Cryptography-Digest Digest #342, Volume #9 Mon, 5 Apr 99 07:13:02 EDT
Contents:
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: FAQ (Anonymous)
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
IDEA ("Martin Thiim")
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: smartcards (was Live from the Second AES Conference) (Thirteen)
Re: Live from the Second AES Conference ("Craig Clapp")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 07:50:24 GMT
Herman Rubin wrote:
> In article <[EMAIL PROTECTED]>,
> R. Knauer <[EMAIL PROTECTED]> wrote:
> >On Sat, 03 Apr 1999 10:10:06 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
> >wrote:
> .................
> >If you are talking about a physical device then you must treat it like
> >a piece of scientific equipment and certify its performance using
> >accepted scientific techniques, including a peer-reviewd design audit
> >and diagnostic tests for each subsystem.
Please check your attributions more carefully.
I didn't say that, R. Knauer did.
------------------------------
Date: 5 Apr 1999 07:54:40 -0000
From: Anonymous <Use-Author-Address-Header@[127.1]>
Subject: Re: FAQ
Crossposted-To:
comp.unix.unixware.misc,alt.acting,list.freebsd.bugs,fr.network.internet,sci.agriculture.poultry,alt.bible.prophecy
Be certain to add *alt.prophecies.nostradamus* and any other
favorite newsgroups to the header(if not present) so I can
read your reply, and respond appropriately. Enjoy reading!
============================================================
THE HISTORICAL CALENDAR OF JESUS
The time of our Lord's Birth, Ministry, Crucifixion and
Resurrection is hereby historically identified. These
calendar dates are established by *every* scriptural-
historical and scientific evidence examined; there is no
other compendium in the world which has successfully dated
ALL of these events correctly. Be sure to read accompanying
literature for detailed analyses, with 100s of citations and
descriptions proving these dates accurate and historical:
1) Ezra left Babylon bound for Jerusalem with Artaxerxes'
decree[Ezra 7:6-9] on the Hebrew calendar date of 1 Nisan
3304, which was Tuesday, March 26, 457 BC. This "going forth"
of the decree started the prophetic clock ticking down
Daniel's 7 plus 62 weeks-of-years[49 + 434 years] to
Messiah the Prince, Jesus the Nazarene[Dan 9:24-27].
(NOTE: the seventh year of the achaemenid Persian king
Artaxerxes was counted beginning 1 Nisanu through 29 Addaru
on the Chaldean-Babylonian calendar, which was April 8, 458
BC through March 26, 457 BC by the old civil(proleptic
Julian) calendar. But this gentile king's seventh year was
counted from 1 Tishri 3304 through 29 Elul 3304 on the
ancient Hebrew civil calendar recognized by the Hebrews,
placing Ezra's 7th year for Artaxerxes precisely from
October 2, 458 BC through September 20, 457 BC.)
2) John the Baptist was born on 1 Nisan 3758, which was
Sunday, March 17, 3 BC.(NOTE: John's father, the priest
Zechariah, served in the eighth [8-day] course of Abijah,
which started on the weekly sabbath of 7 Sivan 3757, which
was June 2, 4 BC; the archangel Gabriel appeared to Zechariah
after 9 AM that same morning[Luke 1:5-25]; Pentecost was
"fully come" 9 Sivan[Acts 2:1], but various sects of the
priesthood observed this earlier. Jesus was conceived on the
first day of the sixth month of Elisabeth's pregnancy with
John[Luke 1:36]. Normal gestation to full term is 266 to 270
days, so if Jesus and John were both carried an average term
of 267 days, then John was conceived on 28 Sivan 3757, which
was Saturday, June 23, 4 BC, placing Jesus' conception in
Mary by the Holy Spirit exactly five Hebrew calendar months
plus one day[148 days] later, on 28 Cheshvan 3758, which was
Sunday, November 18, 4 BC. Note that procreation was
permitted on the weekly Sabbath[Gen 1:27-28].)
3) Jesus was born before sunrise 1 Elul 3758, which was
Monday, August 12, 3 BC.
(NOTE: this Jupiter-Venus conjunction in Leo was 4.2
arcminutes in separation. The wise men[Magi] saw Jesus' star
at its rising in the east, thus their own witness to this
conjunction near the "king star" Regulus was judicially
construed as our Messiah's true date and approximate
time of birth, 4 AM JST.)
4) Jesus was visited by the Magi on the eve of 16 Tammuz
3759[Mat 2:1-12], which was Tuesday evening, June 17, 2 BC;
Jesus was ten and a half months old at the time.
(NOTE: this near-perfect Jupiter-Venus conjunction in Leo was
six arcseconds from concentricity. When Venus is sufficiently
elongated from the Sun, and the sky is crystal-clear, Venus
can barely be seen with the naked eye in broad daylight. This
dazzling conjunction was significantly brighter than Venus
alone, thus was certainly visible in broad daylight in a
clear sky--and we know that the sky was clear by the Magi's
own testimony! Extant historical and astronomical evidences
have further proven incontrovertibly that Herod "the Great"
died within 3 weeks after the "blood red" total lunar eclipse
of Saturday, January 10, 1 BC.)
5) John the Baptist's 30th birthday was 1 Nisan 3787, which
was Thursday, March 27, 27 AD, when "the word of God came
unto John[the Baptist]"[ref. Luke 3:1-23].
(NOTE: this date was exactly four hundred eighty-three[483]
true Hebrew calendar years after the date that Ezra left
Babylon with Artaxerxes' decree to restore levitical rule
and the people to Jerusalem; this included the restoration of
government and taxation, and also "set up the walls thereof,
and joined the foundations"[Ezra 4:12]. No other kingly
decree satisfies this literal, true Hebrew calendric
chronology; John's preaching is told by all four gospels;
John the Baptist is rightly known as the Elijah of prophecy.)
6) Jesus' 30th birthday was 1 Elul 3787, which was Friday,
August 22, 27 AD. (NOTE: at age 30, Jesus eligible for priesthood and temple service.
This is why John the Baptist
asked of Jesus: "...I have need to be baptized of thee, and
comest thou to me?"[Mat 3:14]. One lunation later, i.e. one
calendar month later 1 Tishri 3788, was exactly four hundred
eighty-three[483] true Hebrew calendar years after the date
that Ezra observed his first Rosh Hashanah(1 Tishri, Day of
Trumpets, "New Year's Day") in Jerusalem, but more
importantly, that prior year of 3304[458-457 BC], was a
Jubilee Year[Lev 25:9-17ff], so the new year of 1 Tishri
3305[Sept 21, 457 BC] started Daniel's 49-year countdown
to the next Jubilee, which was 3354, clearly emphasizing
the Atonement in Christ crucified and Life Everlasting
in Christ Jesus.)
7) Jesus was baptised by his cousin John at the river Jordan
on 1 Tishri 3788, which was Saturday, September 20, 27 AD. At
One with God[John 10:30], Jesus commenced His Divine Ministry
"confirming the covenant with many"[Dan 9:27].
(NOTE: the 70th and final week of Daniel's prophecy commenced
with the preaching of John the Baptist and with the Ministry
of Jesus. Just as the Hebrew day is counted by "evening and
morning," divided by the Earth's rotation with respect to the
Sun, the Hebrew year is similarly divided by the spring and
fall equinoxes, with a "1:1" correspondence of Holy Days:
1 Nisan[New Moon]/1 Tishri[Rosh Hashanah], 10 Nisan[lamb
selected]/10 Tishri[Atonement], Feast of Unleavened Bread[15-
21 Nisan]/Tabernacles[15-21 Tishri], and so on. Gabriel's
conspicuous "dual emphasis" on John and Jesus was best
answered by John himself, at the moment Jesus was baptised:
"this is he of whom I said, After me cometh a man which is
preferred before me: for he was before me. And I knew him
not: but that he should be made manifest to Israel, therefore
am I come baptizing with water"[John 1:30-31]. And Jesus' own
words: "before Abraham was, I AM"[John 8:58], and His [own]
Angel "...I AM the root and the offspring of David...the
bright and morning star"[Rev22:16]. The prophesied Messiah of
the Old Covenant Scriptures[TaNaKh] was made flesh in Jesus.)
8) Jesus rode into Jerusalem 10 Nisan 3791, which was
Saturday, April 21, 31 AD.
(NOTE: this "Palm Sunday"[ref. Zec 9:9] was 187 calendar
weeks[3 1/2 calendar years] after His baptism.)
9) Jesus was crucified at 9 AM on the Passover, 14 Nisan
3791[Mark 15:25], which was Wednesday, April 25, 31 AD;
suffering pain-unimaginable, Jesus died shortly after 3 PM
that dark afternoon[ref. Mat 27:45-50; Mark 15:33-37; Luke
23:44-46].
(NOTE: "Messiah the Prince" had been "cut off" literally in
the "midst of the week"[Wednesday], in the midst of the
seventieth sabbatic year[ref. Dan 9:24-27], just as the
prophecy had foretold 568 years before in ancient Babylon[Dan
9:1ff]. Jesus' body was taken down from the cross near sunset
and was entombed after sunset the eve of the High Sabbath of
the Feast of Unleavened Bread[Mat 27:57; Mark 15:42; Luke
23:54; John 19:42]. The paschal lamb, the one "without
blemish, a male of the first year" was selected 10 Nisan[Exo
12]. This was the Passover meal[pesah proper] Jesus shared
with His disciples the eve of His crucifixion. The second
pascha, the afternoon [hagigah]sacrifice was starting at the
time Jesus died, from 3 to 5 that afternoon. Jesus was God's
Lamb for both Passover offerings, and His sacrifice left all
others of none effect: Jesus had literally become the
Passover, the chosen Lamb of God[John 1:29,36]. The
destruction of the temple on 15 Av 3830, which was August 10,
70 AD--not the faulty "9 Av" of Talmudic tradition--fulfilled
"he shall cause the sacrifice and the oblation to cease..."
[Dan 9:27]; this divine cause was Jesus' crucifixion nearly
40 years prior to that date.)
10) Jesus was resurrected three days and three nights[Mat
12:40] after His body was entombed, which was Saturday
evening, April 28, 31 AD, counted as Sunday, the FIRST DAY of
the Hebrew calendar week[Mat 28:1; Mark 16:2,9; Luke 24:1;
John 20:1,19]; His resurrection was discovered at sunrise[5
AM], early Sunday morning.
(NOTE: Covered by a swath cloth['Sudarium of Oviedo'], then
wrapped in linen['Shroud of Turin'], His body was sealed in a
nearby, newly-hewn stone sepulchre of the disciple Joseph of
Arimathaea[Mat 27:57-60]. Joseph, Nicodemus, Mary Magdalene
and Mary mother of Joses prepared and wrapped Jesus' body,
arranging flowers and preparing spices according to the
ancient custom as time permitted. These flower arrangements
--clearly evident in the Turin shroud--were not at first
completed that fearful evening of 15 Nisan, but were
completed on Friday following the High Sabbath, with the
final spices and ointments to be applied early Sunday
morning, but of course, that final preparation was not
to be: JESUS WAS RISEN!)
Jesus the Nazarene was 11,944 days of age
at His crucifixion. He'd lived 32 years,
36 weeks, 4 days. Now He reigns forever:
HE IS King of kings and Lord of lords!
written and published by:
Ma'aminei YHSH ha-Notsri
Copyleft 1999, no rights reserved
(presented free to the public domain)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 07:35:31 GMT
"R. Knauer" wrote:
> >That's the same requirement as for them to have Fourier transforms.
> >It's the same as requiring the system to have finite total energy.
> >This is of course not very restrictive in practice.
...
> Yes, it holds for *most* distributions. But it does not hold for
> distributions that are not square integrable.
So what? No meaningful situation is going to have infinite energy.
> >I'm sure that Triola made this point in
> >his discussion of the Chebyshev inequality.
> Triola only mentions the vague notion of a "bell shaped curve". And he
> only states Chebyshev's theorem - he does not derive it - in a problem
> at that.
You must have the "Junior Miss" version of his book (he wrote
several). He dwelt on it (in the main text) in the college-
level book we were using last summer.
> All the statistical tests in Trioli, both parametric and
> non-parametric, require the CLT to be of any use.
That's certainly not true. When are you going to bother
to learn the subject before making claims about it?
> You might want to tutor someone in Logic 101 next summer.
Sorry, I know you need it, but I have other commitments.
> >If it is supposed to output uniformly
> >random bits, and the r.v. X is the value of a generated bit, then
> >X has mean 0.5 and s.d. 0.5.
> Prove that. But be careful about your assumptions, because if you go
> off into classical statistical theory you will miss the mark.
That's an elementary exercise for the beginning statistics
student. I suggest *you* work out the proof; it might be an
opportunity to practice converting "word problems" into formal
specification, after which computation of the answer is easy.
