Blind signatures with DSA/ECDSA?
Here is the blind DSA signature based on MacKenzie and Reiter, http://www.ece.cmu.edu/~reiter/papers/2001/CRYPTO.pdf, in graphical form. Recall that a DSA public key is p, q, g, y; private key x; signature on hash h is: Choose k q r = g^k mod p mod q s = rx/k + h/k mod q Output (r,s) Here is the blind signature protocol, with Alice, the recipient, on the left and Bob, the signer, on the right: Alice (recipient) Bob (signer) Choose k2 q z2 = 1/k2 mod q Send r2 = g^k2 mod p --- Choose k1 q r = r2^k1 mod p mod q Send a=E(r/k1 mod q) and b = E(h/k1 mod q) and ZKP -- Check ZKP Choose d q^5 Send c = a '*' x*z2 '+' b '*' z2 '+' E(d*q) --- s = D(c) mod q Output (r,s) Here, E() and D() represent encryption and decryption in a homomorphic encryption system like the Paillier encryption. Only Alice knows the private key, but Bob is able to multiply encrypted values by scalars (indicated by '*' above) and to add encrypted values (indicated by '+' above). ZKP sent by Alice in the 2nd step is a zero knowledge proof that the two encrypted values are known and are q^3. (Actually the values are less than q but the standard ZKP for this has some slop in it, which is OK for this purpose.) Bob operates on the two homomorphic encryptions of r/k1 and h/k1. He multiplies the first by x/k2 and the second by 1/k2 and adds them to get rx/k + h/k mod q (where k = k1*k2), exactly as required for the signature. Then he adds the large multiple of q to fully hide his secret x value. One interesting thing about this protocol is that it may escape the Chaum blind signature patent, US 4759063, for two reasons. First, the Chaum patent covers three step blinding, while this is a four step process. In the regular Chaum blind signature there is no need for the initial step where the signer sends an initial r2 value. That step is crucial here; k2 must be fresh for every signature or the signer's key is leaked. Second, the Chaum patent describes the signer's operation as performing a public key digital signature operation. This is in fact how the Chaum blind signature works; the signer does do an ordinary RSA signature operation. But in this case, the signer performs a completely different transformation, working with two homomorphically encrypted values in an unusual way. This is not a conventional digital signature operation. Therefore this type of blind signature should escape the patent. Of course the patent expires in a little over a year so it is largely moot now anyway. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Diebold knew of legal risks
http://www.oaklandtribune.com/cda/article/print/0,1674,82%257E1865%257E2095811,00.html Oakland Tribune Diebold knew of legal risks Attorneys warned firm that use of uncertified vote-counting software violated state law By Ian Hoffman STAFF WRITER Tuesday, April 20, 2004 - Attorneys for Diebold Election Systems Inc. warned in late November that its use of uncertified vote-counting software in Alameda County violated California election law and broke its $12.7 million contract with Alameda County. Soon after, a review of internal legal memos obtained by the Oakland Tribune shows Diebold's attorneys at the Los Angeles office of Jones Day realized the McKinney, Texas-based firm also faced a threat of criminal charges and exile from California elections. Yet despite warnings from the state's chief elections officer, Diebold continued fielding poorly tested, faulty software and hardware in at least two of California's largest urban counties during the Super Tuesday primary, when e-voting temporarily broke down and voters were turned away at the polls. Other documentation obtained by the Tribune shows that the latest approved versions of Diebold's vote-counting software in this state cast doubt on the firm's claims elsewhere that it has fixed multiple security vulnerabilities unearthed in the last year. In California those issues can be addressed, said Diebold spokesman David Bear. They were addressed in Maryland, and they could be changed in California. California elections officials said they are perplexed that Diebold apparently hasn't changed practices since a December audit revealed uncertified software running in every county that it serves. Diebold may suffer from gross incompetence, gross negligence. I don't know whether there's any malevolence involved, said a senior California elections official who spoke on condition of anonymity. I don't know why they've acted the way they've acted and the way they're continuing to act. Notwithstanding their rhetoric, they have not learned any lessons in terms of dealing with this secretary (of state). The memos show that for months, Diebold attorneys at Jones Day have been exploring ways to keep the nation's second-largest electronic voting provider from losing an eighth of the national market. Jones Day partner Daniel D. McMillan declined to comment on the content of the documents except to confirm they were internal papers from his office. He warned against drawing conclusions from the firm's memos. Diebold's legal team appears to have been exploring whether California Secretary of State Kevin Shelley has the power to investigate the company's practices. The memos reflect an argument that the regulations by which California approves voting equipment for elections may never have been properly codified and are unenforceable. Diebold's Bear said his company is cooperating with Shelley's office. I've been working with the SOS and we're hopeful we can move forward and the advantages of electronic voting can be continued to be offered to the citizens of California, he said. We will continue to work with state and local elections officials to address any and all elections issues. The law firm's memos reflect a corporate defense firm on a $500,000-a-month campaign to protect Diebold. It is a critical moment for Diebold, for electronic voting in California and for at least some of the 19 counties statewide that purchased Diebold voting systems for more than $50 million. On Wednesday, state elections officials begin debating their advice to Shelley on whether to disallow some or all Diebold voting systems, or all touchscreen voting machines, from the November elections. What Shelley decides will be a test of state authority over makers of the computers that will determine the electoral votes in California and other states. His decision also could send some of California's largest counties -- Alameda and San Diego -- scrambling for other ways to count votes six months from now. Voting experts say the industry's factories and printing plants probably can handle the extra demand for replacement voting machines and paper ballots, given at least three months' notice. But Shelley's decision also could unleash a barrage of lawsuits that could mire orders of equipment and ballots in legal wrangling over who will pay for them. At the center of those battles will be Jones Day. The firm's internal memoranda show its attorneys considered the idea of calling a new bit of uncertified voting software experimental. State rules say local governments can use entire, experimental voting systems without state approval. The lawyers also presented California officials who were seeking documents from Diebold with sweeping confidentiality agree-ments designed to hide flaws in Diebold software as much as its intellectual property. In drafts of a Feb. 13 letter to state regulators, Diebold's attorneys declared that Diebold makes no changes to
Is there a Brands certificate reference implementation?
--- begin forwarded text Subject: Is there a Brands certificate reference implementation? From: Steve Furlong [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: 25 Apr 2004 12:14:30 -0400 Sender: [EMAIL PROTECTED] Does anyone know of a reference implementation for Stefan Brands's digital certificate scheme? Alternatively, does anyone have an email address for Brands so I can ask him myself? (I haven't gotten anything back from ZKS's contact us address. But I don't know if Brands is still at ZKS.) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Bank transfer via quantum crypto
Ivan Krstic wrote: I have to agree with Perry on this one: I simply can't see a compelling reason for the push currently being given to ridiculously overpriced implementations of what started off as a lab toy, and what offers - in all seriousness - almost no practical benefits over the proper use of conventional techniques. You are looking at QC from a scientific perspective. What is happening is not scientific, but business. There are a few background issues that need to be brought into focus. 1) The QC business is concentrated in the finance industry, not national security. Most of the fiber runs are within range. 10 miles not 100. 2) Within the finance industry, the security of links is done majorly by using private lines. Put in a private line, and call it secure because only the operator can listen in to it. 3) This model has broken down somewhat due to the arisal of open market net carriers, open colos, etc. So, even though the mindset of private telco line is secure is still prevalent, the access to those lines is much wider than thought. 4) there is eavesdropping going on. This is clear, although it is difficult to find confirmable evidence on it or any stats: Security forces in the US discovered an illegally installed fiber eavesdropping device in Verizons optical network. It was placed at a mutual fund company..shortly before the release of their quarterly numbers Wolf Report March, 2003 (some PDF that google knows about.) These things are known as vampire taps. Anecdotal evidence suggests that it is widespread, if not exactly rampant. That is, there are dozens or maybe hundreds of people capable of setting up vampire taps. And, this would suggest maybe dozens or hundreds of taps in place. The vampires are not exactly cooperating with hard information, of course. 5) What's in it for them? That part is all too clear. The vampire taps are placed on funds managers to see what they are up to. When the vulnerabilities are revealed over the fibre, the attacker can put in trades that take advantage. In such a case, the profit from each single trade might be in the order of a million (plus or minus a wide range). 6) I have not as yet seen any suggestion that an *active* attack is taking place on the fibres, so far, this is simply a listening attack. The use of the information happens elsewhere, some batch of trades gets initiated over other means. 7) Finally, another thing to bear in mind is that the mutual funds industry is going through what is likely to be the biggest scandal ever. Fines to date are at 1.7bn, and it's only just started. This is bigger than SL, and LTCM, but as the press does not understand it, they have not presented it as such. The suggested assumption to draw from this is that the mutual funds are *easy* to game, and are being gamed in very many and various fashions. A vampire tap is just one way amongst many that are going on. So, in the presence of quite open use of open lines, and in the presence of quite frequent attacking on mutual funds and the like in order to game their systems (endemic), the question has arisen how to secure the lines. Hence, quantum cryptogtaphy. Cryptographers and engineers will recognise that this is a pure FUD play. But, QC is cool, and only cool sells. The business circumstances are ripe for a big cool play that eases the fears of funds that their info is being collected with impunity. It shows them doing something. Where we are now is the start of a new hype cycle. This is to be expected, as the prior hype cycle(s) have passed. PKI has flopped and is now known in the customer base (finance industry and government) as a disaster. But, these same customers are desparate for solutions, and as always are vulnerable to a sales pitch. QC is a technology who's time has come. Expect it to get bigger and bigger for several years, before companies work it out, and it becomes the same disputed, angry white elephant that PKI is now. If anyone is interested in a business idea, now is the time to start building boxes that do just like QC but in software at half the price. And wait for the bubble to burst. iang PS: Points 1-7 are correct AFAIK. Conclusions, beyond those points, are just how I see it, IMHO. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Cracking secrets
http://www.hinduonnet.com/thehindu/thscrip/print.pl?file=2004042600110200.htmdate=2004/04/26/prd=ew; snip... Cracking secrets A WHOLE book of secrets is what S.C. Coutinho gives in The Mathematics of Ciphers, published by Universities Press (www.orientlongman.com) . A leisurely journey, with many stops to appreciate the scenery and contemplate sites of historical interest, the author promises to reach the final destination - RSA system of cryptography. Since the work has grown out of lectures to first-year students of computer science, there is no presumption of mathematics knowledge. Cryptography is the art of disguising a message so that only its legitimate recipient can understand it. That should explain why we don't understand many election speeches. Perhaps the `twin sister' of cryptography could help, cryptoanalysis: `the art of breaking a cipher'. The most widely used public key cryptosystems is RSA, invented in 1978 by Rivest, Shamir and Adleman. Put simply, every user has a personal pair of primes that must be kept secret though the product of these primes is made public. What's the big deal, you might ask; factor the product and you would get the two prime numbers, won't you? However, if the primes have more than 100 digits each, the time and resources required to factor `n' are such that the system becomes very hard to break. This is the trapdoor of RSA - computing product is easy, not factoring. For this, the `exact computation' of computer comes handy. Greeks distinguished between logistics (the science that deals with numbered things, not numbers) and arithmetic (nature of numbers with the mind only). The book is full of stories that would make you like math and computing too. For instance, geometry originated in Egypt where the pharaoh distributed land to people in rectangular plots on which he levied an annual tax. If the Nile swept away part of the plot, the surveyors had to be called in to calculate how much land had been lost. Because the owner would be eligible for a reduced tax, proportional to the land lost. To find primes from the ocean of numbers, you can use the `sieve of Erathostenes', named after a Greek mathematician born around 284 BC. He was nicknamed `Beta' because his contemporaries believed that he hadn't reached a truly eminent position. When you apply the sieve to a list of positive integers, composite numbers pass through but primes get retained. Good read for the vacation to sharpen your numbers. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How to WASTE and want not
