Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #14 Sun, 10 Jun 01 11:13:01 EDT Contents: BBS question (Tom St Denis) Re: BBS question (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (SCOTT19U.ZIP_GUY) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: Shannon's definition of perfect secrecy (Tim Tyler) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: Shannon's definition of perfect secrecy (Tom St Denis) Re: Shannon's definition of perfect secrecy (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) From: Tom St Denis [EMAIL PROTECTED] Subject: BBS question Date: Sun, 10 Jun 2001 13:08:01 GMT Nobody quite answered my original question. Let's suppose you have a blum integer (say N=7x11=77). If we pick a seed such as X=4 we get 4, 16, 25, 9, 4 as the outputs... Now for the funny part 4^2 + 16^2 + 25^2 + 9^2 = 4+16+25+9 (mod 77). So far whenever I find the cycle the sum of squares is equal to the sum of their roots. Is that universally true or just for the 6 or so cases I have tried? -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: BBS question Date: Sun, 10 Jun 2001 13:08:54 GMT Tom St Denis [EMAIL PROTECTED] wrote in message news:RiKU6.76438$[EMAIL PROTECTED]... Nobody quite answered my original question. Let's suppose you have a blum integer (say N=7x11=77). If we pick a seed such as X=4 we get 4, 16, 25, 9, 4 as the outputs... Now for the funny part 4^2 + 16^2 + 25^2 + 9^2 = 4+16+25+9 (mod 77). Arrg... Nevermind, I know why. Tom -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: cubing modulo 2^w - 1 as a design primitive? Date: Sun, 10 Jun 2001 15:30:40 +0200 Tom St Denis wrote: Tom St Denis [EMAIL PROTECTED] wrote: I was cheating on what? Sorry to be honest I kinda skim your posts. You kinda write in one long unbroken chunk. (When you're at a computer as long as I shouldn't be it looks like a mess). The book info. W.R.Scott, Professor of Mathematics, The university of Utah, Group Theory, Dover Publications Inc, New York. ISBN 0-486-65377-3 Something I want to add. It's not a bad book as far as correctness goes. Heck I can only read the first 20 pages. It's just a very bad text to LEARN from. It has a math equation to word ratio of 100:1... Cheating on what? Here is what in the thread 'Best, Strongest Algorithm (gone from any reasonable topic)' you posted on Fri, 08 Jun 2001 21:24:35 +0200: I find often the biggest problem with math papers/discussions is the lack of a good language to discuss it in. For example, my book on Group Theory I got (From Dover) only has 13 words in the entire text. The rest is vague human egyptian art work that future archeologists will look at and say this means fire, and that's water, and This can obvioulsy never be true, or else there would be an immense scandal about the publisher Dover that has a good name and whose scientific books have always been of good quality, even though to a large part outdated. (BTW, I am myself in posssesion of a Dover book on group theory!) And what you responded above is demonstrating clearly and unambigiously that you lied. (But I did intentionally give you opportunities to correct your statements in more gentle ways which you didn't take up.) Now everyone of the group clearly know who you actually are. Note you were not posting on 1st April, nor were you in a group talk.joke. Telling the untruth on oneday and accusing someone else (I think it was Scott whom you were attacking) on the very next day to be a liar, is something I consider to be really too much. We cannot let the atmosphere of the group deteriorate like that. The current atmosphere is already poor (e.g. with posts asking simple math questions which definitely properply belong to sci.math) enough in my opinion to be able to attract more people to participate in the group. M. K. Shen -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: cubing modulo 2^w - 1 as a design primitive? Date: 10 Jun 2001 13:47:48 GMT [EMAIL PROTECTED] (Mok-Kong Shen) wrote in [EMAIL PROTECTED]: Tom St Denis wrote: And what you responded above is demonstrating clearly and unambigiously that you lied. (But I did intentionally give you opportunities to correct
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #13 Sun, 28 Jan 01 07:13:01 EST Contents: Cryptography FAQ (06/10: Public Key Cryptography) ([EMAIL PROTECTED]) Cryptography FAQ (07/10: Digital Signatures) ([EMAIL PROTECTED]) Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (06/10: Public Key Cryptography) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 28 Jan 2001 12:01:58 GMT Archive-name: cryptography-faq/part06 Last-modified: 94/06/07 This is the sixth of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read the first part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. Contents: 6.1. What is public-key cryptography? 6.2. How does public-key cryptography solve cryptography's Catch-22? 6.3. What is the role of the `trapdoor function' in public key schemes? 6.4. What is the role of the `session key' in public key schemes? 6.5. What's RSA? 6.6. Is RSA secure? 6.7. What's the difference between the RSA and Diffie-Hellman schemes? 6.8. What is `authentication' and the `key distribution problem'? 6.9. How fast can people factor numbers? 6.10. What about other public-key cryptosystems? 6.11. What is the `RSA Factoring Challenge?' 