Cryptography-Digest Digest #530, Volume #11 Tue, 11 Apr 00 23:13:01 EDT
Contents:
Re: permutation polynomials (more) (Mike Rosing)
Re: Looking for crypto short course or workshop (Mike Rosing)
Re: Quantum Teleportation (Mike Rosing)
Re: strength of altered vigenere cipher? (Mok-Kong Shen)
Corellations ([EMAIL PROTECTED])
Re: Corellations (mark carroll)
Compaq invents more efficient RSA?! (Felix von Leitner)
Re: Is AES necessary? (wtshaw)
Re: are self-shredding files possible? (Frank Gifford)
Re: Q: Entropy (Bryan Olson)
Re: Encode Book? (lordcow77)
manual cypher (MCTER) (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: Q: Inverse of large, sparse boolean matrix, anyone? (Gadi Guy)
Re: DNA steganography (wtshaw)
Re: Compaq invents more efficient RSA?! (DJohn37050)
Re: Q: Petri nets (wtshaw)
Re: are self-shredding files possible? ("david hopkins")
Re: Looking for crypto short course or workshop (David A Molnar)
Re: Hash function based on permutation polynomials (Tom St Denis)
----------------------------------------------------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: permutation polynomials (more)
Date: Tue, 11 Apr 2000 11:12:53 -0500
Tom St Denis wrote:
> I want the biggest order I can get, i.e p states. But I didn't think
> you could have primitive polynomials [mod composite]... am I wrong?
> Something like
>
> P(x) = 2x^2 + x, is a permutation polynomial, but is not primitive...
If you have an even x, you stay even forever. So at best this is a
1/2 maximum period.
Something else you might want to check out that would work is called
the Zech logarithm. It should give you maximum permutation period, but
I'm not sure how linear it is.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Looking for crypto short course or workshop
Date: Tue, 11 Apr 2000 11:32:08 -0500
Kim J.-H. wrote:
>
> I would like to want to know about crypto short course or workshop to be
> held.
> The topic may be general or specific.
> I am waiting for your guidance.
Christof Paar just posted news of a 4 day course at Worchester
Polytechnic.
He's also got a workshop in August. It's a long ways from Korea tho!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Quantum Teleportation
Date: Tue, 11 Apr 2000 11:47:14 -0500
Doug Goncz wrote:
>
> Can any of you here make any connections between these four topics?
>
> I hope I'm not way OT, and that this isn't too speculative. If so, might you
> direct me? I saw very little in sci.crypt.research the other day. Like three
> posts.
>
> Please feel free to go way out there. I'm interested in novel insights as well
> as anything well recognized. I can certainly look up any references at the
> university library. I'll take your suggestions that seriously, I promise. This
> is not idle chatter.
The problem is in mixing scales. What happens in a quantum experiment
doesn't
easily translate to machine scale. A quantum model of GABA (a
neuro-transmitter
molecule) would be a fantastic leap of knowledge at this point. A
quantum model
of "everyday things" is just too far off for us to imagine. Not that it
can't
be done eventually, it's just way outside our ability today.
You can call a cell a "machine". It's so complicated we don't
understand it
all yet. Once we do, building self replicating machinary won't be all
that
difficult. But I suspect there are quantum tricks happening at the
sub-molecular
level which helps things work, and you won't be able to do that on a
machine
that's too large. Some day we might be able to build "cellular
machines", but
I bet they won't compare well to living organisms.
This is kind of way OT, so if you want to have further discussion, send
me e-mail
at [EMAIL PROTECTED]
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: strength of altered vigenere cipher?
Date: Tue, 11 Apr 2000 20:13:38 +0200
Paul Koning wrote:
>
> Mok-Kong Shen wrote:
> > The strength question has been answered by others. I just want
> > to say that, if you want to use polyalphabetic substitution,
> > then don't use Vigenere with all alphabets being shifted versions
> > of one another but use so-called independent alphabets (i.e.
> > the the characters of the alphabets are randomly ordered) and
> > long keys.
>
> That will only help a little. As soon as I get enough ciphertext,
> I can determine the period (key length) and at that point the
> problem reduces to that many simple substitution ciphers. If the
> key length is less than 3% or so of the message length, you're
> in trouble...
It depends upon how many alphabets you have and whether you can
get actually 'enough' ciphertext that you need. The security of
a cipher system is determined by many factors and no practically
available cipher is 'absolutely' secure. I am certainly not
suggesting using polyalphabetic substitution in place of any
of the well-known modern block ciphers. On the other hand, a
polyalphabetic substitution need not be employed alone but could
be used as a component of an encryption algorithm.
