Cryptography-Digest Digest #462, Volume #12 Wed, 16 Aug 00 20:13:01 EDT
Contents:
Re: Impossible Differentials of TC5 ([EMAIL PROTECTED])
Funny Observation ([EMAIL PROTECTED])
Re: Funny Observation ([EMAIL PROTECTED])
Re: WinACE encryption algorithm ("Marc Beckersjuergen")
Re: 215 Hz five-qubit quantum processor (Steve Newman)
Re: 215 Hz five-qubit quantum processor (Paul Rubin)
books (Ernest Dumenigo)
Re: Proposal of drafting rules of conduct of posting (Mok-Kong Shen)
Re: Quick Question (Part Two) (James Pate Williams, Jr.)
Re: OT (Proposal of drafting rules of conduct of posting) ("Paul Pires")
Re: books (James Pate Williams, Jr.)
("John")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Impossible Differentials of TC5
Date: Wed, 16 Aug 2000 20:00:14 GMT
In article <8nepc2$g75$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> tomstd <[EMAIL PROTECTED]> wrote:
> > David Eppstein <[EMAIL PROTECTED]> wrote:
> > >In article <[EMAIL PROTECTED]>,
> > tomstd
> > ><[EMAIL PROTECTED]> wrote:
> > >
> > >> Ok still at some point you must attack the 64/32/16 bit
> > >> feistels. I want to know how you do that please.
> > >
> > >As I understand it, you don't. You just attack the 128-bit
> > ones,
> > >treating everything else as a black-box F-function.
> >
> > Technically the F function has a 128 byte (1024 bit) round key
> > associated with it. It's not as simple as the round key being
> > xor'd in though... I still don't see how the attack works, if
> > it does even at all.
> >
> > Tom
>
> Tom,
>
> A simple key recovery attack exists. If the F function operates on
the
> left half, the four round impossible differential is
>
> 0 d probabilty of 1
> d 0 e != 0 since the F function is bijective, p = 1
> e d f != d since f = (F(e) ^ d) and F(e) != 0, p = 1
> f e
>
> g f ciphertext, g = F(f) ^ e
>
> All the above are diffentials of course.
>
> What we know
>
> e != 0
> f = f1 ^ f2, where f1 and f2 are known
> g = F(f1^k) ^ F(f2^k) ^ e, where k is the secret key.
> F() is a bijective 64-bit function
TC5 is not this simple btw.
> Now if we assume e = 0, we can calculate possible values for the key,
k.
> In a brute force manner, we loop through all possible values of k' and
> check
>
> (1) F(f1^k') ^ F(f2^k') = g.
>
> Any value of k' that satifies (1) cannot be the actual key, k. If k =
> k' then e = 0. Since e != 0, we have created a contradiction.
>
> For TC5, the last round key can be discovered this way and the cipher
is
> reduced to three rounds.
There is no 'last round key' in TC5, or at least in the 128-bit feistel.
> The attack will need less than 2^66 plain/cipher text pairs. About
2^33
> actual plaintext/ciphertext should be enough to create the proper
> number of differential pairs.
>
> Each pair will require 2^64 rounds of TC5 to calculate impossible
keys.
> The result should be one candidate key. The three round version can
be
> broken easily.
Why only 2^64 rounds?
> If I have the above attack correct, the cipher is broken with 2^33
known
> plaintext/ciphertext and about 2^104 rounds of TC5 work. A better way
> to elimate keys may exist.
>
> It appears that the 64/32/16 do -not- have to be attack. Perhaps, the
> attack can be improved by understanding the coherence within the F
> function though.
Um yes they do. Because the 64-bit F function is not a simple
function of 64-bits of input and 64-bits of key. It's really a
function of 64-bits of input and 1024-bits of key.
>
> It looks like bumping the outsize loop to 6 rounds should fix the
> problem.
I still don't get it. The 64-bit F Function doesn't have a 'k'
variable associated with it. It's not that simple to say TC5 is just
L = L ^ f(R^k1)
R = R ^ f(L^k2)
L = L ^ f(R^k3)
R = L ^ f(L^k4)
If any the 64-bit Functions used 1024 bits of key material not 64.
Have you actually looked at tc5?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Funny Observation
Date: Wed, 16 Aug 2000 20:02:06 GMT
Anyone ever notice that Dave Scott calls himself the 'Zip Guy' but
known of his software involves the deflate algorithm.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Funny Observation
Date: Wed, 16 Aug 2000 20:05:34 GMT
In article <8nervh$j7f$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Anyone ever notice that Dave Scott calls himself the 'Zip Guy' but
> known of his software involves the deflate algorithm.
