Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #12 Mon, 25 Sep 00 23:13:00 EDT Contents: Re: On block encrpytion processing with intermediate permutations (Tom St Denis) Re: A Different Kind of Quantum Computer (John Savard) Re: What am I missing? (Matthew Skala) Re: What make a cipher resistent to Differential Cryptanalysis? (Tom St Denis) Re: Question on biases in random numbers decompression (Samuel Paik) Re: Question on biases in random-numbers decompression (Terry Ritter) Explanation of LFSR's in Cryptography (Jeff Gonion) RC4 from the past (=?ISO-8859-1?Q?Jacques_Th=E9riault?=) Re: Tying Up Loose Ends - Correction (Bryan Olson) continuous functions and differential cryptanalysis (Tom St Denis) NTRU question (actually truncated modular polynomial question) (Benjamin Goldberg) Re: continuous functions and differential cryptanalysis (Paul Rubin) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: On block encrpytion processing with intermediate permutations Date: Mon, 25 Sep 2000 23:46:47 GMT In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: Tom St Denis wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: I should very much appreciate comments on the following idea: . [snip] This only will work when 1) You both have the same PRNG, possibly key derivied, thus the PRNG must be salted, or something If PRNG is used (i.e. instead of using sorting), there is only one PRNG. In this case I would prefer a secret seed that is independent of the key of the block cipher. This of course means that one employs more secret informations, i.e. using a longer 'effective' key. 2) The messages are over several blocks long. Yes. Still you have to consider the possibilty that some halves are not mixed as well with the others (i.e disjoint cycles in the shuffling). Consider the halves (paired means they go thru a cycle together) R1: ab cd ef gh R2: ac be df gh R3: ae cf db gh ...gh is never moved... I understand that gh forms a block. In this case the gh block is not profited by the permutation, i.e. the block is processed by the original block algorithm through all its cycles. Obviously that's not likely but low diffusion is a probable consequence over the entire message with this scheme. It gets worse as the message size increases... (more chance that two halves never interact, or interact an equal amount of times). I don't think so. If the message is large, the number of the parts a, b, etc. become large. In that case the chance of a pair remain sticking together at the same location should be lower. If a block consists of 4 words instead of 2 words, there would be a similar favourable effect. No, My point was that not all halves would affect each other DIRECTLY. That is optimum diffusion. It's a neat idea, but not terribly secure I would think. What would interest me is the question whether employing permutation could in general be better than block chaining or not. If not, then the scheme would have no value. Ok Consider a 128-bit block cipher where I permute the 16 bytes then pass the clumps through a 16x16 sbox... There will be alot of weak permutes where the diffusion is not terribly high amongst all words. Also the PRNG must be reseed'ed for each block otherwise you have a stream cipher, not a block cipher not terribly usefull since seeking is a benefit of block ciphers. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: A Different Kind of Quantum Computer Date: Tue, 26 Sep 2000 00:07:19 GMT On Mon, 25 Sep 2000 15:37:42 -0700, "A. Melon" [EMAIL PROTECTED] almost wrote, in part: Quantum computers can only solve problems in BQP, which is not thought to include NP-complete problems. Now there is a new type of quantum computer being proposed: http://xxx.lanl.gov/abs/quant-ph/9910073 The paper claims this could solve NP-complete and sharp-P-complete problems. No, this isnt the End Of Cryptography As We Know It (EOCAWKI). Even if the claims are true, it may be impossible to actually build. Even if it is possible to build, it will be easy to make ciphers that defeat it. For example, make a random, public, invertible, 27x27 sbox, and distribute it on CD-ROM. Encrypt a block by applying AES, then passing it through the sbox (in groups of 27 bits), then applying AES again. The sbox is only 432MB, so it is easy to distribute. Oh, dear. I have visions Scott27u now. The quantum computer would need millions of qbits to crack it. I wonder. There might be a meet-in-the-middle attack. Because the quantum computer's copy of the CD-ROM would *not* have to be in qbits, since the CD-ROM is fixed and public; the number of qbits only has to be the length of the secret key. But th
Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #11 Mon, 15 May 00 02:13:01 EDT Contents: Re: Unbreakable encryption. ([EMAIL PROTECTED]) Re: S-BOX Construction Tutorial? (John Savard) Re: S-BOX Construction Tutorial? (John Savard) Re: Unbreakable encryption. ([EMAIL PROTECTED]) Re: Unbreakable encryption. ([EMAIL PROTECTED]) Re: Encryption of graphics by transposition (wtshaw) Re: S-BOX Construction Tutorial? (Mok-Kong Shen) Re: Notes on the "Vortex" block cipher ([EMAIL PROTECTED]) Re: S-BOX Construction Tutorial? ("Scott Fluhrer") Re: Unbreakable encryption. (wtshaw) Re: S-BOX Construction Tutorial? (Mok-Kong Shen) Re: AES Comment: the Hitachi patent (Mok-Kong Shen) Re: S-BOX Construction Tutorial? (Mok-Kong Shen) From: [EMAIL PROTECTED] Subject: Re: Unbreakable encryption. Date: Mon, 15 May 2000 04:17:19 GMT My post must have been unclear to you. Let me explain in another way. You need not use 16=F, you can remap 17=F, or 104=F or 222=F or anything for that matter. This is called symbol remapping. Its supported in the calc if you are interested in testing it. Also, you seem to have missed the major point... Fixed keylength cyphers and fixed symbols table cyphers can be brute force searched. the keys decryption and encryption are symmetric. Whereas, using base encryption, you don't even have something to brute force search through. 1) You don't know the algorithm used (its dynamic), so you don't have a starting point. 2) You don't know the base, so you also don't have a starting point. Lets say I give you this... oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf In or whatever, what you would do is start permutating the keys (lets say 56 bit) starting at 00 00 00 00 00 00 and end at 11 11 11 11 11 11 You pipe this through the fixkeylengh cypherblock, and eventually you will get your decoded message. Well, lets say I gave you the same message encrypted using BASE encryption. Where do you start? You don't know whether oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf is base 100 or base 200 or any base for that matter. Remember, just one increase in the base (symbol space) changes the answer in the cyphertext. This involves not just standard mappings, (like you are used to 16=f). You can remap the input and output characters. But then you also forgot about the algorithms that are applied to it. It can be considered an encryption algorithm because 1) It does symbol substitution for remapping (which is the most basic form of encryption. I think Ceasar used it) 2) It uses base conversion (or any algorithm you can think of) for basic base conversion (symbol conversion) 3) It uses any combination of operatiors as the actual heavy duty encryption. (you can use rotation, shift, add, subtract, invert, a compression algorithm, ANYTHING). Which means what? It is more secure than DES or Blowfish without even the different symbols space (base). That is because the Base encryption algorithm used is dynamic, it can be changed on the fly. Whereas all the other cypherblock encryptions use standard routines (rotate, xor, etc) in a fixed sequence. Remember, dynamic algorithm is more secure than static algorithms. You seem to misunderstand the major point ALL the algorithms and ALL the keylengths of ALL the encryption systems are static. This is the most unsecure part. It is the weak link for brute force searches. And to answer your n-bits input and n-bits output. Think of it this way... it will clearify my point. What is the symbol set used before the compression to n-bits? What is the symbol set used to decompress the n-bits back to regular text? They are the same aren't they? And they are both N bits right? And you have to break up the message into n-bit size to feed it into the cypher block right? So in essense the compression algorithm is basically taking the same symbol base and compacting it. Well, you can do the same thing before feeding it into BASE encryption (it will make it even more secure). Base encryption can be augmentative, and go on top of or below existing algorithms if you think universally about it. Also. BASE encryption is not n-bits, its not fixed. You can FEED THE WHOLE MESSAGE INTO IT AT ONCE. It is DYNAMIC bits. The bit size is variable, affected by BASE (symbol set), algorithm used before and after base conversion (or any other conversion). So let me repeat... given... oisdd9823oieoisdg08eojiweljf##@98oefji23#@2jf How do you start decrypting it using Base encryption? You can't right? You have to guess 1) The Base of this message (now did he use base 26? or standard ASCII, or some large base with duplicates? or a chinese unicode?) (And is this the result of base 26 or some other base?) 2) What is the conversion algorithm u