> Once again, I will state the specification for a TRNG:
> A TRNG is a process that is capable of generating all possible finite
> numbers equiprobably, namely in an independent and equidistributed
> manner.
> There is no assumption of any model process contained in there.
That's for sure, but only because it makes no sense.
Here are some finite numbers:
42
0
1234566778901033909867041675
-72
Here are some others:
0.3
Pi
23/41
-238408965034.7235876134
1-e
If these are what is meant in your "spec", then TRNGs cannot
exist. What would "equidistribution" mean? For that matter,
what would "independent" mean if, as you claim, it is not
the standard probabilistic meaning for this term?
I took the liberty of *stating* the specific property that a
*meaningful* specification might include (outputting uniformly
random bits), which I used to compute the parameters that you
requested. If your TRNG isn't supposed to include at least
*that* property among whatever else it is, then "True Random"
is certainly a misnomer.
> additional conjecture that a quantum random process satisfies the
> specification above because I believe that quantum computers can be
> constructed which meet that specification.
I don't recall anybody disputing that QM can be used to build
a genuinely random number generator, although it doesn't have
to take the form of a computer (or, presumably, you mean a
particular algorithm for a particular quantum computer).
Indeed, if you understand classical statistical mechanics,
you should appreciate that thermal noise can be used just as
well, any "sensing" of the past environment having been
utterly buried in the noise beyond any chance of recovery,
no matter how many resources are employed for no matter how
long a time. Since that is 100% practical, that is in fact
the basis of virtually all genuine random sources that are
on the market today.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 07:42:56 GMT
"R. Knauer" wrote:
> >Consider that an independent,
> >equiprobable, single-bit generator is all we need, why worry about
> >multi-bit sequences?
> That is an assumption that must be proven. A single-bit generator like
> the uniform Bernoulli process results in parametric distributions, and
> according to Triola that cannot be used to model a true random
> process.
I am sure Triola uses no such words.
Triola was suggested as a means for you to study statistics,
not as another expert to misquote.
Have you *worked* the exercises -- and gotten the right answers?
If not, why should you even dream that you understand what Triola
says?
------------------------------
From: "Martin Thiim" <[EMAIL PROTECTED]>
Subject: IDEA
Date: Mon, 5 Apr 1999 11:22:52 +0200
Hi,
can anyone tell me where I can find a document (preferably on the net) with
the standards on IDEA encryption. I want to make my own IDEA encryption
program, but I don't know much about the algorithm.
Thanks,
Martin
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Mon, 05 Apr 1999 07:07:58 GMT
"R. Knauer" wrote:
> Therefore, it a RNG fails those statistical tests, it is reasonably
> certain that it is not random, and if it does not fail those tests, it
> is reasonably certain that it is random.
The null hypothesis and alternative hypothesis do *not* play
symmetric roles in the usual statistical tests, so it doesn't
work like that.
------------------------------
From: Thirteen <[EMAIL PROTECTED]>
Subject: Re: smartcards (was Live from the Second AES Conference)
Date: Mon, 05 Apr 1999 03:38:01 -1000
Sandy Harris wrote:
>
> [EMAIL PROTECTED] (Bruce Schneier) writes:
>
> >>: IBM's Pankaj Rohatgi explained how he got all 128 bits of
> >>: a Twofish key after only 50 (that is 50 not 2^50) uses of a smart
> >>: card!
> >>
> >>I wonder how secure some of the other ciphers would be, if the kind of
> >>optimizations Bruce suggested for fitting Twofish on a smart card were
> >>applied to them. That is, if it were possible.
> >
> >He said in his talk that every cipher is vulnerable. We've done this
> >sort of work, too, and we have found that you can't defend against
> >these types of attack with the algorithm. You can do some things with
> >the implementation and some things with the hardware, but basically
> >you need to defend in the protocol layer.
>
> http://www.geocities.com/ResearchTriangle/Lab/1578/artic02.htm
>
> Outlines some of the more easy & obvious defenses you can put in
> the implementation. No doubt not enough.
The paper at AES-2 was about Differential Power Analysis, but the
link you gave was about Differential Fault Analysis, two different
things. Putting error correcting codes in a smart card helps against
DFA but not DPA.
