Theory of Secure Computation - Joe Killian, NEC Labs

[sunder]

http://www.uwtv.org/programs/displayevent.asp?rid=2233
A bit sparse on details, but a good overview of all sorts of secure 
protocols.  Our friends Alice and Bob are of course present in various 
orgies of secure protocols.  :)

RE: SHA1 broken?

[Trei, Peter]

Actually, the final challenge was solved in 23 hours, about
1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding
the key after only 24% of the keyspace had been searched.

More recently, RC5-64 was solved about a year ago. It took
d.net 4 *years*. 

2^69 remains non-trivial.

Peter


-Original Message-
From: [EMAIL PROTECTED] on behalf of Dave Howe
Sent: Thu 2/17/2005 5:49 AM
To: Cypherpunks; Cryptography
Subject: Re: SHA1 broken?
 
Joseph Ashwood wrote:
  > I believe you are incorrect in this statement. It is a matter of public
> record that RSA Security's DES Challenge II was broken in 72 hours by 
> $250,000 worth of semi-custom machine, for the sake of solidity let's 
> assume they used 2^55 work to break it. Now moving to a completely 
> custom design, bumping up the cost to $500,000, and moving forward 7 
> years, delivers ~2^70 work in 72 hours (give or take a couple orders of 
> magnitude). This puts the 2^69 work well within the realm of realizable 
> breaks, assuming your attackers are smallish businesses, and if your 
> attackers are large businesses with substantial resources the break can 
> be assumed in minutes if not seconds.
> 
> 2^69 is completely breakable.
>Joe
   Its fine assuming that moore's law will hold forever, but without 
that you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that 
has been hashed with sha-1 can be considered breakable (but that would 
allow you to (for example) forge a digital signature given an example)
   This of course assumes that the "break" doesn't match the criteria 
from the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.

Re: Digital Water Marks Thieves

[Adam Fields]

On Tue, Feb 15, 2005 at 01:40:33PM -0500, R.A. Hettinga wrote:
> Until, of course, people figure out that taggants on everything do nothing
> but confuse evidence and custody, not help it.
> 
> Go ask the guys in the firearms labs about *that* one.

I like Bruce Schneier's take on this:

"The idea is for me to paint this stuff on my valuables as proof of
ownership. I think a better idea would be for me to paint it on your
valuables, and then call the police."

http://www.schneier.com/blog/archives/2005/02/smart_water.html

-- 
- Adam

-
** My new project --> http://www.visiognomy.com/daily
   **  Flagship blog --> http://www.aquick.org/blog
Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ]
Links:   [ http://del.icio.us/fields ]
Photos:  [ http://www.aquick.org/photoblog ]

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "Dave Howe" <[EMAIL PROTECTED]>
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?


Joseph Ashwood wrote:
 > I believe you are incorrect in this statement. It is a matter of public
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's 
assume they used 2^55 work to break it. Now moving to a completely custom 
design, bumping up the cost to $500,000, and moving forward 7 years, 
delivers ~2^70 work in 72 hours (give or take a couple orders of 
magnitude). This puts the 2^69 work well within the realm of realizable 
breaks, assuming your attackers are smallish businesses, and if your 
attackers are large businesses with substantial resources the break can 
be assumed in minutes if not seconds.

2^69 is completely breakable.
   Joe
  Its fine assuming that moore's law will hold forever, but without that 
you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that has 
been hashed with sha-1 can be considered breakable (but that would allow 
you to (for example) forge a digital signature given an example)
  This of course assumes that the "break" doesn't match the criteria from 
the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.
I believe you substantially misunderstood my statements, 2^69 work is doable 
_now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 
years to the present (and hence through known data) leads to a situation 
where the 2^69 work is achievable today in a reasonable timeframe (3 days), 
assuming reasonable quantities of available money ($500,000US). There is no 
guessing about what the future holds for this, the 2^69 work is NOW.


- Original Message - 
From: "Trei, Peter" <[EMAIL PROTECTED]>
To: "Dave Howe" <[EMAIL PROTECTED]>; "Cypherpunks" 
<[EMAIL PROTECTED]>; "Cryptography" 


Actually, the final challenge was solved in 23 hours, about
1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding
the key after only 24% of the keyspace had been searched.
More recently, RC5-64 was solved about a year ago. It took
d.net 4 *years*.
2^69 remains non-trivial.
What you're missing in this is that Deep Crack was already a year old at the 
time it was used for this, I was assuming that the most recent technologies 
would be used, so the 1998 point for Deep Crack was the critical point. Also 
if you check the real statistics for RC5-64 you will find that 
Distributed.net suffered from a major lack of optimization on the workhorse 
of the DES cracking effort (DEC Alpha processor) even to the point where 
running the X86 code in emulation was faster than the native code. Since an 
Alpha Processor had been the breaking force for DES Challenge I and a factor 
of > 1/3  for III this crippled the performance resulting in the Alphas 
running at only ~2% of their optimal speed, and the x86 systems were running 
at only about 50%. Based on just this 2^64 should have taken only 1.5 years. 
Additionally add in that virtually the entire Alpha community pulled out 
because we had better things to do with our processors (e.g. IIRC the same 
systems rendered Titanic) and Distributed.net was effectively sucked dry of 
workhorse systems, so a timeframe of 4-6 months is more likely, without any 
custom hardware and rather sad software optimization. Assuming that the new 
attacks can be pipelined (the biggest problem with the RC5-64 optimizations 
was pipeline breaking) it is entirely possible to use modern technology 
along with GaAs substrate to generate chips in the 10-20 GHz range, or about 
10x the speed available to Distributed.net. Add targetted hardware to the 
mix, deep pipelining, and massively multiprocessors and my numbers still 
hold, give or take a few orders of magnitude (the 8% of III done by Deep 
Crack in 23 hours is only a little over 2 orders of magnitude off, so within 
acceptable bounds).

