Cryptography-Digest Digest #427, Volume #13 Sat, 6 Jan 01 14:13:00 EST
Contents:
Re: "Content Protection for Recordable Media" (Tim Smith)
Re: Key scheduling (Mok-Kong Shen)
Electronic resources for cryptology? (Richard Cavell)
Re: Electronic resources for cryptology? ("Mark Hellewell")
Re: Electronic resources for cryptology? (John Savard)
Re: xor'd text file (Chris Gillespie)
Re: Electronic resources for cryptology? (Mok-Kong Shen)
Re: Comets, Meteors, and Mitotic Spindles ("Scot Mc Pherson")
Re: Differential Analysis ("Michael Scott")
Need of very simple algorithms? (Mok-Kong Shen)
Can anyone help with this puzzle ? ([EMAIL PROTECTED])
Re: Need of very simple algorithms? (Eric Lee Green)
Re: Key scheduling (Benjamin Goldberg)
Re: Key scheduling (Simon Johnson)
Re: Differential Analysis (Simon Johnson)
Re: Can anyone help with this puzzle ? (Simon Johnson)
Re: Key scheduling (Benjamin Goldberg)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Tim Smith)
Subject: Re: "Content Protection for Recordable Media"
Date: 6 Jan 2001 01:12:39 -0800
Reply-To: Tim Smith <[EMAIL PROTECTED]>
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Dumb quesion: What prevents one from reading from such a
>drive into memory and writing out to a drive without
>protection features, which some manufacturers of the world
>would certainly continue to produce to meet a corresponding
>market demand?
Or, how about reading it into memory, encrypting it, and writing it back
out to the same drive? How's the drive to know that this random looking
glob of data is an encrypted copy of something I'm only license to copy
once?
--Tim Smith
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Key scheduling
Date: Sat, 06 Jan 2001 11:11:10 +0100
Doug Kuhlman wrote:
>
> Certain ciphers (e.g. IDEA, DES) -- usually older ones -- have a very
> simple key scheduling. Other, later ciphers (Twofish, AES) have much
> more complicated key scheduling algorithms (often almost as complex as
> the cipher itself).
>
> Why? What attacks (if any) are there against the simpler key scheduling
> algorithms? Is there a gain? If so, what?
I am also interested to learn what the basic design
principles/requirements of good key schedule are. From
my naive thought, it seems that the round keys that are
derived from a single user given key are to be as
'unrelated' (in some sense) to one another as possible.
Since the rounds of a block cipher are commonly of the
same structure (an extreme case is e.g. Rijndael), i.e.
equivalent, and the user key can be any arbitrary value,
this would mean that the round keys have to be some
random permutations of (subsets of) the key such that
that these have minimum cross-correlations. Could this
guess at least be something in the right direction or
is the issue much more subtle in principle? Thanks.
M. K. Shen
------------------------------
From: Richard Cavell <[EMAIL PROTECTED]>
Subject: Electronic resources for cryptology?
Date: Sat, 06 Jan 2001 22:46:28 +1100
It's difficult to buy specialist books in Australia.
The FAQ lists two websites which have both disappeared.
Does anyone have any recommended online cryptology resources?
Richard Cavell
------------------------------
From: "Mark Hellewell" <[EMAIL PROTECTED]>
Subject: Re: Electronic resources for cryptology?
Date: Sat, 6 Jan 2001 11:29:45 -0000
"Richard Cavell" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> It's difficult to buy specialist books in Australia.
>
> The FAQ lists two websites which have both disappeared.
>
> Does anyone have any recommended online cryptology resources?
>
> Richard Cavell
Theres a set of PDF's of "The Handbook of Applied Cryptography" located at:
http://www.cacr.math.uwaterloo.ca/hac/
There are tons of resources, all you have to do is search for them.
Mark
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Electronic resources for cryptology?
Date: Sat, 06 Jan 2001 11:58:44 GMT
On Sat, 06 Jan 2001 22:46:28 +1100, Richard Cavell
<[EMAIL PROTECTED]> wrote, in part:
>It's difficult to buy specialist books in Australia.
>The FAQ lists two websites which have both disappeared.
>Does anyone have any recommended online cryptology resources?
My humble web site, which has been noted by some as a resource, also
contains pointers on its Links page to two other significant
resources, the Lanaki Classical Cryptography Course, and the Crypto
Drop Box.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Sat, 06 Jan 2001 15:33:30 +0000
From: Chris Gillespie <[EMAIL PROTECTED]>
Subject: Re: xor'd text file
Joshua Cryer wrote:
> Hey, I got a pretty large text file that has been encrypted using a very
> simple xor algorithm. The only thing I am sure of is that the seed is no
> larger than 65535. I don't know how many times it was encrypted. Could
> someone help me out a bit here? (i.e. a paper on cracking xor encryption.)
