Cryptography-Digest Digest #838, Volume #10 Tue, 4 Jan 00 20:13:01 EST
Contents:
Re: On documentation of algorithms (Mok-Kong Shen)
Re: trits from characters (wtshaw)
Re: trits from characters (wtshaw)
Re: Anonymous Source Problem (Darren New)
Re: RSA encrypt (Paul Koning)
USENIX Security Symposium 2000 - Announcement and Call for Papers (Moun Chau)
Re: RSA encrypt (Michael J. Fromberger)
Re: Blowfish Question (John Savard)
Re: Anonymous Source Problem ("Hans")
Re: Anonymous Source Problem (Roger Carbol)
Re: RSA encrypt (Paul Rubin)
Re: Anonymous Source Problem (Scott Nelson)
Followup: Help Needed For Science Research Project ("segals-2")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On documentation of algorithms
Date: Tue, 04 Jan 2000 22:22:07 +0100
Paul Koning schrieb:
>
> > > Ditto with cryptography. Yes, a reasonable teacher can explain
> > > how DES works. But to understand why DES has good security is
> > > vastly harder. And then there's RSA. If you don't know the
> > > basic number theory on which it's based, you cannot possibly
> > > understand why it works no matter how good the teacher is.
> >
> > I have attempted to make a point that crypto is to be treated a
> > bit different because of its nature and its social significance.
>
> So what? Its social nature or whatever doesn't affect the
> level of math skills you need to do work in this field.
Well, I might have used a wrong word. By 'nature' I was referring
to the fact that some matters are not public and privacy isn't
something that all governments like to protect. By 'social
significance' I intended to mean the fact that information security
issues concern (or should concern) most people who want to guard
their freedom of privacy and hence are significant for the society.
> > Incidentally, DES that you mentioned is a very good example. The
> > design rationales of DES have not yet been fully officially disclosed
> > till the present day, if I don't err. Differential analysis, that
> > is applicable to DES, was known to the designers of DES but has
> > to be re-discovered decades later by Biham and Shamir. So one
> > probably sees how easy one could proceed with one's study no matter
> > how smart one and one's teachers are.
>
> I can't understand that last sentence.
That means in cleartext: Even if you have excellent intelligence,
it is going to be very hard for you to study some crypto algorithms
due to the fact that certain materials are purposedly concealed from
you by the authors and you have to excercise very big efforts to
attain that knowledge (and perhaps need also some good luck).
> It seems to me that differential analysis and Einstein's work on
> relativity are analogous in a way. A good teacher (such as Einstein)
> can explain them in a superficial way well enough that interested
> outsiders such as I can nod and say "yup, yeah, sure, I guess that
> all makes sense". That's fun in a way. It doesn't really do much
> for you, though, because that level of explanation and understanding
> in no way qualifies the hearer to DO work on that topic, or to verify
> the correctness of what was just explained.
If you equate nodding to a superficial explanation to real
understanding, I have nothing to say. If not, what is your point above?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 16:04:27 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>
> I was about to ask:
>
> How do I tell the difference between EEEE, II, or H? This
> variable-length character to trit code doesn't have the prefix
> property. Perhaps I'm misunderstanding something here.
>
> But then I see your strings of trits included only 1 and 2, instead of
> three different symbols. So I suppose 0 is used as a space between the
> symbols, and your program is really, in effect, converting to Morse
> code.
>
If you follow down the function, see that a 0 is added to every letter.
In the case of unhandled characters and actual space, double 00 results, a
space.
I should include a step to limit sequential spaces to only one.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 16:22:12 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> John Savard wrote:
> >
> > Unless 00 is used to stand for the space character, it won't show up
> > either using this Morse code approach. You should really be using a
> > straddling checkerboard with the prefix property and all three trits
> > for better removal of redundancy. That is, something like:
> >
> > 00 E 120 S 211 C 2212 K
> > 01 T 121 R 212 Y 2220 X
> > 02 A 122 D 2200 F 2221 J
> > 10 O 200 L 2201 G 22220 Q
> > 110 I 201 U 2202 P 22221 Z
> > 111 H 202 M 2210 B 22222 .
