Cryptography-Digest Digest #643, Volume #14 Mon, 18 Jun 01 19:13:00 EDT
Contents:
About Principia Mathematica (long) (Mok-Kong Shen)
Re: BigNum Question (Tim Tyler)
Cypherus encryption software (Andrew Palumbo)
Re: Counter mode, the better way to do it? ("Julian Morrison")
Re: Counter mode, the better way to do it? ("Tom St Denis")
Re: Counter mode, the better way to do it? ("Julian Morrison")
Re: Counter mode, the better way to do it? ("Tom St Denis")
Re: About Principia Mathematica (long) (Fred W. Helenius)
Re: About Principia Mathematica (long) (Karl Forsberg)
Re: Cypherus encryption software (Paul Rubin)
Re: Is ECB truly more secure than CBC? (David Hopwood)
Re: Cypherus encryption software ("Tom St Denis")
Re: Is ECB truly more secure than CBC? ("Tom St Denis")
Re: Is ECB truly more secure than CBC? ("Tom St Denis")
Re: Counter mode, the better way to do it? ("Julian Morrison")
Re: Help on GF(2^N) ("Simon Johnson")
Re: Help on GF(2^N) ("Tom St Denis")
Re: Counter mode, the better way to do it? ("Tom St Denis")
Re: Cypherus encryption software ("Joseph Ashwood")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: About Principia Mathematica (long)
Date: Tue, 19 Jun 2001 00:07:41 +0200
In connection with a recent discussion in sci.crypt, I obtained
some seemingly radically different opinions or facts on the
readability of Whitehead and Russell's Principia Mathematica,
a book which I till the present have only heard talking about
but never even actually seen. On the one extreme there was
a regular in sci.crypt reporting that he had read most of that
book while yet in high school. On the other extreme there was
an acquaintance of mine claiming that most graduate students
in math attempting to read that book would be coming up against
a stone wall ('beissen auf Granit').
Fascinated thus by this huge disparity of opinions/facts, I
undertook to collect certain matters concerning the book which
appear to be of some general interest:
(1) Availability.
Currently the Cambridge University Press offers the full
version at $595.00 and an abridged version at $52.95.
Big public libraries are likely to have the full version
(e.g. the library of Deutsches Museum in Munich).
A company selling rare books offers on the internet the
first edition (666+772+491 pages) for $45,000.00, while
another offers the second edition (674+742+491 pages) for
3500 pounds.
(2) Contents of the book.
(Source: http://www.illc.uva.nl/~seop/archives/fall2000/
entries/principia-mathematica/)
Principia Mathematica appeared in three volumes which
together are divided into six parts. Volume 1 begins with
a lengthy Introduction containing sections entitled
"Preliminary Explanations of Ideas and Notations", "The
Theory of Logical Types" and "Incomplete Symbols". It also
contains Part I, entitled "Mathematical Logic", which
contains sections on "The Theory of Deduction", "Theory of
Apparent Variables", "Classes and Relations", "Logic of
Relations", and "Products and Sums of Classes"; and Part II,
entitled "Prolegomena to Cardinal Arithmetic", which
contains sections on "Unit Classes and Couples", "Sub-
Classes, Sub-Relations, and Relative Types", "One-Many,
Many-One and One-One Relations", "Selections", and
"Inductive Relations".
Volume 2 begins with a "Prefatory Statement of Symbolic
Conventions". It then continues with Part III, entitled
"Cardinal Arithmetic", which itself contains sections on
"Definition and Logical Properties of Cardinal Numbers",
"Addition, Multiplication and Exponentiation", and "Finite
and Infinite"; Part IV, entitled Relation-Arithmetic",
which contains sections on "Ordinal Similarity and Relation-
Numbers", "Addition of Relations, and the Product of Two
Relations", "The Principle of First Differences, and the
Multiplication and Exponentiation of Relations", and
"Arithmetic of Relation-Numbers"; and the first half of
Part V, entitled "Series", which contains sections on
"General Theory of Series", "On Sections, Segments,
Stretches, and Derivatives", and "On Convergence, and the
Limits of Functions".
Volume 3 continues Part V with sections on "Well-Ordered
Series", "Finite and Infinite Series and Ordinals", and
"Compact Series, Rational Series, and Continuous Series".
It also contains Part VI, entitled "Quantity", which itself
contains sections on "Generalization of Number", "Vector-
Families", "Measurement", and "Cyclic Families".
A fourth volume, on geometry, was planned but never
completed. Even so, the book remains one of the great
scientific documents of the twentieth century.
(3) Excerpts from diverse web pages about the book.
A. (Source: http://www.andrews.edu/~calkins/math/biograph/
biowhite.htm)
This landmark work on mathematical logic and the
foundations ofmathematics was written by Bertrand Russell
and Alfred North Whitehead and was published in three
volumes, in 1910, 1912 and 1913. Written as a defense of
logicism, the book promoted wide acceptance of modern
mathematical logic. Next to Aristotle's Organon, it is
the most influential book on logic ever written.
B. (Source: www.stephenwolfram.com/publications/talks/)
I think Whitehead and Russell probably win the prize for
the most notation-intensive non-machine-generated piece
of work that's ever been done.
C. (Source: http://www.cafecancun.com/bookarts/selfhits.htm)
Cambridge University Press, is the publisher of record but
refused to print it unless the authors paid part of the
publication costs. Russell remarked, "We thus earned minus
fifty pounds each for ten years' work."
A two-thousand-page philosophical tome on mathematics
published early in the century that, by the 1950s, had
been read by only about six people. It costs $565.00
through Amazon.com. A few dozen have been sold.
This famous book has just been included on a Modern
Library list of the century's hundred greatest nonfiction
book, reports The New Yorker, May 31, 1999. So the authors
lost money on one of the most important books of the
century.
D. (Source: http://www.arts.ubc.ca/philos/irvine/ABtpm.htm)
How is it that we have the mathematical knowledge that
we do? ... One answer which immediately comes to mind
is that we know that 2 + 2 = 4 because there exists a
mathematical proof that 2 + 2 = 4, and a proof, of course,
is just the kind of thing which is capable of justifying
belief. ... However, despite all this, how many of us
could actually provide the requisite justification by way
of proof? ... To provide a comparison, it was not until
proposition *110.643, on page 83 of the second volume of
Principia Mathematica that Whitehead and Russell were
able to prove that 1 + 1 = 2, let alone that 2 + 2 = 4.
(In a book not otherwise noted for its humour, it is
interesting to note that immediately below the proof is
the following remarkable understatement: "The above
proposition is occasionally useful. It is used at least
three times ...")
E. (Source: http://www.ams.org/new-in-math/06-1999-media.html)
Unreadable but irresistible. Sales of Principia Mathematica
have soared recently after it was voted one (number 23 to
be exact) of the 100 greatest nonfiction books of the 20th
century. This is reported in the May 31 New Yorker, in a
``Talk of the Town'' item by John Cassidy. And unnecessary:
``People don't need to read it because the important things
in it have been done more clearly elsewhere,'' according
to NYU mathematical philosopher Hartry Field, quoted by
Cassidy. A good reference on Russell and Whitehead and the
context of their work is the lecture notes by Stanley
Burris at the University of Waterloo. Cassidy concludes,
referring to Gödel's incompleteness theorems (which came
some 20 years later and showed that Russell and Whitehead's
goal of a complete axiomatic derivation of mathematics
was impossible), ``Logic, even in the hands of figures as
brilliant as Whitehead and Russell, has its limits.
Book marketing, it appears, doesn't.''
(The lecture notes by Stanley Burris is available at
http://www.thoralf.uwaterloo.ca/htdocs/scav/principia/
principia.html)
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: BigNum Question
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Jun 2001 22:00:13 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: Personally I don't trust any cryptosystem that doesn't have 100% control
: over the host cpu. That includes software oriented stuff.
: The problem with Java is that it wasn't designed with crypto in mind. You
: can't lock memory to prevent swappage and there is alot of other side
: channel stuff...
Java has problems in this area - but they are soluble ones.
However, people have to realise that there's a problem before anything is
going to get done about it.
--
__________
|im |yler Email: [EMAIL PROTECTED] ICQ: 31813604 Yahoo messenger: tt2333
------------------------------
From: [EMAIL PROTECTED] (Andrew Palumbo)
Subject: Cypherus encryption software
Date: 18 Jun 2001 15:18:59 -0700
Hey guys, I've been lurking the group for a while, but this is my
first post.
I just wanted to let you guys know about a really neat encryption
program I found, Cypherus. It can encrypt all your files, and has
plug-ins for most email clients, so you can send private emails, too.
It looks like it uses Blowfish for the encryption and something with
Diffie-hellman for the public/private key stuff.
They say it's supposed to be alot easier to use than PGP, and after
trying it, I'm prone to agree. It runs on both the Windows 95/98/ME
tree and Windows NT/2000.
You can check out the website, here:
http://www.cypherus.com
Or, you can just download the 30-day trial:
http://www.cypherus.com/downloadeval.php
Take care!
Andrew
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 23:22:36 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
>> If you apply it afterwards, the cypher's output is protected by the
>> hash.
>
> You might as well just use a hash in CTR mode.
How secure is that?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 22:26:48 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> >> If you apply it afterwards, the cypher's output is protected by the
> >> hash.
> >
> > You might as well just use a hash in CTR mode.
>
> How secure is that?
As secure as the Hash function is wrt to reversal attacks. [I.e figuring
out the input from the output]. Also you can apply SAC and the like tests
to see if the output appears random.
Tom
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 23:32:17 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
>> > You might as well just use a hash in CTR mode.
>>
>> How secure is that?
>
> As secure as the Hash function is wrt to reversal attacks. [I.e
> figuring out the input from the output]. Also you can apply SAC and the
> like tests to see if the output appears random.
Would you in general recommend this (say MD5(key,count) in CTR mode)
versus Rijndael in CTR mode? Also, which would be cleaper on CPU churn?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 22:33:45 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> >> > You might as well just use a hash in CTR mode.
> >>
> >> How secure is that?
> >
> > As secure as the Hash function is wrt to reversal attacks. [I.e
> > figuring out the input from the output]. Also you can apply SAC and the
> > like tests to see if the output appears random.
>
> Would you in general recommend this (say MD5(key,count) in CTR mode)
> versus Rijndael in CTR mode? Also, which would be cleaper on CPU churn?
MD5 is sufficient for a CTR mode cipher [not as a primitive for signatures
though].
Hmm... depends. On some cpus MD5s trivial boolean ops are efficient, but on
some others Rijndael may be faster.
Tom
------------------------------
From: Fred W. Helenius <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: About Principia Mathematica (long)
Date: Mon, 18 Jun 2001 18:33:47 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>In connection with a recent discussion in sci.crypt, I obtained
>some seemingly radically different opinions or facts on the
>readability of Whitehead and Russell's Principia Mathematica,
>a book which I till the present have only heard talking about
>but never even actually seen. On the one extreme there was
>a regular in sci.crypt reporting that he had read most of that
>book while yet in high school. On the other extreme there was
>an acquaintance of mine claiming that most graduate students
>in math attempting to read that book would be coming up against
>a stone wall ('beissen auf Granit').
Could the first-mentioned poster possibly have been thinking
of Russell's _The Principles of Mathematics_? It's a far
more approachable work.
------------------------------
From: Karl Forsberg <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: About Principia Mathematica (long)
Date: Mon, 18 Jun 2001 22:37:43 GMT
Mok-Kong Shen wrote:
>
> In connection with a recent discussion in sci.crypt, I obtained
> some seemingly radically different opinions or facts on the
> readability of Whitehead and Russell's Principia Mathematica,
> a book which I till the present have only heard talking about
> but never even actually seen. On the one extreme there was
> a regular in sci.crypt reporting that he had read most of that
> book while yet in high school. On the other extreme there was
> an acquaintance of mine claiming that most graduate students
> in math attempting to read that book would be coming up against
> a stone wall ('beissen auf Granit').
>
> Fascinated thus by this huge disparity of opinions/facts, I
> undertook to collect certain matters concerning the book which
> appear to be of some general interest:
<SNIP>
Mathematicians call Russel a philosopher. Philosophers call Russel a
mathematician. It seems like neither group thinks he is particularly
relevant to them.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Cypherus encryption software
Date: 18 Jun 2001 15:38:47 -0700
[EMAIL PROTECTED] (Andrew Palumbo) writes:
> Hey guys, I've been lurking the group for a while, but this is my
> first post.
