Cryptography-Digest Digest #530, Volume #13 Tue, 23 Jan 01 13:13:01 EST
Contents:
Re: Any cryptoanalysis available for 'polymorphic ciphers'? (Joachim Scholz)
Conway Polynomials (Andrei Heilper)
Re: Conway Polynomials (Mehdi-Laurent Akkar)
magazine cryptologia... ("Danijel Kopcinovic")
Re: Conway Polynomials (Mehdi-Laurent Akkar)
Re: Any cryptoanalysis available for 'polymorphic ciphers'? ("Jakob Jonsson")
Re: A Small Challnge ("Frog2000")
Cryptographic Windows APIs or OCX? (Armando P.)
Question: Heard of ENCIPHERMENT COMMUNICATIONS? ("Melinda Harris")
Re: Dynamic Transposition Revisited (long) ("John A. Malley")
Re: Why Microsoft's Product Activation Stinks (JCA)
Re: Conway Polynomials ("Brian Gladman")
Re: magazine cryptologia... (Mok-Kong Shen)
Re: magazine cryptologia... (Quisquater)
Re: Any good source of cryptanalysis source code (C/C++)? (Bob Silverman)
Re: secure RNG (Paul Crowley)
Producing "bit-balanced" strings efficiently for Dynamic Transposition (John Savard)
Re: Fitting Dynamic Transposition into a Binary World (John Savard)
----------------------------------------------------------------------------
From: Joachim Scholz <[EMAIL PROTECTED]>
Subject: Re: Any cryptoanalysis available for 'polymorphic ciphers'?
Date: 23 Jan 2001 15:21:07 +0100
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> I tried to download the pdf file (English version) several
> times but the process seemed to stuck each time.
The pdf file contains the same information (or lack of it) as the web
page.
Kind regards, Joachim Scholz
------------------------------
From: Andrei Heilper <[EMAIL PROTECTED]>
Subject: Conway Polynomials
Date: Tue, 23 Jan 2001 17:05:09 +0200
There has been a discussion about primitive and irreducible polynomials.
The finite fields in Magma are constructed using what they called
"Conway polynomials". Doeas somebody knows what is the definition of
these polynomials.
Andrei Heilper
------------------------------
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Conway Polynomials
Date: Tue, 23 Jan 2001 15:03:15 GMT
The Conway polynomial C_(p, n) is the lexicographically first monic
irreducible, primitive polynomial of degree n over GF(p) with the property
that it is consistent with all C_(p, m) for m dividing n. Consistency of
C_(p, n) and C_(p, m) for m dividing n means that for a root alpha of C_(p,
n) it holds that beta = alpha^((p^n - 1)/(p^m - 1)) is a root of C_(p, m).
Lexicographically first is with respect to the system of representatives
-((p - 1)/2), ..., - 1, 0, 1, ..., ((p - 1)/2) for the residue classes
modulo p, ordered via 0 < - 1 < 1 < - 2 < ... ((p - 1)/2) (and we only need
to compare polynomials of the same degree). To compute the Conway
polynomial C_(p, n) one needs to know all Conway polynomials C_(p, m) for m
dividing n, and as far as we know, no essentially better method is known
than enumerating and testing the primitive polynomials of degree n in
lexicographical order.
More information: www.google.com
A+ MLA
Andrei Heilper a écrit :
> There has been a discussion about primitive and irreducible polynomials.
>
> The finite fields in Magma are constructed using what they called
> "Conway polynomials". Doeas somebody knows what is the definition of
> these polynomials.
>
> Andrei Heilper
------------------------------
From: "Danijel Kopcinovic" <[EMAIL PROTECTED]>
Subject: magazine cryptologia...
Date: Tue, 23 Jan 2001 15:15:42 -0800
anyone knows where i could get some articles published in "cryptologia"
magazine?
thx!
------------------------------
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Conway Polynomials
Date: Tue, 23 Jan 2001 15:13:13 GMT
> and as far as we know, no essentially better method is known
> than enumerating and testing the primitive polynomials of degree n in
> lexicographical order.
>
Better methods seem to be known but I do not know their efficiency
see for more details
http://ei.cs.vt.edu:8090/Dienst/UI/2.0/Describe/ncstrl.vatech_cs%2fTR-98-14
A+ MLA
>
> More information: www.google.com
>
> A+ MLA
>
> Andrei Heilper a écrit :
>
> > There has been a discussion about primitive and irreducible polynomials.
> >
> > The finite fields in Magma are constructed using what they called
> > "Conway polynomials". Doeas somebody knows what is the definition of
> > these polynomials.
> >
> > Andrei Heilper
------------------------------
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: Any cryptoanalysis available for 'polymorphic ciphers'?
Date: Tue, 23 Jan 2001 16:16:45 +0100
> Hello, on
> http://www.identification.de/crypto/descript.html
> a method is described which the authors call 'polymorphic
> encryption'. They claim it to be the most secure algorithm on the
> market. Of course, this is a site where the authors want to promote
> their product. So, has anyone made an independent cryptoanalysis of
> it?
Actually, I doubt that there are any cryptographers who are willing to waste
their time on it. The page is crammed with errors, misconceptions, and
unjustified claims, e.g.:
"Since there is a rumour that the NSA is trying to prevent the use of secure
ciphers, it is relatively likely that all algorithms supported by the NSA
imply some kind of shortcut."
"It is usually claimed that long keys slow down the algorithm too much.
That's true because execution time increases at least by the key size at the
power of two."
"What if both data and the actual encryption algorithm are undefined in the
beginning. An Opponent who wants to break your key feels deprived of any
constant. Working with variables only quickly becomes pretty complex.
Commonly known ciphers use one key - say one variable. A mathematic equation
comprising two variables cannot be solved! For cryptography, there is of
course a solution - but the only way to find it is to search exhaustively
the whole keyspace. This problem is one-dimensional for common ciphers and
two-dimensional for the Polymorphic Cipher."
"The Polymorphic Method is among the strongest ciphers available today and
it's probably the strongest."
Probably not. In fact, I doubt this guy can tell the conceptual difference
between RSA and DES.
Jakob
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: A Small Challnge
Date: Tue, 23 Jan 2001 10:26:47 -0500
--
http://welcome.to/speechsystemsfortheblind
"Bryan Olson" <[EMAIL PROTECTED]> wrote in message
news:94fmc0$590$[EMAIL PROTECTED]...
> IFrog2000 wrote:
> > "Bryan Olson" wrote
> > > rosi wrote:
>
> > > > Correct. Again randomization is not QP otherwise QP embraces
> > > > some very uninteresting things.
> > >
> > > I don't think you understood. My modification (to any PK
> > > cipher) required no randomness.
> >
> > It's easier to crack. Randomness, although pseudo, is
> > much harder to reverse engineer.
>
> What is the "it" that's easier to crack?. My modification is
> no more or less easy to crack that the PK scheme on which it's
> based.
You may be right. Have you tested the output (ciphertext) with any
statistical methods?
>
>
> --Bryan
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: Armando P. <[EMAIL PROTECTED]>
Subject: Cryptographic Windows APIs or OCX?
Date: Tue, 23 Jan 2001 15:27:24 GMT
Hi folks
Ok, I'll make it short and simple: I am a software developer and I
need to implement SSL (SSLv3/TLS if that helps) into my applications to
be able to access a specific portal that requires such authentification
(through x.509 certificates). I am quite new to the field of
cryptography, but have to learn it in a hurry due to a new mandatory
governmental law that requires this from our customers (municipalities
in Austria). I'm in dire need for a good (and well documented)
Cryptographic API (or Ocx) that I can implement into my existing
software. I have heard of MS Crypto API, but cant find it
anywhere...Who can help? As always, I am very grateful for any and all
advice. Thanks!!!!!
Regards,
Armando
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Melinda Harris" <[EMAIL PROTECTED]>
Subject: Question: Heard of ENCIPHERMENT COMMUNICATIONS?
Date: Tue, 23 Jan 2001 16:21:57 GMT
I am trying to find out if there is such an organization or agency. Or is
there even such a term being used among government agencies???
Thanks
Mr. Schiesl
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Tue, 23 Jan 2001 08:29:16 -0800
Terry Ritter wrote:
>
[snip]
> >This may be a good place to continue the cryptanalysis of the strength
> >of the DT cipher. A PRNG with N! states to make every permutation of
> >the bits in an N bit block can only generate some of the possible
> >sequences of permutations. There are (N!)! possible sequences of
> >permutations.
>
> There are (N!)**S possible sequences of permutations, of sequence
> length S.
Please help - where did I go wrong in calculating the total number of
possible sequences of the N! total possible permutations?
Here's my reasoning -
Given N bits there are N! different, unique ways to permute those bits -
the N! unique permutations. They make a set P.
I number the permutations in the set from 1 to N!. How many different
ways can I sequence the members of the set of permutations? Or in other
words, how many different ways can I write down (list) the elements of
P? Let the number of elements in P be M, so
M = N!. The number of unique listing sequences of the M elements is the
number of permutations of the M elements of P, which is M!. Since M =
N!, then M = (N!)!.
