Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #12 Tue, 19 Sep 00 04:13:01 EDT
Contents:
Re: Dangers of using same public key for encryption and signatures? (David Hopwood)
Re: Software patents are evil. (Terry Ritter)
Re: Intel's 1.13 MHZ chip ("Douglas A. Gwyn")
Re: Algebra, or are all block ciphers in trouble? ("Douglas A. Gwyn")
Re: Hamming weight ("Douglas A. Gwyn")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an ("Douglas A.
Gwyn")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Douglas A. Gwyn")
Re: 20 suggestions for cryptographic algorithm designers (Jerry Coffin)
Re: Intel's 1.13 MHZ chip (Jerry Coffin)
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative
intorduction] ("Kostadin Bajalcaliev")
Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Kostadin
Bajalcaliev")
Re: QUESTION ABOUT ALGORITHMS (Mok-Kong Shen)
Date: Tue, 19 Sep 2000 03:28:18 +0100
From: David Hopwood [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Dangers of using same public key for encryption and signatures?
=BEGIN PGP SIGNED MESSAGE=
Bryan Olson wrote:
Brian Gladman wrote:
In the UK keys used for signature only are not subject to
Government Access to Keys (GAK). But keys that perform
both signature and encryption functions can be seized under
warrant by a number of UK authorities. And there is no
requirement that you need to be under suspicion in order
for keys to be seized.
Tricky. The holders of the *public* key ultimately decide
whether it performs encryption. For all the popular PK
signature schemes there's a PK encryption method that uses
the same key pair.
I'm not sure whether you count Fiat-Shamir-based methods as popular, but
they can't be used in this way, AFAIK. (If they could, that would have some
very interesting practical uses, but unfortunately I don't think it is
possible.)
(I'm saying "popular" to rule out things like Merkle one-time signatures.)
How does the law handle the case of Bob releasing his public
key saying "signatures only", but Alice sending him messages
encrypted with it anyway?
The clause that is supposed to protect signature keys actually applies as
long as the private key has not been used for decryption. OTOH, the whole
law is very badly drafted, and the government refused to fix a number of
other problems that were pointed out with this clause. Some of them
are described on Charles Lindsay's "scenarios" page, at
http://www.cs.man.ac.uk/~chl/scenarios.html (Scenarios 10, 11 and 12).
It is also not clear whether the protection applies to keys that are not
technically signature keys, but are used for authentication (for example,
is an SSL server's private key for RSA ciphersuites included?)
In practice for GAK resistence, I recommend using ephemeral Diffie-Hellman
key exchange with signed exponentials (a.k.a. station-to-station protocol)
wherever possible; in that case the RIP Act protection for signature keys
should definitely apply to the keys used to sign the exponentials, and
there are no encryption keys that can be given up after a session has
completed.
- --
David Hopwood [EMAIL PROTECTED]
Home page PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=BEGIN PGP SIGNATURE=
Version: 2.6.3i
Charset: noconv
iQEVAwUBOcbPBjkCAxeYt5gVAQG/UggAo+2cxMWVJU6qNI6XrXB/eKIk1gmVYkC3
7o2bXEfZVok7QfJtGpozzH1etdXsRF3F6ukABsMv0azHguXG1ZAIu+1VUdWgNdUK
Ks1rbgoUl7iD7sNfiInDNCWF4CW+bAE1DSgtYDnv9JoYT1tscr5z/Xz1bQafUyZI
QVT4oY3mW4ciNc/p2ItcbqlSJiHaSJdZkBP1PGrtHMM54/D7EoTvCl6KeH6g+wyV
pCjvkxzrxlkDZNxC5FSUigC1WOsB7zlhGCpySiBXeoiq9yvCzgSEfChoveWAWZR9
+bJVfKpJQeTjFmA/cqaxmANvUJguv5LH8t6lhlBkIZ/KgO1Vg/hfNA==
=VX0Z
=END PGP SIGNATURE=
--
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Software patents are evil.
Date: Tue, 19 Sep 2000 04:16:41 GMT
On Mon, 18 Sep 2000 17:05:57 -0700, in K5yx5.2195$hu1.1553@client,
in sci.crypt "Dann Corbit" [EMAIL PROTECTED] wrote:
"Terry Ritter" [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
[SNIP]
Apparently, the courts lack a basic understanding of mathematics or
such patents would never be granted, since patenting math is illegal.