------------------------------
From: "Craig Clapp" <[EMAIL PROTECTED]>
Subject: Re: Live from the Second AES Conference
Date: Sun, 4 Apr 1999 22:30:32 -0400
Bruce Schneier wrote in message <[EMAIL PROTECTED]>...
>> Next, Joan Daemen, one of the authors of Rijndael, presented
>> another comparative study about attacks against smart cards. He
>> differentiated between timing attacks (useful mainly against older
>> implementations of public key smart cards), power analysis
>> attacks, and Differential Power Analysis (DPA) attacks. The latter
>> is based on the fact that for some instructions the average power
>> consumption correlates with the value of one input bit. As
>> possible defense mechanisms he mentioned artificially produced
>> noise but this can be cancelled out using a larger sample of
>> cases. Another possibility is "balancing", an expensive
>> proposition where, for example, you use 4 bit arithmetic on an 8
>> bit smart card, taking care that the other 4 bits are always the
>> complement of the "true" 4 bits, i.e. maintaining a constant
>> Hamming weight. According to his analysis the algorithms which are
>> easiest to protect against such attacks are Crypton, DEAL,
>> Magenta, Rijndael and Serpent. The worse would be CAST-256, DFC,
>> E2, HPC, Mars and RC6. His conclusion was that these kind of
>> implementation attacks are really much more relevant than the
>> academic attacks often discussed, because they can be implemented
>> in practice and do some real harm.
>
>The one sloppy part of this analysis was that he assumed that XORs are
>easier to balance and hence more secure than ADD. This is, of course,
>nonsense...since ADD can be built out of XORs.
Hmmm. I guess I must have missed that trick when I studied logic design.
Did you have something specific in mind? :-)
Of the two types of balancing Joan discussed - uniform Hamming weight
in software, and redundant logic-term generation in hardware, only the
_hardware_ version can be applied to ADD (since his hardware method
claimed to be able to balance _any_ two-input logic gate, from which
of course an adder _can_ be built). I am suspicious of whether an adder
so built could actually adequately maintain the balance of the individual
gates since it is not clear how to provide uniform loading on all
balanced-gate outputs when only a small subset of them are used by the
adder's carry chain. In any case, I think the subsequent paper at the AES
conference (recovering Twofish whitening subkeys using DPA and 50
samples) raised serious doubts about the viability of the first-order
balancing techniques suggested by Joan, so the issue is probably moot.
This latter talk showed that effects on individual bits of the word could
be distinguished from one another due to differences in signal trace
lengths for the different bits.
>
>> The easiest to attack were judged to be Crypton, Deal, Loki-97,
>> Magenta, Rijndael, Safer+, Serpent and Twofish, where DPA needs to
>> be done only on very few rounds. Slightly harder would be ciphers
>> like CAST-256, DFC, E2, Mars and RC6. Hardest to attack would be
>> Frog and HPC, but only because they employ large key dependent
>> tables - which make them more difficult to implement in smart
>> cards in the first place.
>
>We've looked at a lot of these DPA attacks. Basically, all algorithms
>are subject to attack. If someone thinks that one is easier than the
>other, it's because he hasn't looked hard enough for an attack. This
>problem needs to be solved at the protocol layer (best) or at the
>smart-card hardware layer. It cannot be solved with algorithm design.
>
While I can't pretend to have studied the problem to the extent that you
probably have, it would seem that an algorithm that offers a high
diversity of [compatible] implementation possibilities might offer some
possibility for creative approaches to protecting against DPA..
Taking our cue from public-key systems it seems we would like something
analogous to multiplicative blinding, but for symmetric-key ciphers. For
a byte-oriented SP network such as Rijndael or the core of E2 (i.e.
excluding
the IT and FT), whose operations other than table-lookups are linear and
avoid
inter-bit interactions (i.e. are bytewise XOR), two feasible blinding
operators
are: 1) arbitrary permutation of the bits within a byte, and 2) selective
inversion
of each of the bits within a byte (where all bytes use the same permutation
and inversion pattern). Each combination of permuted and inverted bits
would then be associated with a distinct variant of the lookup table(s).
These modifications specify over ten million (8! x 2**8) different
yet compatible implementations for an algorithm such as Rijndael. This
diversity might be used either to vary the implementation between
smartcards or possibly even between encryption runs on a given card.
Even if such diversity does not provide a whole solution to DPA and
similar attacks, I have to suspect that it would be another useful tool to
apply in addition to the other techniques you mention.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************