Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #12 Tue, 19 Sep 00 04:13:01 EDT Contents: Re: Dangers of using same public key for encryption and signatures? (David Hopwood) Re: Software patents are evil. (Terry Ritter) Re: Intel's 1.13 MHZ chip ("Douglas A. Gwyn") Re: Algebra, or are all block ciphers in trouble? ("Douglas A. Gwyn") Re: Hamming weight ("Douglas A. Gwyn") Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an ("Douglas A. Gwyn") Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Douglas A. Gwyn") Re: 20 suggestions for cryptographic algorithm designers (Jerry Coffin) Re: Intel's 1.13 MHZ chip (Jerry Coffin) Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an alternative intorduction] ("Kostadin Bajalcaliev") Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption ("Kostadin Bajalcaliev") Re: QUESTION ABOUT ALGORITHMS (Mok-Kong Shen) Date: Tue, 19 Sep 2000 03:28:18 +0100 From: David Hopwood [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Dangers of using same public key for encryption and signatures? =BEGIN PGP SIGNED MESSAGE= Bryan Olson wrote: Brian Gladman wrote: In the UK keys used for signature only are not subject to Government Access to Keys (GAK). But keys that perform both signature and encryption functions can be seized under warrant by a number of UK authorities. And there is no requirement that you need to be under suspicion in order for keys to be seized. Tricky. The holders of the *public* key ultimately decide whether it performs encryption. For all the popular PK signature schemes there's a PK encryption method that uses the same key pair. I'm not sure whether you count Fiat-Shamir-based methods as popular, but they can't be used in this way, AFAIK. (If they could, that would have some very interesting practical uses, but unfortunately I don't think it is possible.) (I'm saying "popular" to rule out things like Merkle one-time signatures.) How does the law handle the case of Bob releasing his public key saying "signatures only", but Alice sending him messages encrypted with it anyway? The clause that is supposed to protect signature keys actually applies as long as the private key has not been used for decryption. OTOH, the whole law is very badly drafted, and the government refused to fix a number of other problems that were pointed out with this clause. Some of them are described on Charles Lindsay's "scenarios" page, at http://www.cs.man.ac.uk/~chl/scenarios.html (Scenarios 10, 11 and 12). It is also not clear whether the protection applies to keys that are not technically signature keys, but are used for authentication (for example, is an SSL server's private key for RSA ciphersuites included?) In practice for GAK resistence, I recommend using ephemeral Diffie-Hellman key exchange with signed exponentials (a.k.a. station-to-station protocol) wherever possible; in that case the RIP Act protection for signature keys should definitely apply to the keys used to sign the exponentials, and there are no encryption keys that can be given up after a session has completed. - -- David Hopwood [EMAIL PROTECTED] Home page PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip =BEGIN PGP SIGNATURE= Version: 2.6.3i Charset: noconv iQEVAwUBOcbPBjkCAxeYt5gVAQG/UggAo+2cxMWVJU6qNI6XrXB/eKIk1gmVYkC3 7o2bXEfZVok7QfJtGpozzH1etdXsRF3F6ukABsMv0azHguXG1ZAIu+1VUdWgNdUK Ks1rbgoUl7iD7sNfiInDNCWF4CW+bAE1DSgtYDnv9JoYT1tscr5z/Xz1bQafUyZI QVT4oY3mW4ciNc/p2ItcbqlSJiHaSJdZkBP1PGrtHMM54/D7EoTvCl6KeH6g+wyV pCjvkxzrxlkDZNxC5FSUigC1WOsB7zlhGCpySiBXeoiq9yvCzgSEfChoveWAWZR9 +bJVfKpJQeTjFmA/cqaxmANvUJguv5LH8t6lhlBkIZ/KgO1Vg/hfNA== =VX0Z =END PGP SIGNATURE= -- From: [EMAIL PROTECTED] (Terry Ritter) Subject: Re: Software patents are evil. Date: Tue, 19 Sep 2000 04:16:41 GMT On Mon, 18 Sep 2000 17:05:57 -0700, in K5yx5.2195$hu1.1553@client, in sci.crypt "Dann Corbit" [EMAIL PROTECTED] wrote: "Terry Ritter" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... [SNIP] Apparently, the courts lack a basic understanding of mathematics or such patents would never be granted, since patenting math is illegal. So, basically, you imagine that you have a deeper understanding of patent law than patent-law courts, patent offices, and various patent-law attorneys? How odd. An algorithm is nothing but an implementation of a mathematic
Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #11 Fri, 5 May 00 23:13:01 EDT Contents: Re: Crypto Export (Jerry Park) Re: cryptographically secure (Tom St Denis) Re: GPS encryption turned off ([EMAIL PROTECTED]) Re: GPS encryption turned off ([EMAIL PROTECTED]) Re: GPS encryption turned off (Martin Grossman) Re: Questions about imaginary quadratic orders (David Hopwood) Unbreakable Superencipherment Rounds (UBCHI2) Re: Crypto Export ("Adam Durana") XTR and Diffie-Hellman (David Hopwood) Re: Crypto Export (Bill Unruh) Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails onthe net" (Dave J) Re: Unbreakable Superencipherment Rounds ("Scott Fluhrer") Re: Unbreakable Superencipherment Rounds (Tom St Denis) Re: quantum crypto breakthru? (Roger) Re: AEES Advanced ("Scott Fluhrer") Re: Unbreakable Superencipherment Rounds (Mr. Klay I. Eno) From: Jerry Park [EMAIL PROTECTED] Subject: Re: Crypto Export Date: Fri, 05 May 2000 18:51:58 -0500 Stou Sandalski wrote: Well its almost the end of my school year (25days left) and in government everyone had to pick a pro/con topic (like abortion, legalization of weed, gun control laws... etc.) and write a paper on it; giving both sides and stating one's own opinion. Now naturaly I picked US laws against export of strong crypto systems. Now my problem is that I need to include actual facts., statistics, even quotes and I have material against export control laws, but I can't find arguments for the export control laws (officialy arguments that is, papers and things writen by actual people)... Does anyone here know where I can get some material like that? Also are there any cell phones currently produced or that have been produced that have the clipper chip or any similar key-escrow dealie in them? thanks Stou As noted in previous posts, there are several places to obtain arguments for export control. I don't think you will find any arguments which make any sense (I've never seen a sensible argument for it). -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: cryptographically secure Date: Sat, 06 May 2000 00:05:26 GMT Ali Tofigh wrote: Hi! I'm in urgent need for a cryptographically secure random number generator... I'm studying cryptography and implementing an RSA-system and therefore I need a random number generator that can generate large numbers. Around 400-500 bits long at least. Regards A.T. Normally you make prng bits one at a time and concatenate them together. So you just need a non-linear long-perioded prng. Such as a hash in counter mode. Tom -- Want your academic website listed on a free websearch engine? Then please check out http://tomstdenis.n3.net/search.html, it's entirely free and there are no advertisements. -- From: [EMAIL PROTECTED] Subject: Re: GPS encryption turned off Crossposted-To: sci.geo.satellite-nav Date: Sat, 06 May 2000 00:37:04 GMT In sci.crypt Paul Rubin [EMAIL PROTECTED] wrote: OK, this helps somewhat, but remember, the enemy only has to borrow ONE unit to compromise the whole system for as long as the unit stays whitelisted. They have to be protected MUCH more carefully than, say, vehicles or machine guns. Well, machine guns are also a sensitive item. I'm not sure about vehicles, but loosing one of those isn't a good career move either. :) Are you serious about this? The army really has time to go round up every single GPS every 12 hours, in the middle of some messy troop operation or invasion, which is precisely when the GPS's are needed most? I guess it's possible but it surprises me. Actually, most combat units do it substantially more often. At the bottom of the chain of command, you're checking a handful of people, say four to nine. Of course, you don't pull out the list and check the serial number every time, you just make sure Joe Moron is still carrying the damn thing most of them. Every single gps isn't a large number, either. Individual troops don't need them, since it's a command function to verify your position. So, in a 40 man platoon you may have 1 per squad, 1 for the PL and 1 for the PSG. However, with troops you also need to check for lost weapons, sufficient ammo, medical problems, injuries, lost equipment, bad morale, assign sectors of fire, etc. In short there's a _long_ list of things that the NCO chain handles, and taking looking for a plugger on it isn't onerous. ;) Don't forget, too, that the person who checks the serial numbers is also susceptable to bribes/seduction/blackmail/etc. True, but they also have a security clearance and the arms room controls to contend with. The only time it would be feasible to steal (borrow) one is when the unit is garrisoned and they're in storage, at which time they're unfilled and use
