Cryptography-Digest Digest #742, Volume #11 Tue, 9 May 00 13:13:01 EDT
Contents:
Re: F function. (Tom St Denis)
Re: F function. (Tom St Denis)
Re: F function. (Tom St Denis)
Re: An argument for multiple AES winners (Anton Stiglic)
Re: RSA (Tom St Denis)
Re: F function. (Runu Knips)
Re: Prime Generation in C,C++ or Java (Jerry Coffin)
Re: Why no civilian GPS anti-spoofing? / proposal ("Trevor L. Jackson, III")
Re: F function. (Mark Wooding)
Re: Any good attorneys? (Eric Lee Green)
Re: Generator for ElGamal? ([EMAIL PROTECTED])
Re: Prime Generation in C,C++ or Java (Tim Tyler)
Re: Newbie question about primes (Mark Wooding)
Re: F function. (Runu Knips)
Re: quantum crypto breakthru? (Francois Grieu)
Re: Why no civilian GPS anti-spoofing? / proposal ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: F function.
Date: Tue, 09 May 2000 16:14:45 GMT
"David A. Wagner" wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > That's not a function of the input since x^3 mod p (p = composite) is
> > not bijective. So it most likely has very bad characteristics.
>
> The first sentence is a non-sequiter: there exist non-bijective functions.
My mistake. Oops.
> The second seems spot on: non-bijectivity often allows good differentials.
Not to mention it's degenerative.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: F function.
Date: Tue, 09 May 2000 16:16:40 GMT
Mark Wooding wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > Simon Johnson wrote:
> > >
> > > This is a petty little F-Function. I am almost certain this is easily
> > > breakable.
> > >
> > > Here it is anyway:
> > >
> > > y=(x+k) ^ 3 mod 256
> > >
> > > X = some data, K = sub-key. (Function designed for Fiestel)
> >
> > That's not a function of the input since x^3 mod p (p = composite) is
> > not bijective. So it most likely has very bad characteristics.
>
> My initial objection would be that it's a bit narrow for a Feistel
> function, unless you're using a Skipjack-like mini-Feistel cipher as a
> 16x16 S-box.
>
> However, something similar might make a reasonable S-box. Let me think.
>
> Briefly borrowing an idea from IDEA (;-)), let s(x) = x^9 mod 257. This
> is clearly an invertible function, since s(x)^57 = x (mod 257). s(256)
> = 256, so that's not an issue. There are some undesirable properties,
> though. In particular, s(0) = 0 and s(1) = 1.
>
> This can be fixed by using S0(x) = s((x + 22) mod 256). Why did I
> choose 22? Well, I tried all possible additive constants, and 22 seemed
> to have (joint) best differential characteristics. The most probable
> characteristic has probability 14/256, which isn't marvellous, but
> iterated 16 times is (just) good enough to be beyond reach. I've not
> investigated linear characteristics. If someone else wants to try that,
> that'd be cool.
For a 8x8 sbox your highest differential should have a probability of
about 6/256, 14/256 is too high.
Try my sboxgen (http://www.tomstdenis.com/sboxgen.c) to make 8x8 sboxes.
> As to using this thing in a block cipher, I'd consider putting four of
> these things in a row, with different exponents and additive constants,
> and following by a good linear mixing step; matrix multiplication over
> GF(2^8) seems to be popular. Obviously, in a real application, you
> precompute the S functions and their results through the matrix and just
> XOR the answers. This then looks a bit *fish-like, I know.
If you must use something like that check out the work done in SAFER
with 45^x mod 257, etc.. They seem to have good properties. You could
try other primitive bases mod 257 and get different sboxes.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: F function.
Date: Tue, 09 May 2000 16:18:21 GMT
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> >
> > Simon Johnson wrote:
> > >
> > > This is a petty little F-Function. I am almost certain this is
> easily
> > > breakable.
> > >
> > > Here it is anyway:
> > >
> > > y=(x+k) ^ 3 mod 256
> > >
> > > X = some data, K = sub-key. (Function designed for Fiestel)
> >
> > That's not a function of the input since x^3 mod p (p = composite) is
> > not bijective. So it most likely has very bad characteristics.
> >
>
> Two questions, What does 'bijective' mean?
> (Prolly linked to previous) - Why does it matter if P is composite?
Bijective means it's invertible (I think) in other words the input size
= output size and each symbol is present in the output once, etc..
basically a permutation of the symbols.
If P is composite then you can't have inverses for elements that share
factors, for example
2a mod 6 has no inverse for '2' (try it on paper to see).
Tom
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: An argument for multiple AES winners
Date: Tue, 09 May 2000 12:22:15 -0400
==============7CCA47C2033C199DB244992A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mok-Kong Shen wrote:
> Well, anybody can sue me for anything at anytime. The point is whether
> the court will give him right. Note that AES is a process that has a wide
> publicity. If the document of AES says that to the best of knowledge
> of NIST no patent issue is involved and I use AES, a patent holder
> can tell me either to stop using it or pay license fees but can't demand
> any money for past usage. A (rather remote) analogy is the following:
> If you have a big piece of land in the country that is neither marked as
> private nor fenced and I step into it, you can tell me to get away but
> you can't sue me for anything. On the contrary, if people regularly
> go through your land and with time there develops sort of a path and
> you seem to have tolerated that for a sufficiently long time, then as far
> as I am informed, you will lose your right to stop people from taking
> that path. Of course, I can't exclude that in the US things could be
> different, but I rather doubt that.
If someone has a patent, that is equivalent to having a sign "Private,
to not enter". That is the whole thing about patents. If what you said
was true, there wouldn't be any patent attack.
Take for example the case of Cisco vs Lucent:
http://www.lucent.com/press/0698/980618.coa.html
http://www.nandotimes.com/newsroom/ntn/info/081198/info5_1185_noframes.html
The mere fact that a patent exists is enough to take you to court, and that
is enough to cause you deep financial pain (even if you don't have to pay
any penalties, just going to court is going to cost you allot of time and
money).
I suggest you read up on some real life cases. I'm not an expert at all on
this subject, but I know that you have a misconception about it (which is
shared by many).
Anton
==============7CCA47C2033C199DB244992A
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Mok-Kong Shen wrote:
<blockquote TYPE=CITE>Well, anybody can sue me for anything at anytime.
The point is whether
<br>the court will give him right. Note that AES is a process that has
a wide
<br>publicity. If the document of AES says that to the best of knowledge
<br>of NIST no patent issue is involved and I use AES, a patent holder
<br>can tell me either to stop using it or pay license fees but can't demand
<br>any money for past usage. A (rather remote) analogy is the following:
<br>If you have a big piece of land in the country that is neither marked
as
<br>private nor fenced and I step into it, you can tell me to get away
but
<br>you can't sue me for anything. On the contrary, if people regularly
<br>go through your land and with time there develops sort of a path and
<br>you seem to have tolerated that for a sufficiently long time, then
as far
<br>as I am informed, you will lose your right to stop people from taking
<br>that path. Of course, I can't exclude that in the US things could be
<br>different, but I rather doubt that.</blockquote>
If someone has a patent, that is equivalent to having a sign "Private,
<br>to not enter". That is the whole thing about patents. If
what you said
<br>was true, there wouldn't be any patent attack.
<br>Take for example the case of Cisco vs Lucent:
<br><a
href="http://www.lucent.com/press/0698/980618.coa.html">http://www.lucent.com/press/0698/980618.coa.html</a><a
href="http://www.lucent.com/press/0698/980618.coa.html"></a>
<p><a
href="http://www.nandotimes.com/newsroom/ntn/info/081198/info5_1185_noframes.html">http://www.nandotimes.com/newsroom/ntn/info/081198/info5_1185_noframes.html</a>
<p>The mere fact that a patent exists is enough to take you to court, and
that
<br>is enough to cause you deep financial pain (even if you don't have
to pay
<br>any penalties, just going to court is going to cost you allot of time
and money).
<p>I suggest you read up on some real life cases. I'm not an expert
at all on
<br>this subject, but I know that you have a misconception about it (which
is
<br>shared by many).
<p>Anton</html>
==============7CCA47C2033C199DB244992A==
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA
Date: Tue, 09 May 2000 16:20:50 GMT
[EMAIL PROTECTED] wrote:
>
> Sorry, i think you missed my question, through my badd phrasing.
>
> 1.) Does RSA produce an evenly-distrubuted range of output values, (that
> looks random, but of course isn't.)?