>
> Thanks in advance.
I dont quite understand what you mean by 'seed'. The number 65535 is 16bits
in binary. Do you mean the number which is <= 65535 has been XOR'd with every
16 bits in the text file? If that was the case then frequency analysis would
still work pretty well on the file. Look at how many times each byte occurs
in the text file. The highest frequencied items will most likely be plaintext
space or E. From there you can figure out what number would transfer the
ciphertext letter into space or E. Apply this to the whole file and see what
happens.
Chris.
--
--
Chris Gillespie
Researcher
Dept of Computing
University of Bradford
email: [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Electronic resources for cryptology?
Date: Sat, 06 Jan 2001 16:56:14 +0100
Richard Cavell wrote:
>
> It's difficult to buy specialist books in Australia.
>
> The FAQ lists two websites which have both disappeared.
>
> Does anyone have any recommended online cryptology resources?
Try the links from www.cryptography.org and www.counterpane.com and
resources available from www.iacr.org.
M. K. Shen
------------------------------
From: "Scot Mc Pherson" <[EMAIL PROTECTED]>
Crossposted-To: sci.geo.earthquakes,alt.fluid-dynamics,alt.sci.astro.eclipses
Subject: Re: Comets, Meteors, and Mitotic Spindles
Date: Sat, 06 Jan 2001 16:31:07 GMT
M Moroni,
Have you figured out why the pleidians planted the silkworms on earth
yet?
Scot Mc Pherson
<[EMAIL PROTECTED]> wrote in message
news:92tlpd$nnn$[EMAIL PROTECTED]...
> RE: http://www.geocities.com/antarii_rescue/index.html
> http://www.geocities.com/antarii_rescue/index2.html
> http://www.geocities.com/antarii_rescue/antares.html
> http://www.geocities.com/antarii_rescue/aldebaran.html
> http://www.angelfire.com/de/CassandraCrossing/PAGE3B.html
>
> The Feb 2001 SKY & TELESCOPE magazine published a story by the Vatican
> astronomer Guy Consolmagno titled "The Story of Space Rocks".
>
> He was none too pleased with the recent Smithsonian Press book
> called "Asteroids: A History".
>
> Myself, I always thought it was clear to all schoolchildren that
> asteroids are lava chunks spewed out by volcanoes here on Earth and
> elsewhere, that fly out of the planet's orbit into space.
>
> Meteors have parts iron and parts silicon. Asteroids have next to no
> iron. When meteors slam into earth they cause a thermonuclear
> explosion and leave much melted glass [tektites], and large salt domes.
>
> To wit: Marquez Dome of Texas; the Upheaval Dome of Moab, UT; the
> Ayers Rock region of Australia; the Serpent Mound of Ohio, USA; the
> Libyan Desert; the Barringer Crater of AZ; and the underwater crater of
> the Barents Sea [the most salty ocean].
>
> The volcanic underwater mountain ridges of the Azores are asteroidal;
> as are the Pacific Fire Rim underwater mountain ranges; the whole area
> of Hawaii; most of Icelandic quarters; the Mauritius Island archepilago
> in the African Indian Ocean; et al.
>
> These asteroidal volcanic areas seem to be seldom, if ever, bombarded
> by comets or meteors. Why?
>
> Could Signor Consolmagno please explain this remarkable phenomena!
>
> Could it go back to the arguments of the ancient Ammonites, before they
> were turned to pillars of salt [Lot was one of their people], that
> concern the difference between asters and astrals?
>
> An aster is a fake star and not genuine. It is also the name of
> tubular flowers, tulip like, in China.
>
> An astral is a real star and has a genuine mitotic and meitotic
> component.
>
> An aster has a spurious radial arrangement around a spindle-like
> mitotic and meiotic cyst.
>
> Hope this stimulates debate.
>
> M. Moroni
>
>
> In article <[EMAIL PROTECTED]>,
> "Roy Sharif M. Sison" <[EMAIL PROTECTED]> wrote:
> > A new earthquake just struck Southern Philippines a few moments ago.
> > It's either a new quake or a strong shock after the M7.2 submarine
> quake
> > yesterday afternoon.
> > Can anybody point me to a URL with real-time eq monitoring? The USGS
> > site does not have a record of the eq yet.
> > Thanks.
> >
> > Regards,
> >
> > Roy
> >
> >
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Sat, 06 Jan 2001 16:34:50 GMT
The problem with differential and linear cryptanalysis is that an attack on
a specific block cipher must be tuned very specifically to the particulars
of that block cipher. So its not a question of having a "Differential
Cryptanalysis" program and entering the details of the block cipher as
parameters.
All the information you need is out there in the open literature, but its a
little hard to apply it directly as a lot of programing detail is omitted
for reasons of clarity.
