Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #14 Sun, 10 Jun 01 11:13:01 EDT Contents: BBS question (Tom St Denis) Re: BBS question (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (SCOTT19U.ZIP_GUY) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: Shannon's definition of perfect secrecy (Tim Tyler) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: Shannon's definition of perfect secrecy (Tom St Denis) Re: Shannon's definition of perfect secrecy (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) Re: cubing modulo 2^w - 1 as a design primitive? (Mok-Kong Shen) Re: cubing modulo 2^w - 1 as a design primitive? (Tom St Denis) From: Tom St Denis [EMAIL PROTECTED] Subject: BBS question Date: Sun, 10 Jun 2001 13:08:01 GMT Nobody quite answered my original question. Let's suppose you have a blum integer (say N=7x11=77). If we pick a seed such as X=4 we get 4, 16, 25, 9, 4 as the outputs... Now for the funny part 4^2 + 16^2 + 25^2 + 9^2 = 4+16+25+9 (mod 77). So far whenever I find the cycle the sum of squares is equal to the sum of their roots. Is that universally true or just for the 6 or so cases I have tried? -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: BBS question Date: Sun, 10 Jun 2001 13:08:54 GMT Tom St Denis [EMAIL PROTECTED] wrote in message news:RiKU6.76438$[EMAIL PROTECTED]... Nobody quite answered my original question. Let's suppose you have a blum integer (say N=7x11=77). If we pick a seed such as X=4 we get 4, 16, 25, 9, 4 as the outputs... Now for the funny part 4^2 + 16^2 + 25^2 + 9^2 = 4+16+25+9 (mod 77). Arrg... Nevermind, I know why. Tom -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: cubing modulo 2^w - 1 as a design primitive? Date: Sun, 10 Jun 2001 15:30:40 +0200 Tom St Denis wrote: Tom St Denis [EMAIL PROTECTED] wrote: I was cheating on what? Sorry to be honest I kinda skim your posts. You kinda write in one long unbroken chunk. (When you're at a computer as long as I shouldn't be it looks like a mess). The book info. W.R.Scott, Professor of Mathematics, The university of Utah, Group Theory, Dover Publications Inc, New York. ISBN 0-486-65377-3 Something I want to add. It's not a bad book as far as correctness goes. Heck I can only read the first 20 pages. It's just a very bad text to LEARN from. It has a math equation to word ratio of 100:1... Cheating on what? Here is what in the thread 'Best, Strongest Algorithm (gone from any reasonable topic)' you posted on Fri, 08 Jun 2001 21:24:35 +0200: I find often the biggest problem with math papers/discussions is the lack of a good language to discuss it in. For example, my book on Group Theory I got (From Dover) only has 13 words in the entire text. The rest is vague human egyptian art work that future archeologists will look at and say this means fire, and that's water, and This can obvioulsy never be true, or else there would be an immense scandal about the publisher Dover that has a good name and whose scientific books have always been of good quality, even though to a large part outdated. (BTW, I am myself in posssesion of a Dover book on group theory!) And what you responded above is demonstrating clearly and unambigiously that you lied. (But I did intentionally give you opportunities to correct your statements in more gentle ways which you didn't take up.) Now everyone of the group clearly know who you actually are. Note you were not posting on 1st April, nor were you in a group talk.joke. Telling the untruth on oneday and accusing someone else (I think it was Scott whom you were attacking) on the very next day to be a liar, is something I consider to be really too much. We cannot let the atmosphere of the group deteriorate like that. The current atmosphere is already poor (e.g. with posts asking simple math questions which definitely properply belong to sci.math) enough in my opinion to be able to attract more people to participate in the group. M. K. Shen -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: cubing modulo 2^w - 1 as a design primitive? Date: 10 Jun 2001 13:47:48 GMT [EMAIL PROTECTED] (Mok-Kong Shen) wrote in [EMAIL PROTECTED]: Tom St Denis wrote: And what you responded above is demonstrating clearly and unambigiously that you lied. (But I did intentionally give you opportunities to correct
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #13 Sun, 28 Jan 01 07:13:01 EST Contents: Cryptography FAQ (06/10: Public Key Cryptography) ([EMAIL PROTECTED]) Cryptography FAQ (07/10: Digital Signatures) ([EMAIL PROTECTED]) Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers Subject: Cryptography FAQ (06/10: Public Key Cryptography) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: 28 Jan 2001 12:01:58 GMT Archive-name: cryptography-faq/part06 Last-modified: 94/06/07 This is the sixth of ten parts of the sci.crypt FAQ. The parts are mostly independent, but you should read the first part before the rest. We don't have the time to send out missing parts by mail, so don't ask. Notes such as ``[KAH67]'' refer to the reference list in the last part. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto, sci.answers, and news.answers every 21 days. Contents: 6.1. What is public-key cryptography? 6.2. How does public-key cryptography solve cryptography's Catch-22? 6.3. What is the role of the `trapdoor function' in public key schemes? 6.4. What is the role of the `session key' in public key schemes? 6.5. What's RSA? 6.6. Is RSA secure? 6.7. What's the difference between the RSA and Diffie-Hellman schemes? 6.8. What is `authentication' and the `key distribution problem'? 6.9. How fast can people factor numbers? 6.10. What about other public-key cryptosystems? 6.11. What is the `RSA Factoring Challenge?' 6.1. What is public-key cryptography? In a classic cryptosystem, we have encryption functions E_K and decryption functions D_K such that D_K(E_K(P)) = P for any plaintext P. In a public-key cryptosystem, E_K can be easily computed from some ``public key'' X which in turn is computed from K. X is published, so that anyone can encrypt messages. If decryption D_K cannot be easily computed from public key X without knowledge of private key K, but readily with knowledge of K, then only the person who generated K can decrypt messages. That's the essence of public-key cryptography, introduced by Diffie and Hellman in 1976. This document describes only the rudiments of public key cryptography. There is an extensive literature on security models for public-key cryptography, applications of public-key cryptography, other applications of the mathematical technology behind public-key cryptography, and so on; consult the references at the end for more refined and thorough presentations. 6.2. How does public-key cryptography solve cryptography's Catch-22? In a classic cryptosystem, if you want your friends to be able to send secret messages to you, you have to make sure nobody other than them sees the key K. In a public-key cryptosystem, you just publish X, and you don't have to worry about spies. Hence public key cryptography `solves' one of the most vexing problems of all prior cryptography: the necessity of establishing a secure channel for the exchange of the key. To establish a secure channel one uses cryptography, but private key cryptography requires a secure channel! In resolving the dilemma, public key cryptography has been considered by many to be a `revolutionary technology,' representing a breakthrough that makes routine communication encryption practical and potentially ubiquitous. 6.3. What is the role of the `trapdoor function' in public key schemes? Intrinsic to public key cryptography is a `trapdoor function' D_K with the properties that computation in one direction (encryption, E_K) is easy and in the other is virtually impossible (attack, determining P from encryption E_K(P) and public key X). Furthermore, it has the special property that the reversal of the computation (decryption, D_K) is again tractable if the private key K is known. 6.4. What is the role of the `session key' in public key schemes? In virtually all public key systems, the encryption and decryption times are very lengthy compared to other block-oriented algorithms such as DES for equivalent data sizes. Therefore in most implementations of public-key systems, a temporary, random `session key' of much smaller length than the message is generated for each message and alone encrypted by the public key algorithm. The message is actually encrypted using a faster private key algorithm with the session key. At the receiver side, the session key is decrypted using the public-key algorithms and the recovered `plaintext' key is used to decrypt the message. The session key approach blurs the distinction between `keys' and `messages' -- in the scheme, the message includes the key, and the key itself is treated as an encryptable `message
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #12 Thu, 31 Aug 00 06:13:00 EDT
Contents:
Re: QKD and The Space Shuttle (Mok-Kong Shen)
Re: Idea for creating primes (Mok-Kong Shen)
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Need help would like to learn crypto in regular way if possible formal (Mohammed
Anish ND/EHD/EIPS)
Re: PGP ADK Bug: What we expect from N.A.I. ("Rick Braddam")
Re: "Warn when encrypting to keys with an ADK" (Phil Harrison)
Re: PGP 6.5.8 test: That's NOT enough !!! (Phil Harrison)
Re: PGP 6.5.8 test: That's NOT enough !!! (Ron B.)
