Cryptography-Digest Digest #5, Volume #9 Sat, 30 Jan 99 09:13:04 EST
Contents:
Fred Wrixon's New Book (CryptoBook)
Re: Spread Spectrum ([EMAIL PROTECTED])
Re: Who will win in AES contest ?? (Hironobu Suzuki)
Re: *** Where Does The Randomness Come From ?!? *** (Marty Fouts)
Re: Who will win in AES contest ?? ([EMAIL PROTECTED])
Re: Who will win in AES contest ?? (Hironobu Suzuki)
Re: Metaphysics Of Randomness (R. Knauer)
Re: Metaphysics Of Randomness (R. Knauer)
Re: Metaphysics Of Randomness (R. Knauer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Fred Wrixon's New Book
Date: 30 Jan 1999 07:36:23 GMT
Classical Crypto Books is pleased to announce that the following major new book
by Fred Wrixon is in stock and ready for immediate shipment.
Codes, Ciphers, & Other Cryptic & Clandestine Communication: Making and
Breaking Secret Messages from Hieroglyphs to the Internet
by Fred B. Wrixon
As you may have guessed from the title (above), from the page count (below), or
from the length of this summary, this is a BIG book, a treasury of information
(mostly) about classical cryptology and associated technology. The first
surprise is the price, which would have been low had it been softbound. As a
quality hardbound book with dust jacket, this is truly a Best Buy. The book's
subtitle previews the contents of its introductory chapter, a 112 page history
of cryptology from ancient to modern times. The rest of the book is organized
into five sections: Ciphers (181 pp), Codes (75 pp) , Signals (85 pp),
Steganography (41 pp), Scripts and Languages (79 pp); three appendices:
Biographies (28 in 43 pp), Quizzes and Answers (43 pp), frequency and pattern
tables for English letters and words (2 pp); a Glossary (8 pp), a Bibliography
(16 pp), and an index. The largest section, on ciphers, covers Transposition
(rail fence, route, columnar, four corner, triangle, trapezoid, word
transposition); Monoalphabetic Substitution (shift, keyphrase, random,
geometric, alphanumeric, multiliteral, straddling checkerboard); Polyalphabetic
Substitution (disks, tableaux, key progression, polygraphic, algebraic,
fractionating); Cipher Devices and Machines (Jefferson Wheel, Wadsworth,
Wheatstone, Saint-Cyr slide, cylindrical cryptograph, Plett, M-138 & M-138A,
M-94, M-209, Hebren's machine, ECM and ECM Mark II, Sigaba, Enigma, Typex,
Colossus, Red, Purple, Baudot/Vernam, Mauborgne's one time system, one-time
pads, Vic, DES, two-key cryptography, RSA, authentication, key generation,
quantum cryptography); and Cryptanalysis. The next section, on codes, describes
how to make nomenclators and book codes. It also discusses early State
Department codes, codes in WWI, commercial codes, and breaking enciphered
codes. The Signals section provides information on a wide variety of signaling
techniques, from early hand and arm signals to modern techniques. It also
discusses Signals Security and Signals Intelligence. The section on
Steganography covers how to make an invisible ink, microdots, semagrams,
grilles, null ciphers, jargon codes, and more modern developments such as
burst/spurt transmission and spread spectrum. The last section, on Scripts &
Languages, covers: protowriting, deciphering an ancient script, cuneiform,
Egyptian hieroglyphs, Hittite cuneiform and hieroglyphs, Linear B, Mayan
glyphs, Proto-Elamite, Indus seals, Linear A, Phaistos Disk, Etruscan,
Rongorongo, Voynich Manuscript, runes, Ogham, Chinese, Japanese, shorthand,
Braille, sign language, Solresol, Volapuk, and Esperanto. The author
acknowledges the inspiration and information provided by members of many
organizations, including the American Cryptogram Association and the National
Security Agency. Joshua Weitz wrote the chapter on Quantum Cryptography. Black
Dog & Levanthal, 1998, 704 pp.
