Cryptography-Digest Digest #362
Cryptography-Digest Digest #362, Volume #13 Mon, 18 Dec 00 21:13:01 EST Contents: Re: Why primes? (Bob Silverman) Re: Q: Result of an old thread? (Mok-Kong Shen) Re: Q: Result of an old thread? (Mok-Kong Shen) Re: Result of an old thread? (Mok-Kong Shen) AES (Rijndael) DLL ("Brian Gladman") Re: Why primes? (John Savard) Re: Unguessable sequence of unique integers? (AllanW) Re: Q: Result of an old thread? (Simon Best) Bayesian Attack ("John Feth") RE: Q: Result of an old thread? ("Manuel Pancorbo") Re: Q: Result of an old thread? (Simon Best) Re: Visual Basic Source Code (AllanW) Re: Use of multiplexing (Simon Best) Python, math curriculum, RSA, Miller-Rabin... (Kirby Urner) Re: Bayesian Attack (John Savard) From: Bob Silverman [EMAIL PROTECTED] Subject: Re: Why primes? Date: Mon, 18 Dec 2000 21:15:59 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: [The irritating little gnome is back with new silly questions. :)] I've understood it that in public/private key ciphering one uses quite big prime numbers. Well, why use primes? Why can't any two quite big numbers (QBN [tm]) be used? In a nutshell. The integers modulo a prime form a cyclic group; all elements except 0 have an inverse. This is not true modulo a composite. May I suggest reading a basic primer on the subject? -- Bob Silverman "You can lead a horse's ass to knowledge, but you can't make him think" Sent via Deja.com http://www.deja.com/ -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Q: Result of an old thread? Date: Mon, 18 Dec 2000 22:45:57 +0100 Simon Best wrote: Mok-Kong Shen wrote: The message is in a singular matrix S (e.g. one with a zero column). Such as: S0,0S0,1S0,20 S1,0S1,1S1,20 S2,0S2,1S2,20 S3,0S3,1S3,20 ? Alice chooses an arbitrary non-singluar matrix A and sends AS to Bob. So, AS also has four columns, and has only 0s in the right most column... Bob chooses an arbitrary non-singular matrix B and sends ASB to Alice. ASB? Is that matrix multiplication the right way round? The column of 0s in AS will just eliminate the corresponding row of B. It'll just be like matrix multiplication with two, smaller, nonsingular matrices. Just take out the 0s columns in AS, remove the corresponding rows of B, and you can then find the inverse for the reduced AS easily. That gives you a reduced B, but this reduced B doesn't miss anything from the original B that's used in ASB or SB. Alice multiplies it with A^(-1) and sends SB to Bob, who can multiply it with B^(-1) to obtain S. And, having something that does the same job as B, I can also extract S from SB? [snip] I badly need to revise matrix stuff! Try a small example, say 2*2, and see whether what you said actually works. It would be very fine, if it indeed worked. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Q: Result of an old thread? Date: Mon, 18 Dec 2000 22:45:44 +0100 Walter Hofmann wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: If I understand you claim, your procedure is applicable to any singlular matrix, isn't it? How could this ever work? The algorithms I gave obviously works only in the situation of the proposed cipher. In that case one would be able to 'define' an inverse of any singular matrix, namely via the (supposedly unique) limit obtained from your procedure. Do you want to claim that? No, there is no connection with the algorithm I gave. You can, however, do something similar to what you proposed: Let A be a (singular) matrix over a algebraically closed field. Lets assume that the algebraic multiplicites of A equal the geometric multiplicites of A. Let A = T^-1 . D . T with a diagonal matrix D and an invertible matrix T. Let l_1, . . . , l_n be the elements on the diagonal of D. Define m_i = 1/l_i where l_i!=0 and m_i = 0 otherwise. Let D' be a diagonal matrix with the m_i on the diagonal. Define A' = T^-1 . D' . T Then A' behaves like a multiplicatice inverse of A (as far as possible). I.e. (*) A' has the same kernel as A, and for all vectors v which are not in the kernel of A the relation v=A'.A.v=A.A'.v holds. A' is uniquely determined by A and (*) (this is obvious). Let me quote a previous follow-up of yours to be sure that I understand you: So you can change the coefficiants of AS by a sufficiently small epsilon0 to get an invertible matrix, then you can calculate (AS')^-1. Go on to calculate B'=(AS')^-1.ASB then S(epsilon)=SB.B'^-1. In the limit epsilon-0 the matrix S(epsilon) will converge to S as all operations involved are continuous. You defined B'=(AS')^-1.ASB. But ASB is
Cryptography-Digest Digest #362
