Cryptography-Digest Digest #596, Volume #12 Sat, 2 Sep 00 06:13:01 EDT
Contents:
Re: New cryption method... (JPeschel)
Re: New cryption method... ("Paul Pires")
Re: Remark on practical predictability of sequences ("John A. Malley")
Re: Patent, Patent is a nightmare, all software patent shuld not be allowed ("Paul
Pires")
Re: 4x4 s-boxes (Mack)
Re: one-time pad question (Mr. Neil Okya)
Re: Capability of memorizing passwords (Mok-Kong Shen)
Re: Capability of memorizing passwords (Mok-Kong Shen)
Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen)
Re: Steganography question ("Harris Georgiou")
Re: RSA public exponent (Paul Schlyter)
Re: 4x4 s-boxes (Mok-Kong Shen)
Re: RSA public exponent (Eric Young)
Re: QKD and The Space Shuttle (David A Molnar)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: New cryption method...
Date: 02 Sep 2000 05:47:44 GMT
Stou Sandalski writes, part:
>Last night after about 4 bowls of purple kush I invented a crypto method for
>scrambling data that was theoreticaly unbreakable even with a quantum
>computer... and not only did it encrypt data 10^31337 different ways, it
>compressed the data 100 to 1.... but the NSA kidnaped me and forced me to
>give them my algorithm and then brainwashed me and took off all evidence of
>it... and then they drugged me... and when I woke up I couldn't remember
>what the algorithm was... but it was really cool and unbreakable...
You invented one, too? This seems to happen about every week. Although
purple kush, is often the favorite catalytic elixir of theoretic
cryptographers, it isn't alone. Amber, burnt sienna, and a delightful
chocolate laced with strawberry, though rare, are more powerful.
The effect of plain vanilla kush, despite the innocent look of its
boring hue, is unbelievable. The other rare varieties of kush
crack the upper bounds of catalyticosity after you eat only one serving
from a bowl about the size of Mikey's. But after one tablespoon of the
vanilla stuff you find yourself correcting [EMAIL PROTECTED], posting persiflage
to usenet, proving a quantum theory of parallel universes in the afterlife,
and almost understanding women. After eating one bowl of purple kush your
brain should rival Joe Kernen's sidekick on CNBC, thus four bowls should
propel you into crypto titanosity.
There is, however, good news about your crypto method: they
have it and thy're using it. There's bad news, too: I had two
tablespoons of vanilla kush, cracked an NSA message encrypted
with it, and sent it to the newswires.
NSA PRESS RELEASE August 25, 2000 (Really, Really Super Secret
Stuff.) RRSSS.
The National Security Agency (NSA) is quite pleased with
its Initial (IPO) of approximately three months ago. As RRSSS.com
we managed to raise Gazillions of Dollars (GOD) in a period when
IPOs could either Fly or Die (FOD). Potential Investors (PIs)
asked fewer questions than those Pests In Congress (PIC).
Our stated strategy of growing our business organically while
considering acquisitions that might be Immediately Accretive to
our Bottom-Line (IABL) meshed well with our Government
to Business to Consumer (G2B2C) business plan, which somehow
involved Linux. Fortunately, the toughest question the Agency
had to answer was whether to pronounce or spell DES, although there
were always a dozen protesters outside of our hotels chanting
O-T-P and demanding a solution. What they were doing outside
our hotels is theoretically unknowable. Still, the protesters followed
our guys from city to city, hotel to hotel, but the agency is pleased
to report our fellers never saw the same face twice.
Additionally, RRSSS.com is close to signing a deal with Axumite.com
to research and develop, with the technical assistance RRSSS,
Improved Kush (IK) (You say it; don't spell it.) Our goal is to have 70%
absorption in the kush market by 2002. A concurrent deal with
Sahara.com is nearly in place wherein Sahara will become
the sole distributor of IK to Linux users throughout the world.
We are currently in talks with other organizations to distribute
kush to ingestors who may use other operating systems.
Our IK product will induce ingestors to report to Fort George G.
Meade on their own, as we really have too many operations and a
lot more important stuff to do instead of kidnapping and brain-washing
Kush-Crunching Crypto Weenies (KCCW) every week.
Further, our lockup period ends in a few weeks and we plan
to sell RRSSS like crazy.
##
I'll be taking my short position soon, and eating as much
kush as I can handle. No matter how much I eat, though,
I still don't get what goes through my girlfriend's head.
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: New cryption method...
Date: Fri, 1 Sep 2000 22:48:19 -0700
All right Trevor, is this you?
Paul
PROdotes <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I think I've found an cryption method that could be very hard to break.
> I've don some theoretic research today and tryed in on the computer (whit
> some hardware restirctions) but the method could crypt an cca. 120
> character string in more then 10^449 ways... and the larger the text the
> larger the number of combinations. For now it's just in the test phase
> but with some more modifications on the code and a better machine I think
> it would theoreticly be very hard to break it even using an
> supercomputer... and if the sourcecode would be unknown it would be
> practicly impossible. I think I could even get the number up to 10^570
> for the 120 chr. string.
> The only problem is that the output is 2-3 times as large as the input...
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Remark on practical predictability of sequences
Date: Fri, 01 Sep 2000 22:49:59 -0700
"Predicting the Output of a Linear Congruential Generator Encrypted with
ElGamal"
draft is now available in PDF format at
http://www.homeworlds.com/papers/SECLCG.pdf
for those who don't use Word or Windows, thanks to the free trial
on-line translation service offered by Adobe!
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed
Date: Fri, 1 Sep 2000 22:52:14 -0700
Jerry Coffin <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <h3Sr5.7153$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
>
> [ ... ]
>
> > Not a trivial task. The claims are what matters and they must
> > be evaluated literally.
>
> ...sort of. Means plus function claims are restricted to what's in
> the body of the patent. Furthermore, the patent's file wrapper may
> limit the scope of the patent in ways that aren't obvious from the
> wording of the claims. In a situation like this, you're likely to
> hear the court use the term "estoppel."
>
> The basic idea is that if you quit claiming coverage of something to
> get the patent, that you shouldn't later be able to re-claim coverage
> of that same thing under the doctrine of equivalents.
>
> Finally, it's worth noting that while you're correct that what's in
> the body isn't necessarily claimed, the body often DOES define how
> particular terms are used in the claims, so terms may not always mean
> exactly what they appear to unless you've studied the body of the
> patent first. At least in my experience this is particularly common
> in patents that really DO represent fundamental advances, that are
> often written well before the rest of the world decides on exactly
> how to define terms in this area.
Thanks for the help. I was getting in over my head :-)
Paul
>
> --
> Later,
> Jerry.
>
> The Universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: 4x4 s-boxes
Date: 02 Sep 2000 06:03:00 GMT
>Terry Ritter wrote:
>> While the FT originally defined "bent," most modern treatments use
>> the FWT.
>
>? What does the definition of bent function look like in terms
>of Walsh transforms? Is it as simple as the FT version? Keep in
>mind that it has to single out precisely the same family.
>
>> As far as I know, in modern open cryptography, these concepts
>> [maximal nonlinearity and uniform Fourier weights] are the same.
>
>They can't be the same, because the latter defines a bent function
>but you guys are claiming that bent functions aren't maximally
>nonlinear.
No, the claim was that bent functions are not balanced and therefore
not bijective. Hence a 4x4 function may be either bijective or bent
but not both. And if a function is maximally non-linear it is bent
not bijective.
>
>The reason the FT property is important is that it says there is
>no distinctive "bulge" in the distribution. Bulges are exploitable,
>although so far as I know there is no open publication explaining
>how -- the nearest I've seen are some papers from Seberry's crowd.
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mr. Neil Okya)
Subject: Re: one-time pad question
Date: Sat, 02 Sep 2000 07:16:45 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Jim wrote:
>> So it must follow that, because the perfectly random key does not
>> exist, that any and all OTP can be broken?
