Cryptography-Digest Digest #566, Volume #12 Tue, 29 Aug 00 16:13:01 EDT
Contents:
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Re: Idea for creating primes (Mok-Kong Shen)
Re: A little technical note about intepreters (Daniel Leonard)
Re: [Q] Do you know a good german newsserver for sci.crypt ? ("Duran Castore")
Re: I need ADK tampered key that PGP will not detect ADK, on it ... (Rich Wales)
Re: RSA n-bit key...is p and q n or is the mod n? ([EMAIL PROTECTED])
Re: RSA n-bit key...is p and q n or is the mod n? (Roger Schlafly)
Re: [Q] Do you know a good german newsserver for sci.crypt ? (Mok-Kong Shen)
Re: On pseudo-random permutation (wtshaw)
Re: 320-bit Block Cipher (Zulfikar Ramzan)
Re: [Q] Do you know a good german newsserver for sci.crypt ? (Brian Kraft)
Re: Serious PGP v5 & v6 bug! ("Nathan Williams")
R: Test on pseudorandom number generator. ("Cristiano")
R: R: R: Test on pseudorandom number generator. ("Cristiano")
R: R: R: Test on pseudorandom number generator. ("Cristiano")
Re: Idea for creating primes ([EMAIL PROTECTED])
R: Optimal length of the sieve before a Miller-Rabin test ("Cristiano")
R: RSA n-bit key...is p and q n or is the mod n? ("Cristiano")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be
Date: Tue, 29 Aug 2000 20:51:25 +0200
Sundial Services wrote:
>
[snip]
> In the very best of circumstances, patent law requires you to COMPLETELY
> DISCLOSE your invention in exchange for the right to (maybe..) exclude
> others from using it for a period of many years. That can be awful in
> the software business because your secrets are fully exposed to
> competitors who, likely as not, can simply "trump your trick" and have
> you begging them for a license. Even the slightest change to your
> algorithm can qualify as an "improvement" which is not only legal -- but
> blocks you from adopting the improvement in your own implementation!
[snip]
I wonder in the case in question how much is actually
'disclosed' in the text that one can read on the web page
cited. Are there more texts about that patent that one
can read? Or are these texts inaccessible to the public?
Since the patent apparently has the potential of attacking
at the very root of PK applications, if I don't err, we
should pay due attention to the issue, I suppose.
M. K. Shen
========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Idea for creating primes
Date: Tue, 29 Aug 2000 20:51:32 +0200
[EMAIL PROTECTED] wrote:
>
[snip]
> You can test to see if a number is a genrerator by performing g^(p/q) !
> = 1 for various 'q's that divide your testing prime 'p'.
[snip]
I suspect there is a printing error here. If one knows that
there is a q that divides p, then p is certainly not a prime,
isn't it? Or how should one properly interpret that phrase
above? Thanks.
M. K. Shen
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: A little technical note about intepreters
Date: Tue, 29 Aug 2000 18:44:27 GMT
On Tue, 29 Aug 2000, Andrew Carol wrote:
> In article
> <[EMAIL PROTECTED]>,
> Daniel Leonard <[EMAIL PROTECTED]> wrote:
>=20
> > What I told in CS course as TA was that you should put comments as if y=
ou
> > would put footpage notes in an article or a book. That are comments in =
the
> > code, not function header comments. More often than not, the code speak=
s
> > for itself.
>=20
> Code is telling the computer exactly WHAT to do.
> Comments tells other programmers WHY you did it that way.
>=20
> They might also explain assumptions about external state which MUST be
> true for the code, as written, to work.
>=20
> There is a huge difference.
>=20
> Anybody who has put significant code away for a year or two and tried
> to pick it back up. Or taken over someone elses code knows what I'm
> talking about.
>=20
> If code is written very cleanly, without clever optimisations, the code
> might speak for itself.
>=20
> The instant you do something "clever", like take advantage of some
> trick of twos complement math, or a sneaky xor trick, or rely on a
> subtle side-effect of another routine you've got problems. Even things
> like assuming you can access unaligned integers is probably worth a
> comment.
>=20
> Oh well.....
>=20
Well, if you do something clever, as you say, then it worths a footpage
note, doesn't iy ?