No it isn't. You spammed talk.politics.crypto with the exact same post.
Only one of them can be the first.
> I just wanted to let you guys know about a really neat encryption
> program I found, Cypherus.
Yeah right, an encryption program you "found". You wouldn't happen
to be the vendor, would you? Naah, couldn't be. Oh right, it could.
> They say it's supposed to be alot easier to use than PGP, and after
> trying it, I'm prone to agree. It runs on both the Windows 95/98/ME
> tree and Windows NT/2000.
Who are "they"? Why am I almost certain that "they" is "you"?
> Or, you can just download the 30-day trial:
>
> http://www.cypherus.com/downloadeval.php
Oh great, more spam for snake oil encryption with no source code.
------------------------------
Date: Mon, 18 Jun 2001 21:04:15 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: Is ECB truly more secure than CBC?
=====BEGIN PGP SIGNED MESSAGE=====
Joseph Ashwood wrote:
> Except by the same notion CBC can also be distinguished.
>
> I assume you mean the measure of given an oracle that either
> (encrypt/decrypt)s the data given or return random information that ECB
> can be easily distinguished by feeding to a value twice.
No, ECB is insecure even under ciphertext-only attack; no encryption or
decryption oracles required. For XML-encoded data, repeated plaintext
blocks are quite likely.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOy5ekTkCAxeYt5gVAQHl4AgAsVAGWg0a9EeUKBx1/QCeS86Nf+TbAzRZ
ma7oEIidlkXinXTEGA/gDVtbMc1qTLa9DqotvmDaywvLCp15LhNVCg9jkt9gxt6M
xjdfumL/CGI9g7CcC6AnozTG6NWtmwIJFP56GgzGTzbcYbB7YfXiulYqVUvVs+8I
X8sCJt3UJxJA+rDq3/M8YFw3gIjx3cx6sCSx2iFztIaY/3tVKPz6xkhEjxFj2SxA
66ZL8PUO6v+6VKJSEkhOlQ0bfE/vkrx5Cr2aX5VT+lwIWeeVrjAOhA9rEfEA7Gba
TYvfeTKmZ6kamCApZy385/1ZXMQsWmny+24DYEB9Rpv1BpA5eFDhUA==
=xSqu
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Cypherus encryption software
Date: Mon, 18 Jun 2001 22:44:19 GMT
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Andrew Palumbo) writes:
> > Hey guys, I've been lurking the group for a while, but this is my
> > first post.
>
> No it isn't. You spammed talk.politics.crypto with the exact same post.
> Only one of them can be the first.
Why can't they both be the first.... There is no spoon. [:-o]
>
> > I just wanted to let you guys know about a really neat encryption
> > program I found, Cypherus.
>
> Yeah right, an encryption program you "found". You wouldn't happen
> to be the vendor, would you? Naah, couldn't be. Oh right, it could.
Magically stumbled across this closed-source non-free program. I think
everyone should try it.
New form of advertising. Pretend you're a customer!
> > They say it's supposed to be alot easier to use than PGP, and after
> > trying it, I'm prone to agree. It runs on both the Windows 95/98/ME
> > tree and Windows NT/2000.
>
> Who are "they"? Why am I almost certain that "they" is "you"?
>
> > Or, you can just download the 30-day trial:
> >
> > http://www.cypherus.com/downloadeval.php
>
> Oh great, more spam for snake oil encryption with no source code.
Reverse engineer it?
Hehehe
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Is ECB truly more secure than CBC?
Date: Mon, 18 Jun 2001 22:45:21 GMT
"David Hopwood" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Joseph Ashwood wrote:
> > Except by the same notion CBC can also be distinguished.
> >
> > I assume you mean the measure of given an oracle that either
> > (encrypt/decrypt)s the data given or return random information that ECB
> > can be easily distinguished by feeding to a value twice.
>
> No, ECB is insecure even under ciphertext-only attack; no encryption or
> decryption oracles required. For XML-encoded data, repeated plaintext
> blocks are quite likely.
While I agree using ECB to encode messages I must point out that if the
source language is unknown or meaningless [hint CTR mode] ECB is ok. By ECB
I mean a mode without chaining [like CTR].
