Cryptography-Digest Digest #745, Volume #9 Mon, 21 Jun 99 21:13:03 EDT
Contents:
Twinkle implementation? (Harvey Taylor)
Re: 8-cycle DES ?? ([EMAIL PROTECTED])
Re: Wired magazine: What does it do? SOLUTION (John Savard)
Re: Sexual Contact Privacy (David A Molnar)
Re: DES Encryption Function and an MLP (James Pate Williams, Jr.)
Re: 8-cycle DES ?? (Paul Rubin)
Hey dave scott, some questions ([EMAIL PROTECTED])
Re: Sexual Contact Privacy (David P Jablon)
Re: Good book for beginning Cryptographers? (Paul Koning)
Re: DES and a GRNN or RBFNN (James Pate Williams, Jr.)
Re: Sexual Contact Privacy (Withheld)
Re: Sexual Contact Privacy (Michael J. Fromberger)
Re: Converting arbitrary bit sequences into plain English texts (S.T.L.)
Re: Simple Prime Number Question ("Ambient Empire")
Re: RC4 Susectability ("John E. Kuslich")
Why Elliptic Curve Cryptosystem is stronger with shorter key length? (Teh Yong Wei)
----------------------------------------------------------------------------
From: Harvey Taylor <[EMAIL PROTECTED]>
Subject: Twinkle implementation?
Date: Mon, 21 Jun 1999 14:14:49 -0700
Hi Folks,
So has there been enough info released for someone to actually
build one of Shamir's TWINKLE devices?
Has anybody (that wants to talk about it)?
<curious>
-het
--
"Simplicity is the ultimate sophistication." - old Apple logo
Harvey Taylor [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 8-cycle DES ??
Date: Mon, 21 Jun 1999 17:51:30 GMT
In article <7kloc5$q0n$[EMAIL PROTECTED]>,
"Richard Rooney" <[EMAIL PROTECTED]> wrote:
> Can anyone enlighten as to how 8-cycle DES is done ?
> FIPS 46-2 describes DES performed in 16 cycles.
> I cannot see how this can be done in 8 cycles....
I hope you are not talking about clock cycles. If you are not read on.
What I think you are talking about are 'rounds'. A cycle is normally
used in ciphers such as TEA or RC5 where the entire input is
substituted in a single operation. They are called rounds normally
when it is a Feistel type substitution (a round modifies half the
input). The term is not concrete and has been used in various
contexts. (RC5 calls their iteration a round as does TEA).
You can perform DES in as little as 5 rounds (or less). I read that
after 5 rounds the output is essentially a random function of the
input/key. However differential and linear analysis can break short
round variants of DES rather quickly. For the entire 16-round cipher
linear analysis broke it in 2^43 chosen plaintexts. Normally this is
not a big security risk but it is a break none-the-less.
To perform n-round DES all you do is perform the main iteration an even
number of times (if it's odd the entire block will not evenly be
encrypted). The key schedule would stay the same I believe....
8-round des would most likely only be secure for low-security ops such
as personal email (which is not critical). I wouldn't personally use
it but it may be an alternative (of course many better/faster
alternatives exist).
If you are talking about hardware clock cycles most DES variants take
1~2 cycles per round to achieve ~32 cycles per block. This is not
directly related to the security of the cipher however.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Wired magazine: What does it do? SOLUTION
Date: Mon, 21 Jun 1999 18:36:31 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>John E. Kuslich wrote:
>> I have determined a solution to this cryptogram!!
>> It is a One Time Pad. The pad was recovered using our proprietary One
>> Time Pad recovery software.
>What is your definition of OTP? Or were your overthrowing the theory
>which says that the OTP is provably secure?
He is _joking_.
Obviously, any cryptogram can be claimed to be an OTP encryption of
any text of equal length and character set.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Sexual Contact Privacy
Date: 21 Jun 1999 19:07:51 GMT
Michael J. Fromberger <[EMAIL PROTECTED]> wrote:
> In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (
> Doug Goncz ) writes:
>>
>>It is for the good of the public that the government or a health
>>agency might wish to keep records of sexual contacts between people.
> With all due respect, I think this is the biggest load of hoo-ha since
> the advent of deconstructionism. What possible "public good" could be
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Hey, be careful with _that_ rhetoric, too.
> served by having the government or health officials keep track of such
> contacts?
He suggested tracking STDs as a possible "public good." I don't think
that it's enough of a "good" to warrant State intervention or monitoring
of sexual contacts under any circumstances. Even so, it is a good thing
to let newly at-risk partners know that they're at risk.
> Contrariwise, I would argue that there is the potential for a great
> amount of -harm- to be caused by permitting such relationships to be
> tracked and recorded in a centralized manner. Indeed, I would argue
> that the potential for abuse of such a system far outweighs any petty
> benefit you might conceive of arising from it.
Yup. This is why the real question should be
"is there a way to get the benefits we want - notification of newly
infected or at-risk ppl with STDs, establishment of paternity -
WITHOUT needing a centralized system which is prone to abuse?"
and as our friend from the Doors has pointed out, any such sytem
cannot survive by itself, because social problems can't be solved
by technology alone. Even so, we can think about systems which
are friendlier to our notion of human dignity and freedom than
the naive centralized database.
Then the hard part is figuring out how to convince people to use
such a thing. :-)
>>
>> Allow universal determination of paternity?
>>
> Why should this matter?
It matters a fair bit to some people, especially with respect to
child support laws. Frankly, though, it doesn't seem to me that
a system for tracking sexual contact is sufficient for this purpose.
DNA testing will be more reliable and much less invasive, anyway.
-David Molnar
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Crossposted-To: comp.ai.neural-nets
Subject: Re: DES Encryption Function and an MLP
Date: Mon, 21 Jun 1999 20:00:51 GMT
On 21 Jun 1999 10:22:03 -0400, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>In article <7kbun4$17n$[EMAIL PROTECTED]>,
>Warren Sarle <[EMAIL PROTECTED]> wrote:
>>In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
>>> >What is particle swarm optimization?
>>>
>>> From James Kennedy "The Particle Swarm Optimization: Social Adaptation
>>> of Knowledge" Proceedings of the 1997 International Conference on
>>> Evolutionary Computation, 303-308, IEEE Service Center, Piscataway,
>>> N. J. "Particle swarm adaptation is an optimization paradigm that
>>> simulates the ability of human societies to process knowledge." In
>>> this particular paper Kennedy applies particle swarm optimization
>>> (PSO) to learning the simple exclusive or (XOR) function which
>>> involves training a feedforward neural network.
>>
>>Thanks for the reference. If this algorithm is so feeble that the
>>author demonstrates it only on the trivial XOR problem, it certainly
>>won't handle anything really hard like encryption functions.
>
>Not necessarily -- it's difficult to define a new method, define a
>useful problem, and show the method of application in the space of
>only five pages.
>
>Is there an associated journal article without such tight space
>contraints?
>
> -kitten
>
Try the following URL (Kennedy's publication bibliography):
http://www.erols.com/cathyk/vita.html#PUBS
I have a PSO bibliography but I have lost its URL, I will try to find
it again.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: 8-cycle DES ??
Date: Mon, 21 Jun 1999 20:14:33 GMT
In article <7kloc5$q0n$[EMAIL PROTECTED]>,
Richard Rooney <[EMAIL PROTECTED]> wrote:
>Can anyone enlighten as to how 8-cycle DES is done ?
>FIPS 46-2 describes DES performed in 16 cycles.
>I cannot see how this can be done in 8 cycles....
I'm not sure what you mean by 8 cycles. What is the context where
you saw the term used?
With enough hardware pipelining, you can do DES in 8 clock cycles or
even 1 cycle. Maybe that's what was meant. An 8-cycle implementation
would have two sets of S-boxes etc. and implement two rounds as a
single combinatorial function. Then a sequencer would operate the
function 8 times to compute standard 16-round DES.
------------------------------
From: [EMAIL PROTECTED]
Subject: Hey dave scott, some questions
Date: Mon, 21 Jun 1999 19:26:45 GMT
Given:
1. Scottu19 provides at most (2^19)! possible mappings of input to
output. Half of which would have to be checked in a brute force search
of ((2^19)!)/2.
Questions:
1. What is the smallest block size to have this complexity. I.e are
there breaks for smaller block sizes (solvable faster then
((2^19)!)/2. I would imagine that small one word blocks would be a
pain in the but for the cipher. Is there a limit to the block size?
What is the block size/rounds ratio for the cipher? Rijndael for
example has a nb/rounds ratio (maybe you could look there for an
example).
2. What are the possibilities of weak/semi weak keys in the form
S[x] = y AND s[y] = x?
3. Given the current model Scottu8 would be as secure as 2^1682 effort
(brute force). If this is true why not promote smaller more compact
scottu ciphers? (they may be usefull).