Err I meant 'none'...
And this is not a flame, just a funny observation. No offense intended
dave!!
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Marc Beckersjuergen" <[EMAIL PROTECTED]>
Subject: Re: WinACE encryption algorithm
Date: Wed, 16 Aug 2000 21:23:56 +0200
This is a multi-part message in MIME format.
=======_NextPart_000_002B_01C007C8.48DA65E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Well, actually I really don't feel like taking part in a discussion
that quite obviously - so I take it from some replies - is
- whoosh - way over my head (remember, I'm just the=20
webmaster guy who can't even code).
It is just in my scope of duties to try to assist people
who have general questions about our product WinAce,
which seemed to be the case here.
But rest assured that the "basically" part is just a=20
product of my ignorance of the subject and technically
totally superfluous...
"Leroy Kimna" <[EMAIL PROTECTED]> schrieb im Newsbeitrag =
news:[EMAIL PROTECTED]...
> "Marc Beckersjuergen" <[EMAIL PROTECTED]> wrote:
>=20
> >Hey, I'm just the webmaster, not the developer
> >and I don't know squat about programming in general and encryption in
> >particular :-)
>=20
> I guess that puts your previous statement into a substantially =
different
> light then, doesn't it?
>=20
> "Marc Beckersjuergen" <[EMAIL PROTECTED]> wrote:
>=20
> >... The encryption is pretty tight...
>=20
> Just keep in mind that there's no such thing as "basically a 160 bit
> Blowfish code". There's only one Blowfish and "basically" doesn't cut =
it.
> Your people have either properly implemented it or they haven't, and =
you're
> not giving us very much confidence at this point. In fact, the only =
way we
> can really know for sure is if the source code is released.
> --=20
> "Leroy Kimna" is actually 7651 894032 <[EMAIL PROTECTED]>.
> 01234 56789 <- Use this key to decode my email address and name.
> Play Five by Five Poker at http://www.5X5poker.com.
=======_NextPart_000_002B_01C007C8.48DA65E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT size=3D2>Well, actually I really don't feel like taking part =
in a=20
discussion</FONT></DIV>
<DIV><FONT size=3D2>that quite obviously - so I take it from some =
replies -=20
is</FONT></DIV>
<DIV><FONT size=3D2>- whoosh - way over my head (remember, I'm just the=20
</FONT></DIV>
<DIV><FONT size=3D2>webmaster guy who can't even code).</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>It is just in my scope of duties to try to =
assist=20
people</FONT></DIV>
<DIV><FONT size=3D2>who have general questions about our product <A=20
href=3D"http://www.winace.com">WinAce</A>,</FONT></DIV>
<DIV><FONT size=3D2>which seemed to be the case here.</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>But rest assured that the "basically" part is just a =
</FONT></DIV>
<DIV><FONT size=3D2>product of my ignorance of the subject and=20
technically</FONT></DIV>
<DIV><FONT size=3D2>totally superfluous...</FONT></DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2></FONT> </DIV>
<DIV><FONT size=3D2>"Leroy Kimna" <</FONT><A=20
href=3D"mailto:[EMAIL PROTECTED]"><FONT=20
size=3D2>[EMAIL PROTECTED]</FONT></A><FONT size=3D2>> schrieb =
im=20
Newsbeitrag </FONT><A =
href=3D"news:[EMAIL PROTECTED]"><FONT=20
size=3D2>news:[EMAIL PROTECTED]</FONT></A><FONT=20
size=3D2>...</FONT></DIV><FONT size=3D2>> "Marc Beckersjuergen" =
<</FONT><A=20
href=3D"mailto:[EMAIL PROTECTED]"><FONT =
size=3D2>[EMAIL PROTECTED]</FONT></A><FONT=20
size=3D2>> wrote:<BR>> <BR>> >Hey, I'm just the webmaster, =
not the=20
developer<BR>> >and I don't know squat about programming in =
general and=20
encryption in<BR>> >particular :-)<BR>> <BR>> I guess that =
puts your=20
previous statement into a substantially different<BR>> light then, =
doesn't=20
it?<BR>> <BR>> "Marc Beckersjuergen" <</FONT><A=20
href=3D"mailto:[EMAIL PROTECTED]"><FONT =
size=3D2>[EMAIL PROTECTED]</FONT></A><FONT=20
size=3D2>> wrote:<BR>> <BR>> >... The encryption is pretty=20
tight...<BR>> <BR>> Just keep in mind that there's no such thing =
as=20