>
>No, the conclusion is not true and neither is the hypothesis.
[EMAIL PROTECTED] (Jim) has a confusing combination
of email address and name, doesn't he? At first I thought you had
incorrectly attributed that bit of flawed logic to Jim Gillogly, but then I
realized that your attribution was actually correct.
You know, the more I look at that email address, the more I suspect that he
was just pulling our legs.
--
"Mr. Neil Okya" is actually 0473 298561 <[EMAIL PROTECTED]>.
01 2345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Capability of memorizing passwords
Date: Sat, 02 Sep 2000 09:45:46 +0200
Thomas Wu wrote:
>
> It's easy enough to memorize impressively long strings of characters,
> or even word sequences, as some others have suggested, under laboratory
> conditions. But in the real world, could most people do this for several
> dozen Web sites at the same time? Could they generate and memorize this
> password in the five minutes or so that they had to visit the average site?
> Would they still remember it when they came back to the site six months
> later? The last thing we want to do is increase the number of "I forgot
> my password" support phone calls, and fancy password generation schemes
> seem to have a knack for doing just that.
Perhaps I am conducting a very humble life, but for computer
work I use currently only two passwords. I don't see why
one needs a big bunch of different passwords, provided that
the ones used are updated in certain appropriate periods.
For memory blankout one can keep note in a security place.
(In situation where stealth from such secure locations is
a concern, the adequacy of normal password protection
would be questionable anyway in my humble view.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Capability of memorizing passwords
Date: Sat, 02 Sep 2000 09:45:11 +0200
"S. T. L." wrote:
>
> <<I suppose not everyone knows your technique. Could you
> give an example that works, i.e. automatically translates
> back to the arbitrarily given 128 bit?>>
>
> Well, um, I'd expect that a program would be able to accept arbitrary-length
> passphrases, no? Translating from 128 random bits to a 10-word passphrase is
> as simple as breaking it up into chunks of bits and looking up the words in a
> list of 8,192 words (or however many you have; I used 8,192 words). Doing the
> reverse would require the same list.
Passphrase is considered to be a remedy to the issue. However,
a passphrase is not easier to remember in my personal view,
if it is non-grammatical and simply a conglomerate of words.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be
Date: Sat, 02 Sep 2000 09:55:51 +0200
Jerry Coffin wrote:
>
> Finally, it's worth noting that while you're correct that what's in
> the body isn't necessarily claimed, the body often DOES define how
> particular terms are used in the claims, so terms may not always mean
> exactly what they appear to unless you've studied the body of the
> patent first. At least in my experience this is particularly common
> in patents that really DO represent fundamental advances, that are
> often written well before the rest of the world decides on exactly
> how to define terms in this area.
Dumb question: In the first patent mentioned in this thread,
is the 'body' that short section of text visible on the
web page or is it something else that one has to read in
another document? If it is the first case, I don't see that
it defines anything. In fact its information content is
practically void.
M. K. Shen
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: Steganography question
Date: Sat, 2 Sep 2000 07:43:41 +0300
David A Molnar <[EMAIL PROTECTED]> wrote in message
news:8okcd0$or3$[EMAIL PROTECTED]...
> Harris Georgiou <[EMAIL PROTECTED]> wrote:
>
> > ........................
>
> I think I mentioned Christian Cachin's work in passing before.
> Here is the full reference :
>
> Christian Cachin. An information-theoretic model for steganography. In
> David Aucsmith, editor, Information Hiding, 2nd International Workshop,
> volume 1525 of Lecture Notes in Computer Science, pages 306-318.
> Springer, 1998. Revised version, June 2000. Copyright © Springer Verlag.
> (PS) (GZIP)
>
> http://www.zurich.ibm.com/~cca/papers/stego.ps
>
> it is probably worth looking at.
>
> .........................
