infiltrate' into
mafia groups in order to fight against them, so that
such distinctions could be indeed really hard.
If everyone of the world were honest and behaved correctly,
laws would have been an absolute nonsense from the very
beginning.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