Hardbound: Pub. $17.98, Member $15.95
Member prices are available to members of the American Cryptogram Association,
the US Naval Cryptologic Veterans Association, and full time students. A
shipping and handling charge applies to each order. Visa and MasterCard are
accepted. For complete ordering information, a free catalog of crypto books
stocked, or for information about membership in the American Cryptogram
Association, please send email to [EMAIL PROTECTED]
Best Wishes,
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Spread Spectrum
Date: Sat, 30 Jan 1999 08:02:38 GMT
On Sat, 30 Jan 1999 01:28:35 GMT, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] wrote:
>
>> Is a computer and software, such as Fast Fourier Analysis required to
>> extract recognizable speech from a DSSS transmission or is this
>> possible in real time using a wideband receiver with filters, DAC's or
>> whatever in the front end, or is it a combination of both?
>
>How you can write a non-technical book on this subject is unclear. Just
>to begin to describe these systems requires a fair amount of technical
>language. Go ahead, try and explain "orthogonal binary sequences" in
>plain language and expect a reader more used to watching movies where
>spy satellites always look straight down to understand it...
>
>The answer to your question is: it depends. What is the form of speech
>modulation? If the speech a simple narrow-band FM signal (20kHz bandwidth)
>which was then spread to 1MHz via some sequence, then, no, a computer would
>not be required. Just discover the spreading sequence, build something
>which can aquire and lock onto it (numerous chip-level solutions available),
>and that 1MHz is despread to a signal which a commonly available scanner can
>take care of.
>
>But no one is sending voice this way; low-bit rate voice coders are used.
>The 4kbps bitstreams (or whatever) are spread out to 1MHz or so. The
>only difference, however, is the the final demodulation.
>
>Does this hypothetical interceptor know the spreading sequence? Are the
>sequences from a small set? A predictable set? If not, life is somewhat
>more complicated. But not unbearably so.
The hypothetical interceptor does not have a spectrum analyzer. They
just want to know, in general terms, how difficult it is to convert DS
back to speech.
>
>About the only non-technical way to summarize: yes, it is possible. Yes,
>it is within the envelope of amateur/hacker class adversaries. Yes, the job
>is made vastly simpler by published digital cell standards. No, elaborate/
>expensive equipment is not required.
>
Cellular radio has nothing to do with what I am writing. I mentioned
it only because I was told that Qualcomm's CDMA was FH, and now I know
it is DS. I was wrong. I asked. I learned something.
This is not a technical book, it is for the average non-technical
person. However, in order to explains technical things in
non-technical terms it is necessary to have some knowledge of the
subject. This is the point I have been trying to make, but that no one
seems to grasp.
>> I appreciate the responses but they are over my head; I don't know the
>> basics well enough.
>
>That, sir, should be a clue. Perhaps you ought reconsider writing a book
>about this?
>
If you were to read some of my books, you would see that I have done a
decent job of explaining the world of electronic surveillance in terms
people can understand. I have had dozens of excellent reviews and not
a single negative one.
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Hironobu Suzuki)
Subject: Re: Who will win in AES contest ??
Date: 30 Jan 1999 17:25:22 +0900
>>>>> "An" == Andrew Carol <[EMAIL PROTECTED]> writes:
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Andrew
Carol) writes:
An> Simply comparing rounds is poor way to compare the strengths of a
An> cipher.
Basically I agree with you. but rounds is one of the important factor
for strength of cipher. I will appreciate you see Carlisle Adams's
CAST-256 paper which was submitted to 1st AES candidate conference.
--hironobu
------------------------------
Crossposted-To: sci.skeptic,sci.philosophy.meta
Subject: Re: *** Where Does The Randomness Come From ?!? ***
From: Marty Fouts <[EMAIL PROTECTED]>
Date: 30 Jan 1999 01:07:05 -0800
>>>>> Ron Cecchini pounded silicon into:
> [EMAIL PROTECTED] (Bart Lidofsky) wrote:
>> > *** Either Randomness does not exist OR the Universe is an Open
>> System.
>>
>> You have not adequately covered the possibility of true
>> randomness in a closed Universe. This is a major topic in
>> scientific philosophy, where the tide of opinion is in almost
>> continuous flux.
> The first step is to try to *define* "true randomness"!
My personal definition is 'effect without cause'. Using the
formulation we were discussing before, If a system has a configuration
C_n followed by a configuration C_(n+1) and there exists no F such
that C_(n+1) = F(C_n) (other than an F which trivially enumerates
states as successors) then C_(n+1) 'had no cause', and is a truely
random state.
There is a _lot_ of formal math hiding behind this that we haven't
gotten into here.