I have some prepared lecture notes on Differential and Linear Cryptanalysis,
specific to attacking FEAL-4. Using these notes and some supplied references
most of the class succeeded in finding the sub-keys. The exercise was useful
in that the students learned that in practise these attacks are not at all
trivial to mount, even for FEAL-4.
The notes I have are in MS Word format. If anyone wants them I will email
them.
Mike Scott
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Need of very simple algorithms?
Date: Sat, 06 Jan 2001 17:55:37 +0100
While very high qualtiy algorithms like AES and RSA are
certainly indispensible for secure communications, I suppose
that there is also a practical need for the other extreme,
namely very simple and (in consequence) low quality ones.
Plenty of people are nowadays sending SMS messages to one
another, often en route. What can one do to obtain some degree
of security for such messages (assuming that nothing of the
genre of a palmtop is available)? Perhaps we could collect
some useful ideas in this thread. One viable device that comes
to my mind is the Jefferson cylinder. I have seen a modern
fabrication of it as a toy but that has only a small number of
disks and is very clumsily dimensioned. A better design would
probably be appropriate to use and convenient to be carried
around. Note that it is also possible to do multiple encryption
with the device (see wtshaw's web page) to get higher security.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Can anyone help with this puzzle ?
Date: Sat, 06 Jan 2001 17:00:49 GMT
Hello there,
I am totally baffled with this cryptogram/puzzle but I'm sure someone
out there could help !
The only clue is that it is a seasonal message (Christmas/New year
type) and the setter has a sense of humour !
Here it is ......
5374531622368398102139018601181515531016165372001
I'm not sure whether or not the last four digits have any special
significance !
thank you
Elaine
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Need of very simple algorithms?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 06 Jan 2001 17:23:01 GMT
On Sat, 06 Jan 2001 17:55:37 +0100, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>
>While very high qualtiy algorithms like AES and RSA are
>certainly indispensible for secure communications, I suppose
>that there is also a practical need for the other extreme,
>namely very simple and (in consequence) low quality ones.
The nice thing about AES is that it is so fast that there is
rarely any need for very simple/low quality ones. Hopefully the
days of XOR'ing data with a mask because a "real" cipher was too slow
are behind us, for the most part.
--
Eric Lee Green
[EMAIL PROTECTED]
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Key scheduling
Date: Sat, 06 Jan 2001 17:34:19 GMT
Simon Johnson wrote:
[snip]
> Somewhat off topic, but related is DES. Why didn't people redesign the
> DES key-shedule to deal with 128-bit keys (where complying to a
> standard was not essiential)?
IIRC, according to the literature, the complexity of attacking DES with
completely independent round keys is 2**58. That is the maximum
strength of the cipher. Using a larger user key provides little (at
most two bits) of extra strength.
In a way, this is like skipjack... It's got a small key, compared to
what one would want for security (56 bits, 80 bits), and it's very
difficult to change it so as to use a larger key and gain security.
> That's what i don't get about triple DES, why? Surely a faster
> algorithm than tripple DES would be the following:
>
> 1. Design a new key-shedule to take 128-bit keys.
> 2. Increase the number of rounds to the 19 (this prevents Differential
> cryptanalysis from being possible according to AC2)
>
> If your gonna use tripple DES anyway, you probably wont care about the
> addition of 3 rounds to the cipher.
Making such a change umm violates the warrantee. If you're not going to
use DES, then you might as well use something *designed*, from the
beginning, to use larger keys.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Key scheduling
Date: Sat, 06 Jan 2001 17:59:36 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Simon Johnson wrote:
> [snip]
> > Somewhat off topic, but related is DES. Why didn't people redesign
the
> > DES key-shedule to deal with 128-bit keys (where complying to a
> > standard was not essiential)?
>
> IIRC, according to the literature, the complexity of attacking DES
with
> completely independent round keys is 2**58. That is the maximum
> strength of the cipher. Using a larger user key provides little (at
> most two bits) of extra strength.
Does this mean that if i use a 128-bit key (with independant round
keys) it can be represented as a 58-bit key? or does this mean that
2^58 known plain-texts are required to break a key of any size?
> In a way, this is like skipjack... It's got a small key, compared to
> what one would want for security (56 bits, 80 bits), and it's very
> difficult to change it so as to use a larger key and gain security.
Yeah, it appears the NSA find nice ways of crippling their algorithms
such that other people can't improve them.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Sat, 06 Jan 2001 18:24:01 GMT
In article <932nit$v4p$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > Tom St Denis wrote:
> > >
> > > In article <[EMAIL PROTECTED]>,
> > > Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > > > Could anyone point me to an _online_ resource which describes
> > > > exactly how to do differential analysis? Most of the stuff I've
> > > > found is much to vague to go from their description to something
> > > > resembling an attack.