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: "Duran Castore" <[EMAIL PROTECTED]>
Subject: Re: [Q] Do you know a good german newsserver for sci.crypt ?
Date: Tue, 29 Aug 2000 15:49:07 -0300
**** Post for FREE via your newsreader at post.usenet.com ****
Runu Knips <[EMAIL PROTECTED]> escreveu em
mensagem:[EMAIL PROTECTED]
<snip>
> So does anyone have a good newsserver without these
> effects ? Preferably in germany, and preferably one
> which allows posting, too, because otherwise I
> only can start new threads through my providers
> newsserver.
You can find a list of public newsservers at www.newzbot.com
Some servers are read-only, others read-post, but there are a few
post-only. By instance, I use one server to read and other to post.
Hope this helps.
--
Duran Castore ([EMAIL PROTECTED])
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*** Usenet.com - The #1 Usenet Newsgroup Service on The Planet! ***
http://www.usenet.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: I need ADK tampered key that PGP will not detect ADK, on it ...
Date: 29 Aug 2000 11:44:52 -0700
"jungle" wrote:
> the question is open : could someone post public key
> that is tampered & pgp will not detect added ADK to
> it ? I need ADK tampered key that PGP will not detect
> ADK, on it ...
Have you tried Ralf Senderek's "A4" key with NAI's latest PGP (6.5.8)?
(That is, the same key you've already tried, but with a different PGP?)
Michel Bouissou reported that PGP 6.5.8 will completely ignore an ADK
in the unhashed portion of a key. (I.e., it won't report the existence
of the bogus ADK, and it won't try to use it to encrypt.) Michel, BTW,
said he considers this behaviour unacceptable, because he believes (and
I agree) that the user ought to see a strong warning if a key shows
evidence of tampering.
But this might not be exactly what you are looking for -- because
although the ADK in question is not reported by PGP 6.5.8, it is also
not used for encryption.
Another situation where ADK's are not reported =and= are not used would
be if you (the sender/encryptor) use GnuPG (instead of PGP) to send a
message to someone whose key has an ADK (even a legitimate ADK). GnuPG
ignores ADK's; it won't mention their existence, and it won't encrypt
to them.
If what you are looking for is a situation where a key contains an ADK
(whether legitimately included in the original key, or added later by
an attacker) -- and some version of PGP will use that ADK to create a
second copy of an encrypted message, but without informing the sender
that the ADK exists or that it's being used -- then I believe the
answer to your "open question" is that no such key can exist, because
I believe any version of PGP which knows about ADK's will tell the user
if a key has an ADK.
"jungle" also wrote:
> the rule, from the time of introduction ADK was simple
> ... don't use it, when key has ADK, don't use key ...
> this is the rule that everyone should follow ...
Maybe, maybe not. Certainly, if two people want to assure themselves
that no one else can possibly read the messages they are sending to
each other, then I would agree that they should use keys without ADK's.
The ADK mechanism was intended for situations in which businesses want
their employees to be able to use PGP for work-related correspondence.
In a situation like this, I think it is perfectly appropriate for a
business to reserve the ability to read its employees' encrypted mes-
sages. A company has every right to insist that an employee who wants
true =personal= privacy should do it on his/her own time, using his/her
own computer, with his/her separate, personal, non-work-related PGP
key. Indeed, someone who wants true personal privacy should want to
do this anyway.
So I would change your "rule" to say that if you see that a key has an
ADK, you should check with the key's owner to see if it's legitimate
(and who has access to it). You should go ahead and allow encryption
of your messages to the ADK only if you understand who could read it
and are comfortable with the situation. If you're corresponding with
someone in an official business capacity about business-related issues,
it may not really be a problem for you that someone else in the company
might be able to read what you wrote. If the other person has an ADK,
and you object to it, you should ask whether the other person's company
would consider the contents of your messages to be an appropriate use
of their computer resources; probably the two of you should be using
personal, non-work-related keys and computers instead.
And before you insist on using someone's work-related key, but with the
ADK disabled, keep in mind that you could be getting your correspondent
in trouble with his company (if they have a policy requiring employees
to use the company ADK and to have their correspondents use it too).
In some cases, your mail might not even make it through the company's
server unless their ADK is included as a decryptor of the message.