So that's how I derived the number of ways the individual elements of
the set of permutations of an N bit block can be listed out as a
sequence.
>
> >AFAIK it's safe to say the PRNG generates N! sequences
> >(assuming the set of seed values is equal to the set of possible outputs
> >of the PRNG, both sets are of order N!.) Only N!/ (N!)! of the sequences
> >can ever be seen.
>
> ??
There are M! ways to list the M values from 1 - M. A PRNG outputs lists
(sequences) of the values between 1-M. The PRNG starts from a seed
value s and makes a list of the M values. Each list is different. The
PRNG can only make as many unique lists of the M values are there are
unique seeds s. Let the order of the set S of seed values be K. Then
the PRNG can only make K out of M! listings (sequences) of the M values
from 1 - M. So the PRNG only produces a fraction K / M! of the total
possible sequences of the M values.
Let the set S be the set of M output values of the PRNG. The order of
the set M is M. Then the PRNG only produces a fraction M / M! of the
total possible sequences of the M values.
So let M = N! (the number of possible permutations of N bits). The set
of seed values S for this PRNG is the set of numbers from 1 through M!
The PRNG generates a number from 1 through M! to choose the permutation
to apply to the ith bit block. (This is the most abstract view of the
PRNG's role in the DTC.)
This PRNG can produce only M = N! possible output sequences of
permutations. That's why I state the PRNG produces a fraction M! / (M!)!
of the total possible listings of the M! permutations of the N bits.
Why is this derivation wrong?
John A. Malley
[EMAIL PROTECTED]
>
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Tue, 23 Jan 2001 07:45:15 -0800
zapzing wrote:
> > You can get PCs with Linux installed. They tend to be cheaper than
> > their Windows counterparts too, because you don't have to pay an
> > outrageous amount for the OS. Do you want links?
>
> Actually, yes, I do.
>
OK, try the following:
http://www.storeanywhere.com
http://amnet-comp.com
http://www.acinc.com
http://www.linuxcomputersystems.com
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Conway Polynomials
Date: Tue, 23 Jan 2001 17:03:40 -0000
"Mehdi-Laurent Akkar" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > and as far as we know, no essentially better method is known
> > than enumerating and testing the primitive polynomials of degree n in
> > lexicographical order.
> >
>
> Better methods seem to be known but I do not know their efficiency
> see for more details
>
>
http://ei.cs.vt.edu:8090/Dienst/UI/2.0/Describe/ncstrl.vatech_cs%2fTR-98-14
These methods can beat a simple search by a very large margin for high order
polynomials. They can also be much worse in some circumstances so both
approaches remain useful.
But they are only needed for large fields since a simple search is good
enough when the fileds in question are small.
Brian Gladman
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: magazine cryptologia...
Date: Tue, 23 Jan 2001 18:05:58 +0100
Danijel Kopcinovic wrote:
>
> anyone knows where i could get some articles published in "cryptologia"
> magazine?
Try some large public libraries, including universities.
Otherwise you might have to order from the publisher.
M. K. Shen
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: magazine cryptologia...
Date: Tue, 23 Jan 2001 18:46:58 +0100
Danijel Kopcinovic wrote:
>
> anyone knows where i could get some articles published in "cryptologia"
> magazine?
>
> thx!
It is not a magazine :-)
The "good" way (except good librairies) is
http://www.dean.usma.edu/math/resource/pubs/cryptolo/index.htm
but some issues are out of print !
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Any good source of cryptanalysis source code (C/C++)?
Date: Tue, 23 Jan 2001 17:12:03 GMT
In article <94hsec$trj$[EMAIL PROTECTED]>,
AllanW <[EMAIL PROTECTED]> wrote:
<snip>
>
> But consider this: he didn't ask for software to break codes, he
> asked for software to break block ciphers. That implies that he
> knows the difference between a stream cipher and a block cipher.
> But he didn't name any particular block cipher! One possible
> reason is that he's just learning about block ciphers, and wants
> to know how to attack ANY of them.
No. This is not a possible reason.
It is (or should be) assumed that the poster knows how to speak and
write English. Indeed, I would say that an assumption to the contrary
would be insulting. [unless English is not his native language]
Therefore, if he wanted to know how to go about attacking block ciphers,
that is what would have been asked for. But this was not asked.
Instead, a request was made for code.
>
> Sure, other interpretations are possible. But why do so many
> people in this group insist on finding the least meaningful
> interpretation of questions,
It is actually a *compliment* to the poster to assume that he
knows how to ask for what he wants. If he wants code, he asks for that.