> > 112 N 210 W 2211 V
Introducing the danger of looking at souce code. You have missed the full
handling of the characters, including spaces and the potentials of the
classic trit stream, which is what conventional telegraphy uses.
>
> While I count on a fair probability that using bases other than
> 2 or powers of 2 can indeed be advantageous, I am yet ignorant of
> concrete examples showing their merits. Hence the stupid questions:
> Doesn't the above code results in a fairly large expansion factor
> of the text file?
Trit streams are likely not to increase the size of the data unless
unusual characters are patched in. On a character basis, it is simple
enough to put everything into base 81 for simple representational
compression.
> Why isn't it an optimal procedure for crypto
> purposes to map a given alphabet to the next larger power of 2 or,
> when needed, using homophones to map it to a higher power of 2?
> Certainly, using an uncommon base has the positive effect of forcing
> the analyst to do something 'uncommon', thus hopefully reducing his
> chance of success, but I am afraid that that alone might not be
> sufficient justification for doing that and that tradeoffs, if any,
> should also be considered. Thanks.
>
In effect, bits are the real newcomer. Forgetting lessons of the past,
while popular, does not serve one well. Artificially limiting logic for
inane reasons is also popular, but serves the purpose of us becoming
servants of technology rather than commanding it serve the human
condition. Trit systems are as absolutely valid as bit ones, but, more
efficient in concept.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Anonymous Source Problem
Date: Tue, 04 Jan 2000 21:59:21 GMT
Hans wrote:
> Peggy has some information she wants to send Victor, who is
> a reporter for a newspaper. Peggy wants to remain anonymous.
> Since Victor is able to verify the information Peggy provided,
> he now trusts her even though he doesn't know her true identity.
I may be missing something, but....
Why doesn't Peggy make up a public/private key pair for use when talking to
Victor, encrypt the "information" with the private key, attach the public
key, encrypt the whole mess with Victor's public key, and send it to Victor.
Now Victor doesn't trust *Peggy*. He trusts whoever can encrypt using that
private key. In other words, if Victor trusts Peggy based on the information
she supplied, let the information be the certificate (so to speak).
Repeat for Alice and Carol, respectively.
Peggy's real ID doesn't need to enter into it at all, does it?
--
Darren New / Senior Software Architect / Dai Ye
San Diego, CA, USA (PST). Cryptokeys on demand.
Wenglish: "What's a sud?"
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: RSA encrypt
Date: Tue, 04 Jan 2000 17:04:01 -0500
Brice wrote:
>
> I have a question about RSA.
>
> If I was to calculate M^d (M: message, d: secret key) and give it away for
> the modular step to be done by someone else (say), how easy would it be for
> that person to find what my secret key is since my public key is available
> to anyone ?
Very easy.
That other person can do the mod, then decrypt the result to get M
again. Now he has M and M^d. Take the log of both sides, divide,
and presto, there's d.
paul
------------------------------
Crossposted-To:
muc.lists.www-security,ocunix.mail.freebsd.security,alt.fan.sysadmin,comp.infosystems.www,comp.infosystems.www.servers.unix,comp.unix.osf.osf1,hannet.ml.linux.rutgers.linux-admin,comp.unix.solaris
From: [EMAIL PROTECTED] (Moun Chau)
Subject: USENIX Security Symposium 2000 - Announcement and Call for Papers
Date: Tue, 4 Jan 2000 22:25:48 GMT
9th USENIX Security Symposium 2000 Conference
August 14 - 17, 2000
Denver, Colorado, USA
Conference URL: http://www.usenix.org/events/sec2000
The USENIX Security Symposium brings together researchers,
practitioners, system administrators, systems programmers, and others
interested in the latest advances in security and applications of
cryptography. The keynote speaker is Dr. Blaine Burnham, Director of the
Georgia Tech Information Security Center (GTISC) and formerly Program
Manager for the National Security Agency (NSA) at Ft. Meade, Maryland.
We are currently seeking submissions for Refereed Papers,
Works-In-Progress Reports, Talks/Panel Session proposals, and Tutorial
presentation proposals for this event. If you are working in any
practical aspect of security or applications of cryptography, the
program committee urges you to submit a paper.
