Cryptography-Digest Digest #426, Volume #11 Sun, 26 Mar 00 21:13:01 EST
Contents:
Re: Fastest DES implementation on Intel PIII ? (Matthew Henricksen)
Re: NIST publishes AES3 papers (DJohn37050)
Second announcement for ECC 2000 workshop (Alfred John Menezes)
Re: http://www.cryptomat.com (Guy Macon)
Re: OAP-L3: Answer me these? ("Scott Fluhrer")
Mixing N bits into N bits (Guy Macon)
Oat seed and yeast tests (John Benneth)
Re: one-way hash functions with 256-bit output (stanislav shalunov)
Re: OAP-L3: Answer me these? (Jerry Coffin)
Re: one-way hash functions with 256-bit output (stanislav shalunov)
Re: Mixing N bits into N bits (stanislav shalunov)
Re: Mixing N bits into N bits (Scott Contini)
----------------------------------------------------------------------------
From: Matthew Henricksen <[EMAIL PROTECTED]>
Subject: Re: Fastest DES implementation on Intel PIII ?
Date: Mon, 27 Mar 2000 08:16:38 +1000
Lyta Penna has written a bit-sliced implementation of DES, using MMX
registers. It's claimed to be quite a bit faster than libdes (in the order
of 30%). I'm not sure if she's published the code, but you can enquire at
http://www.fit.qut.edu.au/~penna/ .
Regards,
Matt.
Paul Koning wrote:
> Pascal JUNOD wrote:
> >
> > Hi, I'm seeking the fastest DES implementation on the Intel platform.
>
> Don't know if it's the absolute best, but I'd think it's quite
> close at least -- look for Eric Young's libdes, in
>
> ftp://ftp.psy.uq.oz.au/pub/Crypto/DES
>
> paul
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: NIST publishes AES3 papers
Date: 26 Mar 2000 22:24:27 GMT
They have ALWAYS said it, in literature and in speech, and hopefully it will
happen.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: Second announcement for ECC 2000 workshop
Date: 26 Mar 2000 23:20:12 GMT
==============================================================================
THE 4TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2000)
University of Essen, Essen, Germany
October 4, 5 & 6 2000
Second Announcement April 28, 2000
ECC 2000 is the fourth in a series of annual workshops dedicated to the
study of elliptic curve cryptography and related areas. The main themes
of ECC 2000 will be:
- The discrete logarithm and elliptic curve discrete logarithm problems.
- Provably secure discrete log-based cryptographic protocols for
encryption, signatures and key agreement.
- Efficient software and hardware implementation of elliptic curve
cryptosystems.
- Deployment of elliptic curve cryptography.
It is hoped that the meeting will encourage and stimulate further
research on the security and implementation of elliptic curve
cryptosystems and related areas, and encourage collaboration between
mathematicians, computer scientists and engineers in the academic,
industry and government sectors.
There will be approximately 15 invited lectures (and no contributed
talks), with the remaining time used for informal discussions. There
will be both survey lectures as well as lectures on latest research
developments.
SPONSORS:
Certicom Corp.
Communications and Information Technology Ontario
CV Cryptovision
Forschungsverbund Datensicherheit (Minist. SWWF, NRW)
Infineon
MasterCard International
Metris
Mondex International Limited
Siemens AG
University GH Essen
University of Waterloo
ORGANIZERS:
Gerhard Frey (University of Essen)
Steven Galbraith (University of Essen)
Alfred Menezes (University of Waterloo)
Scott Vanstone (University of Waterloo)
CONFIRMED SPEAKERS:
Pierrick Gaudry (LIX, France)
Erwin Hess (Siemens, Germany)
Ansgar Heuser (BSI, Germany)
Robert Lambert (Certicom Corp., Canada)
Arjen Lenstra (Citibank, USA)
Peter Montgomery (Microsoft Research, USA)
Christof Paar (Worcester Polytechnic Institute, USA)
Phil Rogaway (University of California at Davis, USA)
Nigel Smart (University of Bristol, UK)
Scott Vanstone (University of Waterloo, Canada)
SPEAKERS WHO HAVE TENTATIVELY ACCEPTED:
Neal Koblitz (University of Washington, USA)
Hugo Krawczyk (Technion, Israel)
Victor Shoup (IBM Zurich, Switzerland)
CONFERENCE PROGRAMME
There will be approximately fifteen invited lectures, each of
50 minutes duration and with 10 minutes of question time. All
lectures will be held on the campus of the University of Essen.
Further details of the programme and lecture room will be given in
the next announcement.
The lectures will begin at 9:00am on October 4 and run through until
the afternoon of October 6.
There will be a social event of some sort on the evening of October 4.
A banquet will be held on the evening of October 5.
There will some limited email facilities.
REGISTRATION
There will be a registration fee this year of DM 200 or $ 100 US
(DM 100 or $ 50 US for students). PLEASE REGISTER AS SOON AS POSSIBLE
AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS ON A
FIRST-COME FIRST-SERVE BASIS. The deadline for registration has been
set to Monday September 4. To register, complete, in full, the
attached REGISTRATION FORM and return it
by e-mail to: [EMAIL PROTECTED]
by mail to: Ms. Karin Rufaut
Institute for Experimental Mathematics
Ellernstrasse 29
45326 Essen
Germany
Phone: +49/201/183-7656(7649)
========================cut from here=================================
ECC 2000 CONFERENCE REGISTRATION FORM
Fullname:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Mark your choice:
Registration Fee: DM 200 / $ 100 US
Student Registration Fee: DM 100 / $ 50 US
(Registration Fee Includes Banquet)
Attending Banquet: Yes / No Vegetarian: Yes / No
Extra Guest Banquet Fee: DM 50 / $ 25 US
Guest Vegetarian: Yes / No
TOTAL REGISTRATION FEE: DM____ / $____ US
PAYMENT MUST BE MADE IN CASH ON ARRIVAL AT THE RECEPTION DESK.
Accommodation (please mark your choice)
( ) I would like to reserve a single- DM 115 per night
room for ___ nights, from ___
to ___ October, 2000 (please fill
in the dates of arrival and
departure).
( ) I would like to reserve a single- DM 130 per night
room with a large bed ("grand lit")
for ___ nights, from ___ to ___
October, 2000.
( ) I would like to reserve a double- DM 75 per person / per night
room for ___ nights, from ___ to
___ October, 2000 and I would like
to share it with _________________ .
( ) I would like to reserve a bed in DM 75 per person / per night
a double-room from ____ to ___
October, 2000 and I'm ready to share
it with another participant of the
conference.
( ) I don't need a hotel room.
The hotel bill should be paid directly at the hotel reception.
=========================cut from here===============================
TRAVEL
Essen is situated approximately 30 km from Duesseldorf International
Airport and about 250 km from Frankfurt Airport.
Participants should plan to arrive on October 3 to be able to attend
the lectures on Wednesday morning.
Duesseldorf Airport to Essen Hauptbahnhof (main station):
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
There are two suburban trains (S-Bahn) from the airport to Essen.
The S1 goes directly to Essen Hauptbahnhof (main station), but not
very often (once an hour, direction "Dortmund Hauptbahnhof", get off at
"Essen Hauptbahnhof"). The other train is the S7, direction "Solingen
Ohligs". At the station named "Unterrath" (2 minutes later) you should
change to S1 (direction "Dortmund Hauptbahnhof") which will leave
immediately and take you to "Essen Hauptbahnhof". The S7 goes twice an
hour during the week and once an hour at weekends. The price for
either of these trains is about DM 13 and the journey time is
around 45 minutes. Tickets must be purchased before boarding the
train and they must be validated (i.e., time stamped) which can be
done in the station or immediately upon boarding the train.
Note that there is an airport in Monchengladbach which is also
called "Duesseldorf airport" and which is served by a few smaller
airlines within Europe. One can also get to Essen from this airport
by using the S-bahn, but the journey time is longer (about 2 hours).
Frankfurt Airport to Essen Hauptbahnhof (main station):
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
There is a train (InterCity) which goes directly from Frankfurt/Main
Airport to "Essen Hauptbahnhof". There is one train an hour. the
journey takes approximately 3 hours and costs around DM 100.
An exact timetable for these (and other) trains can be found
at http://bahn.hafas.de/bin/detect.exe/bin/query.exe/en
Tickets may be purchased at the station or on the train.
Another possibility is to take suburban train (S-Bahn) S8 to Mainz
and then change to an Essen train. For "InterCity" trains it is
necessary to pay a DM 7 supplement.
Essen Hauptbahnhof (main station) to the University of Essen:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
To walk from Essen Hauptbahnhof to the University of Essen takes
around 20-25 minutes. It is also possible to take the
underground train U11 direction "Universitaet Essen"
and get off at the "Universitaet Essen" stop. On the underground
it is necessary to buy a ticket in advance and validate (time stamp)
it either before entering the platform or immediately upon boarding
the train.
Maps of the region, city and university can be found at:
http://www.uni-essen.de/plan/
ACCOMMODATION
There is a limited block of rooms set aside on a first-come first-serve
basis at three mid-range hotels in Essen: "Korn's Hotel", "Europa"
and "Lindenhof". All three hotels are close to both the Essen main station
and the University of Essen and can easily be reached by public transport.
Breakfast is included. We ask you to make your hotel reservations with us.
In all three hotels, the price is DM 115 for a single room and DM 150 for
a double room. "Korn's Hotel" also has single rooms with a large
bed ("grand lit"), the price for these rooms is DM 130 per night. If you
prefer such a room, please indicate on the registration form. If all the
single rooms for DM 115 are booked out, we will automatically reserve
a single room with "grand lit" for DM 130 for you.
The addresses of the hotels and their exact location will be given in
the next announcement.
===========================================================================
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: http://www.cryptomat.com
Date: 26 Mar 2000 19:25:33 EST
Hmmmmm.
> Nevertheless, it seems a fair amount of trouble to go through for a
> scam with little discernable reward, other than perhaps a list of
> email addresses of individuals interested in cryptanalysis. They are
> very much into anonymity - but perhaps that was not enough to prevent
> some large gentlemen in black suits driving Chevy Suburbans with
> black out windows with Maryland plates taking care of them?
That can't be right. An authorative source (The X-Files telivision
show) clearly shows that the typical MIB drives a black Cadillac
from the late '50s or early '60s and looks exactly like Jesse Ventura.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 16:33:02 -0800
Jerry Coffin <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This is where the BIG lie comes into the picture: you have some
> garbage that you SAY covers the theory and the specification of
> procedures and processes, but as has been pointed out repeatedly in
> the past, what you've posted covers nothing of the sort; it contains
> nothing more than hand-waving. Based on its content, there are two
> possibilities: either you don't really know how your software works,
> or else you're intentionally covering things up to prevent the rest
> of the world from knowing how it works.
Just to be technically accurate: there is a third possibility -- he doesn't
know the level of detail an algorithm needs to be specified, and so he
honestly thinks that the very rough outline on his web page is sufficient.
Still, this does not reflect greatly on his capabilities as a cryptographer.
--
poncho
.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Mixing N bits into N bits
Date: 26 Mar 2000 19:44:06 EST
I am using the number of seconds since Jan 1, 2000 (32 bit integer)
in a ciphersaber variant that I am doing just to learn more.
Needless to say, the bits on the LSB end change a lot and the bits
on the MSB end don't. I would like to convert the variable into a
32 bit variable where each bit is equally likely to flip as time
increments, yet I want to keep the property that I am 100% certain
that the variable will never repeat in this century. The conversion
doesn't have to resistant to crypto attacks, although if it was that
would be interesting from a learning standpoint. BTW, would "hash"
be a proper word to call what I just described?
------------------------------
From: John Benneth <[EMAIL PROTECTED]>
Crossposted-To: misc.health.alternative,sci.med,sci.skeptic
Subject: Oat seed and yeast tests
Date: Sun, 26 Mar 2000 17:14:44 -0800
Bruce Mcneely wrote:
> From: "Bruce Mcneely" <[EMAIL PROTECTED]>
>
> ----------
> >From: Lloyd Davidson <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: [Skeptics Forum] THe Queens of Denial
> >Date: Sun, Mar 26, 2000, 8:02 AM
> >
>
> >From: Lloyd Davidson <[EMAIL PROTECTED]>
> >
>
> >Below is a typical report on the Mr. Benneth's kitchen research
> methods,
> >also from his Kirlian photography web site. I didn't try to rewrite
> or
> >correct his text.
> >Mr. Benneth's research:
> >1999 Benneth, oat seedlings, In this test I soaked oat seeds with a
>
> >control solution made from blank control sugar pellets and a test
> solution
> >made from Boiron Staphysagria 30c pellets.
>
> Why is the control sugar water? I'm not a gardener, but I would guess
> that
> seeds don't germinate too well in sugar water compared with pure water
> (AKA
> homeopathic test solution)
>
> The idea to use Staphysagria
> >came from Patty Smith of the British Institute of Homeopathy. I liked
> the
> >rubric that goes with Staphysagria. Oats are a cultigen and
> Staphysagria is
> >a rape medication used in unicst homeopathy. We rape the earth.
>
> Oh cute! Speak for yourself, dude.
> I took
> >fifty oat seeds and separated them as equally as I could as to size
> in two
> >separate batches. Then I placed them, 25 each, into two clear
> plastic SOLO
> >brand drinking cups and covered them with cotton and affixed with
> Scotch
> >tape a second cup over the top to act as a lid. Then in an
> eyedropper, I
> >dissolved a blank sugar pellet in a half ounce bottle filled
> partially with
> >store bought distilled water. In a second identical bottle of
> distilled
> >water I dissolved a pellet of Staphysagria. Then I poured the entire
>
> >contents of each bottle into respectivec SOLO cups with the seeds,
> wetting
> >the cotton. I then placed them in a shelf side by side, away from
> sunlight,
> >and forgot about them for a month. When I checked the results I was
> amazed.
>
> Why? Because your so-called experiment worked?
>
> >The dilute Staphysagria treated oats had went wild by comparison to
> the
> >control treated oats, growing 150% more. I took the measurements by
> >analyzing and measuring each little "coleoptile", stem, or piece of
> growth
> >and adding up the total of the controls and the treated oat seeds in
> >inches. Now don't you think that more of these scientific
> investigators
> >would report their results as clearly as this? Reportedly, Kim Birney
> has
> >reproduced similar results. What a bunch of chumps these critics are
> who
> >decry homeopathy without performing a simple test like this. Rather
> than
> >comment on the method or report, why not investigate for yourself
> with a
> >similar test? You might be able to affect the fgrowth of things in
> your
> >garden. World Wide Web
>
> maybe I will try this experiment, only with true controls and
> double-blinding. I may also be amazed (at how easily Benneth's test
> results
> can be explained)
> >At 14:19 3/25/00 -0800, you wrote:
> >>From: John Benneth <[EMAIL PROTECTED]>
>
> Bruce McNeely
Bruce,
I encourage you to try the experiment. The reference to sugar water is a
little over rated.
With Golub's commerical preparation of Plant Homeopathy, one homeopathic
sugar pellet will potentiate a quart of distilled water, and a pellet is
about the size of a BB, so the actual amount of sugar in the water is
negligable.
You could simply order Golub's preparation and try that on your
plants, indoor or out, or you could obtain homeopathic Staphysagria and
do the oat seed experiment.
In this case, the amount of sugar in the water is a little more, as
I used one pellet to potentiate an ounce of distilled water in an eye
dropper bottle. Without a blank pellet as a control, people scream that
the plants simply reacted to the sugar, even though the amount in an
ounce is still miniscule. So if you can't get blank homeopathic pellets,
you may want to use regular cane sugar in the same amount, about the
amount of a BB.
There's nothing stopping you from screwing up the test and
reporting failure, or getting unpotentiated pellets. But I trust the
data will eventually speak for itself.
I'm open to more questions regarding this experiment, or the test
using common bakers yeast in a solution of sugar water with beer
bottles and balloons to measure gas discharge. This test produced odd
results, which I can't quite explain. The Staphysagria treated yeast
acted differently from the controls. Whereas it did not produce what
seem to be more gas, it did not reabsorb it like the controls did until
long after, keeping the ballon inflated for months after the others had
shrunk from the vacuum produced by the yeast reabsorbing the gas.
John Benneth
>
>
> -
> ----------------------------------------------------------------------
>
> GET A NEXTCARD VISA, in 30 seconds! Get rates as low as 2.9%
> Intro or 9.9% Fixed APR and no hidden fees. Apply NOW!
> http://click.egroups.com/1/936/6/_/525903/_/954112792/
>
> -----------------------------------------------------------------------
>
> Skeptics Forum Home Page:
> http://www.onelist.com/community/skeptics-forum
> Skeptics Forum Archives:
> http://www.onelist.com/messages/skeptics-forum
> To unsubscribe, send blank message to:
> [EMAIL PROTECTED]
> To subscribe, send blank message to:
> [EMAIL PROTECTED]
------------------------------
Subject: Re: one-way hash functions with 256-bit output
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Mon, 27 Mar 2000 01:25:47 GMT
David Crick <[EMAIL PROTECTED]> writes:
> Tiger supports up to 192-bits and HAVAL up to 256.
Is it still assumed that HAVAL with 5 rounds is probably better than
MD5?
> As has been noted in another thread, RIPEME-320 exists,
> but "RIPEMD-256 and RIPEMD-320 are optional extensions
> of, respectively, RIPEMD-128 and RIPEMD-160, and are
> intended for applications of hash functions that require
> a longer hash result without needing a larger security
> level."
That statement seems to be scary.
> NIST/NSA are supposed to be working on SHA-2/DSS2.
Will that mean that NSA will develop something for the public that
they cannot abuse even if they badly need to? (Like, are they going
to take away subliminal channels and nasty consequences of
slightly-less-than-perfect RNGs in DSS?)