4. Why are 25 rounds used? Why not a smaller number, why not a larger
number? Could diffusion be upped more, maybe to reduce the rounds?
These are important questions and they may help exonerate yourself. I
hope you can answer promptly and curtiously. i.e pleasure doing
business with you :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Sexual Contact Privacy
Date: Mon, 21 Jun 1999 21:06:14 GMT
In article <[EMAIL PROTECTED]>,
Doug Goncz <[EMAIL PROTECTED]> wrote:
>It is for the good of the public that the government or a health agency might
>wish to keep records of sexual contacts between people. On the other hand, the
>individuals involved usually wish to retain this information as private. There
>is the possibility that an agency could misuse the information.
>
>Is there any kind of public/private key system that would.... what? Allow
>health workers to trace sexual contacts? Allow promiscuous individuals to brag
>in a verifiable way? Allow those who wish to remain innocent to prove that they
>are? Allow universal determination of paternity?
Surprisingly, in very special cases, cryptography can help.
In a paper on "comparing information without revealing it",
one of the authors was motivated by a sexual harrassment privacy
problem: Two people wanted to compare notes to see if they
were talking about the same third person (a victim), but neither
wanted to reveal the name of that person in case it wasn't the same.
What they needed was a zero-knowledge proof of knowledge, and
the proof had to work for a small shared secret.
A link to the paper is at <www.IntegritySciences.com/whatsnew.html>,
in the section that mentions "oblivious transfer".
Some may notice that this is not the most efficient
solution to the ZKPP problem.
But this is the exception. Most cryptographic solutions to big
privacy problems (like the ones you mention) just get the information
from one trusted party to another. They don't usually address
larger questions of who you can trust, with what, and why,
and they don't address the risks that, as others have noted, are
inherent in large aggregate stores of private information.
-- dpj
======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Good book for beginning Cryptographers?
Date: Mon, 21 Jun 1999 16:01:36 -0400
GyungHwa Jun wrote:
>
> "Handbook of Applied Cryptography" written by Alfred Menezes, Paul C.van
> Oorschot, Scott A. Vanstone.
Definitely NOT that one, unless you have a healthy background in
mathematics. And not even then, actually, since it also assumes
you know a bunch about cryptography already.
I'd recommend instead Bruce Scheier's "Applied Cryptography".
paul
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Crossposted-To: comp.ai.neural-nets
Subject: Re: DES and a GRNN or RBFNN
Date: Mon, 21 Jun 1999 21:28:31 GMT
If one looks at a plot of DES encryption function over the domain
[0, 255] with the key {127, 255} it resembles a white noise plot.
What hope would we have of learning the complete DES function
by using a general regression neural network (GRNN) or radial
basis function neural network (RBFNN) over [0 , 255]? Would a GRNN or
RBFNN generalize (extrapolate) to interpolate the function values
for [256, 511]? The domain of the DES encryption function is:
[0, 2 ^ 64 - 1] and it has the same range.
------------------------------
From: Withheld <[EMAIL PROTECTED]>
Subject: Re: Sexual Contact Privacy
Date: Mon, 21 Jun 1999 22:29:07 +0100
Reply-To: Withheld <[EMAIL PROTECTED]>
[cut]
>
>> served by having the government or health officials keep track of such
>> contacts?
>
>He suggested tracking STDs as a possible "public good." I don't think
>that it's enough of a "good" to warrant State intervention or monitoring
>of sexual contacts under any circumstances. Even so, it is a good thing
>to let newly at-risk partners know that they're at risk.
If having a lot of partners increases the risk of contracting an STD,
the system will have a hard job tracing those who don't know who their
partner is, or who are sufficiently under the influence of some
substance or another to not even recall whether they had a partner that
night or not.
[large cut]
>
--
Withheld
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: Sexual Contact Privacy
Date: 21 Jun 1999 22:53:59 GMT
In <7km2i7$uo7$[EMAIL PROTECTED]> David A Molnar <[EMAIL PROTECTED]> writes:
>Michael J. Fromberger <[EMAIL PROTECTED]> wrote:
>> In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (
>> Doug Goncz ) writes:
>>>
>>>It is for the good of the public that the government or a health
>>>agency might wish to keep records of sexual contacts between people.
>> With all due respect, I think this is the biggest load of hoo-ha since
>> the advent of deconstructionism. What possible "public good" could be
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Hey, be careful with _that_ rhetoric, too.
*grin* I wondered if anyone was going to nibble at that...