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Is ECB truly more secure than CBC?
Date: Mon, 18 Jun 2001 22:47:28 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:5wvX6.158184$[EMAIL PROTECTED]...
>
> "David Hopwood" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Joseph Ashwood wrote:
> > > Except by the same notion CBC can also be distinguished.
> > >
> > > I assume you mean the measure of given an oracle that either
> > > (encrypt/decrypt)s the data given or return random information that
ECB
> > > can be easily distinguished by feeding to a value twice.
> >
> > No, ECB is insecure even under ciphertext-only attack; no encryption or
> > decryption oracles required. For XML-encoded data, repeated plaintext
> > blocks are quite likely.
>
> While I agree using ECB to encode messages ^^^^ I must point out that if
the
^^^^ = "is bad, "
Tom
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 23:48:04 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> MD5 is sufficient for a CTR mode cipher [not as a primitive for
> signatures though].
I don't quite get what you mean by that; signatures need pubkey
algorithms, I thought.
> Hmm... depends. On some cpus MD5s trivial boolean ops are efficient,
> but on some others Rijndael may be faster.
Right. I guess I'd have to run side by side speed tests.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Help on GF(2^N)
Date: Mon, 18 Jun 2001 23:45:24 +0100
"Phil Carmody" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> About 8 centuries ago I did a maths degree, but I can't remember shite.
> Lots of questions, sorry.
> A pointer to a 'everything you wanted to know about GF(2^N) for dummies'
> webpage is more than enough.
> (I've read a set of ucla.edu/~matache/rsc/ pages, which was a good
> start.
>
> Can anyone give an example demonstrating why /irreducible/ polynomials
> are not /prime/ in GF(p)[x]? (i.e. a C=AB=XY for irreducible A, B, X, Y.
> I understand (but can't instantly prove) that the field is not a unique
> factorisation domain, I'd just like an example to sweaten the idea).
>
> Are there any (families of) GFs that are UFDs?
>
> Side question (not that important, just curoisity) - Is there such a
> thing as an 'infinite' GF (no finite N)? (I feel I could construct a
> ring that behaves that way, but whether it's actually a field is another
> matter).
As far as I am aware, no.
> When trying to express elements of GF(2^N) in 'polynomial' form, does it
> make any difference what irreducible polynomial in GF(2)[x] I chose?
To cryptographic strength, usually no.
>I assume all of the choices yield isomorphic fields?
No.. two different polynomials will reduce two identical polynomials
differently.
How many such
> polynomials are there? Is it always that case that if I chose an
> irreducible polynomial of degree N that I'll generate GF(2^N)?
I should image that the distrubution of irreducible polynomials is similar
to that of primes...
>
> It looks like everything is abelian and the usual distribution of
> operators I'm used to applies - a(b+c)=ab+ac; a^(b+c)=a^b.a^c.
Yup.. intrestingly in GF(2^w).. addition is an involution (its actually
XOR).
> Finally, can anyone verify my maths:
>
> A) '0...010' ^ (2^N-1) == '0...001', and by extension 'abc...xyz' ^
> (2^N-1) == '000...001'
> B) '...abc'^-1 == '...abc'^(2^N-2), and this yields the quickest method
> of calculating inverses.
> C) '...abc'^2 == '...0a0b0c'
>
> Cheers,
> Phil
This is a test of how well i grasp this topic to.. so don't take this as
concrete until
someone finds fault ;)
Hope that's some help,
Simon.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Help on GF(2^N)
Date: Mon, 18 Jun 2001 22:54:53 GMT
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:9gm09d$52b$[EMAIL PROTECTED]...
>
> "Phil Carmody" <[EMAIL PROTECTED]> wrote in
message
> news:[EMAIL PROTECTED]...
> > About 8 centuries ago I did a maths degree, but I can't remember shite.
> > Lots of questions, sorry.
> > A pointer to a 'everything you wanted to know about GF(2^N) for dummies'
> > webpage is more than enough.
> > (I've read a set of ucla.edu/~matache/rsc/ pages, which was a good
> > start.
> >
> > Can anyone give an example demonstrating why /irreducible/ polynomials
> > are not /prime/ in GF(p)[x]? (i.e. a C=AB=XY for irreducible A, B, X, Y.