Not really, it depends on what you are encrypting. Remember that the M
is the base, if the order of the group formed by using M as a base is
smaller/larger then for any other M then they will have statistical
biases in their sub-groups.
For example 45 is a primitive generator mod 257, but 44 is not, compare
the two tables
45^x mod 257
44^x mod 257
To get a better idea.
Tom
------------------------------
Date: Tue, 09 May 2000 18:18:50 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: F function.
[EMAIL PROTECTED] wrote:
> What does 'bijective' mean?
injective and surjective.
Each input value has a different output value, and there
is no output value which has no corresponding input value.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Prime Generation in C,C++ or Java
Date: Tue, 9 May 2000 10:22:52 -0600
In article <8f6s6l$cbi$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Is there a quick and relatively short algorithm in any of these languages
> for generating primes? The primes do not have to be huge, to the order of 5
> to ten digits in decimal.
Most likely the sieve of Eratosthenes is going to be about as fast as
anything at least up to six or eight digits or so (depending on how
much memory you have available). If you want to go beyond that, it's
probably fastest to generate the smaller ones with the sieve and then
use trial division from there.
The "fast" methods of finding primes (or usually, of not finding that
a number is composite) are VERY useful when you're working with huge
numbers, but totally unnecessary for numbers in this range.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
Date: Tue, 09 May 2000 12:37:19 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Dave Ashley wrote:
> Trevor,
>
> You've clearly given the issue some thought, which worries me even
> more. My brief to the FBI will include your name.
I've already got an FBI file. :-(
So do you :-)
>
>
> Just kidding, of course.
>
> It is interesting dealing with engineering types (as I am myself)
> because often we discuss technical challenges like this in engineering
> terms, and we don't feel safe because we know that most of the security
> precautions taken to protect the public are not adequate.
>
> For example, the other day I was at the airport, and I had a 2-cell
> Maglite which was presumably x-ray opaque, and they verified it by
> asking me to turn the flashlight on. Ouch! One little lithium battery
> in there to make the flashlight work, and the rest of the space is free
> for explosive materials or whatever. Does not make me feel safe as an
> airline passenger when John Q. Engineer could smuggle a bomb aboard.
A Maglite probably doesn't have enough volume to present a serious threat, but
these days anyone can produce a C:\ prompt on an LCD screen from less than
1/2" cubed. That leaves the rest of the laptop for more energetic uses.
The issue that scares me is that ineffective security provisions displace
effective ones. But pointing out the ineffectiveness is identical to pointing
out a vulnerability, which often generates a hysterical reaction. That
hysteria, denial, is the real security threat. Purposeful ignorance.
>
>
> In another incident, I was in a McDonald's with engineering students,
> and one of them discussed how easy it would be to wipe out the
> McDonald's with a pistol. I indicated that it was not so easy, because
> after the first shot, people start running. He then pondered at length
> the problem of how one would get everyone in the McDonald's, given the
> human tendency to avoid being shot.
We can be sure he was an engineering or hard science student because he was
considering the problem "in vacuo". The hard part wouldn't be the moving
targets, but the targets that shoot back. In this context "ignoring
resistance" takes on a completely different meaning. ;-)
> If he had been an art history student, I would have called the cops
> immediately. But, coming from an engineer or mathematician, these types
> of game theory questions are quite normal.
>
> So, Trevor, I won't report you to the FBI this time.
OK.
Should I report you for not reporting me?
> Unless you are an
> art historian.
>
> Dave.
>
> In article <[EMAIL PROTECTED]>,
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> > The problem of spoofing correction signals has appeared before,
> notably in the
> > context of the correction signals broadcast for harbor navigation.
> The
> > signals are emitted by fixed base stations that know their own
> location to
> > very high precision ;-), and thus can deduce the error in the GPS
> signal in
> > real time. They simply broadcast the differential using lower power
> (~10 mile
> > coverage) so that ships near coastlines can navigate around rocks
> safely.
> >
> > The terrorist threat from disrupting marine navigation does not
> provide as
> > much human interest as an airliner filled with people, but it offers a
> greater
> > threat. An LNG tanker contains a serious amount of energy. Running
> one a
> > ground in a harbor like Boston or Baltimore would threaten a loss of
> life
> > several orders of magnitude larger than the airliner scenario.