http://www.infoshop.org/inews/stories.php?story=04/04/25/8454965 Infoshop News - How to WASTE and want not posted by j1o2n3a4s5 on Sunday April 25 2004 @ 05:14PM PDT WASTE would have to be pretty close to what you'd come up with. WASTE provides a way for you to create secure ad hoc p2p mesh networks with little technical setup and iron clad communications via link level Blowfish encryption and authentication via RSA public key cryptography. It allows secure instant messaging, group chat, file sharing, browsing and transfer. Everything you need to get some substantive work done, not to mention students or corporate techies just needing to communicate without interference. From the software itself, WASTE is a tool that is designed to permit secure distributed collaboration and communications for small trusted groups of users. And it's back - resurrected like Lazarus in January - even after the assembled might of AOL tried to shut it down. This is how it was: Jonathan Frankel, the coding wunderkind, grunge poster child and Benevolent Dictator of Nullsoft, acquired in 1999, was behind its wildly popular free music player WinAMP (because it really whips the llama's ass). For an encore, he came up with Gnutella the p2p network of choice for quite some time. AOL ordered him to kill of the project so he came up with something even better. In a flurry of coding as artistic self expression and self-respecting hacker protest, he came up with WASTE. He GPLed it, put it online, sat back - and watched the fur fly. WASTE was an instant hit. Downloaded, dissected and analyzed across the Internet, all reports were favourable. AOL was not, however, amused, claiming it its intellectual property rights were being infringed, shut down the site, chastised Frankel and posted an online page demanding that all code downloaded from the site should be destroyed because of IP violations. Frankel left AOL over the whole issue. You have to respect the guy. But they were too late. WASTE was out in the wild, as well as example clients for windows and limited servers for BSD and OSX. It was only a short amount of time until the project re-emerged, re-implemented on sourceforge. Already a Mac OSX version 1.0 has been ported and has been available for download since September of last year. WASTE 1.4 alpha 3 hit the air April 15th. New documentation was added soon after that and 1.4 is shaping up nicely with new features. Why call it WASTE Yet another nod to coolness. WASTE is taken from Thomas Pynchon's The Crying of Lot 49 where WASTE is a renegade underground postal system operating in plain sight of the status quo undetected. The acronym itself is We Await Silent Tristero's Empire. Even the horn on a stamp icon used in the application is a nod to the stamps used by WASTE in the Pynchon story. Defiant yells from the underground are all over the program, making you wonder whether software can't be reclassified as the new legitimate form of popular dissent. Even the port WASTE uses for communications is a slap in the face of a growing repressiveness in the corporate monoculture. Port 1337 is hacker do0D speak for Leet or elite. An awful lot of subtext for a piece of software. While the project hasn't produced a huge volume of code lately, the authors state We have been experimenting with technologies to create a more feature rich program instead of releasing betas. Even now, the WASTE clients to date are eminently usable and are providing even non-technical users who understand the basic concepts a way to create secure mesh P2P networks. There's a clear wizard for key creation and a simple interface for connecting and interacting with the other members of your mesh. Version 1.4 promises even more features. If you're worried too much bandwidth might give away file trading activities you can even throttle down the bandwidth to make your traffic indistinguishable from normal encrypted network traffic. Students that have been beaten over the head by the RIAA and university administrators are now creating darknets - encrypted file sharing mesh network between themselves. Because the communications are secure, no one can tell what sort of files they're trading, or even if it is files they're trading even if they are RIAA or DMCA bloodhounds. But that's not where WASTE's true value lies. The real potential is for activist groups, not-for-profits and people who need privacy in a world becoming increasingly more hostile to their activities. Like Zimmerman's PGP before it, WASTE is another example of one of those empowering grassroots tools which provides a direct affirmation of personal freedoms, rights and the sanctity of individual privacy: a simple way for the technically unsophisticated to self-service ad hoc secure networks without a huge IT overhead and expensive hardware or software. Activists can collaborate online in a secure manner in real time without fear of eavesdropping. WASTE is a holy grail for a
The future of security
Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. Graeme - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Paying for drinks with wave br of the hand