So, basically, you imagine that you have a deeper understanding of
patent law than patent-law courts, patent offices, and various
patent-law attorneys? How odd.
An algorithm is nothing but an implementation of a mathematic
Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #11 Fri, 5 May 00 23:13:01 EDT
Contents:
Re: Crypto Export (Jerry Park)
Re: cryptographically secure (Tom St Denis)
Re: GPS encryption turned off ([EMAIL PROTECTED])
Re: GPS encryption turned off ([EMAIL PROTECTED])
Re: GPS encryption turned off (Martin Grossman)
Re: Questions about imaginary quadratic orders (David Hopwood)
Unbreakable Superencipherment Rounds (UBCHI2)
Re: Crypto Export ("Adam Durana")
XTR and Diffie-Hellman (David Hopwood)
Re: Crypto Export (Bill Unruh)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails onthe net"
(Dave J)
Re: Unbreakable Superencipherment Rounds ("Scott Fluhrer")
Re: Unbreakable Superencipherment Rounds (Tom St Denis)
Re: quantum crypto breakthru? (Roger)
Re: AEES Advanced ("Scott Fluhrer")
Re: Unbreakable Superencipherment Rounds (Mr. Klay I. Eno)
From: Jerry Park [EMAIL PROTECTED]
Subject: Re: Crypto Export
Date: Fri, 05 May 2000 18:51:58 -0500
Stou Sandalski wrote:
Well its almost the end of my school year (25days left) and in government
everyone had to pick a pro/con topic (like abortion, legalization of weed,
gun control laws... etc.) and write a paper on it; giving both sides and
stating one's own opinion. Now naturaly I picked US laws against export of
strong crypto systems. Now my problem is that I need to include actual
facts., statistics, even quotes and I have material against export control
laws, but I can't find arguments for the export control laws (officialy
arguments that is, papers and things writen by actual people)...
Does anyone here know where I can get some material like that? Also are
there any cell phones currently produced or that have been produced that
have the clipper chip or any similar key-escrow dealie in them?
thanks
Stou
As noted in previous posts, there are several places to obtain arguments for
export control.
I don't think you will find any arguments which make any sense (I've never seen
a sensible argument for it).
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: cryptographically secure
Date: Sat, 06 May 2000 00:05:26 GMT
Ali Tofigh wrote:
Hi!
I'm in urgent need for a cryptographically secure random number
generator... I'm studying cryptography and implementing an RSA-system
and therefore I need a random number generator that can generate
large numbers. Around 400-500 bits long at least.
Regards
A.T.
Normally you make prng bits one at a time and concatenate them
together. So you just need a non-linear long-perioded prng.
Such as a hash in counter mode.
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
--
From: [EMAIL PROTECTED]
Subject: Re: GPS encryption turned off
Crossposted-To: sci.geo.satellite-nav
Date: Sat, 06 May 2000 00:37:04 GMT
In sci.crypt Paul Rubin [EMAIL PROTECTED] wrote:
OK, this helps somewhat, but remember, the enemy only has to borrow
ONE unit to compromise the whole system for as long as the unit stays
whitelisted. They have to be protected MUCH more carefully than, say,
vehicles or machine guns.
Well, machine guns are also a sensitive item. I'm not sure about
vehicles, but loosing one of those isn't a good career move either. :)
Are you serious about this? The army really has time to go round up
every single GPS every 12 hours, in the middle of some messy troop
operation or invasion, which is precisely when the GPS's are needed
most? I guess it's possible but it surprises me.
Actually, most combat units do it substantially more often. At the
bottom of the chain of command, you're checking a handful of people,
say four to nine. Of course, you don't pull out the list and check the
serial number every time, you just make sure Joe Moron is still
carrying the damn thing most of them.
Every single gps isn't a large number, either. Individual troops don't
need them, since it's a command function to verify your position. So,
in a 40 man platoon you may have 1 per squad, 1 for the PL and 1 for
the PSG. However, with troops you also need to check for lost weapons,
sufficient ammo, medical problems, injuries, lost equipment, bad
morale, assign sectors of fire, etc. In short there's a _long_ list of
things that the NCO chain handles, and taking looking for a plugger on
it isn't onerous. ;)
Don't forget, too, that the person who checks the serial numbers is
also susceptable to bribes/seduction/blackmail/etc.
