### Re: MD6 withdrawn from SHA-3 competition

, how many candidates have offered such a proof, in variants fast enough to beat SHA-2? Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

### Re: AES-GMAC as a hash

the polynomial variable is secret, it is based on the key. So you don't know how things are being combined. But with a known key and IV, there would be no security at all. It would be linear like a CRC. Hal Finney - The Cryptography

### Re: Question about Shamir secret sharing scheme

whether S is even or odd, defeating the privacy of the scheme. Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

### Re: MD6 withdrawn from SHA-3 competition

At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many candidates have offered

### Re: Shamir secret sharing and information theoretic security

possible v value. Learning a share tells you nothing about v, and in general Shamir sharing, learning all but one of the needed shares similarly tells you nothing about the secret. Hal Finney - The Cryptography Mailing List

### Re: SHA-1 in 2**52

paths with a maximum number of auxiliary paths. (Rather than, we are abandoning our search for more differential paths and working to try to find a real collision using this one. ;) Hal Finney - The Cryptography Mailing List

### Re: Certainty

message attack to find details, or read: www.di.ens.fr/~bouillaguet/pub/SAC2009.pdf slides (not too informative): http://rump2009.cr.yp.to/ccbe0b9600bfd9f7f5f62ae1d5e915c8.pdf Hal Finney - The Cryptography Mailing List Unsubscribe

### Re: Bitcoin v0.1 released

h...@finney.org (Hal Finney) on Saturday, January 24, 2009 wrote: Countermeasures by botnet operators would include moderating their take, perhaps only stealing 10% of the productive capacity of invaded computers, so that their owners would be unlikely to notice. This kind of thinking quickly

### Re: Popular explanation of fully homomorphic encryption wanted

On Tue, Jun 16, 2009 at 09:31:36AM -0700, Hal Finney wrote: Udhay Shankar N quotes wikipedia: The question was finally resolved in 2009 with the development of the first true fully homomorphic cryptosystem. The scheme, constructed by Craig Gentry, employs lattice based encryption and allows

### Re: MD6 withdrawn from SHA-3 competition

At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many candidates have offered

### Re: Certainty

h...@finney.org (Hal Finney) writes: Paul Hoffman wrote: Getting a straight answer on whether or not the recent preimage work is actually related to the earlier collision work would be useful. [...] There was an amusing demo at the rump session though of a different kind of preimage

### Re: Bitcoin v0.1 released

like 100 million to 1! Even if the odds of Bitcoin succeeding to this degree are slim, are they really 100 million to one against? Something to think about... Hal - The Cryptography Mailing List Unsubscribe by sending unsubscribe

### Ultimate limits to computation

11:04:15 -0700 (PDT) From: h...@finney.org (Hal Finney) Subject: Re: On what the NSA does with its tech MV writes: Yes. They can't break a 128 bit key. That's obvious. (if all the atoms in the universe were computers... goes the argument). Not necessarily, if nanotechnology works. 128 bits

### Small-key DSA variant

. But it could still probably be smaller than for even ECDSA keys. Anyway, that's the concept. Does anyone recognize it? Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

### MD5 considered harmful today, SHA-1 considered harmful tomorrow

On Tue, 2008-12-30 at 11:51 -0800, Hal Finney wrote: Therefore the highest priority should be for the six bad CAs to change their procedures, at least start using random serial numbers and move rapidly to SHA1. As long as this happens before Eurocrypt or whenever the results end up being

### Re: Bitcoin v0.1 released

Hal Finney wrote: * Spammer botnets could burn through pay-per-send email filters trivially If POW tokens do become useful, and especially if they become money, machines will no longer sit idle. Users will expect their computers to be earning them money (assuming the reward is greater

### Re: MD6 withdrawn from SHA-3 competition

On Sat, 2009-07-04 at 10:39 -0700, Hal Finney wrote: Rivest: Thus, while MD6 appears to be a robust and secure cryptographic hash algorithm, and has much merit for multi-core processors, our inability to provide a proof of security for a reduced-round (and possibly tweaked

### Re: MD6 withdrawn from SHA-3 competition

Paul Hoffman wrote: At 10:39 AM -0700 7/4/09, Hal Finney wrote: But how many other hash function candidates would also be excluded if such a stringent criterion were applied? Or turning it around, if NIST demanded a proof of immunity to differential attacks as Rivest proposed, how many

### Re: Zooko's semi-private keys

On Jul 21, 2009, at 3:11 PM, Hal Finney wrote: The first is equivalent to: knowing g^(xy) is it impossible to deduce g^x, where y = H(g^x). Define Y = g^x, then y = H(Y) and g^(xy) = Y^H(Y). The question is then: Given Y^H(Y) can we deduce Y? To make a simple observation: H matters. If H

### Re: AES-GMAC as a hash

Hal Finney wrote: Darren J Moffat darren.mof...@sun.com asks: Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The key input to AES-GMAC would be something well known to the data and/or software. No, I

### Re: Bitcoin v0.1 released

that their owners would be unlikely to notice. This kind of thinking quickly degenerates into unreliable speculation, but it points out the difficulties of analyzing the full ramifications of a world where POW tokens are valuble. Hal Finney

### Re: Proof of Work - atmospheric carbon

remains open: is there a POW system which could be built solely on logically reversible computation? The computation has to be intrinsically time consuming, but with a short and quickly verifiable certificate of validity. Hal Finney

### Re: Popular explanation of fully homomorphic encryption wanted

so long sought. Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

### Zooko's semi-private keys

solve this - seems like a hard problem.) Hal Finney - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

### Re: Ultimate limits to computation

On Aug 11, 2009, at 2:47 PM, Hal Finney wrote: [Note subject line change] Jerry Leichter writes: Since people do keep bringing up Moore's Law in an attempt to justify larger keys our systems stronger than cryptography, it's worth keeping in mind that we are approaching fairly deep physical

### Re: MD5 considered harmful today

On Tue, 30 Dec 2008, Hal Finney wrote: - The attack relies on cryptographic advances in the state of the art for finding MD5 collisions from inputs with different prefixes. These advances are not yet being published but will presumably appear in 2009. To insert a malicious

### Re: Proof of Work - atmospheric carbon

On Jan 27, 2009, at 2:35 PM, Hal Finney wrote: John Gilmore writes: The last thing we need is to deploy a system designed to burn all available cycles, consuming electricity and generating carbon dioxide, all over the Internet, in order to produce small amounts of bitbux to get emails

### Hal Finney: Dying Outside

http://lesswrong.com/lw/1ab/dying_outside/ Less Wrong Dying Outside 59 HalFinney 05 October 2009 02:45AM A man goes in to see his doctor, and after some tests, the doctor says, I'm sorry, but you have a fatal disease. Man: That's terrible! How long have I got? Doctor: Ten. Man: Ten? What