R. A. Hettinga wrote: http://worldnetdaily.com/news/printer-friendly.asp?ARTICLE_ID=38038 WorldNetDaily Wednesday, April 14, 2004 YOUR PAPERS, PLEASE ... Paying for drinks with wave of the hand Club-goers in Spain get implanted chips for ID, payment purposes Posted: April 14, 2004 5:00 p.m. Eastern 2004.12.18: A new crime is sweeping the nation. Criminals everywhere are now cloning implanted chips of passerby well to do rich. Some have been caught hiding outside the bushes of the rich with a high powered RFID transponder, waiting for their victims to drive by. Congress has been presented with a bill outlawing all RFID readers, except by store owners. 2005.03.22: In the news today, actress Jennifer Lopez has been found dead in a dumpster near a shady street with her hand severed. Her American Express implant chip records show that unscrupulous fiends have ran up several million dollars in bar tabs all over downtown Los Angeles, and several large money wire transfers to Saudi Arabia, Afghanistan, and Iran. Ms. Lopez apparently instructed AMEX to remove all her daily spending limits on her credit chip after her chip refused her intended purchases at her local Porsche dealer. A recorded conversation with AMEX customer support reveals she believe it cramped her style. The FBI is searching for her killers. Special Agent Tom Jones said that no further information will be made available at this time, as that the FBI does not wish to comment on an ongoing investigation since it may aid the perpetrators, and that citizens should switch to cash immediately. Random J. Citizen on the street commented: 'Well, what do you expect? Congress Outlawed RFID readers, and now the thugs have resorted to chopping off hands.' Meanwhile thousands of implanted citizens are suing American Express for refusing to allow removal of their credit card chips, some demanding billions of dollars for their severed hands. 2006.03.23: In an unsurprising move today, CEO Jim Jones of American Express Corporation has stepped down after his company recently filed for Chapter 11 protection after Visa Corporation backed out of purchase negotiations. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Certicom Announces Elliptic Curve Cryptography Challenge Winner
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=SVBIZINK3.storySTORY=/www/story/04-27-2004/0002160357EDATE=TUE+Apr+27+2004,+07:08+AM Silicon Valley Biz Ink :: The voice of the valley economy April 27, 2004 Computers/Electronics News Press release distributed by PR Newswire Certicom Announces Elliptic Curve Cryptography Challenge Winner back Solution required team of mathematicians, 2600 computers and 17 months MISSISSAUGA, ON, April 27 /PRNewswire-FirstCall/ - Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that Chris Monico, an assistant professor at Texas Tech University, and his team of mathematicians have successfully solved the Certicom Elliptic Curve Cryptography (ECC)2-109 Challenge. The effort required 2600 computers and took 17 months. For comparison purposes, the gross CPU time used would be roughly equivalent to that of an Athlon XP 3200+ working nonstop for about 1200 years. Monico also led the team that won the ECCp-109 Certicom challenge in 2002. Although the same key length, this challenge was solved over a field of characteristic 2 rather than a prime field. For those people concerned about data security, this announcement is good news. The key solved in this challenge is well below the strength of commercial standards used by Certicom and many others today, which is ECC 163 or higher. In fact, it would be approximately one hundred million times harder to solve ECC 163. Why participate in the challenge? I think public-key cryptography based on ECC is what we should and will be moving toward, said Monico. And besides, the fact that this is likely the last of the ECC challenges to be solved in the next few years was a big motivator. The only way to get at the 130-bit level challenges are by a combination of Moore's law (wait around for computers to get faster) and gathering more computers. Personally, I think it's unlikely to happen soon. In addition to the professional incentives, Monico and his team will receive a US $10,000 prize for solving the challenge. Certicom introduced the ECC Challenge in November 1997. It was developed to increase industry understanding and appreciation for the difficulty of the elliptic curve discrete logarithm problem, and to encourage and stimulate further research in the security analysis of elliptic curve cryptosystems. There are three challenge levels: Exercises; Level I, comprising 109-bit and 131-bit challenges; and Level II comprising 163-bit, 191-bit and 359-bit challenges. The Exercises and the 109-bit challenges are considered feasible and could be solved in a matter of months, while the 131-bit challenges would require significantly more resources to solve as they are 2000 times more difficult than the 109-bit challenges. All Level II challenges are believed to be computationally infeasible. I would like to take this opportunity to congratulate Chris Monico and his team for the great effort. It is our hope that the knowledge and experience gained from the challenge will help show how difficult it is to break an ECC key, even at a relatively small bit length, said Dr. Scott Vanstone, founder and executive vice-president, strategic technology at Certicom. ECC is considered a next generation public-key technology that is here today. The NSA demonstrated their trust in the strength of these systems when recently they licensed some of our ECC technology to secure mission critical information. Certicom is a pioneer in researching