Cryptography-Digest Digest #775
Cryptography-Digest Digest #775, Volume #10 Mon, 20 Dec 99 21:13:01 EST Contents: Re: Q: transcendental pad crypto ("Tony T. Warnock") Re: Attacks on a PKI ([EMAIL PROTECTED]) Re: Q: transcendental pad crypto ("dls2") Re: Q: transcendental pad crypto ("dls2") Re: Keystrokes monitored/encryption useless (Nemo Outis) Re: Q: transcendental pad crypto ("dls2") Not All Sophie Germain Primes Are "Safe". (Ted Kaliszewski) Re: compression encryption (Tim Tyler) Re: simple rng idea (Gregory G Rose) Re: Q: transcendental pad crypto (Tim Tyler) Re: Code Puzzle (Jim Gillogly) Re: Q: transcendental pad crypto (CLSV) Re: Q: transcendental pad crypto (Tim Tyler) Re: Q: transcendental pad crypto (Tim Tyler) Re: Microsoft- PKI/E-comm Director Opening (Ajay Shekhawat) Re: random numbers straight out of MS BASIC (Tim Tyler) Re: The 20 years periods did apply to 2 of the 3 patents. Why not for RSA ? (Arturo) From: "Tony T. Warnock" [EMAIL PROTECTED] Subject: Re: Q: transcendental pad crypto Date: Mon, 20 Dec 1999 16:13:15 -0700 Reply-To: [EMAIL PROTECTED] dls2 wrote: "John Savard" [EMAIL PROTECTED] wrote: "dls2" [EMAIL PROTECTED] wrote: Do transcendental numbers qualify as pseudo-random, or as truely-random, for purposes of one-time pads? Pseudo-random, since calculating the value of a transcendental number is a deterministic process. And an inefficient one, for the level of security provided. If there are an infinite number of transcendental numbers, then I fail to see why. If the transcendental is picked randomly, then doesn't the resulting stream of numbers also qualify as random? Derrick Shearer [EMAIL PROTECTED] How do you pick a transcendantal number at random? If one could pick an object at random, the problem would be solved. -- From: [EMAIL PROTECTED] Subject: Re: Attacks on a PKI Date: Mon, 20 Dec 1999 23:09:29 GMT Huh? We look forward to PKI for lots of reasons that have nothing to do with e-commerce. Just the ability to do away with lots of paper (that we had to keep with wet signatures) is useful. Of course PKI can be valuable for strong authentication of individuals too. Dear Timothy, Please enlighten us by telling the 'lots' of reasons to look forward to PKI other than e-commerce. If a CA key in a PKI is compromised (doesn't have to be a root), you still think that stong authentication would hold? Many certificates these days are about as strongly authentic as a hotmail address - anyone can get one. David Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "dls2" [EMAIL PROTECTED] Subject: Re: Q: transcendental pad crypto Date: Mon, 20 Dec 1999 18:19:29 -0500 "John Savard" [EMAIL PROTECTED] wrote: "dls2" [EMAIL PROTECTED] wrote: I disagree. Every number is computable; it follows from induction. Yes, every _integer_ is computable. As there are only aleph-null possible computer programs, the existence of uncomputable reals follows from Cantor's diagonal proof. Um, no. Cantor's diagonal METHOD allows for the induction of an infinite number of reals, just as there are an infinite number of integers, with no impact on computability, other than computations. Algorithms are distinct from answers, and infinite is still infinite. "Since [Cantor's diagonal] method may be applied to any such list, we may then state that no complete list of real numbers within any finite range may be created. Thus, there is no one to one correspondence between the real and natural numbers, and therefore, the real numbers must be of a higher cardinality than the natural numbers." http://users.javanet.com/~cloclo/cantdiag.html -- From: "dls2" [EMAIL PROTECTED] Subject: Re: Q: transcendental pad crypto Date: Mon, 20 Dec 1999 18:31:19 -0500 "John Savard" [EMAIL PROTECTED] wrote: "dls2" [EMAIL PROTECTED] wrote: "Lincoln Yeoh" [EMAIL PROTECTED] wrote: Spend your time figuring out how to create a good and secure source of randomness which no one else can get access to. I give up. So tell me, how is it done, seriously? Rolling dice. Diode or resistor thermal noise, sensed electronically. Physics! Physics is arguably predictable, i.e. non-random. So how is its use really so different from the use of transcendental numbers? But the one-time-pad is awkwards enough so that algorithms are used for encryption - but the algorithm of calulating the decimal expansion of a mathematical formula is not a particularly good one for this purpose. Why not? It doesn't seem any worse than the use of physics. Derrick Shearer [EMAIL PROTECTED] -- From: