Cryptography-Digest Digest #717, Volume #12 Tue, 19 Sep 00 13:13:00 EDT
Contents:
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] (John Savard)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption (John Savard)
Software patents (Robert Harley)
Re: A conjecture - thoughts? (Matthew Skala)
BUG In CryptLib3 - by Peter Gutmann. Is there a fix? - Additional info
([EMAIL PROTECTED])
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an ("John A.
Malley")
Re: Double Encryption Illegal? ("Trevor L. Jackson, III")
Re: Double Encryption Illegal? ("Trevor L. Jackson, III")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Kostadin
Bajalcaliev")
Re: Question on self-shrinking ("Trevor L. Jackson, III")
Re: "Secrets and Lies" at 50% off (Albert Yang)
Re: A conjecture - thoughts? (John Myre)
Re: Software patents are evil. (Albert Yang)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 14:46:50 GMT
On Tue, 19 Sep 2000 01:22:45 -0400, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote, in part:
>Kostadin Bajalcaliev wrote:
>> ... here what Aristotle have to say for his own time:
>That's funny, because Aristotle's views on physics are not
>held in high regard by physicists.
However, physicists haven't prefered Thales, who proposed that
everything was made of water, and this is what Aristotle was arguing
against in the passage quoted. They agree that energy exists in
addition to matter, and that form and pattern are also realities. So
even if Aristotle did indeed make many mistakes in the physical
sciences, what he is trying to say in that passage is not something
that physicists today would disagree with.
On the other hand, perhaps physicists do believe in a single essence,
although some opt for the geometry of space-time and others for the
wave function.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Tue, 19 Sep 2000 14:57:01 GMT
On Tue, 19 Sep 2000 01:40:59 +0200, "Kostadin Bajalcaliev"
<[EMAIL PROTECTED]> wrote, in part:
>After years of research finally thesis covering my theory of polymorph
>encryption is available at:
>http://home.cyberarmy.com/kbajalc/algo/pme
>The thesis discusses a new approach in Block-cipher design originally
>introduced in my thesis about ANIGMA block-cipher in 1997.
That, of course, predates Quadibloc II, the first cipher in which I
include an operation which could be either addition or XOR depending
on functions of the block being enciphered.
So I will soon be including a brief mention of Mr. Bajalcaliev on my
web page; FROG, of course, included a different type of polymorphism,
and I'm sure there are earlier examples; I don't know if it is really
possible to attribute credit for this concept, except perhaps to the
SIGABA: but while that includes what I refer to as indirection, it
doesn't use the output from the control rotors to decide to replace
the cipher rotors by a Hagelin machine, which is what 'polymorphism'
seems to mean in this context.
The specific type of polymorphism in Konstantin Bajalcaliev's designs,
though, as you can see from looking at Quadibloc II and the others of
my designs which use it, was basically added almost as an
afterthought, which is why it is present only in such a rudimentary
form.
If one thinks of not simply choosing between +, -, XOR, and
multiplication, but of choosing from a large collection of Latin
squares, there is of course Terry Ritter to think of, but I don't
think he ever made the choice of Latin square _data_ dependent.
My suspicion is that polymorphism has been around a long time, but
mostly in amateur designs. But there may be something in the publicly
known history of cryptography that is properly considered to be its
origin.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Software patents
Date: 19 Sep 2000 17:18:36 +0200
Runu Knips writes:
> Well consider the patent on rotation. A japanese company recently
> claimed that most of the AES finalist violate their patent. So
> what is their patent ? Using rotation in encryption !!!!!!! [...]
I would like to point out to all those opposed to patents on software
and algorithms that there is a "Petition for a Software Patent Free
Europe" with 44000 signatories (and counting), at eurolinux.org.
Please sign it, especially if you live in Europe.
Je tiens à faire remarquer à tous ceux qui s'opposent aux brevets sur
les logiciels et les algorithmes qu'il existe une «Pétition pour une
Europe sans brevets logiciels» avec 44000 signatures (pour l'instant),
chez eurolinux.org. Signez-la, surtout si vous habitez en Europe.
Pick your favourite language:
Choissisez votre langue préferée:
http://petition.eurolinux.org/index_html?LANG=en
http://petition.eurolinux.org/index_html?LANG=fr
http://petition.eurolinux.org/index_html?LANG=es
http://petition.eurolinux.org/index_html?LANG=it
http://petition.eurolinux.org/index_html?LANG=de
Bye,
Salut,
Rob.
.-. .-.
/ \ .-. .-. / \
/ \ / \ .-. _ .-. / \ / \
/ \ / \ / \ / \ / \ / \ / \
/ \ / \ / `-' `-' \ / \ / \
\ / `-' `-' \ /
`-' [EMAIL PROTECTED] `-'
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: A conjecture - thoughts?
Date: 18 Sep 2000 22:03:31 -0700
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
>That suggests that it might be interesting to restrict S to a finite set;
>I'm not sure whether the conjecture is true or false in that case, but the
>same method of producing a counterexample won't work.
As I posted earlier, it's false in the finite case. I posted only one
counterexample but am pretty sure I could construct an infinite class of
finite-set counterexamples with a little more thought.
It seems to be easy to construct counterexamples if the functions f and g
are allowed to not be 1-1, because then you can construct a situation with
distinct a and b such that f(a)=f(b) but g(a) doesn't = g(b), and distinct
c and d such that f(c) doesn't = f(d) but g(c)=g(d). Then since g and f
are distinct powers of b, then either g = h o f, or f = h o g, where h is
also a power of b. But then g(a)=g(b) because f(a)=f(b), or else
f(c)=f(d) because g(c)=g(d), and neither of those is allowed.
On further thought, I think f(x)=2*x and g(x)=3*x make an especially tasty
counterexample. It works for positive integers, integers, rationals,
reals, and complex numbers, and it uses bijective functions. Suppose the
conjecture is true, then f = b^y and g = b^y'. Then consider
h = f^y' = g^y = b^(yy'). h(x) = (2^y')*x = (3^y)*x which implies
log 3/log 2 = y'/y is a rational, but that's not allowed, QED.
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
From: [EMAIL PROTECTED]
Subject: BUG In CryptLib3 - by Peter Gutmann. Is there a fix? - Additional info
Date: Tue, 19 Sep 2000 15:34:15 GMT
The following code "hangs up" under Windows NT - Visual Studio 6.0 SP3.
I'm using Peter Gutmann's CryptLib 3.0, downloaded from:
ftp://ftp.franken.de/pub/crypt/cryptlib/beta/cl30beta02.zip
on 30/08/2000.
The program causes an exception randomly. It rarely finishes the 100
times loop without causing the exception.
===================================================================
#define CHECKCODE(st) if (st){ char Txt[100]; sprintf (Txt,"Error %u
Line:%u ", st, __LINE__);\
MessageBox (NULL, Txt,"Error", MB_OK);}
void TestLib(void)
{
int status;
status = cryptInit();
status = cryptAddRandom( NULL, CRYPT_RANDOM_SLOWPOLL );
for (int i=0;i<100;++i)
{
// Create the public key
CRYPT_CONTEXT privKeyContext;
status = cryptCreateContext( &privKeyContext,
CRYPT_ALGO_RSA, CRYPT_MODE_PKC );
CHECKCODE (status);
status = cryptSetAttributeString( privKeyContext,
CRYPT_CTXINFO_LABEL, "Ga", 2);
CHECKCODE (status);
status = cryptGenerateKeyEx (privKeyContext,1024/8);
CHECKCODE (status);
status = cryptDestroyContext (privKeyContext);
CHECKCODE (status);
}
status = cryptEnd();
CHECKCODE (status);
}
======================== ASSERTION INFO =========================
File: cryptdev.c
Line: 102
Expression: NOTREACHED
=================================================================
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
Date: Tue, 19 Sep 2000 08:45:14 -0700
John Savard wrote:
>
> On Tue, 19 Sep 2000 01:22:45 -0400, "Douglas A. Gwyn"
> <[EMAIL PROTECTED]> wrote, in part:
> >Kostadin Bajalcaliev wrote:
>
> >> ... here what Aristotle have to say for his own time:
>
> >That's funny, because Aristotle's views on physics are not
> >held in high regard by physicists.
>
> However, physicists haven't prefered Thales, who proposed that
> everything was made of water, and this is what Aristotle was arguing
> against in the passage quoted. They agree that energy exists in
> addition to matter, and that form and pattern are also realities. So
> even if Aristotle did indeed make many mistakes in the physical
> sciences, what he is trying to say in that passage is not something
> that physicists today would disagree with.
>
> On the other hand, perhaps physicists do believe in a single essence,
> although some opt for the geometry of space-time and others for the
> wave function.
Not crypto, but Aristotle's physics aimed to eliminate the idea of empty
space. Ironically Aristotle came up with concepts that appeared again
thousands of years later as physical truths, but Aristotle classified
these (now recognized as true) concepts as absurd if they supported the
notion of empty space.
See "nothingness, The Science of Empty Space" by Henning Genz, ISBN
0-7382-0061-1, for an excellent introduction to the development of the
concept of empty space from the earliest Greek philosophers to the
quantum physicists and GTR physicists of the 20th Century. It's a very
fun read!
John A. Malley
[EMAIL PROTECTED]
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Tue, 19 Sep 2000 12:23:37 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Double Encryption Illegal?
Guy Macon wrote:
> root@localhost <[EMAIL PROTECTED]> wrote:
> >
> >He said that applying Ceaser cipher twice does not enhance security. He
> >was correct in that statement.
>
> You mean I shouldn't be applying ROT-13 twice? Several experts have
> told me that applying ROT-13 twice is *so* secure that an attacker
> with infinite resourses can't even tell what algorithm I used...
They also can't tell which of the four combinations DD, DE, ED, or EE were
used.
------------------------------
Date: Tue, 19 Sep 2000 12:26:21 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Double Encryption Illegal?
Paul Schlyter wrote:
> In article <[EMAIL PROTECTED]>,
> wtshaw <[EMAIL PROTECTED]> wrote:
>
> > In article <8q1tfb$bj1$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
> > Schlyter) wrote:
> >
> >> In article <[EMAIL PROTECTED]>,
> >> wtshaw <[EMAIL PROTECTED]> wrote:
> >>
> >>> When a person uses 3-DES, they are single encrypting with 3-DES.
> >>
> >> FYI: 3-DES consists of three rounds of DES, using two or three
> >> different keys.
> >
> > That is the definition of a newer algorithm than just plain DES. It
> > is not DES.
>
> Well, if you consider any combination of crypto algorithm as "one
> single, newer, algorithm", then there is of course no such thing
> as "double encryption" or "triple encryption": you've just defined
> it as non-existent....
The opposing view point would be to consider DES as hexadectuple
encryption. Or worse.
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 12:53:53 +0200
Hello
You have spend a time to write a nice survey of the obvious situation
today. Even agreeing with you in most of your positions there is something
that I must object. Starting to observe something having in mind that it
will be not an answer to a given question is a negative position, give a
chance to some alternative views. You stand behind the position that we will
never have an exact definition of secure block cipher, that there will be no
measurement etc, HAVE ANYONE PROVED THAT??? I don't claim I have proved the
opposite at least not concerning the scientific environment we have today,
but trying to extract the cause of security from already tested designs may
not been a general proof but at least give some idea about the definition of
secure cipher.
Kb
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
>We have indeed discussed long ago that there is no
>rigorous and practically applicable scientific unit
>for measuring the strength of an encryption algorithm
>like second, Newton etc. The security of applying
>an algorithm depends on the environment and the
>user's evaluation of the security can at best be
>a more or less subjective value. One never knows
>whether the best esteemed cipher will not be easily
>broken by a new method in the future, nor even that
>it has not already been broken by some secret agency.
>The majority of ciphers don't have good and complete
>documentation and almost invariantly contain constants
>that a third party has no information to reproduce.
>Thus even the question of presence of backdoors
>cannot be definitely answered. So was DES, and so
>will also AES, very deplorably, be. Therefore one
>should always make some intelligent choice of the
>encryption algorithms to be used and must in
>particular be well conscious that one is oneself
>(alone and nobody else) responsible for the decision
>in making that choice. Past discussions in the group
>pointed out that multiple encryption with different
>algorithms could be one of the viable possiblities
>that deserve one's consideration in case no single
>available algorithm seems to be entirely satisfactory
>according to one's own (subjective) evaluation.
>
>
>I'll read your work. But I am quite sure even now that
>the above given question of what makes ciphers secure
>can't have any absolutely satisfactory answer, for the
>simple reason that there exists no rigouros measure of
>security of encryption algorithms as explained above.
>
>M. K. Shen
>----------------------
>http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
alternative intorduction]
Date: Tue, 19 Sep 2000 18:12:03 +0200
Mr. Savard had written a good explain about Aristotle vs. Physics. Here is a
little explanation about the time he lived in. In those times when Mendeleev
system of elements was beyond science fiction people was arguing what is the
prima principa of the nature, having different views, one school say the
fire is the essence, other the water or fire and water in combination and so
on. Aristotle hade made a reasonable conclusion, if we take the fire as
prima principa and we know that fire is denser than air but rarer than
water, here comes the problem : "But (2) if that which is
later in generation is prior in nature, and that which is concocted and
compounded is later in generation, the contrary of what we have been saying
must be true,-water must be prior to air, and earth to water."
Even he had given an answer unacceptable for our present science it is
important that he has outlined the generically line of things, he had
noticed that parts of something can not be the essence. that happens in
cryptography also, immunity to different attacks can not be the security
since there will be countless number of attacks possible. Any of them will
be just a subform of security, or instance of it. that why we need to quest
for more general answer than defining security as immunity to the finite set
of attack known at present.
I hope this will conclude the Aristotle discussion.
Kb
John Savard wrote in message <[EMAIL PROTECTED]>...
>On Tue, 19 Sep 2000 01:22:45 -0400, "Douglas A. Gwyn"
><[EMAIL PROTECTED]> wrote, in part:
>>Kostadin Bajalcaliev wrote:
>
>>> ... here what Aristotle have to say for his own time:
>
>>That's funny, because Aristotle's views on physics are not
>>held in high regard by physicists.
>
>However, physicists haven't prefered Thales, who proposed that
>everything was made of water, and this is what Aristotle was arguing
>against in the passage quoted. They agree that energy exists in
>addition to matter, and that form and pattern are also realities. So
>even if Aristotle did indeed make many mistakes in the physical
>sciences, what he is trying to say in that passage is not something
>that physicists today would disagree with.
>
>On the other hand, perhaps physicists do believe in a single essence,
>although some opt for the geometry of space-time and others for the
>wave function.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption
Date: Tue, 19 Sep 2000 18:38:18 +0200
in you examine Mr. Savard designs you will find something he named Algorithm
Variance, if you examine other cipher there is also something comparable to
that idea. I have noticed this once I have formulated Polymorph Encryption,
it is not a new nor original invention, many designer had use it even not
explicitly naming it. The objective of the my thesis is to give a general
definition and mathematical model for Polymorph Encryption. Half of the
thesis is devoted to explain the concept of Quasi Algorithms, a mathematical
model for PME. May be after you read the thesis you will find some of your
intuitive ideas in it, or may be some of your cipher already have some build
Polymorphism in them.
What I thing is important now is to give a good definition of the idea, to
make concise mathematical model of it. I not pretend to have exclusive right
on the idea, nor I thing anyone have. Many of us has invented polymorphism
in their own way. All constructive comments are welcome [in the stile of the
massage I am reply on], every effort to help, or better, to join the
efforts to define Polymorph Encryption as a Block Ciphers design strategy
will be accepted. I thing that an open discussion is more productive than
bunch of scientist in closed room discussing the matter.
Mr. Savard say on the end of his message:
>My suspicion is that polymorphism has been around a long time, but
>mostly in amateur designs. But there may be something in the publicly
>known history of cryptography that is properly considered to be its
>origin.
I agree with this, if anyone know about a work or paper already published
describing something similar to what I have named Polymorph Encryption it
will be very nice to share that information with the rest of us.
Kb
>
>The specific type of polymorphism in Konstantin Bajalcaliev's designs,
>though, as you can see from looking at Quadibloc II and the others of
>my designs which use it, was basically added almost as an
>afterthought, which is why it is present only in such a rudimentary
>form.
>
>If one thinks of not simply choosing between +, -, XOR, and
>multiplication, but of choosing from a large collection of Latin
>squares, there is of course Terry Ritter to think of, but I don't
>think he ever made the choice of Latin square _data_ dependent.
>
>My suspicion is that polymorphism has been around a long time, but
>mostly in amateur designs. But there may be something in the publicly
>known history of cryptography that is properly considered to be its
>origin.
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Tue, 19 Sep 2000 12:43:12 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Question on self-shrinking
"David A. Wagner" wrote:
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > I was recently thinking a bit about self-shrinking LFSR generators,
> > and was wondering... are there any differences between the following
> > four methods:
>
> Not really.
>
> > do {
> > a = lfsr_bit();
> > b = lfsr_bit();
> > } while( a ); return b;
> >
> > do {
> > a = lfsr_bit();
> > b = lfsr_bit();
> > } while( b ); return a;
>
> These two are clearly equivalent; you can just swap the initial
> states of the two registers. The output of the latter scheme
> with initial fill (x,y) is the same as the output of the former
> scheme with initial fill (y,x).
>
> If you replace 'while(a)' with 'while(!a)' in the first scheme,
> you get something which is apparently not exactly simulable with
> either of the two above schemes, but which appears unlikely to be
> any better or worse than the above two schemes. It is also
> equivalent to the third and fourth schemes you suggested (see
> below for why).
>
> A fifth scheme is equivalent to your first and second scheme:
> do {
> a = lfsr_bit();
> b = lfsr_bit();
> } while( a != b ); return a;
> The output of this third scheme with initial fill (x,y) is the
> same as the output of the second scheme with initial fill (x,x+y).
> (Here + denotes xor.) This works because LFSR's are linear.
There's a conceptual gap here. From the above description it appears that
you've assumed the existence of a two LFSR generators. But from the title
of the OP ( "self-shrinking" ), and the code snippets that do not
distinguish two lfsr_bit() functions, it appears that the original
intention was to sample successive pairs of bits from a single generator.
This is, of course, even less secure than having two independent
generators.
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Tue, 19 Sep 2000 16:51:11 GMT
This is how I see it:
1) While the commercialization is not something that great to see in
the newsgroup, it's not SPAM. Spam is a meat-like substance in a blue
can, this doesn't smell like it.
2) There are people who are slightly more privileged than others. BS
is one of those. I concur, if he, Don CopperSmith, Eli, Ron, Lars
etc... post something, I believe it in their heart that they do it for
the good of the crypto community, and if it benefits them as well, all
the better.
3) What if someone asked where they can get BS's book for cheap? And
then someone replied? Does that constitute commercialization of
pseudo-spam?
I see it like precomputed key-schedules, he answered a question before
it was asked. Not that big of a deal...
Albert
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: A conjecture - thoughts?
Date: Tue, 19 Sep 2000 10:44:33 -0600
Matthew Skala wrote:
<snip>
A nitpick:
> If you know a little more algebra, you don't even need to check the
> possibilities. Observe that "bijective 2x2 S-boxes" are the same thing as
> "permutations on 4 things" and that permutations are classed as "even" or
> "odd"; the product of two even permutations is even, and f and g are both
> odd, so b must be odd else it could never generate f and g. There are
> equal numbers of odd and even permutations, so that cuts the list in half:
> b must be one of the twelve permutations of four things expressible as a
> product of an odd number of pairwise swaps.
So far, so good.
> But there are only twelve
> possible pairwise swaps at all (four choose two) and every one of them is
> a distinct permutation, so the odd permutations are exactly those twelve
> swaps.
Oops, (four choose two) is six.
The other six odd permutations involve all four elements, e.g.
(2,3,4,1) = (1,2)(2,3)(3,4), and so forth.
(Hmm - I think that any permutation that leaves exactly one of the
four items in place is even. Does this generalize? That is, any
permutation that moves (deranges) N elements is odd iff N is even?
I've probably left myself open to a counter-nitpick here...)
<snip no-longer-relevant steps>
Oh well.
JM
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Tue, 19 Sep 2000 16:56:14 GMT
I think it depends... I am working on an algorithm and would like to
patent it. Why? So I can charge royalities. Hardly. So I can
guarantee a few things as far as the algorithm goes.
If you are going to weaken the implementation of it, or stick a backdoor
on it, I'll stick you with a lawsuit. (Lawsuits, the American way
huh?) I'm not into the science and math for the money, but there are a
few precautions you have to take in order to make sure that evil things
aren't being done to your algorithm. After all, who is going to fend
for the algorithm except you the inventor of it?
I feel less strongly now about that than I did before, because the
crypto community has shown that they respond quite quickly to things
like that. But patenting in and of itself is not evil, it's a question
of necessity.
Albert
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an
Date: Tue, 19 Sep 2000 19:15:51 +0200
Kostadin Bajalcaliev wrote:
>
[snip]
> I hope you will find a little time to read my thesis, it is not the regular
> amateur-eureka-work.
I have looked at your paper. The following are my comments:
You have apparently thought that a function must be something
written as a common mathematical expression like x^3+5. This
is not true. Every mapping from one set to another set
defines a function. In the discrete case, a function can
be given by a table and there is no need to give a nice
mathematical expression to describe it. If a blackbox
delivers an ouput for each input, then it realizes a
function. (The output for the same input may even be different
at different times, but we shall not go that far here.)
A piece of code in the programming language, normally one
having as header 'function', gives the explicit steps
of computation and realizes a function. That in such code
one uses different constructs of the programming languages
like 'if', 'case' to determine exactly what to do (among
a number of options) in any concrete situation (cf. your
example with the case construct) is what every programmer
has been doing. Thus I am afraid that your newly constructed
term 'quasi-function' is very confusing.
Polymorphism has been known in computer science since
decades, though much popularized only after C++. Already
in Algol68 one can use a datatype 'union' such that at
runtime one can obtain first the type and then the value
of an object and with these determine what is to be
computed next. Polymorphic Types have been much studied
by researchers of the functional languages. In procedural
languages, ADA and C++ are two recent examples that much
deploy polymorphism, with ADA having parametric types and
generics and C++ having classes, inheritence and dynamic
binding.
Restricting ourselves now to matters of crypto, it is
true that, as you mentioned, the use of data dependent
rotations, substitutions and S-boxes can be advantageous.
All these can, however, be subsumed under the concept
'variability'. If a cipher is not 'fixed' like DES but
has its components (e.g. S-boxes) different for
different messages or even dynamically modified during
encryption processing (e.g. a PRNG-driven cipher with
feedback to PRNG), then the opponent is in general in an
evidently much more difficult position to do the analysis.
As you mentioned, techniques like differential analysis
would no longer function. That's why I have many times
in the past propagated the 'principle of variability'
(my terminology) and suggested the use of parametrized
ciphers (where the user has choice of different
parameters, e.g. round numbers, optional processing
steps, etc.) as well as dynamic random selection of
encryption algorithms (see the thread of 28th May),
which latter you also deal with in your paper.
It is true that the well-known ciphers don't have
variability or have only little variability. Thus
suggesting introducing variability by dynamically
changing the type of operators in expressions to be
computed, as you have done, is in fact a good idea.
(There have been use of such in some ciphers, though.)
However, on the other hand, I believe you should
avoid using the terms 'quasi-algorithm' (any piece of
program that computes something and terminates is an
'algorithm', there is nothing quasi) and 'quasi-
function' (as explained above).
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