and developing ECC. It is a computationally efficient form of cryptography that offers equivalent security to other competing public-key technologies but with much smaller key sizes. Because of its efficient size, it is especially well suited for mobile devices, mobile middleware, and industrial equipment requiring long battery life. It's even used in digital postage marks. In 1997, Certicom developed the industry's first toolkit to include ECC which has since been adopted by over 300 organizations. Security Builder Crypto, a cross-platform cryptographic toolkit, includes standards-based ECC implementations that are optimized for size and performance on over 30 platforms. Through its Intellectual Property Licensing Program, Certicom provides licenses to organizations that have implemented or want to implement the technologies covered in Certicom's extensive patent portfolio. About Certicom Certicom Corp. (TSX:CIC) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government's National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion,
Mathematicians From Around the World Collaborate to Solve Latest RSA Factoring Challenge
Duelling crypto-crack press-releases this morning. Ford vs. GM, er, Certicom vs. RSA... Cheers, RAH --- http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=SVBIZINK3.storySTORY=/www/story/04-27-2004/0002160593EDATE=TUE+Apr+27+2004,+09:00+AM Silicon Valley Biz Ink :: The voice of the valley economy April 27, 2004 Computers/Electronics News Press release distributed by PR Newswire Mathematicians From Around the World Collaborate to Solve Latest RSA Factoring Challenge back Contest provides practical gauge of current cryptographic research and encourages development of higher standards of security for organizations BEDFORD, Mass., April 27 /PRNewswire-FirstCall/ -- RSA Laboratories, the research center of RSA Security Inc. (Nasdaq: RSAS) today announced that a team from the Scientific Computing Institute and the Pure Mathematics Institute in Germany, along with the National Research Institute for Mathematics and Computer Science in the Netherlands and several other organizations, has solved the RSA-576 Factoring Challenge. The worldwide team of eight solved the challenge using approximately 100 workstations in a little more than three months, and earned a cash prize of $10,000 from RSA Security for their efforts. Originally started in 1991 and relaunched with its current set of challenge numbers in 2001, RSA Laboratories' Factoring Challenge was established to encourage research into computational number theory and the practical difficulty of factoring large integers. The information received during these challenges is a valuable resource to the cryptographic community and can be helpful for organizations in choosing appropriate cryptographic measures for a desired level of security, said Burt Kaliski, chief scientist and director at RSA Laboratories. To solve the factoring challenge, the consortium leveraged resources from around the world, including hardware from the Experimental Mathematics Institute in Essen, Germany, from the Bundesamt fur Sicherheit in der Informationstechnologie (BSI), and experts from the Number Field Sieve network of mathematicians throughout Canada, the United States and the United Kingdom. The factoring of RSA-576 was completed using the general number field sieve factoring algorithm (GNFS) to gather data, find dependencies among the data and ultimately leverage those dependencies to factor the number. I'm very proud of all these individuals from around the world and their efforts to solve this first factoring challenge, said Jens Franke of the Pure Mathematics Institute at Bonn University. The collaborative efforts of everyone involved in this accomplishment are indicative of the achievements in mathematics, and cryptography on a greater scale, that can be realized and applied to protect the data of businesses around the world. We are excited to continue working on such projects that will assist in cryptographic research to build stronger algorithms in an effort to ensure the integrity of sensitive corporate information. RSA Laboratories sponsors a series of cryptographic challenges that allow individuals or groups to attempt to solve various encryption puzzles for cash prizes. The RSA-576 Factoring Challenge is one of a series of factoring challenges set forth by the research arm of RSA Security to determine the difficulty of customizing algorithms for factoring and assessing the strength of larger key sizes. RSA-576 is a smaller-scale example of the types of cryptographic keys that are recommended to secure Internet and wireless transactions. Typical keys are at least 1024 bits (310 decimal digits); RSA-576 is 576 bits (174 decimal digits). Larger numbers are considered to provide significantly greater security. The next challenge number in the series is RSA-640. RSA Security extends our congratulations to the team for their efforts, said Kaliski. This challenge demonstrates how the work of a few can have a broad impact on the development of the critical nature of cryptography. Their work reflects the kind of expertise