Cryptography-Digest Digest #600, Volume #14 Tue, 12 Jun 01 21:13:00 EDT
Contents:
Re: Sophie-Germain Primes for sale (The Nameless Horror)
When the signer is trusted do birthdays matter? (Fat Phil)
Better 8x32's sboxes ("Tom St Denis")
Re: When the signer is trusted do birthdays matter? (Paul Rubin)
Re: Alice and Bob Speak MooJoo ("Robert J. Kolker")
Re: Prime Directive was _Re: National Security Nightmare? (John Savard)
Re: Simple Crypto II, the public key... (John Savard)
alternative linear prob? ("Tom St Denis")
Re: Humor, "I Must be a Threat to National Security" (SCOTT19U.ZIP_GUY)
Who can help me crack this encryption (Terrence Koeman)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
([EMAIL PROTECTED])
Re: help non-elephant encryption (Gregory G Rose)
Re: Simple Crypto II, the public key... ("Tom St Denis")
Re: Alice and Bob Speak MooJoo ("Tom St Denis")
Re: Alice and Bob Speak MooJoo ("Robert J. Kolker")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (The Nameless Horror)
Subject: Re: Sophie-Germain Primes for sale
Date: Tue, 12 Jun 2001 23:11:02 GMT
On Tue, 12 Jun 2001 21:19:54 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote:
>And yes FYI I live a very sheltered life.
There are worse things than leading a sheltered life. Another poster
to this newsgroup has, for some reason, chosen to enlighten us about
his experiences in the state of Nevada.
Upon coming across some historical information in a web search, I was
tempted to retort, were he to mention that sort of thing again, that
we would hardly be interested in hearing about it unless his encounter
had been with Teri Wiegel at the Moonlight Bunny.
I was surprised, though, in doing a Google/Deja search, to discover
that at least one of his encounters was at that very facility,
although with someone less famous: Kulani. However, further searching
disclosed that she had recieved a couple of very favorable reviews, so
at least said poster has good taste.
------------------------------
From: Fat Phil <[EMAIL PROTECTED]>
Subject: When the signer is trusted do birthdays matter?
Date: Wed, 13 Jun 2001 02:06:25 +0300
I understand the birthday coincidence problem. (i.e. only ~22 random
people is enough for a 50/50 chance of a birthday coincidence).
However, if your document _originator_and_signer_ is Trusted Trent, and
signatures are done on the document hash, then why do you need to
consider the birthday attack. He's not going to be creating many
documents in order to try to find two that hash together?
In fact being a single person/company, he's only going to be releasing
'small' numbers of documents (few/day, say).
Does that mean that in this situation hashes only need to be half as
wide as one would normally recommend as they don't need to consider the
birthday problem?
Or have I missed something?
Phil
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Better 8x32's sboxes
Date: Tue, 12 Jun 2001 23:23:17 GMT
I was thinking about making slightly better 8x32's (actually it was a bolt
of the obvious).
Use the inversion in GF(2^32)/p(x) instead. Basically we fix three of the
inputs for the four 8x32's as in
X11 X12 X13 X
X21 X22 X X24
X31 X X33 X34
X X42 X43 X44
Where no row has identical fixed values. (i.e X11 != X21, X11 != X31,
etc...). Each row is one 8x32 sbox and X is the variable input.
The entire set of four 8x32 sboxes would be defined by the 12 fixed bytes
and the polynomial.
Ideally the 12 bytes would be picked wrt to the polynomial such that a
change in any fixed byte will have an output that differs in as many output
bytes as possible. That way the # of active sboxes is maximized. If the
initial condition that all 12 bytes are different is observed then all four
sboxes will have unique values and not be vulnerable to Vaudenays attack on
Blowfish. (If I understand correctly his attack is based on finding a
\Delta x \rightarrow \Delta 0 differential).
Of course each 8x32 sbox will have a DPmax of 4/256.
My question is, how do I find the LPmax? Obviously I could change the walsh
transform todo an 8-bit input mask and 32-bit output mask, that would
require 2^48 work though...
Now I know the DPmax just because of the way differentials work. I.e for
any input difference the output difference occurs at most four times. Thus
4/256 is the max.
With linear analysis any input parity leads to an output parity with a bias
of 2^16 (from 0, or 2^-16 as an LPmax). However, for some inputs a parity
of zero or one is guaranteed based on the fixed values. Hence a truncated
linear attack (i.e must only maintain the parity of the 8 variable bits).
Any insight?