> > I understand (but can't instantly prove) that the field is not a unique
> > factorisation domain, I'd just like an example to sweaten the idea).
> >
> > Are there any (families of) GFs that are UFDs?
> >
> > Side question (not that important, just curoisity) - Is there such a
> > thing as an 'infinite' GF (no finite N)? (I feel I could construct a
> > ring that behaves that way, but whether it's actually a field is another
> > matter).
>
> As far as I am aware, no.
Fields need not be finite. Look at the set of real numbers. Although by
definition Galois Fields are finite afaik.
> > When trying to express elements of GF(2^N) in 'polynomial' form, does it
> > make any difference what irreducible polynomial in GF(2)[x] I chose?
>
> To cryptographic strength, usually no.
Afaik this is true.
> >I assume all of the choices yield isomorphic fields?
>
> No.. two different polynomials will reduce two identical polynomials
> differently.
>
> How many such
> > polynomials are there? Is it always that case that if I chose an
> > irreducible polynomial of degree N that I'll generate GF(2^N)?
>
> I should image that the distrubution of irreducible polynomials is similar
> to that of primes...
>
> >
> > It looks like everything is abelian and the usual distribution of
> > operators I'm used to applies - a(b+c)=ab+ac; a^(b+c)=a^b.a^c.
>
> Yup.. intrestingly in GF(2^w).. addition is an involution (its actually
> XOR).
Technically addition in any finite field is an involution if applied enough
times :-)
> > Finally, can anyone verify my maths:
> >
> > A) '0...010' ^ (2^N-1) == '0...001', and by extension 'abc...xyz' ^
> > (2^N-1) == '000...001'
> > B) '...abc'^-1 == '...abc'^(2^N-2), and this yields the quickest method
> > of calculating inverses.
> > C) '...abc'^2 == '...0a0b0c'
> >
> > Cheers,
> > Phil
>
> This is a test of how well i grasp this topic to.. so don't take this as
> concrete until
> someone finds fault ;)
A bit bitter are we?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Counter mode, the better way to do it?
Date: Mon, 18 Jun 2001 22:55:45 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > MD5 is sufficient for a CTR mode cipher [not as a primitive for
> > signatures though].
>
> I don't quite get what you mean by that; signatures need pubkey
> algorithms, I thought.
Public key algorithms "sign" the message digests not the message.
> > Hmm... depends. On some cpus MD5s trivial boolean ops are efficient,
> > but on some others Rijndael may be faster.
>
> Right. I guess I'd have to run side by side speed tests.
Yeah. Well depends. With MD5 you get some simplicity since MD5 is simpler
to code than Rijndael.
Tom
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Cypherus encryption software
Date: Mon, 18 Jun 2001 15:39:03 -0700
A bit of commentary.
I have quickly reviewed the cypherus site. It does not seem to be the
standard snake-oil. It uses DH to exchange keys and Blowfish for encryption,
so it's got decent foundations. However it utilizes only a password for
protection, which is likely to be it's achilles heel. Also it is apparently
completely non-standards based. The errors on the page seem to be of the
sort where a technical writer wrote it, as opposed to having an engineer
write it. They give no information about how the keys are stored, or any
certification of keys, this is slightly worrisome, but also because the page
does not seem to have been written by an engineer may not reflect the actual
state of the system. It's still worrisome however.
I believe that there is sufficient reason to believe that this is not pure
snake-oil. I also believe that it is not as secure as the benchmark of PGP.
Joe
"Andrew Palumbo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hey guys, I've been lurking the group for a while, but this is my
> first post.
>
> I just wanted to let you guys know about a really neat encryption
> program I found, Cypherus. It can encrypt all your files, and has
> plug-ins for most email clients, so you can send private emails, too.
> It looks like it uses Blowfish for the encryption and something with
> Diffie-hellman for the public/private key stuff.
>
> They say it's supposed to be alot easier to use than PGP, and after
> trying it, I'm prone to agree. It runs on both the Windows 95/98/ME
> tree and Windows NT/2000.
>
> You can check out the website, here:
>
> http://www.cypherus.com
>
> Or, you can just download the 30-day trial:
>
> http://www.cypherus.com/downloadeval.php
>
> Take care!
> Andrew
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