> And of course, the AES ciphers can themselves be used
> as hash functions. Rijndael is the only cipher that
> supports block lengths of > 128-bits, so it would
> probably be the more ideal candidate in this respect.
Has Rijndael been analyzed with 256-bit block?
My questions were, anyway,
(a) Is there something that is going to become a "standard"
collision-free one-way function with 256-bit output?
(b) What is the most likely candidate for this position?
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sun, 26 Mar 2000 18:31:23 -0700
In article <8bmaob$m01$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Just to be technically accurate: there is a third possibility -- he doesn't
> know the level of detail an algorithm needs to be specified, and so he
> honestly thinks that the very rough outline on his web page is sufficient.
I can't go along with this one. People have repeatedly pointed out
that his explanations are inadequate, including specific examples of
the problems. Thus, to remain ignorant of the problems, we basically
have to postulate that he either doesn't read or can't understand
these messages. He's replied to enough of them to prove that he
reads them, and in many cases the required comprehension level is
well below that of messages he sends in reply. In short, he's
disproven this possibility.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
Subject: Re: one-way hash functions with 256-bit output
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Mon, 27 Mar 2000 01:35:19 GMT
David A Molnar <[EMAIL PROTECTED]> writes:
> Check http://www.cryptonessie.org/ for a start..
I could not find their motivation for 512-bit output hash functions.
It seems like 256 bits should be enough for everybody (or am I
sounding too much like the billionaire who said this about 640K of
RAM?).
To find a collision with probability of 10^{-10} we'd need around
2^112 function values. Is this considered to be something within
reach of mankind in the future? Or what is the motivation?
------------------------------
Subject: Re: Mixing N bits into N bits
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Mon, 27 Mar 2000 02:02:19 GMT
[EMAIL PROTECTED] (Guy Macon) writes:
> [...] (32 bit integer) [...] I would like to convert the variable
> into a 32 bit variable where each bit is equally likely to flip as
> time increments, yet I want to keep the property that I am 100%
> certain that the variable will never repeat in this century.
Since you need to be absolutely certain things like first 32 bits of
MD5 won't work for you.
You want a 1-to-1 function.
> The conversion doesn't have to resistant to crypto attacks, although
> if it was that would be interesting from a learning standpoint.
A block cipher with 32-bit block coudn't be secure anyway.
Since you don't need security, you could have fun designing your
own Feistel network with 32-bit block.
The basic idea is that you split your 32-bit value in two halves, L
and R, and then apply the following transformation a few times:
TEMP <- L
L <- R
R <- TEMP XOR F(R, K)
K is your (symmetric) (sub)key, which doesn't have to be secret for
your application. Key usually changes from round to round, but you
don't have to worry about this. F is a function that's as complicated
as you can think of.
> BTW, would "hash" be a proper word to call what I just described?
Hash usually works on arbitrary length data, and thus collisions are
unaviodable. You require a function to be 1-to-1, and only map 32-bit
ints into themselves.
The Feistel network trick described about lets you turn any function
F: {0..2^32-1} -> {0..2^16-1} into such 1-to-1 function. Depending
on number of rounds, properties of F and key schedule the function
can mix better or worse.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Mixing N bits into N bits
Date: 27 Mar 2000 02:05:34 GMT
In article <8bmasm$[EMAIL PROTECTED]>,
Guy Macon <[EMAIL PROTECTED]> wrote:
>
>I am using the number of seconds since Jan 1, 2000 (32 bit integer)
>in a ciphersaber variant that I am doing just to learn more.
>Needless to say, the bits on the LSB end change a lot and the bits
>on the MSB end don't. I would like to convert the variable into a
>32 bit variable where each bit is equally likely to flip as time
>increments, yet I want to keep the property that I am 100% certain
>that the variable will never repeat in this century. The conversion
>doesn't have to resistant to crypto attacks, although if it was that
>would be interesting from a learning standpoint. BTW, would "hash"
>be a proper word to call what I just described?
>
>
I don't think you want to use a hash function... if you hash the
time into some 32-bit value, then you would expect a collision after
approximately 2^16 seconds which is less than one day.
What you really want is some pseudo-random permutation of the the integers
modulo 2^32. The first thing that comes to my head is the function used
in RC6: f(X) = X*(2*X + 1) . This is certainly not the ideal solution
for your problem (the probability of each bit changing is not 1/2), but
perhaps composing it with other easy to compute permutation might work
quite well... I'm sure if you think about this a little, you can probably
come up with a nice solution.
Scott
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