True, but they also have a security clearance and the arms room
controls to contend with. The only time it would be feasible to steal
(borrow) one is when the unit is garrisoned and they're in storage, at
which time they're unfilled and use
Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #9 Sun, 13 Jun 99 20:13:04 EDT
Contents:
sbox design ([EMAIL PROTECTED])
Re: "Breaking" a cipher ([EMAIL PROTECTED])
Re: OTP is it really ugly to use or not? ([EMAIL PROTECTED])
Re: Prime number generators... ([EMAIL PROTECTED])
Still musing about DH key exchanges :-) (Peter Gunn)
stream ciphers ("Maciej Maciejonek")
Re: Slide Attack on Scott19u.zip ([EMAIL PROTECTED])
Re: Cracking DES ([EMAIL PROTECTED])
Re: stream ciphers (James Pate Williams, Jr.)
Substituion methods (c a l a n d e)
Re: Looking for a password encryption algorithm (Bill Unruh)
Re: OTP is it really ugly to use or not? (Bill Unruh)
Re: Random numbers on a sphere (Bill Unruh)
Re: OTP is it really ugly to use or not? (Bill Unruh)
Re: "Breaking" a cipher
Re: RSA msg length... (Bill Unruh)
Re: OTP is it really ugly to use or not? (fungus)
Re: Substituion methods (fungus)
From: [EMAIL PROTECTED]
Subject: sbox design
Date: Sun, 13 Jun 1999 18:15:13 GMT
I have been peering at the sboxes from CAST-128 (I used them in my
second simple cipher). And I would like to know about the criterion
used to make them. This is what I know.
1. They used bent functions on the inputs
2. There are four 8x32 sboxes
3. When used like in CAST it forms a 32x32 sbox
4. They are resitant to differential and linear analysis.
My questions are.
1. What is a bent function?
2. How is it resistant to the attacks?
I have seen a site a long time ago where Charlse talks about them, but
I lost the link. I would appreciate any links,urls,etc...
Thanks,
Tom
--
PGP key is at:
'http://http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: "Breaking" a cipher
Date: Sun, 13 Jun 1999 17:58:42 GMT
Every key-based system is "breakable". The only interesting data on
that
is the "cost/time" curve.
Not true. Every system is solvable. A break is finding the key (or
the required information to forge/decrypt messages) faster then trying
all keys.
There are two types of advancements though. In things like RSA or DH
where it's a number problem the speed increase is roughly tied to the
evolvement of the algorithms used to solve. Note RSA had the QS then
the NFS etc...
In ciphers like DES (block ciphers, or symmetric key ciphers) the break
requires something occuring with a higher then equal probability. This
can suggest round keys or the entire key. The speed of a break is
normally tied towards the speed of the machine, we note that different
types of attacks (algorithms) may be faster. Most attacks against DES
are brute force with several ciphertexts...
Hope that helps.
--
PGP key is at:
'http://http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: OTP is it really ugly to use or not?
Date: Sun, 13 Jun 1999 18:03:01 GMT
In article [EMAIL PROTECTED],
fungus [EMAIL PROTECTED] wrote:
Read the original post again...I never said RC4 was uncrackable,
I gave it as an example of a pseudo-OTP.
Here is the clip from your post
I think it's more accurate to say that the absolute validity of the
mathematical proof that the OTP is secure depends on the true
randomness of the pad. It's perfectly possible to use a less
than perfect random number generator for your one time pad and
still have message security that can and will never be compromised.
eg. RC4.
The last sentence suggests that RC4 cannot be compromised, but it can.
Tom
--
PGP key is at:
'http://http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: Prime number generators...
Date: Sun, 13 Jun 1999 18:00:38 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
It seems that prime number generators of all numeric libraries
OCCASIONALY hang slower computers. Is that happening to
somebody else?
When I had a Pentium I 90 MHz machine with 16 MB of RAM F-Secure SSH
used to hang-up when I tried to generate a RSA key greater than
512-bits. Now that I have a Pentium II 450 MHz with 128 MB of RAM this
does not occur.
There are three possibilities...
1) It did not hang. It was just way slower.
2) It requires too much ram, and crashed
3) Newer software.
I don't think the algorithm would just hang, so it most likely is #1.
Tom
--
PGP key is at:
'http://http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: Pet