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: When the signer is trusted do birthdays matter?
Date: 12 Jun 2001 16:27:56 -0700
Fat Phil <[EMAIL PROTECTED]> writes:
> However, if your document _originator_and_signer_ is Trusted Trent, and
> signatures are done on the document hash, then why do you need to
> consider the birthday attack. He's not going to be creating many
> documents in order to try to find two that hash together?
The whole idea of signatures is so you can tell whether the document
really came from Trusted Trent. If it didn't, but came from an
attacker instead, all bets are off about what the attacker might do.
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Tue, 12 Jun 2001 19:36:21 -0400
Zonn wrote:
>
> 3. Helen Keller could in no sense of the word be considered "dumb". (Refer to #2
> above.)
Dumb means mute, not stupid.
Bob Kolker
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Prime Directive was _Re: National Security Nightmare?
Date: Tue, 12 Jun 2001 23:35:06 GMT
On Fri, 8 Jun 2001 16:04:10 -0400, "Dramar Ankalle"
<[EMAIL PROTECTED]> wrote, in part:
>I have already suggested on
>the physics groups that since there is a red shift in all directions you
>look, that the big bang happened right in our neighborhood first, and thus
>attracts the tourists.
Actually, even in Newtonian physics, everything would be retreating at
an equal speed in all directions from any body ejected in an explosion
from a point source. So one doesn't even need GR to object to that
one.
However, there IS a reason that alien races might well be filling our
skies to observe us.
As noted science-fiction author Arthur C. Clarke observed about our
own future contacts with aliens when we explore space, we might
encounter "apes or angels, but never men". Sort of spoils a lot of
classic science-fiction and space-opera plots.
But think about it: life on Earth existed for billions of years.
Anatomically modern humans have existed for something like 400,000
years so far. And technology involving artificial power sources to any
significant extent has only been around for 150 years or so, and look
at how rapid the progress has been since.
So the transition from animals and primitive people scarcely
distinguishable from animals in their impact on the environment to a
race of beings holding immense power and expanding into space is a
very brief period in the history of a world. What will we be like a
thousand years from now? Or ten thousand? Would aliens at such a stage
of development - never mind aliens similar to what we would be one
million years from now, still a brief moment compared to the four
billion year history of life on Earth - be even comprehensible to us?
As such, therefore, it is a rare event, and one highly worthy of study
when it happens. Now - and the next few hundred years - on Earth, a
rare event, that has begun a few thousand years ago (whether 6
thousand or 400 thousand), is taking place: the transition of a
species from being an insignificant life form on yet another planet to
being a worthy participant in the life of the Universe.
Incomprehensibly alien and advanced they may be, but like us they will
harbor a curiosity about their own beginnings.
While I am even slightly more inclined towards skepticism when it
comes to UFOs than Arthur C. Clarke, he has, unwittingly, supplied the
one plausible rationale that would explain why they would have a
reason to be buzzing our skies were such the case.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Simple Crypto II, the public key...
Date: Tue, 12 Jun 2001 23:37:13 GMT
On Tue, 12 Jun 2001 23:04:40 GMT, "Tom St Denis"
<[EMAIL PROTECTED]> wrote, in part:
>How do you cheat with "mod operations"? I have a list of good DH primes if
>you want
Well, if P is 2^n-1, one can perform modulo arithmetic without long
division. I don't know if a prime can be Mersenne and Sophie Germain
at the same time, though.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: alternative linear prob?
Date: Tue, 12 Jun 2001 23:47:47 GMT
I always thought LPmax denoted the # of times any linear bias deviates from
1/2. I.e
LPmax = 16/256 would mean over all possible inputs any given bias has a
maximum bias of 16 away from 128 i.e 112/256 or 144/256.
I was flipping through the Twofish book and I noted
LPmax = 2 * (x / 256)^2
Which is also used by Mitsuru Matsui. By plugging 144 into that (x=144) I
get 0.6328125.
What does this mean? [did I copy the formula right?]
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: 13 Jun 2001 00:00:14 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> Having worked for the government. I noticed in the old
>> days qualifications meant a lot. But then we had a cold war
>> we needed to win. In the later years qualifications didn't
>> mean squat. It was better if you meet the right politically
>> correct quota.
>
>No doubt, we need a good war to straighten out the DoD.
>
The problem is the next big war will be with the chinese
and the first shots will most likely be suit case nuclear
bombs going off at random all over the US. As well a release
of small pox and what ever else they have. Just like we defeated
the british in the revolution we did not play by the rules. I
fear the chinese will not play by our rules and we can thank
clinton for giving them the weapons to destroy ourselves.
Yes I do feel betrayed by him but there is not much we can
do about it now.
I could be wrong maybe the next war will start in the middle
east when the jews and moslems finally decide to exterminate
each other. Or pakistain and inda may decide to attack the other
first. Either of the later two cases may in the long run help
us. But if history is a guide there will be a Major war and with
todays weapons it will be very very big.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Terrence Koeman <[EMAIL PROTECTED]>
Subject: Who can help me crack this encryption
Date: Wed, 13 Jun 2001 00:11:10 GMT
I'm sorry if this question is double posted, but my original posting
disappeared and I'm not sure if my reply got through my crappy
provider's newsserver ;) (i think not...)
I'm trying to crack a code, and with the help of Daniel i got this far
(the original code is at the end...):
01001100 4C "L" 00010101
01101111 6F "o" 10101111
01101111 6F "o" 01100011
01101011 6B "k" 00101011
00100000 20 " " 00011111
01110100 74 "t" 10110101
01101000 68 "h" 10100001
01110010 72 "r" 10110010
01101111 6F "o" 01101111
01110101 75 "u" 00000010
01100111 67 "g" 10101001
01101000 68 "h" 00010111
00100000 20 " " 11001111
01110100 74 "t" 10000101
01101000 68 "h" 10101011
01100101 65 "e" 10000001
00100000 20 " " 00101111
01101000 68 "h" 10101000
01101111 6F "o" 01100000
01101100 6C "l" 01100101
01100101 65 "e" 10001010
01110011 73 "s" 10010100
00100000 20 " " 11001111
01110100 74 "t" 10110000
01101111 6F "o" 10101111
00100000 20 " " 00100011
01110010 72 "r" 10000001
01100101 65 "e" 10101010
01110110 76 "v" 01110010
01100101 65 "e" 10101010
01100001 61 "a" 01101110
01101100 6C "l" 00100001
00100000 20 " " 11001111
01110100 74 "t" 10010101
01101000 68 "h" 10101000
01100101 65 "e" 01101010
00100000 20 " " 01000111
01110011 73 "s" 10110100
01100101 65 "e" 10100010
01100011 63 "c" 01101101
01110010 72 "r" 01110010
01100101 65 "e" 01101001
01110100 74 "t" 00010001
00100000 20 " " 11011111
01101000 68 "h" 10101000
01101001 69 "i" 10100110
01100100 64 "d" 01101000
01100100 64 "d" 00001011
01100101 65 "e" 10000010
01101110 6E "n" 01100110
00100000 20 " " 11001111
01110111 77 "w" 10000111
01101001 69 "i" 00000110
01110100 74 "t" 10110101
01101000 68 "h" 10011111
01101001 69 "i" 11111111
01101110 6E "n" 11111111
00100000 20 " " 11111111
01101101 6D "m" 11111111
01100101 65 "e" 11111111
I tried inverting the second column, as the last
5 bytes seem padding that should be '00000000'. I also tried XOR-ing
and OR-ing the first column with the second, but no avail...
Does anyone have any ideas on the second column?
Thank you in advance ;)
Regards,
Terrence Koeman
The original code:
0100110000010101
0110111110101111
0110111101100011
0110101100101011
0010000000011111
0111010010110101
0110100010100001
0111001010110010
0110111101101111
0111010100000010
0110011110101001
0110100000010111
0010000011001111
0111010010000101
0110100010101011
0110010110000001
0010000000101111
0110100010101000
0110111101100000
0110110001100101
0110010110001010
0111001110010100
0010000011001111
0111010010110000
0110111110101111
0010000000100011
0111001010000001
0110010110101010
0111011001110010
0110010110101010
0110000101101110
0110110000100001
0010000011001111
0111010010010101
0110100010101000
0110010101101010
0010000001000111
0111001110110100
0110010110100010
0110001101101101
0111001001110010
0110010101101001
0111010000010001
0010000011011111
0110100010101000
0110100110100110
0110010001101000
0110010000001011
0110010110000010
0110111001100110
0010000011001111
0111011110000111
0110100100000110
0111010010110101
0110100010011111
0110100111111111
0110111011111111
0010000011111111
0110110111111111
0110010111111111
------------------------------
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
From: [EMAIL PROTECTED]
Date: 12 Jun 2001 20:16:58 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
>>
>> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>[snip]
>>> If it takes a time for the opponent that is for all practical purpose
>>> equivalent to infinity (say thirty years) to obtain the private key,
>>> then one is entirely safe, isn't it?
>>
>> Yes. The message is ``secure''. But it is not secure in an information-
>> theoretic sense: it is still possible to be absolutely certain whether
>> a claimed key is or is not the real key.
>
> Sorry, I don't think that I fully understand the last sentence. You
> certainly mean by 'a claimed key' a claimed private key. I have
> certainly to protect my private key.
There are lots of ways to get hold of a private key. One is to devote
billions of processors to the task of factoring your public key. I don't
care in the slightest where a candidate private key comes *from*; I'm
telling you that once it's in my hands:
(1) In the case of OTP, I'm not better off than before. I can't ever be
positive it's the right key.
(2) In the case of PK systems, I generally *can* be 100% positive I have
now got the private key in my hands.
> If someone else creates a key and claims it to be my private key,
> he can't get the key right anyway. Why should I care such a scenario?
You're not thinking hard enough. One corrollary to my remark is that brute
force is guaranteed to work *eventually*. In the case of OTP, brute force
is useless. Another corrollary is that if I bribe your secretary, I can be
sure she brought me the right key, and not a clever plant from you.
A third is that research into faster factoring is worth my while: I
may prove that NP is P, or that factoring is not NP-complete and is in
fact P, or that RSA can be broken without factoring at all. Having done
so, your cryptosystem is 100% busted, because I can recover your keys
with 100% certainty.
Len.
--
Don't believe anything RFC 1912 says until you've verified it
elsewhere.
-- Dan Bernstein
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: help non-elephant encryption
Date: 12 Jun 2001 17:21:44 -0700
First let me say that I agree totally with
Joseph's evaluation of the product as snake oil.
However:
In article <u5cLfG38AHA.259@cpmsnbbsa07>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>They claim to offer perfect security. I shouldn't have to deal with this one
>directly, but they said it so I'll respond. Shannon proved that to have
>perfect security you must (in this case) have a key as long as the data
>being encrypted. Since there are infinite streams around, the key must be
>infinite. They have somehow in key agreement where a finite amount of
>information was transferred, transferred an infinitely long perfectly random
>sequence. This is impossible, plain and simple.
There is a howling logical error here. There are
no "infinite streams" around. There are
arbitrarily long one, but that isn't the same
thing. Indeed your conclusion *requires* that no
such infinite stream can exist.
Also it's perfectly reasonable to claim that a
system has perfect secrecy for streams up to some
(implied) finite length. After all, we're used to
changing DES keys every 32 gigabytes.
I think the argument that they would have needed
an impossible object to encrypt another impossible
object is invalid.
... but it's still snake oil ;-)
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Simple Crypto II, the public key...
Date: Wed, 13 Jun 2001 00:35:59 GMT
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Tue, 12 Jun 2001 23:04:40 GMT, "Tom St Denis"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >How do you cheat with "mod operations"? I have a list of good DH primes
if
> >you want
>
> Well, if P is 2^n-1, one can perform modulo arithmetic without long
> division. I don't know if a prime can be Mersenne and Sophie Germain
> at the same time, though.
Ah but the # of good primes of the form 2^n - 1 is few. i dunno of any good
~1024 bit primes of that form.
Of course [for anyone in the dark] a mod operation with these modulos is
just a shift right n bits and an addition.
So "mod 255" would be
a = ((a >> 8) + a) & 255;
In C... so you could do a mult like
a = b * c;
a = ((a >> 8) + a) & 255;
Where a,b,c are at least 16-bit values and b/c are 0..255
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Wed, 13 Jun 2001 00:36:40 GMT
"Robert J. Kolker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Zonn wrote:
>
> >
> > 3. Helen Keller could in no sense of the word be considered "dumb".
(Refer to #2
> > above.)
>
> Dumb means mute, not stupid.
Question. If "dumb means mute" and dumb also has the meaning [perhaps
unofficial] as stupid, why not just say "mute".?
Tom
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Tue, 12 Jun 2001 21:08:55 -0400
Tom St Denis wrote:
>
> Question. If "dumb means mute" and dumb also has the meaning [perhaps
> unofficial] as stupid, why not just say "mute".?
This is not a dumb question. Common usage has added another
meaning to the word "dumb". Such alterations and additions to
meaning are quite common. Just look at what has become of
the word "gay", which at one time meant happy go lucky and
light hearted. Listen to the Flintstones theme song some time
to hear the word in its original meaning.
Bob Kolker
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