> >
> > Dave Ashley wrote:
> >
> > > You bums on this newsgroup are really beginning to worry me. One of
> > > you is probably building a transmitter right now and waiting for a
> zero-
> > > visibility day at the airport.
> > >
> > > Sick puppies!
> > >
> > > I'm worried.
> > >
> > > Dave.
> > >
> > > In article <8f7u5e$pdr$[EMAIL PROTECTED]>,
> > > zapzing <[EMAIL PROTECTED]> wrote:
> > > > In article <lOsR4.7372$[EMAIL PROTECTED]>,
> > > > [EMAIL PROTECTED] wrote:
> > > > > Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> > > > > > Nobody said that. A few state-backed terrorists steering a
> > > > > > few jumbo commercial airliners way off course would certainly
> > > > > > be sufficient to terrorize the public.
> > > > >
> > > > > I think my problem with the whole scenario is two-fold. First,
> I'm
> > > > > basically as anti-gps as you can get. Having firsthand
> experience
> > > > > using it, I find it of very limited use as an _aid to
> > > > > navigation_. That's not to say it's a bad idea, or a waste of
> money,
> > > > > just that it's primarily useful for doublechecking your current
> > > > > location.
> > > >
> > > > But it could be better.
> > > >
> > > > >
> > > > > Second, it just seems obvious to me that a state sponsored
> terrorist
> > > > > would have many cheaper/easier ways to terrorise air traffic
> than
> > > > > this.
> > > > >
> > > >
> > > > Easier, perhaps, but cheaper? all they would need is
> > > > a transmitter.
> > > >
> > > > > When you talk about sending planes off course though, the
> thought
> > > > > occours to me that while causing planes to collide is
> farfetched, it
> > > > > may be somewhat easier to keep one lost over the ocean long
> enough
> > > to
> > > > > run out of fuel, or some other navigational shenanegin.
> > > >
> > > > Such as causing a plane to fly into a mountainside.
> > > > Yikes. We certainly don't want that to happen.
> > > > Why won't the fedgov let us have the anti-spoofing
> > > > signals to prevent such a catastrophie?
> > > > I think they *like* it when catastrophies happen,
> > > > so they can blame it on terrorists and then grab more
> > > > power from a terrified public.
> > > > >
> > > > > > The fact is, our technological infrastructure is exceedingly
> > > > > > fragile, a fact that has many people concerned (and
> occasionally
> > > > > > somebody actually working on the problem). The more one puts
> > > > > > his eggs all in one basket, especially a fragile one, the more
> > > > > > likely a catastrophe will occur.
> > > > >
> > > > > Well, as I said above, you should _not_ be putting your eggs all
> in
> > > > > the gps basket. Given that the navigator should still be
> navigating
> > > by
> > > > > hand, large deviations from the GPS fix will be obvious. The
> > > challenge
> > > > > then is to figure out which location is correct. Anywhere inside
> > > most
> > > > > nations air space this should be trivial, over blue water it's
> > > > > probably slightly more problematical.
> > > > >
> > > > > > The sad thing is that GPS is a nearly ideal application for
> > > > > > public-key cryptography (everybody could decode, but only the
> > > > > > system itself could encode), which would have solved the
> > > > > > spoofing problem.
> > > > >
> > > > > I don't know, my experience with gps is limited to little black
> > > boxes
> > > > > that I plugged into other little boxes. ;) I would think though,
> > > that
> > > > > there would always be at least an impractical spoofing
> > > > > attack. Assuming somehow the system sent a signal that everyone
> > > could
> > > > > decode, which only it could generate. Then, if I wanted you to
> think
> > > > > you were at point B rather than point A, why couldn't I go to B
> and
> > > > > transmit the signal to you? Assuming the points were close
> enough
> > > that
> > > > > you didn't notice the time difference, your equipment would
> assume
> > > it
> > > > > was at B.
> > > > >
> > > >
> > > > simply include the current time in the signature,
> > > > and put clocks in the little black boxes.
> > > >
> > > > > --
> > > > > Matt Gauthier <[EMAIL PROTECTED]>
> > > > >
> > > >
> > > > --
> > > > Do as thou thinkest best.
> > > >
> > > > Sent via Deja.com http://www.deja.com/
> > > > Before you buy.