I can't, however, think of any valid reason why a personal PGP key
would ever have an ADK associated with it. If you're corresponding
with someone, and your copy of their key (which you thought was their
private, personal key) includes an ADK, you should definitely check to
see if the ADK is legitimate, why it's there, and who has access to it.
One serious outgrowth of the recent ADK bug, of course, is that even if
you yourself are using a bug-fixed PGP, other people who are sending
messages to you might still be using older PGP's that are susceptible
to the bug. What I think is really needed is a way to flag unexplained
multiple recipients of a message. When multiple recipients exist, some
will clearly be legitimate (such as the sender's ADK, if any, or the
sender's own key if he/she has "encrypt to self" enabled) -- but if a
message you thought was just between two people has other keys in it
that can't be explained, both correspondents need to check carefully to
see what is going on and why.
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA n-bit key...is p and q n or is the mod n?
Date: Tue, 29 Aug 2000 18:38:46 GMT
In article <[EMAIL PROTECTED]>,
"John Matzen" <jmatzen(at)origin(d0t)ea(d0t)com> wrote:
> When one speaks of a 512-bit RSA key, are p and q 512-bits, or is the
> modulus 512-bits (meaning p and q are 256 bits)?
It normally refers to the size of the modulus.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: RSA n-bit key...is p and q n or is the mod n?
Date: Tue, 29 Aug 2000 11:54:13 -0700
John Matzen wrote:
> When one speaks of a 512-bit RSA key, are p and q 512-bits, or is the
> modulus 512-bits (meaning p and q are 256 bits)?
The modulus (p times q) is 512 bits. Sometimes it is 510 or 511
bits.
A 512-bit RSA key is still safe for ordinary use, but it is
vulnerable to an attacker who has 1000s of PCs and a Cray.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: [Q] Do you know a good german newsserver for sci.crypt ?
Date: Tue, 29 Aug 2000 21:18:36 +0200
Runu Knips wrote:
>
> What really starts nerving me as hell is that I can
> read my favorite newsgroup only in pieces and
> examples. I often get the situation that:
>
> (a) I write a message, but it doesn't appear. After
> a while, an answer to my message appears.
>
> (b) I read a posting [1], and then a followup, [2].
> To my surprise, that followup answers to another
> posting [3] which was an answer to posting [1].
I don't know whether one can access newsservers other
than the one of one's provider. So I suppose that
you probably have either to complain to your provider
(in order to have the matter ameriolated) or to change
your provider. I never experienced what you described
with my provider, which on the other hand has a bit
too short expiration period for groups like sci.crypt
in my view (about 14 days).
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.programming
Subject: Re: On pseudo-random permutation
Date: Tue, 29 Aug 2000 12:48:51 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> In sci.crypt David A. Wagner <[EMAIL PROTECTED]> wrote:
> : Bryan Olson <[EMAIL PROTECTED]> wrote:
>
> :> Given a generator
> :> of perfect random bits as the one and only source of
> :> randomness, can you find any procedure for generating
> :> perfectly uniform random permutations (of more than two
> :> elements) that strictly terminates?
>
> : Sure, no problem. It suffices to pick an integer in the range 1 .. n!.
> : The latter can be done by treating the random bits as the binary expansion
> : of a random real number R in the interval [0,1). A simple strategy is to
> : say that we output the integer i (where 1 <= i <= n!) if (i-1)/n! <= R
< i/n!.
> : Note that we don't need all the binary digits of R to determine which bucket
> : R falls into; it suffices to know a finite prefix of the binary expansion of
> : R, since (i-1)/n! and i/n! must differ at some bit position of finite index.
> : (Or did I make some stupid mistake?)
>
> I don't think this works.
>
> If I'm not mistaken, it fails to produce a /perfectly/ even distribution -
> since if n is (say) 3 there won't be exactly the same number of possible
> "random reals" in each bucket.
> --
The question involves permutations, each of which for binary must be a
grouping of values 1 to N. In binary, N = 2, 4, 8, 16, 32, 64, etc.
Consider an N of 32, where the permuted bit string will be 5*32 bits, or
160 bits. Each sequntial group of five bits will be different, or it is
NOT a permutation, N = 32.
Let each character be represented 00000 t0 11111 as:
abcdefgh ijklmnop qrstuvwx yz.,?/-=
Any string of no more that 32 characters of those appearing in the set can
be reduced to a permutation, including a true permutation. The hashing
ends with a true permutation, regardless of input.