> Anyway, the above is speculation off the top of my head. I suggest reading
> Cachin's paper for serious thought. Also the Information Hiding Workshop
> proceedings. Also Ross Anderson and Fabien Peticolas's absolutely
> superdoublepluswonderful bibliography of steganography at
> http://www.cl.cam.ac.uk/users/fapp2/steganography/bibliography/index.html
>
> -David
A fairly complete list of references and links indeed! Will look at them as
soon as I can.
Thanks alot.
--
___________________________
Harris Georgiou
Informatics Systems Analyst
mailto:[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: RSA public exponent
Date: 2 Sep 2000 09:48:00 +0200
In article <8oogie$mqe$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mack) wrote:
>>> According to John Matzen <jmatzen(at)origin(d0t)ea(d0t)com>:
>
> <snip>
>
>> There are now better attacks than the one you describe. Not
>> having the papers in front of me right now I won't go into specifics
>> except to say that the current recommendation is a public key length
>> that is greater than 1/4 the length of the modulus.
>
> No. This is the SECOND time you have made this same wrong
> pronouncement. It is the *private key* which must be long, and
> NOT the public exponent.
He didn't claim the private key must be short, did he?
Why can't both the private and the public exponents be long btw?
Suppose I would want both the private and the public exponent
to be of the same length as the modulus - how would I do that?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: 4x4 s-boxes
Date: Sat, 02 Sep 2000 11:17:12 +0200
Terry Ritter wrote:
>
> I think there has been work on exploiting functions which may be
> expressible as linear functions with errors, the linearity allowing
> manipulation which would otherwise be unavailable.
I suppose that linear functions are not too bad if the
coefficients involved are pseudo-random and the space
is large so that it is difficult to exploit the linearity
as such. An example is the Hill cipher with dynamically
variable matrices.
>
> But if there is substantial nonlinearity or distance from affine
> functions (say, 80 bits), I personally am unaware of any exploitable
> advantage accruing from knowing that the nonlinear function is a few
> bits closer to one particular affine function than the rest. To me
> that means that finding an "optimal" design is far, far more important
> for small boxes than large ones. And in large boxes, strong -- albeit
> non-optimal -- nonlinearity generally falls out of even random
> construction.
I believe you are right in the practical viewpoint above.
What is disadvantageous in a number of block ciphers in my
humble opinion is that there are far too few S-boxes (extreme
case: only one) and these are the same in all rounds (not even
put in different ordering).
M. K. Shen
------------------------------
From: Eric Young <[EMAIL PROTECTED]>
Subject: Re: RSA public exponent
Date: Sat, 02 Sep 2000 09:13:59 GMT
Paul Schlyter wrote:
....
> Why can't both the private and the public exponents be long btw?
> Suppose I would want both the private and the public exponent
> to be of the same length as the modulus - how would I do that?
The problem is that this is 'very slow'. The reason for
using a small public exponent is mostly for performace reasons.
3 == 11
17 == 10001
2^16+1 == 10000000000000001
Notice a pattern? Squarings are faster
than multiplications, so these public values are being used
to minimise the CPU cost of the public key operation.
Having minimal number of 'set' bits helps reduce CPU cost.
eric
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: sci.space.shuttle,talk.politics.crypto
Subject: Re: QKD and The Space Shuttle
Date: 2 Sep 2000 09:07:02 GMT
In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Isn't the trouble in principle the same with certification
> where one needs some trust/belief on a third party, in
> other words there is some non-objectivity that can NEVER
> be entirely disposed of?
There is a trusted third party in both cases, yes.
The kind of trust we need seems slightly different.
In the CA case, we need to trust that the CA properly identifies
people and keeps its private signing key secure. Plus the usual
computational assumptions if something like RSA is used.
In the random beacon case, we need to trust that the beacon
really "is random."
Your non-objective call which you think is a stronger set of assumptions.
Personally the random beacon seems weaker (building a hardware RNG seems
like something which can be more precisely engineered than a PKI),
assuming that we can tell if we're talking to the correct random beacon.
*That* I'm not sure how to satisfactorily solve.
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