Cryptography-Digest Digest #362, Volume #12 Sat, 5 Aug 00 15:13:00 EDT Contents: On general encryption schemes (Mok-Kong Shen) Re: just saw a pre-release copy of Schneier's new book on ebay (Bruce Schneier) David Scott's website (SCOTT19U.ZIP_GUY) Re: Good pointers on MDS ("Peter L. Montgomery") Re: Mathématics ("Kurt Fleißig") Re: Good pointers on MDS (tomstd) Re: counter as IV? (David Hopwood) Re: OTP using BBS generator? (David Hopwood) Re: IV for arfour ("Andreas Sewe") Re: Secure Operating Systems (Mok-Kong Shen) Re: Secure Operating Systems ([EMAIL PROTECTED]) Re: Plausible Word Generation via Trigram Statistics (Mark Wooding) Re: New William Friedman Crypto Patent (filed in 1933) (Bill Unruh) Re: New William Friedman Crypto Patent (filed in 1933) (John Savard) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: On general encryption schemes Date: Sat, 05 Aug 2000 16:41:06 +0200 A ciphertext C is a transform of the plaintext according to a key and hence has the general form C=f(K,P), where f is an arbitrary invertible function and P is the 'entire' plaintext. This clearly shows that both stream encryption, operating on single bits, and block cipher, operating on groups of bits, are 'very' special cases of a general encryption. A block cipher of size n provides diffusion and confusion within the boundary of the n bits that it works on. It does not utilize the 'context' information of the rest of plaintext and thus could be regarded as wasting the available 'resources'. Some remedy of this has in fact been found in block-chaning, where the blocks are made to influence one another in some way. But this is at best sort of 'after thought' and apprently could not be the optimal way of achieving the goal of encryption processing. (The tendency of developing larger block algorithms could also be viewed in this light.) We see therefore that there can be essential advantages of treating the entire plaintext in a 'holistic' manner rather than always confining our view through a small window of n bits. On the other hand, any work done on a big real-world object is invariably composed of work done on its parts. So 'regional' operations provided by block algorithms are indeed a necessity. What is desirable 'in addition' are however global operations that cause the blocks to interact in ways that can materially contribute to the complexity that the opponent has to face. I don't have currently a good proposal to this issue but like to sketch several possibilites that I can see besides the already existing block chaining mentioned above. One possiblity is pseudo- random permutation of the computer words constituting the entire plaintext. One can namely permute, do block encryption, permute, ... etc. Another possibility is to look the whole plaintext as a single block and apply block encryption techniques to it. One can, for example, divide the plaintext into two halves and apply the Feistel method on these. A third possibility is to effect substitution on units larger than the size of the block algorithm used. One practical way of doing this is through a Hill cipher with a sufficiently large matrix. In a certain sense, dynamically varying the key of the block algorithm or its parameters or varying the block algorithm itself (or the component algorithms in case of multiple encryption) could also be considered to be global operations that are desirable. My humble knowledge doesn't allow me presently to think of more and eventually better possibilities. Your suggestions, comments and critiques would be highly appreciated. M. K. Shen == http://home.t-online.de/home/mok-kong.shen -- From: Bruce Schneier [EMAIL PROTECTED] Subject: Re: just saw a pre-release copy of Schneier's new book on ebay Date: Sat, 05 Aug 2000 09:33:49 -0500 On Sat, 05 Aug 2000 13:09:22 GMT, [EMAIL PROTECTED] (John Savard) wrote: On Sat, 05 Aug 2000 08:19:49 GMT, [EMAIL PROTECTED] (Ben Liberman) wrote, in part: I'm not a collector myself but, for anyone interested, I was wandering eBay and came across: "Signed Pre-Release Copy of Bruce Schneier's New Book: Secrets and Lies" http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItemitem=401272439 Will Bruce himself be the most interested...or, even if that copy is "pre-release", has the book itself already been released? The full title is SECRETS AND LIES: DIGITAL SECURITY IN A NETWORKED WORLD, and the book homepage is: http://www.counterpane.com/sandl.html The book has not been published yet. It should be available in bookstores by the end of the month. SECRETS AND LIES discusses computer security, and the issues surrounding computer security. It explains, in an accessible style, how different security technologies work and how they fail. It discusses