Please see the detailed author guidelines, which include a sample
abstract, for more information.
http://www.usenix.org/events/sec2000/cfp/guidelines.html
=============================================
IMPORTANT REFEREED PAPER SUBMISSION DATES
*Paper submissions due: February 10, 2000
*Notification to authors: March 23, 2000
*Camera-Ready Final papers due: June 15, 2000
=============================================
USENIX Security Symposium 2000 is sponsored by USENIX, the Advanced
Computing Systems Association, in cooperation with the CERT Coordination
Center. USENIX is an international membership society.
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: RSA encrypt
Date: 4 Jan 2000 22:30:52 GMT
In <[EMAIL PROTECTED]> "Brice" <[EMAIL PROTECTED]> writes:
>I have a question about RSA.
>If I was to calculate M^d (M: message, d: secret key) and give it
>away for the modular step to be done by someone else (say), how easy
>would it be for that person to find what my secret key is since my
>public key is available to anyone ?
>What I am doing is M^d=a in one place and then a mod n in another.
Salutations...
For anything other than trivial values of M and d, this is going to be
intractible. For example, suppose your message is a 1024-bit number,
and d is (as would commonly be the case) a roughly 1000-bit exponent.
You're just not going to be able to compute M^d in the space and time
available to you. Modular exponentiation can only be done in a
reasonable amount of time if you do the modular reductions as you go
along. You can't leave it 'til the end, except if M and d are very
small.
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
iK+kT0M1Iscs+ELCy04z3dLa1XNPWKAS0bUbyZCzKbwdzdBZyQZDJ84VqfbN1q+iB3jY8B1C
"To tax the community for the advantage of a class is not protection:
it is plunder." -- Benjamin Disraeli
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Blowfish Question
Date: Tue, 04 Jan 2000 15:59:01 GMT
"Chung W Leong" <[EMAIL PROTECTED]> wrote, in part:
>How difficult is it to recover a Blowfish key if you have both the encrypted
>text and the original text? Is there a inverse function that let you
>calculate the key from the input and output?
No, there isn't; doing this for Blowfish, as for DES, is believed to
be equivalent to cracking the cipher.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Hans" <[EMAIL PROTECTED]>
Subject: Re: Anonymous Source Problem
Date: Tue, 04 Jan 2000 23:52:56 GMT
Thanks for the quick response. First the correction- 'Alice' is really
'Peggy'.
Your idea of generating key pairs is correct, except for my application
there
is no way for Peggy to store the private keys for every Victor. It's
important that she can compute and sign this anonymous ID certificate using
her plus Victor's certificates.
-Hans
"Darren New" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hans wrote:
> > Peggy has some information she wants to send Victor, who is
> > a reporter for a newspaper. Peggy wants to remain anonymous.
> > Since Victor is able to verify the information Peggy provided,
> > he now trusts her even though he doesn't know her true identity.
>
> I may be missing something, but....
>
> Why doesn't Peggy make up a public/private key pair for use when talking
to
> Victor, encrypt the "information" with the private key, attach the public
> key, encrypt the whole mess with Victor's public key, and send it to
Victor.
> Now Victor doesn't trust *Peggy*. He trusts whoever can encrypt using that
> private key. In other words, if Victor trusts Peggy based on the
information
> she supplied, let the information be the certificate (so to speak).
>
> Repeat for Alice and Carol, respectively.
>
> Peggy's real ID doesn't need to enter into it at all, does it?
>
> --
> Darren New / Senior Software Architect / Dai Ye
> San Diego, CA, USA (PST). Cryptokeys on demand.
> Wenglish: "What's a sud?"
>
------------------------------
Subject: Re: Anonymous Source Problem
From: Roger Carbol <[EMAIL PROTECTED]>
Date: Wed, 05 Jan 2000 00:04:12 GMT
Hans <[EMAIL PROTECTED]> wrote:
> Peggy has some information she wants to send Victor, who is
> a reporter for a newspaper. Peggy wants to remain anonymous.
> Since Victor is able to verify the information Peggy provided,
> he now trusts her even though he doesn't know her true identity.
Peggy at this point should also generate a large random number
of some sort, and append it to every transmission to Victor.
> Alice is also providing information anonymously to Carol, who
> similarly trusts Peggy . Peggy doesn't want Victor and Carol to
> know they are getting information from the same source.