--
that is all
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Who will win in AES contest ??
Date: Sat, 30 Jan 1999 05:50:16 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Hamilton) wrote:
> >> (snip)
>
>
> Initiate auto-response program. (Why didn't I think of this before?)
>
Well Dave since you asked. I guess even though you are a pampous
asshole I can anwser this one wish ( the above question for you)
You didn't think if it before because you're to stupid it might
not be your fault. Maybe your mother didn't let you breast feed
enough. Or may be it was to much of the recently famous british
beef. You should have stuck to Ham.
David Scott
P.S. I truely hope I anwsered this question for you since
you seem to be begging for anwsers I felt you deserved this
one crumb.
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Hironobu Suzuki)
Subject: Re: Who will win in AES contest ??
Date: 30 Jan 1999 17:52:51 +0900
>>>>> "Fab" == Fabrice Noilhan <[EMAIL PROTECTED]> writes:
In article <78s1pa$kbp$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Fabrice Noilhan) writes:
Fab> BTW, twofish looks nearly twice as fast on PPro as an half
Fab> rounds Serpent.
It's true that twofish is faster than serpent. But I disagree with
you. When I made Linux cipher filesystem, I checked thier performance
on my computer.
===
Table 1.
K6-2 300Mhz, Linux 2.0.35. gcc-2.8.1
128bit-CBC encryption.
Algorithm C code implementer Speed
-----------------------------------------------
MISTY1 My Implemention 32Mbps
Twofish hi/fn 28.7Mbps
Serpent Ross J Anderson 18.7Mbps
3DES Eric Young 10Mbps
===
BTW. Misty1 which is proposed internet draft is very good performance.
ssh-1.2.26 with misty1 patch is available.
URL http://www.pp.iij4u.or.jp/~h2np
--hironobu
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Sat, 30 Jan 1999 13:40:33 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 19:40:22 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>There are PRNGs that, by definition put out every possible sequence of a
>given finite length, thus, by the definition you gave above they would be
>real RNGs.
Could you give us an example of one of those PRNGs that you claim
behave exactly like a TRNG.
Remember that when we say "every possible sequence of a given finite
length", we mean 2^N possible sequneces where N is that length. We do
not mean 2^K, where K is the length of some seed that is shorter than
N.
>But they aren't. They are *predictable*, which is why we
>reject them.
How can they be predictable if their output is indeterminant? Or do
you have some play on words up your sleeve that makes that definition
seem incorrect.
When we say that a TRNG is capable of producing all possible sequences
of a given finite length equiprobably, that means the outputs are
indeterminant - that there is no way to know ahead of time which of
the 2^N possible sequences will actually be produced.
Another way to look at it (from Chaitin's point of view) is that there
is no *reason* for why a particular sequence is produced - it just
happens that way by accident - spontaneously like radioactive decay.
If you can point to a reason for why a particular sequence is produced
instead of any other sequence, so can your adversary - and there goes
the proveable security demanded by the OTP system.
>Another viewpoint is that the entropy density of the PRNG
>output is low. Typically it is logarithmically low (like register width
>divided by the period or N/2^N).
That means that it cannot output all possible sequences of a given
finite length equiprobably. The Boltzmann entropy for a TRNG is the
maximum it can be, because the TRNG is capable of passing thru all
possible microstates equiprobably for a given macrostate. If the
entropy density of the PRNG is low, as you just stated, that means
that the PRNG cannot pass thru all possible microstates.
Such a limitation can arise if a PRNG begins repeating itself before
passing thru all possible states - like with a seeded PRNG.
>>Classical processes,
>>even chaotic non-linear processes, are no good either.
>This is an extreme statement.
It is a correct statement.
>If you want perfect security you need a
>perfect mechanism to capture entropy.
What do you mean *if*? This entire discussion is about the proveably
secure OTP cryptosystem and the requirements that proveable security
places on random number generation.
>If you are willing to accept an
>imperfect mechanism there is no reason not to accept an imperfect source.
>As long as the result is "strong enough" you'll have security.
I realize that. There are methods of random number generation that
result in an impossible work effort to break. They are not proveably
secure.
>The reason this is important is that security is a defensive
>consideration. Excess security is a waste of resources, time, etc.