Take this sentence and see what it might be used to produce:
.asf,mpx ygu?hvdi bwezjk=n c/q-trlo
If I input the permutation, the result is the same as itself.
A pseudo-random process can as easily be used to produce permutations.
There is no such thing as a measurable random permutation, since any
permutation might be produced in several ways.
--
Some expect the joy and dazzle of veracity by unqualified knowing.
------------------------------
Date: Tue, 29 Aug 2000 15:33:13 -0400
From: Zulfikar Ramzan <[EMAIL PROTECTED]>
Subject: Re: 320-bit Block Cipher
> >
> >See also ShaZam (FSE'99, Sundaram and Patel IIRC).
Actually the paper is by Patel, _Ramzan_, and Sundaram. ;)
>
> Shazam is a four xor variant with 2 different hash functions
>
> L2=L1 xor SQH(R1,K1)
> R2=R1 xor SHA(C1,L2,K2)
> L3=L2 xor SHA(C2,R2,K2)
> R3=R2 xor SQH(L3,K3)
>
> IIRC that is.
Instead of doing XOR, Shazam performs addition mod 2^n. This was necessary since
SQH refers to Square Hash, which is a non-cryptographic function that has some
nice statistical properties [a paper discussing Square Hash and its relation to
message authentication appeared at CRYPTO99 -- it was joint work with Mark Etzel
and Sarvar Patel]. Other operations are possible, and in fact, one can do XOR in
the middle two rounds.
We proved that the cipher was secure in the idealized model -- assuming that the
middle two round functions are drawn from a pseudorandom function ensemble, then
the cipher itself is a strong pseudorandom permutation. (that is, one cannot
distinguish it from a random permutation with non-negligible probability even if
the adversary is allowed adaptive chosen plaintext or ciphertext queries).
Of course, whether keyed variants of SHA-1 possess the necessary kinds of
properties is not known.
As an aside, the three round variants of Luby-Rackoff do not have this property.
In fact, they can be distinguished from random with two plaintext, and one
ciphertext query.
Here is the attack:
1. Make plaintext query (L1, R1) -- call the result (S1,T1).
2. Make plaintext query (L2, R1) -- call the result (S2,T2).
3. Make ciphertext query (T2, V2 xor L1 xor L2) -- call the result (L3, R3)
If R3 = T2 xor R1 xor T1 then output NOT pseudorandom. Otherwise output
pseudorandom. It's not hard to see that this works with probability exponentially
close to 1.
=====
In some later work, we've come up with other related constructions -- for example,
we consider the generalization to operations over arbitrary algebraic structures
rather than just XOR, in the Feistel ladder. [this is joint work with Patel and
Sundaram]
Also, we've done some work on more powerful adversaries, and analyzed the security
of Luby-Rackoff style ciphers under a more refined security model [joint work with
Leonid Reyzin, which appeared at CRYPTO 2000]
Many of these papers are available from my web page.
--
--Zully
=======
Zulfikar Ramzan (AKA Zully)
Laboratory for Computer Science, MIT
NE43-311, (617) 253-2345
http://theory.lcs.mit.edu/~zulfikar/homepage.html
------------------------------
From: Brian Kraft <[EMAIL PROTECTED]>
Subject: Re: [Q] Do you know a good german newsserver for sci.crypt ?
Date: Tue, 29 Aug 2000 13:34:53 -0600
Runu Knips wrote:
>So does anyone have a good newsserver without these
>effects ? Preferably in germany, and preferably one
>which allows posting, too, because otherwise I
>only can start new threads through my providers
>newsserver.
The Free University of Berlin has given out nearly fifty thousand
passwords to use their news server. You might as well get one too.
Some newsreaders (not Netscape's) let you swap-to-post followups;
you can read from one news server, and post your followup to another
without any copy & paste of quoted text.
--
b h k
------------------------------
From: "Nathan Williams" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Tue, 29 Aug 2000 19:37:38 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Phil,
Not quite. In my version of the "perfect PGP plan" the end-users
would create their own keys using a "client" version of PGP. This
client version of PGP would create the keypair and automatically send
the keypair and passphrase via e-mail (or ftp, or even floppy) to a
holding server and that e-mail would be encrypted with a designated
management key for that purposed use only. No one would see the keys
or passphrase with out decrypting the e-mail and that management key
could be SPLIT in order to protect the e-mailed keys from prying
eyes. Only when you need to access someone's e-mail would you rejoin
the split keys and then get a copy of the keypair and passphrase.
I am not a mathematician so I don't know how risky it is to split a
key. I don't know if that weakens the key or strengthens it. Also
shipping a full keypair with the passphrase might raise a few
eyebrows but I figure if we have trust in the encryption methods to
protect other secrets we can trust it for this.
I invite comments. But I think this method of handling keys while
not perfect allows for key management/escrow without the weakness
that a ADK puts on every message.
Nathan Williams
"Phil Harrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article
> <8pRp5.4083$[EMAIL PROTECTED]>, Nathan
> Williams <[EMAIL PROTECTED]> writes
> >Sundial,
> >
> >I'm not sure I agree with that. There is no need for a
> >"enterprise" environment to have to use the ADK system to have a
> >key escrow.
> >Company policy could simply require that employees use keys
> >furnished by the IT or security departments. They would keep
> >copies of both keys and of its passphases. Simple solution that
> >allows for the use of PGP without adding the complexity( and
> >therefore the added risk) of a an ADK.
> >
> As far as I can see, the system you are suggesting would allow an
> unscrupulous member of the IT department (with access to the keys
> and passphrases) the ability to sign documents in the name of other
> employees. The ADK system does not permit this, but still allows
> decryption.
>
> --
Phil Harrison
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
iQA/AwUBOawPLd8G10zX/RREEQLn6wCg4UG1tQnoB2Tti7W5IB4qzDxqNXMAn336
xQhPLt3nXgjd3a3DaTt940ND
=b1Vm
=====END PGP SIGNATURE=====
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: Test on pseudorandom number generator.
Date: Tue, 29 Aug 2000 21:29:46 +0200
> Cristiano wrote:
> >
> > > The normal way to use a LCG is to convert the entire internal state
> > > into a float, or even to use the state itself as an integer. Since
> > > using the entire state is "normal," that is the way statistical tests
> > > must be applied to get the "normal" results.
> >
> > OK this is the best way, but if I need only 8 bits? I think the best is
take
> > the 8 msb.
>
Mok-Kong Shen wrote:
> If you need only 8 bits from a LCG having a modulus much
> larger than 8 bits, there is practically no problem at
> all. Divide each output by the modulus to get a real
> number in [0,1) and multiply that with 256.
This is what I understand:
Example: output of LCG= 0x12345678 (modulus 2^32)
Your method:
305419896 / 2^32 = .071111111111 * 256 = 18.204444
Result = 18;
My method:
0x12345678>>24 = 0x12
Result = 18; It is the same! But this is very very fast!
That you wrote is equivalent to: (0x12345678>>32)<<8 that is
0x12345678>>(32-8).
Bye
Cristiano
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: R: R: Test on pseudorandom number generator.
Date: Tue, 29 Aug 2000 21:29:52 +0200
> >Only when I apply my test to PRNG I need to consider only the 8 msb, but
> >when I run FIPS PUB 140-2, Maurer and Diehard I take the whole integer as
is
> >without any modification.
>
> Taking 5 chunks of 8-bits each is not the same as taking a single
> 40-bit value from an RNG.
I completely agree with you. But if I only need 8 bits what do you suggest?
> >> Similarly, Diehard expects to see 32-bit integers, not 40 (unless it
> >> has been modified). If we expect tests to have some meaning, we must
> >> give the test the data in a format it expects. Then each test can
> >> tell us about the particular characteristics it detects.
> >
> >Diehard read a (big) file. If I generate a file n bytes length, I think
is
> >not a problem how I generate the same n bytes, the problem is how
generate
> >each byte (as you say in the first paragraph).
> You are confused. If you want to test bytes, you need to have tests
> which are designed to work on bytes. If you want to use tests
> designed to work on 32-bit integers, you need to supply 32-bit
> integers, not 4 bytes. And in fact you supply 5 bytes.
>
> It is not a surprise that one can confuse a statistical test by having
> it read data which is composed of multiple RNG steps.