"basically a 160 bit<BR>> Blowfish code". There's only one Blowfish =
and=20
"basically" doesn't cut it.<BR>> Your people have either properly =
implemented=20
it or they haven't, and you're<BR>> not giving us very much =
confidence at=20
this point. In fact, the only way we<BR>> can really know for sure is =
if the=20
source code is released.<BR>> -- <BR>> "Leroy Kimna" is actually =
7651=20
894032 <</FONT><A href=3D"mailto:[EMAIL PROTECTED]"><FONT=20
size=3D2>[EMAIL PROTECTED]</FONT></A><FONT size=3D2>>.<BR>> =
01234=20
56789 <- Use this key to decode my email address and name.<BR>>=20
&=
nbsp;=20
Play Five by Five Poker at </FONT><A =
href=3D"http://www.5X5poker.com"><FONT=20
size=3D2>http://www.5X5poker.com</FONT></A><FONT =
size=3D2>.</FONT></BODY></HTML>
=======_NextPart_000_002B_01C007C8.48DA65E0==
------------------------------
From: [EMAIL PROTECTED] (Steve Newman)
Crossposted-To: comp.arch
Subject: Re: 215 Hz five-qubit quantum processor
Date: Wed, 16 Aug 2000 20:44:30 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (Steve Newman) wrote in <snewman-
> [EMAIL PROTECTED]>:
>
> >...
> >
> >Oh, well. Then my brilliant idea for the ultimate compression
> >algorithm is probably no good either. (Generate all possible
> >bitstrings, select the ones that when executed on a virtuam machine
> >interpreter generate the uncompressed file as output, and keep the
> >shortest such bitstring.) This one is actually even worse than the
> >theorem-proving algorithm because it requires interpreting (executing)
> >each bitstring, not just running it through a proof checker.
>
> Any method of full finite file transforms that leave no gaps
> are already perfect compressors. In the sense that they make
> maximum use of the file space. MY huffman coders and Matt Arithmetic
> coder are examples of perfect compression. One test of perfect
> compression is that for any file A = uncompress ( compress ( A ))
> and A = compress ( uncompress ( A))
This is true in an information-theoretic sense. However, it's not
all that meaningful in a practical sense. For example, gzip yields
smaller compressed files than a simple Huffman encoder in almost all
typical usage. (Otherwise gzip would have been written to do simple
Huffman coding.)
What this points out is that the "best compression algorithm" is
undefinable in theory, but definable (to some extent) in practice --
the quality of a compression algorithm depends on what sort of files
you're likely to throw at it.
-- Steve Newman
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Crossposted-To: comp.arch
Subject: Re: 215 Hz five-qubit quantum processor
Date: 16 Aug 2000 21:19:32 GMT
In article <[EMAIL PROTECTED]>,
Steve Newman <[EMAIL PROTECTED]> wrote:
>Oh, well. Then my brilliant idea for the ultimate compression
>algorithm is probably no good either. (Generate all possible
>bitstrings, select the ones that when executed on a virtuam machine
>interpreter generate the uncompressed file as output, and keep the
>shortest such bitstring.) This one is actually even worse than the
>theorem-proving algorithm because it requires interpreting (executing)
>each bitstring, not just running it through a proof checker.
That's not even in NP. The shortest decompressor might have
exponential (or worse) running time or space requirements.
------------------------------
From: [EMAIL PROTECTED] (Ernest Dumenigo)
Subject: books
Date: 16 Aug 2000 21:30:45 GMT
I have just finished "The codebreakers", and wanted to know what everyone
felt should be the next books I should get to learn more.
Thanks
--
=====
Ernest
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Proposal of drafting rules of conduct of posting
Date: Wed, 16 Aug 2000 23:55:47 +0200
Paul Pires wrote:
>
[snip]
> I just don't think an Emily Post wich hunt is the solution. No one here is
> good at coloring inside the lines. Everbody is behaving in a way that they
> feel is justified or essentially right and new rules defining rightness will
> not change that.
I have the impression that there is some misunderstanding.