2^69 is achievable, it may not be pretty, and it certainly isn't kind to the 
security of the vast majority of "secure" infrastructure, but it is 
achievable and while the cost bounds may have to be shifted, that is 
achievable as well.

It is still my view that everyone needs to keep a close eye on their hashes, 
make sure the numbers add up correctly, it is simply my view now that SHA-1 
needs to be put out to pasture, and the rest of the SHA line needs to be 
heavily reconsidered because of their close relation to SHA-1.

The biggest unknown surrounding this is the actual amount of work necessary 
to perform the 2^69, if the workload is all XOR then the costs and timeframe 
I gave are reasonably pessimistic, b

RE: [osint] Switzerland Repatriates $458m to Nigeria

[Tyler Durden]

Greetings Good Sir:
I have a business propisition for you. I am the president of Nigeria and I 
am trying to obtain $458m in accounts in Switzerland that were previously 
owned by the late General Sani Abacha. However, in order to release these 
funds I will need a local representative. In exchange for your services I am 
prepared to pay you 2.5% of the amount reclaimed.

Please contact me at your soonest convenience. I am sure we can make an 
equitable arrangement that will benefit us both.

God Bless you and your family.
(forwarded by Tyler Durden)
From: "R.A. Hettinga" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [osint] Switzerland Repatriates $458m to Nigeria
Date: Thu, 17 Feb 2005 12:34:06 -0500
--- begin forwarded text
To: "Bruce Tefft" <[EMAIL PROTECTED]>
Thread-Index: AcUVCpcZCIoZtD6dRp62Gatn1nTR2g==
From: "Bruce Tefft" <[EMAIL PROTECTED]>
Mailing-List: list osint@yahoogroups.com; contact 
[EMAIL PROTECTED]
Delivered-To: mailing list osint@yahoogroups.com
Date: Thu, 17 Feb 2005 11:06:28 -0500
Subject: [osint] Switzerland Repatriates $458m to Nigeria
Reply-To: osint@yahoogroups.com

http://allafrica.com/stories/200502170075.html

Switzerland Repatriates $458m to Nigeria





This
  Day (Lagos)
February 17, 2005
Posted to the web February 17, 2005
Kunle Aderinokun
Abuja
FG to start drawing funds in March
The Federal Government yesterday announced that the Swiss government has
approved the repatriation of $458 million, being bulk of the $505 million 
of
public fund stashed away in various private bank accounts in that country 
by
the late General Sani Abacha and his family.

Making this disclosure yesterday in Abuja at the instance of Swiss
Ambassador to Nigeria, Dr. Pierre Helg, Finance Ministe Ngozi Okonjo-Iweala
said the fund will be transferred into the International Bank for 
Settlement
(BIS) in Basel, Switzerland, and that Nigeria will be able to withdraw the
money by the end of March this year.

Okonjo-Iweala, who said the Swiss authorities did not attach any condition
for the repatriation of the siphoned monies, said the release was sequel to
the judgment of the Swiss Federal Court, which ruled that the "Swiss
authorities may return assets of obviously criminal origin to Nigeria even
without a court decision in the country concerned."
The finance minister said President Olusegun Obasanjo since assumption of
office had vigorously and relentlessly pursued return of the funds with the
help of the National Security Adviser and herself.
Noting that with this development, Switzerland has earned a positive status
as the first country to return funds illegally placed by the Abacha family,
Okonjo-Iweala said "the Federal Government is indeed grateful to the
government of Switzerland for the principled and focused manner in which it
has pursued this just cause."
"We hope that the Swiss example at both the political and judicial level
will show the way for other countries where our national resources have 
been
illegally transferred. Switzerland's policy on this issue is a clear sign
that crime does not pay. Nigeria is ready to work with other governments to
achieved the repatriation of other funds which were siphoned out of the
country illegally," she added.

She recalled that Obasanjo had on behalf of the administration made a
commitment to the Swiss government that the Abacha loots will be used for
developmental projects in health and education as well as for 
infrastructure
(roads, electricity and water supply) for the benefit of Nigerians.

"This", she pointed out, "is of course, very much in keeping with the
priorities of the National Economic Empowerment and Development Strategy
(NEEDS), the nation's blue-print for reducing poverty, creating wealth and
generating employment."
She stated that after receiving the assurances of the Swiss authorities 
that
the funds will be released , the federal government had "decided to factor
most of the Abacha funds into the 2004 budget so that the urgent challenges
of providing infrastructure and social services to our people would not be
delayed. This is to ensure that our programmes which are on-going are
adequately funded."

According to her, the Federal Government had distributed the recovered $505
million looted funds in the 2004 budget as: rural electrification,
$170million (N21.70billion); priority economic roads, $140 million
(N18.60billion); primary health care vaccination programme, $80 million
(N10.83 billion); support to secondary and basic education, $60 million
(N7.74 billion); and portable water and rural irrigation, $50 million 
(N6.20
billion).

In his remarks, the Swiss ambassador to Nigeria, Helg said "Switzerland
possesses an efficient set of legal instruments to defend itself against 
the
inflow of illegal assets, and to recognize, block and return them to their
rightful owners." He noted that "the recent decision of the Federal Supreme
Court will stre