If he wants to know how to break ciphers, he asks for that. But he
does not ask for the former if he wants the latter.
> and then attacking the questioner
> for asking a question that isn't very meaningful?
The questioner was not attacked. It was simply pointed out that
what he asked for was nonsense.
> > > This also makes it fairly obvious why he wants source code:
> > > he wants to study how it works.
> >
> > Reading source is the worst way to learn how to do decryption.
> > It won't tell you what is happening and discerning the technique
> > used from just the source would be very difficult.
>
> Ah, but maybe he didn't know that.
If he knows enough to ask for code, he should know enough to realize
that you can't learn how an algorithm works just by reading the code
without a MAJOR effort. And in some cases, not at all.
> > > Throughout history great leaps in knowledge have often
> > > followed questions such as "How does this work?"
> >
> > Then that is what he should ask, rather than asking for code.
>
> Conceivably this IS his way of asking.
Now this is *really* reaching.....
>Not everybody says it
> the same way that you apparently think that they should.
I assume that posters are intelligent enough to ask for what they want.
If they want 'A', they ask for 'A' and not 'B' while believing that
'B' implies 'A'. This is what clear communication is about.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: secure RNG
Date: Tue, 23 Jan 2001 17:43:50 GMT
Joseph Ashwood wrote:
> They all take different approachs. Blum, Blum, Shub is provably secure under
> certain assumptions, but horribly slow. RC4 is very fast but has a bias,
> ISAAC is not quite as fast but IIRC has a lower bias.
I think ISAAC is faster than RC4.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Producing "bit-balanced" strings efficiently for Dynamic Transposition
Date: Tue, 23 Jan 2001 17:34:57 GMT
I decided to hunt for things on the web: I found
http://www.research.att.com/~amo/doc/arch/balancing.vectors.troff
which may be relevant.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Fitting Dynamic Transposition into a Binary World
Date: Tue, 23 Jan 2001 17:29:25 GMT
On Tue, 23 Jan 2001 02:00:36 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>On Tue, 23 Jan 2001 01:46:36 GMT, Benjamin Goldberg
><[EMAIL PROTECTED]> wrote, in part:
>>How would you go about doing a fixed-length to fixed-length conversion
>>for large blocks in practice? Certainly not a [ridiculously huge]
>>lookup table.
>Well, an earlier post in this thread shows what I was thinking
>of...and for an example in another domain, look at the page titled
>'From 47 bits to 10 letters' on my web site.
OK: here we go - well, partly. Maybe I'll find a better approach than
this, but I think this is still illustrative.
As I noted in another post:
One can map 37 arbitrary bits (137,438,953,472 possibilities) to 40
balanced bits (137,846,528,820 possibilities) for only an 8.11%
increase
in bandwidth cost.
A 40 bit string can be split into 5 bytes.
For a byte, there are:
1 possible arrangement, each, of 8 zeroes or 8 ones.
8 possible arrangements, each, of 7 zeroes and one one, or one zero
and 7 ones.
28 possible arrangements, each, of 6 zeroes and 2 ones, or 2 zeroes
and 6 ones.
56 possible arrangements, each, of 5 zeroes and 3 ones, or 3 zeroes
and 5 ones.
70 possible arrangements of 4 zeroes and 4 ones.
Thus: our 37 bit string is a number between 0 and 137,438,953,471.
For numbers between 0 and 1,680,699,999, let the bit string be
represented by five consecutive balanced bytes, since 1680700000 is 70
to the fifth power.
A balanced string of 40 bits can also be made up of one byte with 3
ones, one byte with 5 ones, and three balanced bytes. There are 20
different ways to arrange these three kinds of bytes, and for each
such arrangement, 56 * 70 * 70 * 70 * 56, or 1,075,648,000 different
bit strings are possible.
Thus, for the 21,512,960,000 possible values for our input 37 bit
string from 1,680,700,000 to 23,193,659,999, we assign it to a string
of this type.
The next possibility: (3)(3)(4)(5)(5) - two bytes with three ones, one
byte that is balanced, two bytes with five ones. Here, for each
arrangement, there are 56*56*70*56*56 or 688,414,720 possibilities,
and there are 30 possible arrangements of the three kinds of byte.
Thus, 20,652,441,600 possible values may be assigned to patterns of
this type, representing the numbers from 23,193,660,000 to
43,846,101,599.
Next, we will consider the possibility (2)(4)(4)(4)(6). Again 20
arrangements, and each arrangement has 28*70*70*70*28 possibilities.
So we can account for 537,824,000 possible values, from 43,846,101,600
to 44,383,925,599.