> > > >
> > >
> > > --
> > > -------------------------------------------------
> > > Dave Ashley, [EMAIL PROTECTED]
> > >
> > > Sent via Deja.com http://www.deja.com/
> > > Before you buy.
> >
> >
>
> --
> -------------------------------------------------
> Dave Ashley, [EMAIL PROTECTED]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: F function.
Date: 9 May 2000 16:31:25 GMT
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Two questions, What does 'bijective' mean?
Briefly, `invertible'.
[Notation. I'll use `<-' to represent the set-membership relation,
$\in$ in TeX. It looks a bit similar, and there's precedent in the
list-comprehension syntax of languages such as Haskell.]
Let D, R be sets. Let f <- D x R be a map from D to R. We say that f
is a `function' over D, if, for any x <- d, there exists a unique r <- R
such that (d, r) <- f. We then write that f(d) = r.
Furthermore, we say that f is `one-to-one', `injective', if, for each r
<- R there is at most one d <- D such that f(d) = r. We say that f is
`onto', or `surjective', if, for each r <- R, there exists at least one
d <- D such that f(d) = r. If f is both injective and surjective then
we say that f is `bijective' and define an inverse function f^-1 such
that f(f^-1(r)) = f^-1(f(r)) = r for all r <- R.
Does that answer your question?
> (Prolly linked to previous) - Why does it matter if P is composite?
It doesn't. Problems come in if your exponent is not coprime with
phi(P), or if P has repeated prime factors and x (your input) is not
coprime to all of the repeated factors. The problem in your case is the
latter.
In another article, I suggested using 257 as a modulus and ignoring the
extra group element 256.
-- [mdw]
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Tue, 09 May 2000 16:31:55 GMT
Joaquim Southby wrote:
> >Mostly because it is hard to analyze products as slippery as freeware. Since
>there's
> >no money involves the author has no knowledge of the users, and may not have any
>form
> >of contact with the majority of the users because there can be an arbitrarily large
> >number of intermediaries who copy the software (with the blanket permission of the
> >author), and who might be better characterized as "the distributor".
> >
> In the case under discussion, though, wouldn't the originator of the
> tainted software still be culpable, no matter what the chain of
> distribution looked like?
Yes, the part of the U.S. Code that I quoted earlier says that manufacture of
a patented product without permission of the patent-holder is prohibited.
> >A logical extension of this line of reasoning leads to the conclusion that while one
> >cannot sell or give away patented technology within the patent jurisdiction, one
> >could make it available for download. If we presume that the software is offered
Presumably one would have had to "manufacture" an instance of the software in
order to place it online for download. I wouldn't underestimate what a good
lawyer can do to meaning of the word "manufacture" in a legal context.
> I'm not sure logic and the US Patent Office are in sync yet on Internet
> technologies.
Logic has little to do with law :-).
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Generator for ElGamal?
Date: 9 May 2000 16:31:50 GMT
Eric Hambuch <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>>
>> I was just looking at a piece of code that purported to implement
>> ElGamal, and noticed they weren't making any checks to make sure that
>> the "g" was really a generator. I knew that they used Schneier's
>> Applied Cryptography as a reference, so looked in there and he says to
>> just use a random g (which they have faithfully implemented)!
>>
>> Surely this is a mistake, right? The public key must include a pair
>> <g,p>, where g is a generator for p.
>>
>> I checked the errata for Schneier's book, and it didn't say anything
>> about this. Am I missing something really obvious here?
> Try the Handbook of Applied Cryptography
> http://cacr.math.uwaterloo.ca/hac
Thanks for the replies (David too). Yes, I know how to make a p and g
such that g is a generator of Z_p^* -- my question was really about
Schneier's book: is what he did right? Is there some reason you
don't *have* to have a generator (it seems like that would be a really
bad idea, since your value could generate a very small subgroup)?
My problem is that I haven't really read Schneier's book -- I know
about most of this stuff from original papers. I'm not sure if
there's something else in his book that I haven't found that explains
this. Incidentally, in the section on ElGamal he also doesn't talk
about making sure p-1 has a large factor, so the implementation I was
looking at picked a random p and a random g. That more or less
follows Schneier's presentation, but is horribly insecure...