Peggy appends a different random number to the messages to Carol.
> Victor and Carol, however, need a way of knowing with full
> confidence that information is coming from Peggy, and not an
> imposter posing as Peggy.
Only Peggy and Victor know the random number that is being used.
Victor could spoof himself if he felt like it, but I wouldn't
consider that much of a threat.
> Note that it is also in
> Peggy's interest that no one can impersonate her.
No one can impersonate her to Victor or Carol, at least.
.. Roger Carbol .. [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA encrypt
Date: 5 Jan 2000 00:04:44 GMT
In article <[EMAIL PROTECTED]>, Brice <[EMAIL PROTECTED]> wrote:
>I have a question about RSA.
>
>If I was to calculate M^d (M: message, d: secret key) and give it away for
>the modular step to be done by someone else (say), how easy would it be for
>that person to find what my secret key is since my public key is available
>to anyone ?
Trivial, but why on earth would you want to do that anyway?
M and d will be about the same size, so if M is 1024 bits (typical),
then M^d will be about 1 megabit. What type of protocol could that
be practical in?
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Anonymous Source Problem
Reply-To: [EMAIL PROTECTED]
Date: Wed, 05 Jan 2000 00:59:24 GMT
On Tue, 04 Jan 2000, "Hans" <[EMAIL PROTECTED]> wrote:
>Thanks for the quick response. First the correction- 'Alice' is really
>'Peggy'.
>
>Your idea of generating key pairs is correct, except for my application
>there
>is no way for Peggy to store the private keys for every Victor.
I can't imagine how she can store all the ID certificates for
every Victor, and not be able to store the RSA keys,
but my poor imagination is really irrelevant to the problem.
She can recreate the RSA keys as needed by using a single secret
that she never shares with anyone, and hashing it, plus Victors
ID (or his name, or his email address, or his public key,
or anything else that identifies him) and using that as a seed
for a cryptographically secure pseudo random number generator.
The output of the CSPRNG is used to generate the key pairs for RSA.
Again, her ID doesn't enter in to it - she is, after all,
trying to be anonymous.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "segals-2" <[EMAIL PROTECTED]>
Subject: Followup: Help Needed For Science Research Project
Date: Tue, 4 Jan 2000 20:08:12 -0500
sci.crypt,
I'm astounded by all of the responses that I have received so far. I
appreciate your feedback. To answer some of the questions....
I have read The Code Book by Simon Singh and Kahn of Codes by David Kahn.
These books introduce some of the mathematical aspects of cryptography, but
they also focus on the history of codebreaking, etc. I have been able to
find a deeper mathematical explanation for cryptography on the internet,
but I have not thoroughly investigated these sources. As for what math
background I have, I'm currenting taking a Calculus I course. Last year I
took what was termed "Math Analysis" we spent some time on trig, but for a
good portion of the course, we studied a variety of math topics:
probability, statistics, fractals, matrices, and some other topics. We did
not study anything very in depth, but I was able to gain a general feel for
various subjects. Also, I am very comfortable with working with computers,
but I have no programming experience.
I've seriously considered several of the responses that I have received. I
was looking into different factoring methods, as an investigation into the
weaknesses and strengths of RSA. I have also looked into tracing the
improvements in cryptography as well as attacks on cryptosystems, and
possibly making a prediction about the future of these fields. However,
I think I've decided on the following idea (which was posted in response to
my query to this newsgroup): Encrypt text using RC4 (and possibly other
symmetric algorithms as well) and then find the probability of finding a
particular character in the encrypted message. Basicly, count the total
number of characters and the total of number of each character. I believe
that the probability in this particular case would be 1/255 (i think that's
the one). If a higher probability occurred for some characters, or lower
for others, it could be concluded that RC4 did not completely turn the text
message into "random garbage". I could experiment with various types of tex
t (random, novel, dictionary--which would have a larger number of repeated
letters than a novel, most likely) and with various keys, just to broaden
the base of the experiment and to solidify my results. I am hoping to
determine whether or not RC4 is as dependable as is believed.
Any suggestions about this project would be warmly welcome.
Thanks again,
Eric
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