Now we can start to consider asymmetric possibilities. (3)(3)(4)(4)(6)
and (2)(4)(4)(5)(5) each have 30 possible arrangements, and
56*56*70*70*28, or 430,259,200 possibilities each. So between them,
these two possibilities account for 25,815,552,000 values, from
44,383,925,600 to 70,199,477,599.
Well, we've reached the halfway point!
Next in order of consideration will be the pattern (2)(3)(4)(5)(6).
This has 120 possible arrangements, and each arrangement has
28*56*70*56*28 or 172,103,680 possibilities. So we now account for
20,652,441,600 possible values, from 70,199,477,600 to 90,851,919,199.
Then, the more extreme pattern (2)(2)(4)(6)(6) has 30 arrangements,
each with 28*28*70*28*28 or 43,025,920 possibilities, accounting for
1,290,777,600 values, from 90,851,919,200 to 92,142,696,799.
Again, we will consider a pair of asymmetric patterns, in this case
(2)(3)(3)(6)(6) and (2)(2)(5)(5)(6). Each arrangement of these
patterns has 28*56*56*28*28 or 68,841,472 possible values, and each of
these patterns has 30 arrangements, for a total of 4,130,488,320
values, which I can use to represent the arbitrary 37-bit patterns
with values from 92,142,696,800 to 96,273,185,119.
More profoundly asymmetric are (3)(3)(3)(5)(6) and (2)(3)(5)(5)(5).
Each of these patterns has 20 arrangements, and each arrangement
accounts for 56*56*56*56*28, or 275,365,888 possible values, so we can
take care of 11,014,635,520 values, from 96,273,185,120 to
107,287,820,639.
Well, it looks like I will have to keep scraping further down in this
barrel, because I have 137,438,953,472 values I need to take care of,
so there are still over 30 billion values to account for.
So I will begin with (1)(4)(4)(4)(7). 20 arrangements, with each
arrangement having 8*70*70*70*8 or 21,952,000 possibilities. This
accounts for 439,040,000 values, from 107,287,820,640 to
107,726,860,639.
Next is (1)(3)(4)(5)(7). 120 arrangements, with each arrangement
having 8*56*70*56*8 or 14,049,280 possibilities. This will account for
1,685,913,600 values, from 107,726,860,640 to 109,412,774,239.
Next might be (1)(2)(4)(6)(7). 120 arrangements, and each arrangement
has 8*28*70*28*8 or 3,512,320 possibilities. This will account for
421,478,400 values, from 109,412,774,240 to 109,834,252,639.
Perhaps once we turn again to asymmetric arrangements we will make
faster headway. Let us consider (1)(4)(4)(5)(6) and (2)(3)(4)(4)(7).
Each of these two patterns has 60 arrangements, and each arrangement
has 8*70*70*56*28 or 61,465,600 possible values. So, we can account
for 7,375,872,000 possible values, from 109,834,252,640 to
117,210,124,639.
Now, let us consider (1)(3)(4)(6)(6) and (2)(2)(4)(5)(7). Again, each
of these patterns has 60 arrangements. This time, the arrangements
have 8*56*70*28*28 or 24,586,240 possible values, so we are able to
account for 2,950,348,800 possible values, from 117,210,124,640 to
120,160,473,439.
We still have some more possibilities in this vein. (1)(3)(5)(5)(6)
and (2)(3)(3)(5)(7) also each have 60 arrangements, and each
arrangement has 8*56*56*56*28 or 39,337,984 possibilities. So we can
account for 4,720,558,080 values, from 120,160,473,440 to
124,881,031,519.
And then there is (1)(4)(5)(5)(5) and (3)(3)(3)(4)(7). Each of these
has 20 arrangements, and each arrangement has 8*70*56*56*56 or
98,344,960 possibilities. Thus, we can account for 3,933,798,400
values, from 124,881,031,520 to 128,814,829,919.
Now let us consider (1)(2)(5)(6)(6) and (2)(2)(3)(6)(7). Each of these
has 60 arrangements, and each arrangement has 8*28*56*28*28 or
9,834,496 possible values. So we can account for 1,180,139,520 values,
from 128,814,829,920 to 129,994,969,439.
Still almost 8 billion to go, and I seem to have run out of the good
possibilities with only one byte that has only 8 possibilities.
Then there is (1)(2)(5)(5)(7) and (1)(3)(3)(6)(7). Each one has 60
arrangements, and each arrangement has 8*28*56*56*8 or 5,619,712
possible values. This allows us to account for 674,365,440 values,
from 129,994,969,440 to 130,669,334,879.
I think I'll give up for now...
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
