Cryptography-Digest Digest #528, Volume #14       Tue, 5 Jun 01 18:13:00 EDT

Contents:
  Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
  One last bijection question ("Tom St Denis")
  Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
  Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
  Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
  Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
  Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
  Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
  Re: One last bijection question ([EMAIL PROTECTED])
  Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
  Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
  Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel)
  Re: One last bijection question ("Tom St Denis")
  Re: Welcoming another Anti-Evidence Eliminator stooge to USENET  (P.  Dulles / AKA 
Loki) (Keith)

----------------------------------------------------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Tue, 05 Jun 2001 21:10:44 GMT


"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Yes there will be equivalent keys but not enough to tell from random.
> :>
> :> Tell /what/ "from random".
>
> : Tell the plaintext. [...]
>
> I can very likely tell a randomly chosen plaintext from the decrypt of an
> 1 byte cyphertext using CTR mode.
>
> Does the random plaintext have only 8 bits?  If not, I can immediately
> distinguish them.

Yes, but you are just brute forcing the key space.  If you encode for
example 384-bits (three AES blocks) in CTR mode you can most likely tell
when you get the key right.  However, getting the right key amounts to at
least 2^127 work if the key is random.

> :> [...] a cyphertext only having 256 possible decrypts is a
> :> problem with the orthodox CTR mode.
>
> : It's not a problem.  You're just not looking for the answer.
>
> AFAICS, your idea of an answer is one that isn't worth having ;-|
>
> : The truth is if the message has a prob of 1/256 and all outputs from the
> : cipher are equalprobable (i.e 1/256) then it's a provably secure for a
> : single byte only.
>
> Ah - you're sliding in that "for a single byte only"...
>
> As though we're discussing the trivial case of only 256 possible
messages...

Um yes that's what we were f$$$ talking about.  For geez sakes stay on the
same model!

> : Consider the cipher some simple like
>
> : C = P xor K
>
> : where we discard the 120 upper bits of C before xoring against the
message.
> : Don't you agree this is just an OTP?
>
> Yes - it's very much like an OTP.

(Hint it is an OTP)

> : Hence don't you agree it's provably secure?
>
> Of course it's not provably secure - unless you think only having 256
> possible plaintexts out of the possible billions is something worthwhile.
>
> We're trying to stop the attacker getting information about the message.
> Giving him the length of the message on a plate is a terrible start.

Why?  Tell me how you can find K from C knowing the length?

Just tell me why it's a problem.

Tom



------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: One last bijection question
Date: Tue, 05 Jun 2001 21:15:10 GMT

Ok I thought bijections were when the codomain and domain are the same set.

http://www.dictionary.com/cgi-bin/dict.pl?term=surjection

Seems to support this thought.

A function f : A -> B is surjective or onto or a surjection if f A = B

Don't A and B represent the domain/codomain sets respectively?

I'm most likely wrong.... can someone explain this?  The only other meaning
I can find is that A and B are not the same set but can map back and forth.
But isn't that an injection?

Arrg!
--
Tom St Denis
---
http://tomstdenis.home.dhs.org



------------------------------

From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 21:12:05 GMT

SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:

:  Tim I think TOM is just trying to make ass out of himself

He seems to me to have been doing a lot of that recently:

First the "unicity distance", then the "bijection", and now the
"CTR mode".  I guess we just rub him up the wrong way - so that
all of his conceptual problems come to the surface at once.

: The thread will go no where. He will only twist it. He can't
: even answser the simple fact theat if one used CTR mode so
: a one byte cipher text file decrypts to 256 messages. And
: one used BICOM where a one byte output file could represent
: thousands and thousands of possible input messages. He in
: this example doesn't know which case is more secure. If he
: can't comprehend the obvious why keep tryinig. [...]

You seem to be much better than I am at stopping correcting people
when it should be obvious to everyone that they're mistaken.

I tend to carry on until they capitulate - or give up.

I'm probably too afraid that stopping arguing will lead people to
think that I've realised my error and have given up.

On the other hand (no offense to anyone intended) there's the
"if you're arguing with an idiot, that probably makes two of you"
proverb to consider.

I should probably start giving that proverb more weight.
-- 
__________
 |im |yler  [EMAIL PROTECTED]  Home page: http://alife.co.uk/tim/

------------------------------

From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 21:21:59 GMT

Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:

:> : Well CTR mode is not limited to 8-bit messages AND for any 8-bit message
:> : you can reach OTP status if the unacy distance is longer then 8-bits.
:>
:> Which only gets us as far as an OTP - which has the *same* security
:> problem as counter mode if messages are of varying lengths and
:> the plaintexts and cyphertexts are of equal lengths.

: What problem?

Lack of perfect secrecy for a start.

: If all possible messages are uniformly distributed you have
: no advantage hence you can't tell which message is the real one.

In the case under discussion being given the cyphertext gives a *big*
clue about the plaintext - namely its length.  That is likely
to immediately rule out most plaintexts.

:> : Hence, what is the problem?  If it's an OTP then it's provably resilient
: to
:> : all known attacks!
:>
:> This is the problem.  You seem to think an OTP is some sort of holy
:> grail - and that by comparing CTR mode to it you banish all its problems.
:>
:> OTPs do *not* have perfect secrecy if messages can be of varying lengths
:> and the plaintexts and cyphertexts are of equal lengths.
:>
:> Such an OTP is *not* "provably resistant to all known attacks".
:>
:> Comparing one damaged system with another one gets you nowhere.

: Hmm?  An OTP has #key = #msg = #ciphertext.  What are you talking about
: "messages can be of varying lengths and plaintext and ciphertexts are of
: equal lengths".

Exactly what it says.

: The plaintext is the message!

Yes.  Those terms may be considered to be interchangable in my sentence
above.

: If you follow the rules of an OTP you can't lose.  it's a bloody fact of
: math man.

So you seem to (erroneously) think.

: If all messages are uniformly distributed you can't find the real
: message. [...]

...but since some messages are longer than 8 bits, the possible plaintexts
are *not* uniformly represented by an 8-bit cyphertext.

Some (the ones with 8 bits) have probability 1/256.  All other plaintexts
have probability 0.  That is not a "uniform distribution".
-- 
__________  http://rockz.co.uk/  http://alife.co.uk/   http://hex.org.uk/
 |im |yler  http://atoms.org.uk/ http://mandala.co.uk/ [EMAIL PROTECTED]

------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Tue, 05 Jun 2001 21:34:22 GMT


"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> : Well CTR mode is not limited to 8-bit messages AND for any 8-bit
message
> :> : you can reach OTP status if the unacy distance is longer then 8-bits.
> :>
> :> Which only gets us as far as an OTP - which has the *same* security
> :> problem as counter mode if messages are of varying lengths and
> :> the plaintexts and cyphertexts are of equal lengths.
>
> : What problem?
>
> Lack of perfect secrecy for a start.

Given your limited understanding of "perfect secrecy" this doesn't mean
much.

> : If all possible messages are uniformly distributed you have
> : no advantage hence you can't tell which message is the real one.
>
> In the case under discussion being given the cyphertext gives a *big*
> clue about the plaintext - namely its length.  That is likely
> to immediately rule out most plaintexts.

Oh yes, the real plaintext can't be trillion bytes long.  So what?

>
> :> : Hence, what is the problem?  If it's an OTP then it's provably
resilient
> : to
> :> : all known attacks!
> :>
> :> This is the problem.  You seem to think an OTP is some sort of holy
> :> grail - and that by comparing CTR mode to it you banish all its
problems.
> :>
> :> OTPs do *not* have perfect secrecy if messages can be of varying
lengths
> :> and the plaintexts and cyphertexts are of equal lengths.
> :>
> :> Such an OTP is *not* "provably resistant to all known attacks".
> :>
> :> Comparing one damaged system with another one gets you nowhere.
>
> : Hmm?  An OTP has #key = #msg = #ciphertext.  What are you talking about
> : "messages can be of varying lengths and plaintext and ciphertexts are of
> : equal lengths".
>
> Exactly what it says.
>
> : The plaintext is the message!
>
> Yes.  Those terms may be considered to be interchangable in my sentence
> above.
>
> : If you follow the rules of an OTP you can't lose.  it's a bloody fact of
> : math man.
>
> So you seem to (erroneously) think.
>
> : If all messages are uniformly distributed you can't find the real
> : message. [...]
>
> ...but since some messages are longer than 8 bits, the possible plaintexts
> are *not* uniformly represented by an 8-bit cyphertext.
>
> Some (the ones with 8 bits) have probability 1/256.  All other plaintexts
> have probability 0.  That is not a "uniform distribution".

Yes, but if you want to use math against me try using it right.  the
messages >1 byte are not part of the set.  The plaintext is assumed to be a
byte thus 0x123456 is not a member of that set.

Again so what?

Tom



------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Tue, 05 Jun 2001 21:36:25 GMT


"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
> :  Tim I think TOM is just trying to make ass out of himself
>
> He seems to me to have been doing a lot of that recently:
>
> First the "unicity distance", then the "bijection", and now the
> "CTR mode".  I guess we just rub him up the wrong way - so that
> all of his conceptual problems come to the surface at once.

Well I am not familiar with alot of math terminology or symbols since they
don't teach it in school.  But I am vaguely aware of combinatorics and
finite math and I know that if the message space has a uniform distribution
you have no advantage.

> : The thread will go no where. He will only twist it. He can't
> : even answser the simple fact theat if one used CTR mode so
> : a one byte cipher text file decrypts to 256 messages. And
> : one used BICOM where a one byte output file could represent
> : thousands and thousands of possible input messages. He in
> : this example doesn't know which case is more secure. If he
> : can't comprehend the obvious why keep tryinig. [...]
>
> You seem to be much better than I am at stopping correcting people
> when it should be obvious to everyone that they're mistaken.
>
> I tend to carry on until they capitulate - or give up.
>
> I'm probably too afraid that stopping arguing will lead people to
> think that I've realised my error and have given up.
>
> On the other hand (no offense to anyone intended) there's the
> "if you're arguing with an idiot, that probably makes two of you"
> proverb to consider.
>
> I should probably start giving that proverb more weight.

Or just realize your fallacy.  Gimme a break guys.  You're arguing
non-sense.  You can't even solve

55 = P + K mod 256

And you know the length of both P and K!

If you can't solve this, how can you state what you are a saying is a truth?

Tom



------------------------------

From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 21:31:50 GMT

Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:

:> :> : Yes there will be equivalent keys but not enough to tell from random.
:> :>
:> :> Tell /what/ "from random".
:>
:> : Tell the plaintext. [...]
:>
:> I can very likely tell a randomly chosen plaintext from the decrypt of an
:> 1 byte cyphertext using CTR mode.
:>
:> Does the random plaintext have only 8 bits?  If not, I can immediately
:> distinguish them.

: Yes, but you are just brute forcing the key space. [...]

Nope - just checking lengths.

:> : The truth is if the message has a prob of 1/256 and all outputs from the
:> : cipher are equalprobable (i.e 1/256) then it's a provably secure for a
:> : single byte only.
:>
:> Ah - you're sliding in that "for a single byte only"...
:>
:> As though we're discussing the trivial case of only 256 possible
:> messages...

: Um yes that's what we were f$$$ talking about.  For geez sakes stay on the
: same model!

We are *not* discussing the case of 256 possible messages.  Both BICOM and
CTR mode can encrypt *any* possible message.

Given this wide distribution of possible messages, we are asking what
security is offered when encrypting a particular 8-bit message in BICOM
and CTR mode.

BICOM with a 128 bit key maps it to one of 2^128 possible messages.
CTR mode maps it to one of 256 messages.

The latter produces an 8-bit cyphertext with only 256 possible
interpretations.

If you happened to know the message consisted entirely of space
characters, you could uniquely identify the message!

:> Of course it's not provably secure - unless you think only having 256
:> possible plaintexts out of the possible billions is something worthwhile.
:>
:> We're trying to stop the attacker getting information about the message.
:> Giving him the length of the message on a plate is a terrible start.

: Why?  Tell me how you can find K from C knowing the length?

: Just tell me why it's a problem.

You go round and round in circles.  I've responded in some detail to both
these questions already.
-- 
__________
 |im |yler  [EMAIL PROTECTED]  Home page: http://alife.co.uk/tim/

------------------------------

From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 5 Jun 2001 21:26:39 GMT

[EMAIL PROTECTED] (Tom St Denis) wrote in
<IFbT6.37777$[EMAIL PROTECTED]>: 

>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (Tom St Denis) wrote in
>> <CebT6.37239$[EMAIL PROTECTED]>:
>>
>> >
>> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>> >news:[EMAIL PROTECTED]...
>> >> [EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>> >>
>> >>  Tim I think TOM is just trying to make ass out of himself
>> >> The thread will go no where. He will only twist it. He can't
>> >> even answser the simple fact theat if one used CTR mode so
>> >> a one byte cipher text file decrypts to 256 messages. And
>> >> one used BICOM where a one byte output file could represent
>> >> thousands and thousands of possible input messages. He in
>> >> this example doesn't know which case is more secure. If he
>> >> can't comprehend the obvious why keep tryinig. He does not
>> >> want to know the truth. He doesn't care. You can give a pig
>> >> singing lessoons but his not going to learn. You just waste your
>> >> time and the pigs.
>> >
>> >Funny.  Why can't you answer any simple questions?
>> >
>> >Again.
>> >
>> >C = P + K mod 256
>> >C = 55
>> >
>> >What is P?
>> >
>> >Tom
>> >
>> >
>> >
>>
>>   Tell what little get a third party to encrypt using your ctr
>> mod a one cipher text output file. I will guess the input. I may
>> be wrong. Then you get to guess the input to a one byte output
>> file encrypted with BICOM. If you miss I guess again. And we
>> keep doing this till one gets it right. I am willing to put
>> a thousand bucks on this. On second thought you go first.
>> Do you feel secure enough to really bet. I doubt it.
>>
>>   And no as in what many beginers try. I don't know what P is
>> uniquely but your a bigger fool than I thought if you thing
>> that even reducing the message space to a few messages is a
>> sign of security. The larger the pool of uncertainy about the
>> message the better.
>
Here's a tip.
 
  Why I waste my time I don't know but below is two versions
of an OTP. You seem very ignorant of what an OTP is but I
will try one more time.

 I have 510 message I could do it the TOMMY way and assign
2 messages to 1 bit and if sending one of those use a 1 bit OTP
4 messages to 2 bits and if sending one of those use a 2 bit OTP
8 messages to 3 bits and if sending one of those use a 3 bit OTP
16 messages to 4 bits and if sending one of those use a 4 bit OTP
32 messages to 5 bits and if sending one of those use a 5 bit OTP
64 messages to 6 bits and if sending one of those use a 6 bit OTP
128 messages to 7 bits and if sending one of those use a 7 bit OTP
256 messages to 8 bit and if sending one of those use a 8 bit OTP

One thing to notice is by the number of bits sent the attacker
can determine a small set that the possible message came from.
This is called getting some of the information. Tommy thinks
this is secure. Tommy this is not "perfect security". But since
you seem to know nothing about basic encryption entropy or
compression it may be over your head.

Take the above set of 510 messages. Assign themto 9 bits.
so every message is 9 bits.
1 goes to 000000000
2 goes to 000000001
...
510 goes to 111111101

the values 111111111 and 111111110 are not used so you
can elimintate 2 keys that do nowhere

know use a 9 bit OTP and send it an attacker gets
9 bits. He knows nothing about which message sent
he gets no clue from the cipher text. This TOMMY boy
is called "perfect security" a concept you seem totally
unaware of. You like the child that sends a one liner
to sci.crypt and then demand people to brake it. When
they don't bother too. The child thinks he has something
hot.

 Your childish comparision of CTR to OTP is done countless
times by desingers of quack systems. It really doesn't mean
much except to people who lack an understanding of crypto
like yourself.



David A. Scott
-- 
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
        http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
 made in the above text. For all I know I might be drugged or
 something..
 No I'm not paranoid. You all think I'm paranoid, don't you!


------------------------------

From: [EMAIL PROTECTED]
Subject: Re: One last bijection question
Date: 5 Jun 2001 21:43:43 GMT

Tom St Denis <[EMAIL PROTECTED]> wrote:
> Ok I thought bijections were when the codomain and domain are the same set.

> http://www.dictionary.com/cgi-bin/dict.pl?term=surjection

> Seems to support this thought.

> A function f : A -> B is surjective or onto or a surjection if f A = B

> Don't A and B represent the domain/codomain sets respectively?

It's a surjection if f(A)=B  -- in other words, if the image of A
under f is exactly B (more conversationally, if f "covers" the whole
set B).  There's no condition there that A=B.

Here's an example of something that is a surjection, but not an
injection (and hence not a bijection) and also has different sets for
domain and range:  any non-trivial decision problem.  For example, the
set A is the set of all natural numbers, and B is the two-element 
set "{yes,no}".   Now f maps x to "yes" if x is a prime number, and to
"no" if x is composite.  Since there are both primes and composites,
then both items of the set B are mapped to.  But clearly A and B are
different sets.  This is a surjective function.

-- 
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences       | "The box said 'Requires Windows 95, NT, 
University of North Texas        |  or better,' so I installed Linux."
Denton, TX  76201                | 

------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Tue, 05 Jun 2001 21:45:16 GMT


"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Here's a tip.

Which I shall not take.

>   Why I waste my time I don't know but below is two versions
> of an OTP. You seem very ignorant of what an OTP is but I
> will try one more time.

I read applied crypto.  I'm well aware of what an OTP is.

>  I have 510 message I could do it the TOMMY way and assign
> 2 messages to 1 bit and if sending one of those use a 1 bit OTP
> 4 messages to 2 bits and if sending one of those use a 2 bit OTP
> 8 messages to 3 bits and if sending one of those use a 3 bit OTP
> 16 messages to 4 bits and if sending one of those use a 4 bit OTP
> 32 messages to 5 bits and if sending one of those use a 5 bit OTP
> 64 messages to 6 bits and if sending one of those use a 6 bit OTP
> 128 messages to 7 bits and if sending one of those use a 7 bit OTP
> 256 messages to 8 bit and if sending one of those use a 8 bit OTP
>
> One thing to notice is by the number of bits sent the attacker
> can determine a small set that the possible message came from.

Yes, they know the set but not the message.  Big deal?

> This is called getting some of the information. Tommy thinks
> this is secure. Tommy this is not "perfect security". But since
> you seem to know nothing about basic encryption entropy or
> compression it may be over your head.

Perhaps.

> Take the above set of 510 messages. Assign themto 9 bits.
> so every message is 9 bits.
> 1 goes to 000000000
> 2 goes to 000000001
> ...
> 510 goes to 111111101
>
> the values 111111111 and 111111110 are not used so you
> can elimintate 2 keys that do nowhere
>
> know use a 9 bit OTP and send it an attacker gets
> 9 bits. He knows nothing about which message sent
> he gets no clue from the cipher text. This TOMMY boy
> is called "perfect security" a concept you seem totally
> unaware of. You like the child that sends a one liner
> to sci.crypt and then demand people to brake it. When
> they don't bother too. The child thinks he has something
> hot.

Again I know the set in your example so what's your point?

>  Your childish comparision of CTR to OTP is done countless
> times by desingers of quack systems. It really doesn't mean
> much except to people who lack an understanding of crypto
> like yourself.

C = 88 5e f7 fe c1 78 f0 6d 61 c8 bc ac 3a a1 09 ae 12 6b 4e 46 58

What is P? (this is an OTP encoded message)

Tom



------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Tue, 05 Jun 2001 21:46:48 GMT


"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> :> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> :> :> : Yes there will be equivalent keys but not enough to tell from
random.
> :> :>
> :> :> Tell /what/ "from random".
> :>
> :> : Tell the plaintext. [...]
> :>
> :> I can very likely tell a randomly chosen plaintext from the decrypt of
an
> :> 1 byte cyphertext using CTR mode.
> :>
> :> Does the random plaintext have only 8 bits?  If not, I can immediately
> :> distinguish them.
>
> : Yes, but you are just brute forcing the key space. [...]
>
> Nope - just checking lengths.

WHY DOES THE LENGTH AUTOMATICALLY GIVE YOU THE MESSAGE?

You keep reitterating the same thing...

> :> : The truth is if the message has a prob of 1/256 and all outputs from
the
> :> : cipher are equalprobable (i.e 1/256) then it's a provably secure for
a
> :> : single byte only.
> :>
> :> Ah - you're sliding in that "for a single byte only"...
> :>
> :> As though we're discussing the trivial case of only 256 possible
> :> messages...
>
> : Um yes that's what we were f$$$ talking about.  For geez sakes stay on
the
> : same model!
>
> We are *not* discussing the case of 256 possible messages.  Both BICOM and
> CTR mode can encrypt *any* possible message.
>
> Given this wide distribution of possible messages, we are asking what
> security is offered when encrypting a particular 8-bit message in BICOM
> and CTR mode.
>
> BICOM with a 128 bit key maps it to one of 2^128 possible messages.
> CTR mode maps it to one of 256 messages.
>
> The latter produces an 8-bit cyphertext with only 256 possible
> interpretations.
>
> If you happened to know the message consisted entirely of space
> characters, you could uniquely identify the message!

C = 88 5e f7 fe c1 78 f0 6d 61 c8 bc ac 3a a1 09 ae 12 6b 4e 46 58

What is P?

> :> Of course it's not provably secure - unless you think only having 256
> :> possible plaintexts out of the possible billions is something
worthwhile.
> :>
> :> We're trying to stop the attacker getting information about the
message.
> :> Giving him the length of the message on a plate is a terrible start.
>
> : Why?  Tell me how you can find K from C knowing the length?
>
> : Just tell me why it's a problem.
>
> You go round and round in circles.  I've responded in some detail to both
> these questions already.

Well those are real questions.  Just because you know the length you don't
know the message.  Doesn't that seem important?

Tom



------------------------------

From: [EMAIL PROTECTED] (JPeschel)
Date: 05 Jun 2001 21:47:44 GMT
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)

Tim Tyler [EMAIL PROTECTED] writes, in part:


>OTPs do *not* have perfect secrecy if messages can be of varying lengths
>and the plaintexts and cyphertexts are of equal lengths.
>

I don't follow this. It sounds as if you are re-defining an OTP.

Joe

__________________________________________

Joe Peschel 
D.O.E. SysWorks                                 
http://members.aol.com/jpeschel/index.htm
__________________________________________


------------------------------

From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: Tue, 05 Jun 2001 21:50:17 GMT


<[EMAIL PROTECTED]> wrote in message
news:9fjjqf$t4v$[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > Ok I thought bijections were when the codomain and domain are the same
set.
>
> > http://www.dictionary.com/cgi-bin/dict.pl?term=surjection
>
> > Seems to support this thought.
>
> > A function f : A -> B is surjective or onto or a surjection if f A = B
>
> > Don't A and B represent the domain/codomain sets respectively?
>
> It's a surjection if f(A)=B  -- in other words, if the image of A
> under f is exactly B (more conversationally, if f "covers" the whole
> set B).  There's no condition there that A=B.
>
> Here's an example of something that is a surjection, but not an
> injection (and hence not a bijection) and also has different sets for
> domain and range:  any non-trivial decision problem.  For example, the
> set A is the set of all natural numbers, and B is the two-element
> set "{yes,no}".   Now f maps x to "yes" if x is a prime number, and to
> "no" if x is composite.  Since there are both primes and composites,
> then both items of the set B are mapped to.  But clearly A and B are
> different sets.  This is a surjective function.

Ah so surjective functions are not one-to-one?

ARRG (sound of head exploding).

I have the solution.  I will write down all the defs (injection, surjection,
bijection) and make a venn diagram to see the diffs...

Tom



------------------------------

Crossposted-To: 
alt.privacy,alt.security,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Welcoming another Anti-Evidence Eliminator stooge to USENET  (P.  Dulles 
/ AKA Loki)
From: Keith <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 05 Jun 2001 22:54:30 +0100

In article <HXBS6.21293$[EMAIL PROTECTED]>, Tom St 
Denis wrote:
> Thus N+1 is a new prime not in the list.
>

This is almost a statement of the standard proof of an infinity of 
primes given by Euclid. But you have not shown N+1 is a prime, only 
that N+1 is not divisible by the conjectured list of all primes. That 
is enough to produce the contradiction.

Keith


------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: [EMAIL PROTECTED]

You can send mail to the entire list by posting to sci.crypt.

End of Cryptography-Digest Digest
******************************

Reply via email to