Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #12 Mon, 25 Sep 00 23:13:00 EDT Contents: Re: On block encrpytion processing with intermediate permutations (Tom St Denis) Re: A Different Kind of Quantum Computer (John Savard) Re: What am I missing? (Matthew Skala) Re: What make a cipher resistent to Differential Cryptanalysis? (Tom St Denis) Re: Question on biases in random numbers decompression (Samuel Paik) Re: Question on biases in random-numbers decompression (Terry Ritter) Explanation of LFSR's in Cryptography (Jeff Gonion) RC4 from the past (=?ISO-8859-1?Q?Jacques_Th=E9riault?=) Re: Tying Up Loose Ends - Correction (Bryan Olson) continuous functions and differential cryptanalysis (Tom St Denis) NTRU question (actually truncated modular polynomial question) (Benjamin Goldberg) Re: continuous functions and differential cryptanalysis (Paul Rubin) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: On block encrpytion processing with intermediate permutations Date: Mon, 25 Sep 2000 23:46:47 GMT In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: Tom St Denis wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: I should very much appreciate comments on the following idea: . [snip] This only will work when 1) You both have the same PRNG, possibly key derivied, thus the PRNG must be salted, or something If PRNG is used (i.e. instead of using sorting), there is only one PRNG. In this case I would prefer a secret seed that is independent of the key of the block cipher. This of course means that one employs more secret informations, i.e. using a longer 'effective' key. 2) The messages are over several blocks long. Yes. Still you have to consider the possibilty that some halves are not mixed as well with the others (i.e disjoint cycles in the shuffling). Consider the halves (paired means they go thru a cycle together) R1: ab cd ef gh R2: ac be df gh R3: ae cf db gh ...gh is never moved... I understand that gh forms a block. In this case the gh block is not profited by the permutation, i.e. the block is processed by the original block algorithm through all its cycles. Obviously that's not likely but low diffusion is a probable consequence over the entire message with this scheme. It gets worse as the message size increases... (more chance that two halves never interact, or interact an equal amount of times). I don't think so. If the message is large, the number of the parts a, b, etc. become large. In that case the chance of a pair remain sticking together at the same location should be lower. If a block consists of 4 words instead of 2 words, there would be a similar favourable effect. No, My point was that not all halves would affect each other DIRECTLY. That is optimum diffusion. It's a neat idea, but not terribly secure I would think. What would interest me is the question whether employing permutation could in general be better than block chaining or not. If not, then the scheme would have no value. Ok Consider a 128-bit block cipher where I permute the 16 bytes then pass the clumps through a 16x16 sbox... There will be alot of weak permutes where the diffusion is not terribly high amongst all words. Also the PRNG must be reseed'ed for each block otherwise you have a stream cipher, not a block cipher not terribly usefull since seeking is a benefit of block ciphers. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: A Different Kind of Quantum Computer Date: Tue, 26 Sep 2000 00:07:19 GMT On Mon, 25 Sep 2000 15:37:42 -0700, "A. Melon" [EMAIL PROTECTED] almost wrote, in part: Quantum computers can only solve problems in BQP, which is not thought to include NP-complete problems. Now there is a new type of quantum computer being proposed: http://xxx.lanl.gov/abs/quant-ph/9910073 The paper claims this could solve NP-complete and sharp-P-complete problems. No, this isnt the End Of Cryptography As We Know It (EOCAWKI). Even if the claims are true, it may be impossible to actually build. Even if it is possible to build, it will be easy to make ciphers that defeat it. For example, make a random, public, invertible, 27x27 sbox, and distribute it on CD-ROM. Encrypt a block by applying AES, then passing it through the sbox (in groups of 27 bits), then applying AES again. The sbox is only 432MB, so it is easy to distribute. Oh, dear. I have visions Scott27u now. The quantum computer would need millions of qbits to crack it. I wonder. There might be a meet-in-the-middle attack. Because the quantum computer's copy of the CD-ROM would *not* have to be in qbits, since the CD-ROM is fixed and public; the number of qbits only has to be the length of the secret key. But th
Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #11 Mon, 15 May 00 02:13:01 EDT
Contents:
Re: Unbreakable encryption. ([EMAIL PROTECTED])
Re: S-BOX Construction Tutorial? (John Savard)
Re: S-BOX Construction Tutorial? (John Savard)
Re: Unbreakable encryption. ([EMAIL PROTECTED])
Re: Unbreakable encryption. ([EMAIL PROTECTED])
Re: Encryption of graphics by transposition (wtshaw)
Re: S-BOX Construction Tutorial? (Mok-Kong Shen)
Re: Notes on the "Vortex" block cipher ([EMAIL PROTECTED])
Re: S-BOX Construction Tutorial? ("Scott Fluhrer")
Re: Unbreakable encryption. (wtshaw)
Re: S-BOX Construction Tutorial? (Mok-Kong Shen)
Re: AES Comment: the Hitachi patent (Mok-Kong Shen)
Re: S-BOX Construction Tutorial? (Mok-Kong Shen)
From: [EMAIL PROTECTED]
Subject: Re: Unbreakable encryption.