I explained already that the proposed paper is not and cannot
be a 'ban'. It's intended to be an expression of what the
majority hopes to be a desirable state (if the majority
could agree on something at all). Anyway, I don't think that
your last sentence could be widely generalized. For it would
ultimately mean that we wouldn't need guildlines of any kind
in society, which I am afraid wouldn't well function, at
least in the world in which we are currently living.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Quick Question (Part Two)
Date: Wed, 16 Aug 2000 23:01:10 GMT
On Wed, 16 Aug 2000 16:25:55 GMT, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>Steven Knight wrote:
>> Could anyone give me C++ code on some simple algorithms
>
>What would be the point? You should study C++ programming
>if that is what you want. C++ implementations of arbitrarily
>chosen algorithms would at best provide an incoherent basis
>for understanding (either C++ or algorithms in general).
>
>The classic reference on algorithms in computing is Donald
>Knuth's "The Art of Computer Programming: Vol. 1 --
>Fundamental Algorithms". As I recall, it uses the Euclidean
>algorithm as an early example. (That algorithm predates
>computing by a couple of thousand years.) A standard
>textbook is Sedgewick's "Algorithms". Study these for a
>while and you should either get the picture or else find
>that it is over your head at present.
A neo-classical reference is: _Introduction to Algorithms_ by Thomas
H. Cormen, Charles E. Leierson, and Ronald R. Rivest. Another good
reference in my opinion in a dead computer language is:
_Pascalgorithms A Pascal-Based Introduction to Computer Science_
by Edwin D. Reilly and Francis D. Federighi. I totally agree with Mr.
and/or Dr. and/or some unknown army rank Gwyn that every aspiring
computer scientist should own the three volumes by Professor Knuth
even though he perists to use assembly language to exemplify
(implement) his algorithms. To the chagrin of many other posters, I
sometimes post source code (C, C++, Scheme) to this forum, perform
a dejanews search on the following e-mail address if you are
interested.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: OT (Proposal of drafting rules of conduct of posting)
Date: Wed, 16 Aug 2000 16:02:46 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Paul Pires wrote:
> >
>
> [snip]
> > I just don't think an Emily Post wich hunt is the solution. No one here
is
> > good at coloring inside the lines. Everbody is behaving in a way that
they
> > feel is justified or essentially right and new rules defining rightness
will
> > not change that.
>
> I have the impression that there is some misunderstanding.
> I explained already that the proposed paper is not and cannot
> be a 'ban'. It's intended to be an expression of what the
> majority hopes to be a desirable state (if the majority
> could agree on something at all). Anyway, I don't think that
> your last sentence could be widely generalized. For it would
> ultimately mean that we wouldn't need guildlines of any kind
> in society, which I am afraid wouldn't well function, at
> least in the world in which we are currently living.
This is a cultural mindset, not self evident fact.
We don't need guidleines of any kind in society.
Just because you observe what you percieve to be a cause and then an effect
doesn't mean that they are related. This can be coincidence. There are rules
and to a certain extent there is civilized behavior which paralells these
rules (or at least once did). This is also a coincidence. The rules came
about codifying the behavior of folks living up to a certain standard, an
ethic. The behavior and the civilization was there before the rules. The
rules are there as a warning from the civilized "Here is the line, cross it
at your peril" When civilized behavior is at risk of extinction, it is from
a lack of civilized people. Rules will not stem the tide and can even hasten
the fall.
Find the good, the valuable, and yes, the humorous and nurture it. Improve
your behavior and reach out with good will to others. Reward the unique, the
valuable, the sage and shun the base. Find value in others, You will profit
from it. Don't affirm your own rightness, you will not profit from it.
Geesh, what a sermon. Scratch a grumpy cynic and you get a blathering
sentimental.
Paul
>
> M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: books
Date: Wed, 16 Aug 2000 23:33:03 GMT
On 16 Aug 2000 21:30:45 GMT, [EMAIL PROTECTED] (Ernest Dumenigo)
wrote:
>I have just finished "The codebreakers", and wanted to know what everyone
>felt should be the next books I should get to learn more.
>Thanks
>--
>-----
>Ernest
Are you interested in the theory of cryptography and cryptanalysis or
its history?
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: "John" <[EMAIL PROTECTED]>
Subject:
Date: Wed, 16 Aug 2000 19:20:06 -0400
Does anyone know of any good Masters Programs in Computer Science that have
a specialty in encryption? I would prefer a school in the States.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