6.1. What is public-key cryptography? In a classic cryptosystem, we have encryption functions E_K and decryption functions D_K such that D_K(E_K(P)) = P for any plaintext P. In a public-key cryptosystem, E_K can be easily computed from some ``public key'' X which in turn is computed from K. X is published, so that anyone can encrypt messages. If decryption D_K cannot be easily computed from public key X without knowledge of private key K, but readily with knowledge of K, then only the person who generated K can decrypt messages. That's the essence of public-key cryptography, introduced by Diffie and Hellman in 1976. This document describes only the rudiments of public key cryptography. There is an extensive literature on security models for public-key cryptography, applications of public-key cryptography, other applications of the mathematical technology behind public-key cryptography, and so on; consult the references at the end for more refined and thorough presentations. 6.2. How does public-key cryptography solve cryptography's Catch-22? In a classic cryptosystem, if you want your friends to be able to send secret messages to you, you have to make sure nobody other than them sees the key K. In a public-key cryptosystem, you just publish X, and you don't have to worry about spies. Hence public key cryptography `solves' one of the most vexing problems of all prior cryptography: the necessity of establishing a secure channel for the exchange of the key. To establish a secure channel one uses cryptography, but private key cryptography requires a secure channel! In resolving the dilemma, public key cryptography has been considered by many to be a `revolutionary technology,' representing a breakthrough that makes routine communication encryption practical and potentially ubiquitous. 6.3. What is the role of the `trapdoor function' in public key schemes? Intrinsic to public key cryptography is a `trapdoor function' D_K with the properties that computation in one direction (encryption, E_K) is easy and in the other is virtually impossible (attack, determining P from encryption E_K(P) and public key X). Furthermore, it has the special property that the reversal of the computation (decryption, D_K) is again tractable if the private key K is known. 6.4. What is the role of the `session key' in public key schemes? In virtually all public key systems, the encryption and decryption times are very lengthy compared to other block-oriented algorithms such as DES for equivalent data sizes. Therefore in most implementations of public-key systems, a temporary, random `session key' of much smaller length than the message is generated for each message and alone encrypted by the public key algorithm. The message is actually encrypted using a faster private key algorithm with the session key. At the receiver side, the session key is decrypted using the public-key algorithms and the recovered `plaintext' key is used to decrypt the message. The session key approach blurs the distinction between `keys' and `messages' -- in the scheme, the message includes the key, and the key itself is treated as an encryptable `message
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #12 Thu, 31 Aug 00 06:13:00 EDT Contents: Re: QKD and The Space Shuttle (Mok-Kong Shen) Re: Idea for creating primes (Mok-Kong Shen) Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen) Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen) Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen) Need help would like to learn crypto in regular way if possible formal (Mohammed Anish ND/EHD/EIPS) Re: PGP ADK Bug: What we expect from N.A.I. ("Rick Braddam") Re: "Warn when encrypting to keys with an ADK" (Phil Harrison) Re: PGP 6.5.8 test: That's NOT enough !!! (Phil Harrison) Re: PGP 6.5.8 test: That's NOT enough !!! (Ron B.) Re: PGP ADK Bug: What we expect from N.A.I. ("Michel Bouissou") Re: I need ADK tampered key that PGP will not detect ADK, on it ... ("Michel Bouissou") From: Mok-Kong Shen [EMAIL PROTECTED] Crossposted-To: sci.space.shuttle,talk.politics.crypto Subject: Re: QKD and The Space Shuttle Date: Thu, 31 Aug 2000 10:28:49 +0200 David A Molnar wrote: [snip] The problem with all of these protocols is that if an adversary can replace the random beacon with his own source, all bets are off. So some people would *like* to see a satellite in the sky broadcasting random bits to the world. There will still be issues with ground-side jamming and with authentication of the satellite, though, which are not yet fully ironed out (at least not that I've seen). Isn't the trouble in principle the same with certification where one needs some trust/belief on a third party, in other words there is some non-objectivity that can NEVER be entirely disposed of? M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Idea for creating primes Date: Thu, 31 Aug 2000 10:28:54 +0200 Scott Fluhrer wrote: Simple: 2 is a factor of p-1, so start there, at k=(p-1)/2. And, with that k, if g^k mod p is anything other than 1 or -1, we know (Fermat's Little Theorem) that p wasn't prime. Most composites will fail that test, and that test is approximately as expensive as running a single iteration of Miller-Rabin. If g^((p-1)/2) mod p is -1 and g^(p-1) mod p is 1, one has to do further tests as stated in the original post. Eventually these may fail either because g is the wrong one or because p is not prime. Do you happen to have references showing how small/big these (non-productive) efforts are (in particular with respect to an arbitrary p of the sort considered here which can be prime or composite)? Thanks. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be Date: Thu, 31 Aug 2000 10:29:07 +0200 qun ying wrote: There are 2 more patents: [snip] Maybe all that is in the end not bad at all. If these patents cause PK to be untimately economically uninteresting for the users, it will give some genious minds the momentum to invent some entirely new direction in cryptography. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be Date: Thu, 31 Aug 2000 10:28:59 +0200 Paul Pires wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote It's probably unlikely but on the other hand also can't be excluded that the firms selling PK products do nothing in the issue and simply pass the fees they'll eventually pay to that patent holder on to the consumers. That would be bad. Id say unlikely is mild. "When hell freezes" over is more like it. The price a product brings is what the market will bear. If they could increase the price without repercussions now, they would do it now and pocket the profit without a second thought. There is no scenario where the "payee's" are going to take this philosophically. This Patent irritates you but it has to have every licensee of PK pissing blood. Just this being present is going to cost them. They are going to see significant costs to evaluate their risk and position regardless of any royalty payments they may or may not have to make due to this patent. I can only partially agree with you. The market is however never 'rational' in my view. (Look at the stock market for an extreme example.) If there is some 'cause', that could cause a raise in price even much more than what really corresponds to the actual increase in production cost, with all firms acting thereby sort of in coorporation rather than in competition. Now the customer who needs a certain product has no choice but accepting the higher price. I believe that this 'dynamic' is one of the reasons that lead to the fact that the world frequently
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #10 Wed, 17 Nov 99 00:13:03 EST Contents: Re: AES cyphers leak information like sieves ("Peter K. Boucher") Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser) Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser) Re: Codebook examples on Web? ([EMAIL PROTECTED]) Re: weak ciphers and their usage (David Wagner) Re: Proposal: Inexpensive Method of "True Random Data" Generation (hack) Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY) Re: weak ciphers and their usage (SCOTT19U.ZIP_GUY) Re: New Scottish Crypto System (albert) NSA should do a cryptoanalysis of AES (albert) Re: AES cyphers leak information like sieves (Bill Unruh) Re: AES cyphers leak information like sieves (Tim Tyler) Re: AES cyphers leak information like sieves (wtshaw) Re: Scientific Progress and the NSA (Tim Tyler) Re: NSA should do a cryptoanalysis of AES Re: NSA should do a cryptoanalysis of AES (Phunda Mental) Re: New Scottish Crypto System Date: Tue, 16 Nov 1999 15:39:55 -0700 From: "Peter K. Boucher" [EMAIL PROTECTED] Subject: Re: AES cyphers leak information like sieves Tim Tyler wrote: [snip] I don't understand. Surely... That's your problem right there. You come in here and presume to lecture people without understanding what you're talking about. I recommend more reading and less expounding on your part. -- Peter -- From: Coen Visser [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Tue, 16 Nov 1999 22:55:57 + James Felling wrote: My argument with you is that since K-Complexity is only valid in refrence to a chosen language, the only way we can class things as random is relative to that chosen language. Now given strings X and Y, It is comparitively trivial to chose languages such that complexity(X) in L and complexity(Y) in L have any relationship that we wishthis is true even if X and Y are sets of strings -- we can arbitrarily dictate the realtion between any two finite collections of strings by apropriately choosing our language. You are absolutely right. For finite collections of strings we can dictate the relation depending on the choice of representation language. I was thinking about the total set of strings which dwarfs any finite set we like to meddle with. But this is all academic and doesn't contribute anything to the discusion. So rather than try to defend my point I agree with you. Regards, Coen Visser -- From: Coen Visser [EMAIL PROTECTED] Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Tue, 16 Nov 1999 23:25:56 + [EMAIL PROTECTED] wrote: Coen Visser wrote: I would think that Kolmogorov complexity is properly defined on finite strings: the upperbound of C(Sn) with Sn the "0"-string of length n is log(n). But the issue is whether an individual finite string is compressible. In this case n has one value so C(Sn) and log(n) are constants. The inequality asserts the vacuous fact that two constants differ by at most a constant. In another post on the subject I wrestled with James Felling (he won the match). You can say that an individual string is compressible when you fix a representation language/UTM. But for any specific string (or finite set of strings) an opponent can choose another representation in which this is not the case. This is of course not the most interesting part of Kolmogorov complexity because the actual values are not computable anyway. Regards, Coen Visser -- From: [EMAIL PROTECTED] Subject: Re: Codebook examples on Web? Date: 16 Nov 1999 23:55:53 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (John Savard) wrote: You were extremely fortunate. Dare I ask if you needed to take out a second mortgage? It cost UKP 7.50 - $11 or so! It was one of a tranche of crypto documents. One, a cryptologic dictionary was marked as US Army/Navy 'top secret cream' (1946). The NSA happily declassified it and its on sale at Aegean Park Press. Any thoughts on the 'codebooks revisited' item? Keith http://www.cix.co.uk/~klockstone 'Unwise a grave for Arthur' -- The Black Book of Carmarthen -- From: [EMAIL PROTECTED] (David Wagner) Subject: Re: weak ciphers and their usage Date: 16 Nov 1999 16:48:51 -0800 In article 80simv$ksc$[EMAIL PROTECTED], Tom St Denis [EMAIL PROTECTED] wrote: Ok I actually see what David Scott is saying. I can be thought. If I send a different message with say only a part near the en