>Even so, it is a good thing to let newly at-risk partners know that
>they're at risk.
Yes -- on the other hand, I would argue that is the responsibility of
the people in question, not the State. I feel this is a personal
matter which does not impinge upon the _public_ good, and should
therefore not be even considered for administration by central
authority.
>"is there a way to get the benefits we want - notification of newly
>infected or at-risk ppl with STDs, establishment of paternity -
>WITHOUT needing a centralized system which is prone to abuse?"
I would argue that these are all individual problems, by which I mean,
problems which should be handled between the partners and possibly
their individual medical professionals. In particular, NOT handled by
the State or any agency reporting to the State.
>>>
>>> Allow universal determination of paternity?
>>>
>> Why should this matter?
>
>It matters a fair bit to some people, especially with respect to
>child support laws.
That's fine -- as far as I am concerned, such questions should be
answered on an individual basis. Perhaps, as you suggest, DNA testing
would be sufficient for this. But I would argue (and I think you'd
agree) that this purpose in no way justifies a massive data bank of
that sort.
Cheers,
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
/AB5hFo5rv7rX+xW3arPPgoGbyT6q9462RYRqojGAPWFvL527RW5q5zf39pS8SLijOAREa9F
"Liberty means responsibility. That is why most men dread it."
-- George Bernard Shaw
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Converting arbitrary bit sequences into plain English texts
Date: 21 Jun 1999 23:47:29 GMT
Is this a sentence:
"Yes!"
And is this a sentence:
"No!"
Both are. Therefore, encode 10010110 as:
Yes! No! No! Yes! No! Yes! Yes! No!
It's English, even though it's a long string of interjections.
-*---*-------
S.T.L. ==> [EMAIL PROTECTED] <== BLOCK RELEASED!
~~~ My quotes page is at: http://quote.cjb.net ~~~ 2^3021377 - 1 is PRIME!
~~~ My main website is at: http://137.tsx.org ~~~ F0 0F C7 C8
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!"
I have released my E-mail block. Address is correct as it is. I believe the
courtesy of providing a correct E-mail address is more important than having
to delete junk, which gets through anyway. The block will simply go up again
if I am bombed again. I don't care, and it's an easy solution. If you see a
message of mine posted on two newsgroups, then it is because I have replied
to a crossposted message. I *never* crosspost of my own accord!
This signature contains 3910 bits of entropy.
-*---*-------
Card-holding member of the Great SRian Conspiracy
Card-holding member of the Dark Legion of Cantorians
Avid watcher of "World's Scariest Warp Accidents"
------------------------------
From: "Ambient Empire" <[EMAIL PROTECTED]>
Subject: Re: Simple Prime Number Question
Date: Mon, 21 Jun 1999 16:47:25 -0700
what he may have meant is 1000 = 1 (mod 3) which is correct notation.
>Thus 1 mod 3 is just 1. The equation says 1000 = 1 mod 3 = 1, which is
>of course wrong. If you use this notation, then the equation should read
>1000 mod 3 = 1
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RC4 Susectability
Date: Mon, 21 Jun 1999 17:23:30 -0700
Ok, I agree.
As a matter of fact, our actual experience has been just about exactly
as you estimate, except we do it with cheap overclocked Celerons running
at 450 MHz.
I won't quibble about the first estimate, which I don't believe is
consistent with this one ;--)
Very good.
JK
[EMAIL PROTECTED] wrote:
>
> <snip>
> The week guestimate is based on the fact that more then one computer is
> working on the problem. If for example it takes 2500 cycles to create
> the state and check the ciphertext, 32 450mhz PIIIs could do about
> 2^22.45 keys per second. A 40-bit key space can be searched in about
> 2^16.55 seconds (about 1.12 days).
>
> This requires highly optimized code however. I don't think 2500 cycles
> is too far out of reach though.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
--
CRAK Software (Password Recovery Software)
Http://www.crak.com
[EMAIL PROTECTED]
602 863 9274 or 1 800 505 2725 In the USA
------------------------------
From: Teh Yong Wei <[EMAIL PROTECTED]>
Subject: Why Elliptic Curve Cryptosystem is stronger with shorter key length?
Date: Tue, 22 Jun 1999 08:53:43 +0800
I just started to study ECC recently. Many articles, whitepapers
mentioned that ECC is much more stronger with shorter key length,
compare with RSA and DSA. But, I could hardly get any explanation why it
is lilke this?
Can anyone provide me such information, explanation or website?
Thank you.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