> > >
> > > Differential attacks work like this. You have a finite function F
> (x),
> > > you know that a difference i.e F(x) - F(x - a) = b will occur with
> > > probability p (p <> 1), thus there are pairs of inputs (x, x-a)
that
> > > will cause the output difference 'b'.
> >
> > Ok, I understand this part, sorta. But how do I find a, b, and p?
> > Also, why do you use integer subtraction, rather than XOR? Wouldn't
> XOR
> > make more sense for most ciphers? That would make it:
> > F(x) ^ F(x^a) = b
> > With some probability p.
>
> Xor is addition/subtraction in GF(2) so the math is the same. And you
> find 'a', 'b' by looking for them.
>
> > > In your attack you sends random pairs of inputs (that differ
by 'a')
> > > and look for an output difference of 'b'. If it occurs then your
> > > inputs may have been right.
> >
> > Huh? I don't get it. You mean that if ENC(x) ^ ENC(x^a) = b, then
> the
> > key byte is b?
>
> No if you send 'x' in and 'y' was what is suppose to cause the
> difference then x+k=y or x-y=k :-)
>
> > > Given most F(x) will be used as F(x + k) (i.e a key is added)
it's a
> > > simple matter of linear algebra to find the right key.
> > >
> > > For example if for the inputs (1,2,3) and a ionput difference of
2,
> an
> > > output difference of 4 is likely. Then if you send (5,7) as an
> input
> > > and find '2' as the difference the key may have been -4,-3 or -2
> (i.e
> > > 5 - 4 = 1, 5 - 3 = 2....).
> > >
> > > Hope this helps.
> >
> > A little, but not as much as I'd like it to.
> >
> > How about this: here's what I want to analyse:
> >
> > function encr( uint8 txt[2], uint8 k[rounds] ) {
> > for i in 0 to rounds/2-1 {
> > txt[0] ^= AES_sbox[ txt[1] ^ *k++ ];
> > txt[1] ^= AES_sbox[ txt[0] ^ *k++ ];
> > }
> > }
> >
> > How do I go about finding differences and probabilities, and how
does
> > that let me get k? Of equal importance, what do I have to set
rounds
> to
> > to thwart differential analysis?
>
> Well look at the xor-pair table of the sbox and see if any high prob
> difference can propagate easily in your function. (Hint your above
> function is a simple feistel so just look for high probability output
> differences that have inputs of high prob as well (i.e if you chain
the
> differences they are always high probability)).
>
> Tom
>
> Sent via Deja.com
> http://www.deja.com/
>
The bit i never get with this. Is that we find say the highest prob
output difference, then what?
Its translating this into a multiple round attack. This must clearly s
depend on the cipher being analysed but roughly how is this achieved?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Can anyone help with this puzzle ?
Date: Sat, 06 Jan 2001 18:28:13 GMT
In article <937ivt$rnm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hello there,
> I am totally baffled with this cryptogram/puzzle but I'm sure someone
> out there could help !
> The only clue is that it is a seasonal message (Christmas/New year
> type) and the setter has a sense of humour !
> Here it is ......
> 5374531622368398102139018601181515531016165372001
> I'm not sure whether or not the last four digits have any special
> significance !
> thank you
> Elaine
>
> Sent via Deja.com
> http://www.deja.com/
>
Any idea how this is encrypted? There are pointers that suggest
breakability, but without an algorithm and so little cipher-text
your really strugling to yield a solution from it. There are many
couplets of identical digits in the cipher-text. Each with a
probability of about 1/100 occuring. A first step might be to
try and character frequency analyse the cipher-text.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Key scheduling
Date: Sat, 06 Jan 2001 18:56:03 GMT
Simon Johnson wrote:
>
> In article <[EMAIL PROTECTED]>,
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > Simon Johnson wrote:
> > [snip]
> > > Somewhat off topic, but related is DES. Why didn't people redesign
> > > the DES key-shedule to deal with 128-bit keys (where complying to
> > > a standard was not essiential)?
> >
> > IIRC, according to the literature, the complexity of attacking DES
> > with completely independent round keys is 2**58. That is the
> > maximum strength of the cipher. Using a larger user key provides
> > little (at most two bits) of extra strength.
>
> Does this mean that if i use a 128-bit key (with independant round
> keys) it can be represented as a 58-bit key? or does this mean that
> 2^58 known plain-texts are required to break a key of any size?
Definitely not the first, possibly the second.
> > In a way, this is like skipjack... It's got a small key, compared to
> > what one would want for security (56 bits, 80 bits), and it's very
> > difficult to change it so as to use a larger key and gain security.
>
> Yeah, it appears the NSA find nice ways of crippling their algorithms
> such that other people can't improve them.
I wouldn't exactly call it "crippling" in this case, since 80 bits isn't
exactly small -- especially if the algorithm has the full strength of
its keysize. And it's to NSA's advantage that if they're forced to give
out a strong N bit cipher, it not be possible for others to strengthen
it.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