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Prime Generation in C,C++ or Java
Reply-To: [EMAIL PROTECTED]
Date: Tue, 9 May 2000 15:56:04 GMT
Lewis-Oakes <[EMAIL PROTECTED]> wrote:
: Is there a quick and relatively short algorithm in any of these languages
: for generating primes? The primes do not have to be huge, to the order of 5
: to ten digits in decimal.
http://www.utm.edu/research/primes/programs/Eratosthenes/
...contains links to source in C, Perl, Python and Java. The seive ought
to get most of the way to ten digits.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Newbie question about primes
Date: 9 May 2000 16:36:57 GMT
Sandy Harris <[EMAIL PROTECTED]> wrote:
> [posted and mailed]
DON'T mail me copies of articles. Please!
> This is not foolproof; there's a class of numbers (Cunningham, I think)
> that pass this test for all a but aren't prime. They are very rare.
They're called Carmichael numbers.
Using the Miller-Rabin test is about as efficient as the Fermat test,
detects Carmichael numbers, and has probability at most 1/4 of failing
to discard a composite number. (Note that this *isn't* the same as the
probability that a number is composite given that Miller-Rabin said that
it probably wasn't. That probability is much lower.)
-- [mdw]
------------------------------
Date: Tue, 09 May 2000 18:34:04 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: F function.
Mark Wooding wrote:
> [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > What does 'bijective' mean?
>
> Briefly, `invertible'.
>
> [Notation. I'll use `<-' to represent the set-membership relation,
> $\in$ in TeX. It looks a bit similar, and there's precedent in the
> list-comprehension syntax of languages such as Haskell.]
>
> Let D, R be sets. Let f <- D x R be a map from D to R. We say that f
> is a `function' over D, if, for any x <- d, there exists a unique r <- R
> such that (d, r) <- f. We then write that f(d) = r.
>
> Furthermore, we say that f is `one-to-one', `injective', if, for each r
> <- R there is at most one d <- D such that f(d) = r. We say that f is
> `onto', or `surjective', if, for each r <- R, there exists at least one
> d <- D such that f(d) = r. If f is both injective and surjective then
> we say that f is `bijective' and define an inverse function f^-1 such
> that f(f^-1(r)) = f^-1(f(r)) = r for all r <- R.
>
> Does that answer your question?
Oh damned, why do you mathematicans always explain everything in
such a complicated way ?? *shiver*
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Tue, 09 May 2000 18:40:42 +0200
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Measuring the state (interceptor's receiver) interferes with the
> state, and the quantum-cryptographic protocol used by the
> legitimate communicants detects that interference has occurred.
I do understand why passively eavesdropping a communication link
is made impossible with QC (eavesdropping destroys the message
being transmitted)
However, what about active eavesdropping ?
Alice sends a message to Bob using QC. The transmitter she uses and the
receiver he uses are devices sending or receiving traditional binary
data over optical fiber using QC with the appropriate protocol, and
hypothetically have no cryptographic key (secret) in the traditional
sense.
Now Eve buys a transmitter identical to Alice's, and a receiver
identical to Bob's. She breaks the optical fiber between Alice and Bob,
and installs her transmitter on the side connected to Bob's receiver,
and her receiver on the side connected to Alice's transmitter. Eve
connect the electrical 'receive data' output of her receiver to the
'transmit data' input of her transmitter, and to her computer. She now
eavesdrop the communication between Alice and Bob.
Am I missing something ?
Francois Grieu
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Tue, 09 May 2000 16:47:44 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> A Maglite probably doesn't have enough volume to present a serious threat, but
> these days anyone can produce a C:\ prompt on an LCD screen from less than
> 1/2" cubed. That leaves the rest of the laptop for more energetic uses.
Remind me to thank you both when the airport begins dumping out my
carry on, dissassembling everything in it, strip searching, xraying (I
may have eaten a bomb!), and taking blood an tissue samples. (It may
be an organic explosive, plus you can check my DNA against the watch
list!) :)
Seriously though, I'd guess the most you'd do with either a laptop or
flashlight is depressurise the cabin. While this is a serious problem,
I suspect that an equal investment in time procuring a missile would
produce a much more spectacular result.
It's also worth bearing in mind that airplanes are probably _the_
single most secure method of transportation now. This is aimed more at
preventing hijackings than bombings though. As we've seen in Japan,
Oklahoma, and other places public buildings and subways make for much
more appealing mass-casualty targets.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