Is it? What if quantum computing were on the near horizon, and offered
the prospect of reducing work effort by several orders of magnitude?
All of a sudden your beloved 128-bit IDEA cipher isn't as secure as
you once imagined.
And what if some of these "proveably difficult" problems, like
factoring the product of two large primes, get solved. It can happen
just like Fermat's last theorem was solved recently.
The worst thing that could happen to you is for your adversary to have
accomplished those things, but not tell you. Then one day your
corresponsence is no longer safe from prying eyes.
The crypto highway is littered with the corpses of people who risked
everything on what they believed to be a practically secure system.
The Nazis were certain their system was secure, yet Churchill read
their messages before the Nazi field marshalls did.
>One
>needs to define a particular threat model less than divine intervention and
>aim the security provision to protect agains the defined threat.
The threat model has been stated for the OTP system - and only
proveable security will do. If you relax that criterion then you are
not talking about the OTP system - you are talking about a stream
cipher.
>Orating about perfection is a waste of time.
You would never make a good physicist or mathematician with that
attitude. All of science and mathematics is driven by the desire to
find order - to find out about "perfection". One of the greatest
mysteries of the Universe is how a disordered system can produce so
much order and perfection as we see all around us.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Sat, 30 Jan 1999 14:02:26 GMT
Reply-To: [EMAIL PROTECTED]
On 29 Jan 1999 20:36:26 GMT, "John Feth" <[EMAIL PROTECTED]>
wrote:
>Crimenently Bob, we characterize number strings with statistical tests
>because we poor mortals can't wait for the whole string and don't want to
>take it on faith that the little partial strings we get are randomly
>sequenced.
You still have two problems:
1) You will discard good TRNGs, because they can output numbers that
do not pass your statistical tests;
2) You will not discard poor PRNGs, because they can output numbers
that do pass your statistical tests.
You just as well flip a coin to decide if a generator is suitable for
the OTP cryptosystem than use statistical tests.
>Yikes Bob! You mean children can be characterized by inspecting the
>parent's plumbing? Think about it, finite number of humans, finite number
>of finger prints, finite number of personalities, finite number of
>words...maybe you're on to something!
I am not the originator of these concept. They are distilled from
discussions we had a year ago. What I have been saying represents the
prevailing consensus we arrived at back then.
>Watch out Bob, this zany premise is about to go over the edge. Remember
>the old adage, "Interpolate to your heart's content, extrapolate at you
>peril"?
Zany or not, it is still a correct statement.
>Statistics are not predictive, they are retrospective and
>appropriate only for a (finite) data set.
Statistical measures are imperfect, and therefore cannot be used to
measure proveable security, as is demanded by the OTP system. The OTP
system isn't "nearly secure" - it is proveably secure.
>Golly Bob, you'll be even happier if you look at numbers as strings of
>digits. Then you'll find that the longer the string the more you know
>about the randomness of the sequence, and you can test any old finite
>string to see if it is lying to you.
But such tests do not result in proveably security, which is required
by the OTP system. True randomness is necessary for proveable
security. Statistical testing does not measure proveable security.
Tell us which of these unskewed numbers is truly random.
1) 10101010
2) 01110010
Your statistical tests will reject the first one and accept the second
one. Yet the first one was produced by a TRNG, and the second one was
produced by a PRNG. If you rejected #1, you discarded a perfectly good
TRNG. If you accepted #2, your ciphers would be trivially insecure.
The fact is that your statistical tests do not tell you enough to make
the correct decision regarding proveable security, and worse than
that, they can cause you to be deceived. If a random number generator
slips past your statistical tests, you could be vulnerable to
cryptanalytic attack and not even know it.
Having your ciphers broken trivially is the surest way I know to wipe
that smug look off your face in a hurry.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Metaphysics Of Randomness
Date: Sat, 30 Jan 1999 14:09:47 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 29 Jan 1999 19:46:37 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Well, if strings can testify to their randomness, I want to know the shortest
>random string.
Which one? There are two shortest random strings: 1 and 0.
>Maybe we could work out a timesharing deal...
OK by me - but I get the number 1, and you can have the number 0.
Bob Knauer
"No Freeman shall ever be debarred the use of arms. The strongest
reason for the people to retain the right to keep and bear arms is,
as a last resort, to protect themselves against tyranny in government."
--Thomas Jefferson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