Date: Mon, 15 May 2000 04:17:19 GMT
My post must have been unclear to you. Let me explain in another
way.
You need not use 16=F, you can remap 17=F, or 104=F or 222=F
or anything for that matter. This is called symbol remapping.
Its supported in the calc if you are interested in testing it.
Also, you seem to have missed the major point... Fixed keylength
cyphers and fixed symbols table cyphers can be brute force searched.
the keys decryption and encryption are symmetric. Whereas, using
base encryption, you don't even have something to brute force search
through.
1) You don't know the algorithm used (its dynamic), so you
don't have a starting point.
2) You don't know the base, so you also don't have a starting point.
Lets say I give you this...
oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf
In or whatever, what you would do is start permutating the
keys (lets say 56 bit) starting at
00 00 00 00 00 00
and end at
11 11 11 11 11 11
You pipe this through the fixkeylengh cypherblock, and eventually
you will get your decoded message.
Well, lets say I gave you the same message encrypted using
BASE encryption.
Where do you start? You don't know whether
oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf
is base 100 or base 200 or any base for that matter. Remember,
just one increase in the base (symbol space) changes the answer in the
cyphertext. This involves not just standard mappings, (like you are
used to 16=f). You can remap the input and output characters.
But then you also forgot about the algorithms that are applied to it.
It can be considered an encryption algorithm because
1) It does symbol substitution for remapping (which is the most basic
form of encryption. I think Ceasar used it)
2) It uses base conversion (or any algorithm you can think of) for
basic base conversion (symbol conversion)
3) It uses any combination of operatiors as the actual heavy duty
encryption. (you can use rotation, shift, add, subtract, invert,
a compression algorithm, ANYTHING).
Which means what? It is more secure than DES or Blowfish without
even the different symbols space (base). That is because
the Base encryption algorithm used is dynamic, it can be changed on the
fly. Whereas all the other cypherblock encryptions use standard
routines (rotate, xor, etc) in a fixed sequence.
Remember, dynamic algorithm is more secure than static algorithms.
You seem to misunderstand the major point
ALL the algorithms and ALL the keylengths of ALL the encryption
systems are static. This is the most unsecure
part. It is the weak link for brute force searches.
And to answer your n-bits input and n-bits output. Think of it
this way... it will clearify my point.
What is the symbol set used before the compression to n-bits?
What is the symbol set used to decompress the n-bits back to regular
text?
They are the same aren't they?
And they are both N bits right?
And you have to break up the message into n-bit size to feed
it into the cypher block right?
So in essense the compression algorithm is basically taking the
same symbol base and compacting it.
Well, you can do the same thing before feeding it into BASE
encryption (it will make it even more secure).
Base encryption can be augmentative, and go on top of or below
existing algorithms if you think universally about it.
Also. BASE encryption is not n-bits, its not fixed. You can FEED
THE WHOLE MESSAGE INTO IT AT ONCE. It is DYNAMIC bits.
The bit size is variable, affected by BASE (symbol set), algorithm
used before and after base conversion (or any other conversion).
So let me repeat...
given...
oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf
How do you start decrypting it using Base encryption?
You can't right? You have to guess
1) The Base of this message (now did he use base 26? or standard
ASCII, or some large base with duplicates? or a chinese unicode?)
(And is this the result of base 26 or some other base?)
2) What is the conversion algorithm u
Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #10 Mon, 20 Dec 99 21:13:01 EST
Contents:
Re: Q: transcendental pad crypto ("Tony T. Warnock")
Re: Attacks on a PKI ([EMAIL PROTECTED])
Re: Q: transcendental pad crypto ("dls2")
Re: Q: transcendental pad crypto ("dls2")
Re: Keystrokes monitored/encryption useless (Nemo Outis)
Re: Q: transcendental pad crypto ("dls2")
Not All Sophie Germain Primes Are "Safe". (Ted Kaliszewski)
Re: compression encryption (Tim Tyler)
Re: simple rng idea (Gregory G Rose)
Re: Q: transcendental pad crypto (Tim Tyler)
Re: Code Puzzle (Jim Gillogly)
Re: Q: transcendental pad crypto (CLSV)
Re: Q: transcendental pad crypto (Tim Tyler)
Re: Q: transcendental pad crypto (Tim Tyler)
Re: Microsoft- PKI/E-comm Director Opening (Ajay Shekhawat)
Re: random numbers straight out of MS BASIC (Tim Tyler)
Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ? (Arturo)
From: "Tony T. Warnock" [EMAIL PROTECTED]
Subject: Re: Q: transcendental pad crypto
Date: Mon, 20 Dec 1999 16:13:15 -0700
Reply-To: [EMAIL PROTECTED]
dls2 wrote:
"John Savard" [EMAIL PROTECTED] wrote:
"dls2" [EMAIL PROTECTED] wrote:
Do transcendental numbers qualify as pseudo-random, or
as truely-random, for purposes of one-time pads?
Pseudo-random, since calculating the value of a transcendental
number is a deterministic process. And an inefficient one, for the
level of security provided.
If there are an infinite number of transcendental numbers, then I fail
to see why. If the transcendental is picked randomly, then doesn't
the resulting stream of numbers also qualify as random?
Derrick Shearer
[EMAIL PROTECTED]
How do you pick a transcendantal number at random? If one could pick an
object at random, the problem would be solved.
--
From: [EMAIL PROTECTED]
Subject: Re: Attacks on a PKI
Date: Mon, 20 Dec 1999 23:09:29 GMT
Huh?
We look forward to PKI for lots of reasons that have nothing to do
with
e-commerce. Just the ability to do away with lots of paper (that we
had to keep
with wet signatures) is useful.
Of course PKI can be valuable for strong authentication of
individuals too.
Dear Timothy,
Please enlighten us by telling the 'lots' of reasons to look forward to
PKI other than e-commerce.
If a CA key in a PKI is compromised (doesn't have to be a root), you
still think that stong authentication would hold?
Many certificates these days are about as strongly authentic as a
hotmail address - anyone can get one.
David
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: "dls2" [EMAIL PROTECTED]
Subject: Re: Q: transcendental pad crypto
Date: Mon, 20 Dec 1999 18:19:29 -0500
"John Savard" [EMAIL PROTECTED] wrote:
"dls2" [EMAIL PROTECTED] wrote:
I disagree. Every number is computable; it follows from
induction.
Yes, every _integer_ is computable.
As there are only aleph-null possible computer programs,
the existence of uncomputable reals follows from Cantor's
diagonal proof.
Um, no. Cantor's diagonal METHOD allows for the induction
of an infinite number of reals, just as there are an infinite
number of integers, with no impact on computability, other
than computations. Algorithms are distinct from answers,
and infinite is still infinite.
"Since [Cantor's diagonal] method may be applied to any
such list, we may then state that no complete list of real
numbers within any finite range may be created. Thus, there
is no one to one correspondence between the real and
natural numbers, and therefore, the real numbers must be of
a higher cardinality than the natural numbers."
http://users.javanet.com/~cloclo/cantdiag.html
--
From: "dls2" [EMAIL PROTECTED]
Subject: Re: Q: transcendental pad crypto
Date: Mon, 20 Dec 1999 18:31:19 -0500
"John Savard" [EMAIL PROTECTED] wrote:
"dls2" [EMAIL PROTECTED] wrote:
"Lincoln Yeoh" [EMAIL PROTECTED] wrote:
Spend your time figuring out how to create a good and
secure source of randomness which no one else can get
access to.
I give up. So tell me, how is it done, seriously?
Rolling dice. Diode or resistor thermal noise, sensed
electronically.
Physics! Physics is arguably predictable, i.e. non-random. So
how is its use really so different from the use of transcendental
numbers?
But the one-time-pad is awkwards enough so that algorithms
are used for encryption - but the algorithm of calulating the
decimal expansion of a mathematical formula is not a
particularly good one for this purpose.
Why not? It doesn't seem any worse than the use of physics.
Derrick Shearer
[EMAIL PROTECTED]
--
From:
