Re: names to say in late september

[Arnold G. Reinhold]

While the RSA/Security Dynamics second letter to the P1363 committee 
http://grouper.ieee.org/groups/1363/P1363/letters/SecurityDynamics2.jp 
g
pretty much alleviates my concerns about using the "RSA" name from a 
legal perspective, the two messages below demonstrate why I think an 
unambiguous generic name is also needed.

The RSA algorithm with a modulus that is the product of three primes 
is a different cryptographic algorithm from RSA with a modulus that 
is the product of two primes. In cryptography, a little bit different 
is like a little bit pregnant. In particular, the three prime 
approach appears more vulnerable to an advance in quadratic sieving 
than the two prime approach.  I am not saying three prime approach 
should never be used, just that its security must be evaluated 
separately.

That RSA Security Inc. is considering allowing the use of three prime 
moduli under the umbrella of the RSA name doesn't change the fact 
that this is a different design. I think it is important to have some 
nomenclature (triprime?) that reflects exactly which method is in 
use. If I had recommended to a client that they use a particular 
product based, in part, on the claim that they employed the RSA 
algorithm and it turned out later that they used a triprime modulus, 
I would be quite annoyed.

Also, someone sending a secret message using PKC depends on the 
security of the recipient's algorithm and keys.  With triprime 
moduli, there would not even be a change in algorithm to alert the 
sender. There needs to be some way to let people know what security 
they are getting. I am not aware of any efficient test to distinguish 
numbers with two factors from numbers with more than two. Does anyone 
know of one?

By the way, I could not find the April 2000 RSA Data Security 
Bulletin on three primes at 
http://www.rsasecurity.com/rsalabs/bulletins/index.html  Is there a 
better link?


Arnold Reinhold

At 1:06 PM -0700 7/28/2000, Steve Reid wrote:
On Thu, Jul 27, 2000 at 03:00:16PM -0400, Arnold G. Reinhold wrote:
 I like "Biprime Cryptography," or maybe "Biprime Public Key
 Cryptography," where a biprime is defined as the product of two prime
 numbers.  I doesn't get close to any trademark and it is descriptive
 of the algorithm.

Sounds like "composite modulus cryptography" which I think has been
mentioned on the crypto lists before.

"Biprime cryptography" is not really accurate, because RSA doesn't
require that the modulus be the product of two primes. I seem to
remember someone (I think it was Richard Schroeppel) a few years ago
advocating RSA with a three-prime modulus. The idea was that having
three primes instead of two would not weaken the algorithm in any
practical way, but it could make CRT operations even faster. It
wouldn't make the number field sieve any easier because the number of
primes doesn't affect NFS workfactor. It would make (I think) the
quadratic sieve more efficient, but at normal keysizes (1024 bits?) the
three primes would all be large enough that quadratic sieve would still
be less efficient than the number field sieve.

At 6:26 PM -0400 7/28/2000, dmolnar added:
...
Note that Compaq is trying to push this under the name "Multiprime."
Bob Silverman has a nice analysis of the number of factors and size of
factors vs. security tradeoff in the April 2000 RSA Data Security
bulletin. It's only in the PDF version (or was), though.
PKCS #1 is also being amended to allow for multiple distinct primes.
...

MojoNation file sharing system plans to beat Napster, Gnutella

[Declan McCullagh]

http://www.wired.com/news/technology/0,1282,37892,00.html

Get Your Music Mojo Working
by Declan McCullagh ([EMAIL PROTECTED])

5:45 p.m. Jul. 29, 2000 PDT
LAS VEGAS -- A new file-sharing system could best rivals
like Napster and Gnutella through more anonymous and
efficient transfers.

The service has an innovative feature that rewards users
for uploading and distributing files: payment in a form of
digital currency called "Mojo."

"It's a cross between Napster and eBay," says Jim McCoy,
the 30-year-old CEO of Autonomous Zone Industries,
which created the open-source MojoNation software.

McCoy's goal is nothing if not ambitious: to create the first
file-sharing economy of agents, servers, and search
engines in which senders and receivers can agree on
prices for each transaction and use micropayments to get
paid.

The prospect of millions of users spending Mojo tokens on
pirated movies and songs is sure to draw the wrath of the
entertainment industry, which has sued to shut down
Napster and erase a DVD-descrambling program from the
Web.

Another probable early use is pornography copied from
other sites, and companies such as Penthouse's publisher
also have shown they're willing to take legal action.

Autonomous Zone says that since it -- unlike Napster --
does not keep a master index of files, its employees are
simply unable to remove references to illegal files stored
on MojoNation servers. "We are a bigger threat because
we can survive most attacks," McCoy says.

But the startup claims it wants to work with Hollywood
through a voluntary-payment-for-downloads feature that
the firm's programmers have dubbed "PayLars," a reference
to Metallica drummer and Napster foe Lars Ulrich.

"When the president of Sony comes to us, we'll say
Gnutella's never going to do anything for you," says the
Autonomous Zone programmer who goes by the name
Zooko Journeyman. "Fight them or die -- or join us and
prosper."

In an attempt to spread MojoNation quickly through the
hacker underground, Autonomous Zone plans to release
the beta version at the DefCon convention this weekend in
Las Vegas. Versions will be available on sourceforge.net
for Windows and Linux machines.

MojoNation's current stage of development is somewhere
between a working prototype and a polished final product.
It works, but a friendly interface is still being shaped, and
as of Friday, company programmers were still unearthing
some remaining bugs.

At least when its development is complete, MojoNation
should combine the ease of use and search capabilities of
Napster and Gnutella with the kind of distributed server
network that FreeNet uses. Files that are uploaded to a
Freenet server remain online after a user disconnects, but
Freenet does not support searching or micropayments.

But will MojoNation be compelling enough to make other
users switch? "It doesn't seem to buy anything over
Gnutella," says Jon Lasser, author of Think Unix. "It's not
clear to me who is served by this system."

The libertarian-leaning cypherpunks -- only about seven
so far -- who work at Autonomous Zone are pinning their
hopes on creating an emergent network of electronic
buyers, sellers, and service providers, all exchanging
tokens that might represent as little as one-thousandth of
a cent.

Another addition: A limited form of reputation-tracking, so
you can determine which service providers are the most
reliable. The first time you log on, you generate a public
and private key pair that the system uses to identify you.

"It is an ant colony of sorts -- tons of agents, each with
its own specialized goal," says McCoy, a former Yahoo
engineer who founded Autonomous Zone last summer and
is providing the seed capital.

By pinning even an infinestimal value on all transactions,
the company plans to discourage piggish folks who
download more than they contribute in return.

To earn Mojo tokens, users can sell their extra bandwidth
or disk space and act as servers, or create their own
service that others want to pay for. A successful system
would also likely include money exchangers who buy and
sell Mojo tokens in exchange for dollars.

Before a MojoNation user uploads a file, the client
software splits it into eight pieces using an algorithm akin
to that used in RAID hard disk arrays: Only four pieces are
necessary to reconstruct the entire file, and the sender
can try to use the network to cloak his or her identity.

###