and resources needed to factor large numbers. Such challenges are designed to track the evolution of cryptographic research and ensure businesses are protecting their intellectual property and critical data with the right levels of security. About RSA Security Inc. RSA Security Inc. helps organizations protect private information and manage the identities of people and applications accessing and exchanging that information. RSA Security's portfolio of solutions -- including identity access management, secure mobile remote access, secure enterprise access and secure transactions -- are all designed to provide the most seamless e- security experience in the market. Our strong reputation is built on our history of ingenuity, leadership, proven technologies and our more than 14,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA
[Politech] A criticism of Gmail and a call for encryption everywhere [priv]
--- begin forwarded text Date: Tue, 27 Apr 2004 12:33:54 -0400 From: Declan McCullagh [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 0.5 (Macintosh/20040208) To: [EMAIL PROTECTED] Subject: [Politech] A criticism of Gmail and a call for encryption everywhere [priv] List-Id: Declan McCullagh's politics and technology mailing list politech.politechbot.com List-Archive: http://politechbot.com/pipermail/politech List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://politechbot.com/mailman/listinfo/politech, mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Original Message Subject: Opposing view of Gmail issues (Cypherpunk tie in) Date: Sun, 25 Apr 2004 13:11:53 -0500 (CDT) From: J.A. Terranson [EMAIL PROTECTED] To: Declan McCullagh [EMAIL PROTECTED] References: [EMAIL PROTECTED] Good Afternoon Declan, As with much of the online community, I have been discussing this topic since it was announced by Google, and until recently, I was also of the opinion that this was a simple contractual choice between the user of Gmail and Google. My opinion was altered by a gentleman in England, who used the following story to illustrate his point: When Google released their toolbar, he, like most of us, installed it. What was different was that he installed it with all of the advanced features (including the tracking options, which Google goes out of their way to make crystal clear *is* tracking software). He reasoning was similar to the thoughts you expressed below: he had nothing to hide, he believed Google really was stripping identity data from their observations of his browsing habits, and he did not mind having them watch. One day he had a firewall issue when trying to retrieve a file, and the person who was hosting it offered to put it on a private (i.e., unlinked) page for him to grab over HTTP. He accepted, downloaded the document, and promptly forgot about it - until this document, which had extremely personal information on it (personal to the person *hosting* it, not the person retrieving it) showed up on Google a short time later. You see, the toolbar had seen him go to a web page that Google did not have, and so they indexed it right away. Without meaning to, the user of the toolbar had helped Google to violate the privacy of the person who went out of his way to keep this document private. This person knew nothing of the toolbar, and had no agreement with Google, yet he became the unwilling participant in Google's web cache. The senders of email to users of Gmail are in the very same position as our friend above: they know nothing of the agreement, they are not participants in the Gmail program - they have never agreed to allow a third party to access *their* private thoughts and utterances, yet they too are caught in the middle. As much as it goes against my gut reaction, I must admit that Gmail has some very serious privacy implications, some of which almost definitely fall under EU privacy laws. The ultimate solution to the problem is close to what was suggested in the essay below: encryption. But not by Google. Encryption by the senders. The Cypherpunk cries of Encryption Everywhere lands smack dab in the middle of the plate here - email stays private, regardless of Google indexing, government snooping, or end user negligence. Pity that people will spend thousands of hours, and millions of dollars arguing over the best way to protect us from ourselves, but that we won't spend five minutes learning to use a simple encryption system that could completely erase these very issues. Yours, Alif Terranson [EMAIL PROTECTED] On Thu, 22 Apr 2004, Declan McCullagh wrote: [It seems to me that Brad is being kind here by not denouncing the privacy fundamentalists for trying to ban Google's Gmail in its current form. It is true that there are potential costs of using Gmail for email storage (just as there are costs of using your own laptop for that purpose). The question is whether consumers should have the right to make that choice and balance the tradeoffs, or whether it will be preemptively denied to them by privacy fundamentalists out to deny consumers that choice. --Declan] ___ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe
Can Skype be wiretapped by the authorities?