Cryptography-Digest Digest #714
Cryptography-Digest Digest #714, Volume #9 Sun, 13 Jun 99 20:13:04 EDT Contents: sbox design ([EMAIL PROTECTED]) Re: "Breaking" a cipher ([EMAIL PROTECTED]) Re: OTP is it really ugly to use or not? ([EMAIL PROTECTED]) Re: Prime number generators... ([EMAIL PROTECTED]) Still musing about DH key exchanges :-) (Peter Gunn) stream ciphers ("Maciej Maciejonek") Re: Slide Attack on Scott19u.zip ([EMAIL PROTECTED]) Re: Cracking DES ([EMAIL PROTECTED]) Re: stream ciphers (James Pate Williams, Jr.) Substituion methods (c a l a n d e) Re: Looking for a password encryption algorithm (Bill Unruh) Re: OTP is it really ugly to use or not? (Bill Unruh) Re: Random numbers on a sphere (Bill Unruh) Re: OTP is it really ugly to use or not? (Bill Unruh) Re: "Breaking" a cipher Re: RSA msg length... (Bill Unruh) Re: OTP is it really ugly to use or not? (fungus) Re: Substituion methods (fungus) From: [EMAIL PROTECTED] Subject: sbox design Date: Sun, 13 Jun 1999 18:15:13 GMT I have been peering at the sboxes from CAST-128 (I used them in my second simple cipher). And I would like to know about the criterion used to make them. This is what I know. 1. They used bent functions on the inputs 2. There are four 8x32 sboxes 3. When used like in CAST it forms a 32x32 sbox 4. They are resitant to differential and linear analysis. My questions are. 1. What is a bent function? 2. How is it resistant to the attacks? I have seen a site a long time ago where Charlse talks about them, but I lost the link. I would appreciate any links,urls,etc... Thanks, Tom -- PGP key is at: 'http://http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: "Breaking" a cipher Date: Sun, 13 Jun 1999 17:58:42 GMT Every key-based system is "breakable". The only interesting data on that is the "cost/time" curve. Not true. Every system is solvable. A break is finding the key (or the required information to forge/decrypt messages) faster then trying all keys. There are two types of advancements though. In things like RSA or DH where it's a number problem the speed increase is roughly tied to the evolvement of the algorithms used to solve. Note RSA had the QS then the NFS etc... In ciphers like DES (block ciphers, or symmetric key ciphers) the break requires something occuring with a higher then equal probability. This can suggest round keys or the entire key. The speed of a break is normally tied towards the speed of the machine, we note that different types of attacks (algorithms) may be faster. Most attacks against DES are brute force with several ciphertexts... Hope that helps. -- PGP key is at: 'http://http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: OTP is it really ugly to use or not? Date: Sun, 13 Jun 1999 18:03:01 GMT In article [EMAIL PROTECTED], fungus [EMAIL PROTECTED] wrote: Read the original post again...I never said RC4 was uncrackable, I gave it as an example of a pseudo-OTP. Here is the clip from your post I think it's more accurate to say that the absolute validity of the mathematical proof that the OTP is secure depends on the true randomness of the pad. It's perfectly possible to use a less than perfect random number generator for your one time pad and still have message security that can and will never be compromised. eg. RC4. The last sentence suggests that RC4 cannot be compromised, but it can. Tom -- PGP key is at: 'http://http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: Prime number generators... Date: Sun, 13 Jun 1999 18:00:38 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (James Pate Williams, Jr.) wrote: It seems that prime number generators of all numeric libraries OCCASIONALY hang slower computers. Is that happening to somebody else? When I had a Pentium I 90 MHz machine with 16 MB of RAM F-Secure SSH used to hang-up when I tried to generate a RSA key greater than 512-bits. Now that I have a Pentium II 450 MHz with 128 MB of RAM this does not occur. There are three possibilities... 1) It did not hang. It was just way slower. 2) It requires too much ram, and crashed 3) Newer software. I don't think the algorithm would just hang, so it most likely is #1. Tom -- PGP key is at: 'http://http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: Pet