Where do you have read "Diehard expects to see 32-bit integers". I don't
understand very well the english, but in the enclosed documentation I cannot
see this phrase.
If it's true what you say, Diehard is not capable to check any
criptographically secure PRNG because they take only the few least
significant bits at each step.
Can you be more clear?
Thank you
Cristiano
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: R: R: Test on pseudorandom number generator.
Date: Tue, 29 Aug 2000 21:28:46 +0200
> I'm not happy with the way that Diehard presents its results.
I agree with you. So I wrote a little prog to make an istogram with almost
all p-values of Diehard. These are
the results on 80 millions bits:
-- MT_66 -- (Mersenne Twister, 66 is the percentage of significance
level given by Maurer's test)
class p-values found (class is the middle of the class: so for 0,1 we
have: 0,05<=p<0,15)
0 6 ======
0,1 22 ======================
0,2 20 ====================
0,3 20 ====================
0,4 19 ===================
0,5 21 =====================
0,6 16 ================
0,7 19 ===================
0,8 18 ==================
0,9 27 ===========================
1 13 =============
total p-values= 201
Mean= 0,523724266545689
Min= 0,00170300004538149
Max= 0,989350020885468
Std. dev= 0,296583592891693
Std. dev./mean= 56,6297213699605 %
-- CGR_97 -- (CryptGenRandom, 97 is the percentage of significance level
given by Maurer's test)
class p-values found ("class" is the middle of the class: so for 0,1 we
have: 0,05 <= p < 0,15)
0 8 ========
0,1 20 ====================
0,2 22 ======================
0,3 16 ================
0,4 15 ===============
0,5 19 ===================
0,6 28 ============================
0,7 18 ==================
0,8 19 ===================
0,9 23 =======================
1 13 =============
total p-values= 201
Mean= 0,52032493477437
Min= 0,00359999993816018
Max= 0,997699975967407
Std. dev. = 0,291493713855743
Std. dev./media= 56,0214770376408 %
With the data in this way do you can suggest some test?
> Now I'd like to calculate the statistic for the number of collisions: if
the
> expected collisions are 90.95 and I want to calculate chi-square
statistics,
> how many degrees of freedom I must consider?
Douglas wrote:
>>First, note that this isn't a very efficient test, because the
>>number of d.f. is just one less than the number of "tests",
>>despite the millions of samples taken.
Douglas wrote:
>>>Oops, I've been working with contingency tables too long...
In this case the test is efficient?
Thank you.
Cristiano
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Idea for creating primes
Date: Tue, 29 Aug 2000 19:41:23 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> [EMAIL PROTECTED] wrote:
> >
> [snip]
> > You can test to see if a number is a genrerator by performing g^
(p/q) !
> > = 1 for various 'q's that divide your testing prime 'p'.
> [snip]
>
> I suspect there is a printing error here. If one knows that
> there is a q that divides p, then p is certainly not a prime,
> isn't it? Or how should one properly interpret that phrase
> above? Thanks.
Simple typo.
You have your list of smaller primes N1, N2, N3 ...
then you have the value p' = 2*N1*N2*N3*N4*...
Then you have the value p = p' + 1
Sorry for the confusion. You are looking for a value q that divides
the value p'
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: Optimal length of the sieve before a Miller-Rabin test
Date: Tue, 29 Aug 2000 21:51:02 +0200
After many tests, in my programs (c++ on Windows 98) I use only the firts 50
primes.
But the optimal value can be found only by attempt.
Bye
Cristiano
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: RSA n-bit key...is p and q n or is the mod n?
Date: Tue, 29 Aug 2000 21:42:20 +0200
John Matzen <jmatzen(at)origin(d0t)ea(d0t)com> wrote in message
[EMAIL PROTECTED]
> When one speaks of a 512-bit RSA key, are p and q 512-bits, or is the
> modulus 512-bits (meaning p and q are 256 bits)?
>
> Thanks!
>
In the RSA public key cryptosystem the public key normally is showed as
(n,e) where n (n=p*q) is the modulus and e is the pubblic exponent. The
private key is showed as (n,d) where d is the private exponent.
The key length is the number of bits of n.
Often e is very little (3, 65537) but it is showed it is not secure.
Normally d is very big, it has only few bits less than n.
Bye
Cristiano
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