Is something known about the details of the crypto protocol within Skype? How reliable is the encryption? See e.g. http://www.financialcryptography.com/mt/archives/76.html Can Skype be wiretapped by the authorities? With collaboration of the Skype operator? Without? Axel H Horns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
UC San Diego Engineering Professor Wins Guggenheim Fellowship
http://www.ascribe.org/cgi-bin/spew4th.pl?ascribeid=20040427.130050time=15%2000%20PDTyear=2004public=1 Tue Apr 27 15:00:10 2004 Pacific Time UC San Diego Engineering Professor Wins Guggenheim Fellowship SAN DIEGO, Calif., April 27 (AScribe Newswire) -- A computer scientist and mathematician at the University of California, San Diego has been selected for one of the most prestigious fellowships awarded to scientists, artists and scholars in the United States and Canada. Russell Impagliazzo, professor of computer science and engineering at UCSD's Jacobs School of Engineering, was appointed a Guggenheim Fellow and cited for his work on heuristics, proof complexity, and algorithmic techniques. This is an important and prestigious award that Professor Impagliazzo richly deserves, said Mohan Paturi, chair of the Computer Science and Engineering department at UCSD. The Guggenheim Fellowships are awarded to men and women who have already demonstrated exceptional capacity for productive scholarship, and that is a hallmark of Russell's work in complexity theory and cryptography. The 80th annual fellowships from the John Simon Guggenheim Memorial Foundation total $6.9 million and were awarded this year to 185 artists, scholars, and scientists selected from over 3,200 applicants. Since 1925, the Foundation has granted more than $230 million in Fellowships to over 15,500 individuals. Professor Impagliazzo specializes in computational complexity theory, notably the classification of so-called hard problems that require a prohibitive amount of time or resources to solve. His research areas include proof complexity, computational randomness, structural complexity as well as the theory and foundations of cryptography, in which he is focusing on methods to safely use less randomness. Although it is largely theoretical, Impagliazzo's work could lead to better encryption in smart cards and technologies to guarantee privacy to consumers. Impagliazzo joined the UCSD faculty after receiving his Ph.D. in mathematics from UC Berkeley in 1989. In 2003, he received two awards for contributions to the theory of pseudo-randomness and cryptography: an Outstanding Paper Award from the Society of Industrial and Applied Mathematicians; and the Best Paper Award at STOC, the top theory-of-computing conference. What distinguishes the Guggenheim Fellowship program from all others is the wide range in interest, age, geography, and institution of those it selects as it considers applications in 79 different fields from the natural sciences to the creative arts (except the performing arts). The fellowships are given on the basis of distinguished achievement in the past and exceptional promise for future accomplishment. The new Fellows include writers, painters, sculptors, photographers, film makers, choreographers, physical and biological scientists, social scientists, and scholars in the humanities. Impagliazzo is the only UCSD faculty member honored with a Guggenheim Fellowship this year. Previous winners from UCSD included mathematician Ruth Williams (2001) and physicist Terence Hwa (1999). More recently, UCSD faculty selected for the award came from the social sciences: comparative literature professor Lisa Lowe (2003), as well as historian Takashi Fujitani and new media artist Lev Manovich (both in 2002). Related Links Guggenheim Memorial Foundation: http://www.gf.org Guggenheim Fellowships News Release: http://www.gf.org/April072004.html List of 2004 Guggenheim Fellows: http://www.gf.org/newfellow.html#top Russell Impagliazzo Home Page: http://www-cse.ucsd.edu/users/russell/ UCSD Computer Science and Engineering Department: http://www.cse.ucsd.edu/index.php AScribe Newswire distributes news from nonprofit and public sector organizations. We provide direct, immediate access to mainstream national media for 600 colleges, universities, medical centers, public-policy groups and other leading nonprofit organizations. AScribe transmits news releases directly to newsroom computer systems and desktops of major media organizations via a supremely trusted channel - The Associated Press. We also feed news to major news retrieval database services, online publications and to developers of web sites and Intranets. And AScribe does it at a cost all organizations, large and small, can afford, a fraction of what corporate newswires charge. Click here to see how we do it AScribe Newswire / www.ascribe.org / 510-653-9400 -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall
[Publicity-list] DIMACS Workshop on Security Analysis of Protocols
* DIMACS Workshop on Security Analysis of Protocols June 7 - 9, 2004 DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ Organizers: John Mitchell, Stanford, [EMAIL PROTECTED] Ran Canetti, IBM Watson, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The analysis of cryptographic protocols is a fundamental and challenging area of network security research. Traditionally, there have been two main approaches. One is the logic approach aimed at developing automated tools for the formal verification of protocols. The other is the computational or complexity-theoretic approach that characterizes protocol security as a set of computational tasks and proves protocol security via reduction to the strength of the underlying cryptographic functions. Although these two lines of work share a common goal, there has been little commonality between them until the last year or two. The goal of this workshop is to promote work on security analysis of protocols and provide a forum for cooperative research combining the logical and complexity-based approaches. The workshop will include tutorials on the basics of each approach and will allow researchers from both communities to talk about their current work. Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. TOPICS * - Analysis methods involving computational complexity * - Game-theoretic approaches * - Methods based on logic and symbolic computation * - Probabilistic methods * - Model checking and symbolic search * - Formal proof systems * - Decision procedures and lower bounds * - Anything else that sounds like a great idea ** Participation: Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. The workshop will be open to the public. If you'd like to give a presentation, please send a title and abstract to the organizers by May 15, 2004. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. ** Registration Fees: (Pre-registration deadline: May 28, 2004) Please see website for information on registration. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Protocols/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]