Re: PGP ADK Bug: What we expect from N.A.I. ("Michel Bouissou")
Re: I need ADK tampered key that PGP will not detect ADK, on it ... ("Michel
Bouissou")
From: Mok-Kong Shen [EMAIL PROTECTED]
Crossposted-To: sci.space.shuttle,talk.politics.crypto
Subject: Re: QKD and The Space Shuttle
Date: Thu, 31 Aug 2000 10:28:49 +0200
David A Molnar wrote:
[snip]
The problem with all of these protocols is that if an adversary can
replace the random beacon with his own source, all bets are off.
So some people would *like* to see a satellite in the sky broadcasting
random bits to the world. There will still be issues with ground-side
jamming and with authentication of the satellite, though, which are
not yet fully ironed out (at least not that I've seen).
Isn't the trouble in principle the same with certification
where one needs some trust/belief on a third party, in
other words there is some non-objectivity that can NEVER
be entirely disposed of?
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Idea for creating primes
Date: Thu, 31 Aug 2000 10:28:54 +0200
Scott Fluhrer wrote:
Simple: 2 is a factor of p-1, so start there, at k=(p-1)/2. And, with that
k, if g^k mod p is anything other than 1 or -1, we know (Fermat's Little
Theorem) that p wasn't prime. Most composites will fail that test, and that
test is approximately as expensive as running a single iteration of
Miller-Rabin.
If g^((p-1)/2) mod p is -1 and g^(p-1) mod p is 1, one has
to do further tests as stated in the original post. Eventually
these may fail either because g is the wrong one or because p
is not prime. Do you happen to have references showing how
small/big these (non-productive) efforts are (in particular
with respect to an arbitrary p of the sort considered here
which can be prime or composite)? Thanks.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be
Date: Thu, 31 Aug 2000 10:29:07 +0200
qun ying wrote:
There are 2 more patents:
[snip]
Maybe all that is in the end not bad at all. If these
patents cause PK to be untimately economically uninteresting
for the users, it will give some genious minds the momentum
to invent some entirely new direction in cryptography.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be
Date: Thu, 31 Aug 2000 10:28:59 +0200
Paul Pires wrote:
Mok-Kong Shen [EMAIL PROTECTED] wrote
It's probably unlikely but on the other hand also can't be
excluded that the firms selling PK products do nothing in
the issue and simply pass the fees they'll eventually pay to
that patent holder on to the consumers. That would be bad.
Id say unlikely is mild. "When hell freezes" over is more like it.
The price a product brings is what the market will bear. If
they could increase the price without repercussions now, they
would do it now and pocket the profit without a second thought.
There is no scenario where the "payee's" are going to take
this philosophically. This Patent irritates you but it has to have
every licensee of PK pissing blood. Just this being present is
going to cost them.
They are going to see significant costs to evaluate their risk and
position regardless of any royalty payments they may or may not
have to make due to this patent.
I can only partially agree with you. The market is however
never 'rational' in my view. (Look at the stock market for
an extreme example.) If there is some 'cause', that could
cause a raise in price even much more than what really
corresponds to the actual increase in production cost,
with all firms acting thereby sort of in coorporation
rather than in competition. Now the customer who needs a
certain product has no choice but accepting the higher
price. I believe that this 'dynamic' is one of the
reasons that lead to the fact that the world frequently
Cryptography-Digest Digest #578
Cryptography-Digest Digest #578, Volume #10 Wed, 17 Nov 99 00:13:03 EST
Contents:
Re: AES cyphers leak information like sieves ("Peter K. Boucher")
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser)
Re: Codebook examples on Web? ([EMAIL PROTECTED])
Re: weak ciphers and their usage (David Wagner)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (hack)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: weak ciphers and their usage (SCOTT19U.ZIP_GUY)
Re: New Scottish Crypto System (albert)
NSA should do a cryptoanalysis of AES (albert)
Re: AES cyphers leak information like sieves (Bill Unruh)
Re: AES cyphers leak information like sieves (Tim Tyler)
Re: AES cyphers leak information like sieves (wtshaw)
Re: Scientific Progress and the NSA (Tim Tyler)
Re: NSA should do a cryptoanalysis of AES
Re: NSA should do a cryptoanalysis of AES (Phunda Mental)
Re: New Scottish Crypto System
Date: Tue, 16 Nov 1999 15:39:55 -0700
From: "Peter K. Boucher" [EMAIL PROTECTED]
Subject: Re: AES cyphers leak information like sieves
Tim Tyler wrote:
[snip]
I don't understand. Surely...
That's your problem right there. You come in here and presume to
lecture people without understanding what you're talking about.
I recommend more reading and less expounding on your part.
--
Peter
--
From: Coen Visser [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 16 Nov 1999 22:55:57 +
James Felling wrote:
My argument with you is that since K-Complexity is only valid in refrence to a chosen
language, the only way we can class things as random is relative to that chosen
language.
Now given strings X and Y,
It is comparitively trivial to chose languages such that complexity(X) in L and
complexity(Y) in L have any relationship that we wishthis is true even if X and Y
are sets
of strings -- we can arbitrarily dictate the realtion between any two finite
collections of
strings by apropriately choosing our language.
You are absolutely right. For finite collections
of strings we can dictate the relation depending
on the choice of representation language. I was
thinking about the total set of strings which dwarfs
any finite set we like to meddle with. But this is
all academic and doesn't contribute anything to the
discusion. So rather than try to defend my point
I agree with you.
Regards,
Coen Visser
--
From: Coen Visser [EMAIL PROTECTED]
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 16 Nov 1999 23:25:56 +
[EMAIL PROTECTED] wrote:
Coen Visser wrote:
I would think that
Kolmogorov complexity is properly defined on finite
strings: the upperbound of C(Sn) with Sn the "0"-string
of length n is log(n).
But the issue is whether an individual finite
string is compressible. In this case n has one
value so C(Sn) and log(n) are constants. The
inequality asserts the vacuous fact that two
constants differ by at most a constant.
In another post on the subject I wrestled with James Felling
(he won the match). You can say that an individual string
is compressible when you fix a representation
language/UTM. But for any specific string (or finite
set of strings) an opponent can choose another representation
in which this is not the case. This is of course not the most
interesting part of Kolmogorov complexity because the actual
values are not computable anyway.
Regards,
Coen Visser
--
From: [EMAIL PROTECTED]
Subject: Re: Codebook examples on Web?
Date: 16 Nov 1999 23:55:53 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (John Savard) wrote:
You were extremely fortunate. Dare I ask if you needed to take out a
second mortgage?
It cost UKP 7.50 - $11 or so!
It was one of a tranche of crypto documents. One, a cryptologic dictionary
was marked as US Army/Navy 'top secret cream' (1946). The NSA happily
declassified it and its on sale at Aegean Park Press.
Any thoughts on the 'codebooks revisited' item?
Keith
http://www.cix.co.uk/~klockstone
'Unwise a grave for Arthur'
-- The Black Book of Carmarthen
--
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: weak ciphers and their usage
Date: 16 Nov 1999 16:48:51 -0800
In article 80simv$ksc$[EMAIL PROTECTED],
Tom St Denis [EMAIL PROTECTED] wrote:
Ok I actually see what David Scott is saying. I can be thought. If I
send a different message with say only a part near the en