> An interesting approach is to use Tom Jefferson's cipher device
> instead, picking a different row each time. (See Kahn for a
> description. Nice widget...)
This is in fact a polyalphabetic substitution. There is a toy
built based on the same idea but is not sufficient for encryption
of the normal English alphabet.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Corellations
Date: Tue, 11 Apr 2000 17:58:39 GMT
Ok, i am new to this but this is the task that I want to accomplish. I
am working with a smart card that contains 4k hex of information. Each
smart card contains a number that is stored in hex which is unique.
For example at address 8374 of the hex file you will find the card
number in hex which will look like this 00 B8 29 56 and would translate
to decimal of this 12069206. At address 8378 there is 64 bytes of code
that are unique to that card number. Basically I would like to know
how hard it would be to come up with the formula to be able to create
the unique data from the card number. I have access to lots of card#'s
and there unique data. I would like to know how you would go about
going from known cards and data to being able to put in a card number
and get out the unique data.
the 64 bytes of code that are unique to this card would look like this.
DD 72 1A 35 61 D3 32 E5 | `1"Ö.o‡ŒÝr.5aÓ2å
8480: 19 5C 76 D1 7C F9 68 19 1E 8E 11 7C 78 DF CF 59 | .\vÑ|ùh..Ž.|xßÏY
8490: AF 6D 30 22 4C 0A 0C 79 0D 1F 29 B9 D1 EE 88 6E | ¯m0"L..y..)¹Ñîˆn
84A0: F4 42 D5 E7 07 9A 86 F6 FD 1B 87 A5 85 74 52 63 | ôBÕç.š†öý.‡¥…tRc
84B0: 5E 59 7F 0D F6 59 67 00
Well, thanks for taking the time to read... if you think you have any
ideas to help me out I would appreciate it if you would email me.
[EMAIL PROTECTED] just remove the no spam please. Thanks
again.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (mark carroll)
Subject: Re: Corellations
Date: 11 Apr 2000 18:25:19 GMT
Your subject line says it all. An obvious first step would be, for
every bit of the card number and for every bit of the unique data,
find the probability that one is a 0 given that the other is a 0.
-- Mark
------------------------------
From: Felix von Leitner <[EMAIL PROTECTED]>
Subject: Compaq invents more efficient RSA?!
Date: Tue, 11 Apr 2000 18:26:16 GMT
Compaq claims a major breakthrough in cryptography by inventing an RSA
variant called MultiPrimes that uses more than one prime factor for the
secret key. The white paper is at
http://www.tandem.com/brfs_wps/esscpttb/esscpttb.htm
Does anyone care to comment on this?
Felix
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Is AES necessary?
Date: Tue, 11 Apr 2000 12:03:15 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> David C. Oshel wrote:
> Deception (disinformation) is a higher art, while confusion
> (encryption) is, in comparison, a mundane technology. Deception
> is probably easier done in plaintexts. If encrypted, the strength
> of encryption shouldn't be too weak, for otherwise it wouldn't
> be 'credible'. On the other hand, the strength shouldn't be too
> strong such that the chance of the 'intended receiver' getting it
> becomes negligible, thus failing the purpose. Evidently, one has
> to use a different strategy when using plaintexts than when using
> encrypted messages.
>
Playing a good encryption game can mean being highly deceptive. You can
mix some obscurity into the process, not at all a wrong thing to do.
After all, in merely picking a passphrase, you try to be obscure and
deceptive, not mundane and predictable.
--
Doubt until you have poof, then doubt frequently. Descartes
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: [EMAIL PROTECTED] (Frank Gifford)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: 11 Apr 2000 15:04:18 -0400
In article <8cv71f$hm7$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>With regard to “self-shredding encrypted files , while it is difficult
>to see how a file could shred it itself, it is not so difficult to see
>how a key could revoke itself. The set-up might be do-able as follows:
>[snip]
>(5) The PGP secure viewer could be configured to have a
>disable “copy to clipboard” option, and to allow decryption only to the
>secure viewer
>[snip]
That is a completely different ball of wax. Since the program runs on a
user's machine, you have no way to prevent a hacker from modifying the code,
or in doing debugging of the code, etc. At the very least, you cannot
prevent a person from taking a picture of the document which is viewed on
the screen. Nor can you prevent them from videotaping the entire session
to prove the decryption and show that they haven't falsified the results.
Until you can create a program which runs on my machine and environment
that I cannot modify in any way or trick the program into giving away
information, the whole concept of a 'secure viewer' is moot.
-Giff
--
Too busy for a .sig
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 11 Apr 2000 18:56:08 GMT
[EMAIL PROTECTED] wrote:
> Bryan Olson writes:
> > Given a string of, say, a million zeros and a "random"
> > million-bit string, Kilogram complexity does not say which
> > is more complex.
>
> Now that I don't understand. Why do you say this?
>
> A string of a million zeros is simple to write as a turing machine.
> (Not that I can do it without hitting a few books, but presumably it's
> easy.)
For any finite string there is some language that
outputs that string with a one-character program.
The language is contrived, but perfectly within
the rules.
> Anything else is more complicated. (Not that I've proved it, but it's
> just got to be true, right?)
>
> Ergo, the kolmogorov complexity of a million zeros is less than or
> equal to the complexity of a random string.
But in another language the random-looking string is less
complex. Ergo the opposite result.
Note that Kolmogorov complexity also gives us a
language-independent metric in which additive constants are
not significant. It's useless for finite strings because
ignoring additive constants ignores all that there is.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Encode Book?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Tue, 11 Apr 2000 12:12:26 -0700
In article <[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
>> In any case, I doubt I could create a fast new public-key
algorithm
>> right now. I *know* I could not have done it at her age. It
remains an
>> impressive acheivement.
>
>So what, I tought myself Pascal when I was 12, big deal. It's
nice to
>know she understands it enough to break her own algorithm
though.
>
Teaching yourself Pascal is not a big deal. Inventing a new
public key cryptosystem that is at least plausibly difficult to
break and then attacking it yourself at her age is a big deal.
If you don't realize this, I'm afraid that it wouldn't be
productive to explain this any further.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: manual cypher (MCTER)
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Tue, 11 Apr 2000 19:13:22 GMT
MCTER
==================================================================================
1111
IDX 5555555566666666667777777777888888888899999999990000
2345678901234567890123456789012345678901234567890123
----------------------------------------------------
IDX 111111111122222222223333333333444444444455
0123456789012345678901234567890123456789012345678901
L3 ABCDEFGHIJKLMNOPQRSTUVWXYZ@!"#$%&'()*+,-./0123456789
CRPT APPLIED@CRYPTOGRAPHYAPPLIED@CRYPTOGRAPHYAPPLIED@CRYP
MIX1 BQ%6!BD9O%3IQTP&6P$2I!4IX79O#JR*2YUAQIX%5-%3IWY-XDLD
MIX2 9W,4JD!VBRL'EMEMUY67TX4Q*$Y'8WG@!1.1K&AY6&E8U2C,GI9B
PTXT PROTOCOLS,@ALGORITHMS,@AND@SOURCE@CODE@IN@C@SCHNEIER
CTXT O-ANXF/&TD+'PSS#"1DJ+JUQ7'89M0X"%R0FN*@&JGGY,4J9KQDS
==================================================================================
The message is encrypted by chunk of 52 characters. So the key can be 52 character
long. If it is shorter it is reused until all the 52 positions are filled.
==================================================================================
All arrays are 52 elements of 1 character, array elements starts at 0
L3$ - is the array with the letters "A-Z" and "Space - 9" in ascending ascii
characters.
IDX - is the index of each characters of L3$
Set up array crpt$ with the key, repeating the key if necessary
Set up array ptxt$ with the first 52 elements of the message. If the plain text
is less than 52 characters then pad with blanks( or any other character ).
Set up array ctxt$ with blanks
set iv= 1
Repeat with chunk of 52 characters of plaintext, pad with blanks if less than 52
FOR k = 1 to 2 ' 2 round of mixing
FOR i = 0 to 51 ' mix all the 52 elements of the key
c1 = lookup index character crpt$(i) in L3$
c2 = lookup index character crpt$(c1) in L3$
c3 = lookup index character crpt$(c2) in L3$
iv = iv + c3
if iv > 51 then iv = iv - 52
crpt$(i) = L3$(iv)
NEXT i
NEXT k
REM the 2 rounds are complete and we are ready to crypt/decrypt the plaintext
FOR i = 0 to 52
c1 = lookup index character crpt$(i) in L3$ 'this is for coding
c2 = lookup index character ptxt$(i) in L3$ 'this is for coding
c3 = c1 + c2 'this is for coding
if c3 > 51 then c3 = c3 - 52 'this is for coding
ctxt$(i) = L3$(c3) 'this is for coding
c1 = lookup index character mix2$(i) in L3$ 'd e c o d i n g
c2 = lookup index character ctex$(i) in L3$ 'd e c o d i n g
c3 = c2 - c1 'd e c o d i n g
if c3 < 0 then c3 = c3 + 52 'd e c o d i n g
ptext$(i) = L3$(c3) 'd e c o d i n g
NEXT i
UNTIL there is no more chunk of plaintext
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
This is a system designed to be used manually. Using a computer or a calculator
facilitate the coding enormously, but the fact remains that you can operate
this with brain power only...Or maybe make a program on a HP41 or some similar
calculators. You need only 104 memory location to hold the data for the whole
process.
Coding a message takes about 30 minutes if you have a calculator to help with the
calculation. It is important to verify since errors completely garble the result.
You're not obliged to code all the 52 characters of the plain text, but mix1
should be done for the 52 positions of the key. Mix2 can be calculated for only
the length of the plaintext if it's less than 52.
I would like to get comments on this algorithm and how secure it is.
Recommendations are welcome to improve or change the algorithm as you wish.
Following are some test where even the plaintext is given.
I took care to ensure the validity of the data on this page, I don't want to
induce you in error or any thing like that. If you think you spoted an error,
feel free to e-mail to me or post to this thread.
In a couple of weeks, I will post the solutions.
Jacques Thériault
[EMAIL PROTECTED]
(remove the wouf....)
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Here are some exercises, the key is 9 character and I give you
3 plain text with the cypher text and the mix2
the '@' symbol is used to represent the space character.
========================= first transmission ===============================
1111
IDX 5555555566666666667777777777888888888899999999990000
2345678901234567890123456789012345678901234567890123
----------------------------------------------------
IDX 111111111122222222223333333333444444444455
0123456789012345678901234567890123456789012345678901
L3 ABCDEFGHIJKLMNOPQRSTUVWXYZ@!"#$%&'()*+,-./0123456789
key ---------------------------------------------------- find this line
mix 1 ---------------------------------------------------- find this line
mix 2 |4GGN10)$*17HMT*0AF,9L$I8'"SYNZ&WYCO21P"LB'F52QV!RT1@|
ptext |This technique if done properly is absolutely secure|
ctext |NNO%RJ-&1EFX&XK8F%/NY((N80'"$*E6&U.22'0WVAJGQ0-%T-I$|
========================= second transmission ===============================
same key
key ---------------------------------------------------- find this line
mix 1 ---------------------------------------------------- find this line
mix 1 |4GGN10)$*17HMT*0AF,9L$I8'"SYNZ&WYCO21P"LB'F52QV!RT1@|
ptext |Ciphertext is up to one block longer than the plain@|
ctext |6OVU5HC(HKXP$3EF YAZZ1MY(-& X91*+ISJR()LOHYC60*,R!EA|
========================= Third transmission ===============================
same key
key ---------------------------------------------------- find this line
mix 1 ---------------------------------------------------- find this line
mix 2 |4GGN10)$*17HMT*0AF,9L$I8'"SYNZ&WYCO21P"LB'F52QV!RT1@|
ptext |Before it gets too confusing, let me review the nome|
ctext |5KL!I4J,DRDL%+KJOTMBZ1NS9*%$991@1"@6R&&&J+!VLXZB$'D$|
========================= Fourth transmission ===============================
same key ** we beefed up security, no more plaintext
key ---------------------------------------------------- find this line
mix 1 ---------------------------------------------------- find this line
mix 2 ---------------------------------------------------- find this line
ptext ---------------------------------------------------- find this line
ctext |&B@WX5LJM4*3%XFP045*YX@D&PH74A9#2O(.@"3&AV/!TN/(7&VI|
========================= Big one transmission ==============================
for those who thinks they have a big computer... this is with a big key
key ---------------------------------------------------- find this line
mix 1 ---------------------------------------------------- find this line
mix 2 ---------------------------------------------------- find this line
ptext ---------------------------------------------------- find this line
ctext |7&S!G--K$$SGN475G@LV#-P,W$*M34AM/US2"!"L7I519M0#1ODA|
======================= E N D O F D O C U M E N T ==================
------------------------------
From: Gadi Guy <[EMAIL PROTECTED]>
Subject: Re: Q: Inverse of large, sparse boolean matrix, anyone?
Date: Tue, 11 Apr 2000 21:16:26 +0300
Robert Harley wrote:
>
> Gadi Guy <[EMAIL PROTECTED]> writes:
> > I need to create a large (N = O(10000)) boolean matrix which
> > has a small number (n = O(3)) of ones in each row, and its inverse.
>
> > Real methods (such as Gauss elimination) don't work.
>
> Does too.
>
> Even if the matrix is dense, a plain Gaussian elimination adapted for
> booleans should invert your matrix in a few minutes.
I'm not sure whether my problem is with inverting the matrix
or simply with creating an invertable matrix. I find that
the simple, pivoting Gauss elimination algorithm I copied from
"Numerical Recipes" fails every time.
It creates 0's in the diagonal and then goes berserk.
MacKay says: "Such a random sparse matrix is not necessarily
invertable, but there is a probability (for large N) of about
0.29 that it is." [Good codes based on very sparse matrices,
MacKay and Neal]. For large N, it becomes increasingly expensive
to generate matrices and eliminate them.
My algorithm fails miserably most of the time, which lead me to
believe that maybe there's something more to inverting boolean
matrices than they teach in numerical analysis.
Gadi.
**********************************************************************
>From the alt.folklore.urban FAQ:
True: Prof. Donald Knuth's 1st publication was in MAD mag.
(MAD #33 "The Potrzebie system of weights and measures")
**********************************************************************
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: DNA steganography
Date: Tue, 11 Apr 2000 12:29:30 -0600
In article <[EMAIL PROTECTED]>, "John A. Malley"
<[EMAIL PROTECTED]> wrote:
>
> Maybe our own immune systems will prevent us from ever making
> protein-transcibed DNA steganography a workable message carrying system.
>
Here is to the guys in the basement, who, to be happy, must determine
whether an electronically transmitted DNA sequence is biological or
otherwise, as they attempt to solve it for meaning.
--
Doubt until you have poof, then doubt frequently. Descartes
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Compaq invents more efficient RSA?!
Date: 11 Apr 2000 19:22:16 GMT
using multiple primes has been thought of before, so it is unclear how this is
a breakthru. It is clear that the problem of factoring 1024 bits composed of 2
512-bit numbers is diff. than factoring 1024 bits composed of 4 256-bit
numbers.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Q: Petri nets
Date: Tue, 11 Apr 2000 12:20:48 -0600
In article <8ctp9f$vhd$[EMAIL PROTECTED]>, David A Molnar
<[EMAIL PROTECTED]> wrote:
> Darren New <[EMAIL PROTECTED]> wrote:
> > That seems odd too. I think they're much more popular in european academia
> > than US academia. At least, I never heard about them except from exchange
> > professors. Networking books are more likely to have it than theory books, I
> > would think.
>
> I have also seen them used in management theory and operations research
> for modelling decisions on a project. My father is a civil engineer; it
> was something of a shock one break when I came home and found an article
> on "probabilistic Petri nets for modelling construction
> decisions" buried in one of his magazines next to such things like
> "change and future" or "the characteristics of no.5 rebar".
>
Petri nets may address problems of parallel logic that might escape design
in a serial means of doing things. I did some time delving into them some
years ago, concluding that they are not essential for what I want to do,
as I already understood how to get through non-serial problems. What I
have in petri nets is one of those books that draws you, but leaves you
intellectually unsatisfied.
I spent some time with design and production of elevator systems when
microprocessors and digital communications were still too slow to be all
that useful. A car could miss a stop because of floor call that it should
answer due to the absolute time delays involved. The way around was to
mix analog with digital in hybrid designs, no processors involved, but
uarts and low impediance pheripheral com lines with transient protection
were.
--
Doubt until you have poof, then doubt frequently. Descartes
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: "david hopkins" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: Tue, 11 Apr 2000 19:24:44 GMT
How do we use shreder to destroy paper file? We put it in the shreder by
hand when we intend to do so. We are not force
to do that. That's what we want.
I tend to believe that if users are not cooperative, it will have no way to
overcome any self shredding mechanism,
as many people has get this result in this thread already: Clock can be set,
program can be debugged, even if clipboard
can be disable, soon some tools will be able to capture the content from
RAM, or some tool like SnagIT( a screen capturer
can get text from screen, not only bitmap) :-<
What I mean is, this email client only remind and help people to destory
message if they are willing to do so, but are likely
to forget to do that.
About other ways,
1, a service like DI
2, second POP3 account for each part. That should be at different ISP from
the firtst one.
maybe not practical. need more idea
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> david hopkins wrote:
> > I figure out that, what DI does can be replaced with a Email client with
build in PGP capability and
> > a mechanism to indicate the expire date in the message. When the date
reached, the email client will
> > physically wipe the message.
>
> and how about backups and copyes ? and about seting computers date back ?
>
> > What is diffent from normail usage of PGP is that, a one time symmatric
> > key should be transimitted in other way than the email message body.
>
> what 'other way' ?
>
> > This will ensure that when wiping
> > the message, the one time key is also destroyed. Thus, even any PGPed
copy can be found, it is not
> > recoverable.
>
> == <EOF> ==
> Disastry http://i.am/disastry/
> http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
> http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
> remove .NOSPAM.NET for email reply
>
> -----BEGIN PGP SIGNATURE-----
> Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
>
> iQA/AwUBOPK2tzBaTVEuJQxkEQLYtwCgpjqeg5hbmrRg0jw/DgbNqIPy8DIAoNN7
> 28RyVZ9FM6g9hvOtpES6KA3P
> =ohIh
> -----END PGP SIGNATURE-----
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Looking for crypto short course or workshop
Date: 11 Apr 2000 18:00:08 GMT
Mike Rosing <[EMAIL PROTECTED]> wrote:
> Christof Paar just posted news of a 4 day course at Worchester
> Polytechnic.
> He's also got a workshop in August. It's a long ways from Korea tho!
Right - there's also a short course at MIT taught by Goldwasser and
Bellare sometime in August. The 1998 page is here :
http://theory.lcs.mit.edu/~shafi/summer.html
but it seems to run every year. At least, I receive snail mail every year
soliciting me to take the course for some reason (I don't have enough
discretionary $$ to spend what they ask for a 4 day course...)
Thanks,
-David
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Hash function based on permutation polynomials
Date: Tue, 11 Apr 2000 19:35:19 GMT
Runu Knips wrote:
> I didn't changed the rest of your algorithm, I only changed the
> original loop
>
> for (r = 16; r < SIZE; r++) {
>
> t = temp[r - 16] ^ temp[r - 15] ^ temp[r - 14] ^ temp[r - 13] ^
>
> temp[r - 11] ^ temp[r - 7] ^ temp[r - 6] ^ temp[r - 3] ^
>
> temp[r - 2] ^ temp[r - 1] ^ 0x9E37B91Ful ^ r;
>
> temp[r] = ROL(t, 11);
>
> }
>
> to the above code. The memcpy() in front of the loop and the
> code after it remain untouched. Both code pieces have equal
> results (at least I think so). But my optimized version shows
> IMHO more clearly how the resulting vector will look like.
Could you post the entire modification please, I wouldn't mind looking
at what you had in mind.
>
> > > I think you would agree that this loop isn't very good
> > > because the difference between temp[r] and temp[r+1]
> > > depends only on r and temp[r-1], plus some offset build
> > > buy temp[0..14] and your magic constant 0x9e37b91f.
> >
> > My magic constants are just random typing. Also the input is 512 bits,
> > which goes from temp[0..15].
>
> Yep, I know :-)
>
> I only believed temp[0..14] would form a static offset - but
> I was wrong.
Um ok.
>
> > Thanks for looking at it :), what do you think of the compression
> > rounds?
>
> They look good; very expensive but good. The ROTL() in the
> initialisation loop guarantees that all bits of the input
> matter. I can't see any obvious weakness here.
One problem I have noted with the perm.poly's is that the lsb is not
effected at all. It either stays on or off. I hope the 6
cyclic-rotations will cure that though :). I dunno if 20 rounds is
enough, probably.
One nice aspect of my design [other then being balanced and having
wickedly fast avalanche] is that you can easily scale it down [128 bits]
or up [256 bits] without alot of messing around. For the 128 bit
version I wouldn't simply cut off 64 bits from the current ver, I would
change the round function to use four variables, so it would be faster
and a bit faster avalanche thru the variables.
The code is a bit slow, but the structural design is very sound, I
welcome any further comments.
Tom
--
P.S anyone catching this thread late, you can pick up a copy of the hash
compression function at http://24.42.86.123/hash.c
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
