Q: SAC
in [Cryptography]
|
Prev: RSA key size and safety
Next: MBOL AAOT MBCL LUAT MKAT
From: Tom St Denis on 23 Sep 2009 12:38 On Sep 23, 9:23 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Tom St Denis wrote: > > ..... For example, take a > > simple cipher > > > C = sbox[P xor K] > > > Where K is random. Even if sbox[] were known [and bijective] the > > output would still be "random" provided that K is random. > > That seems to be fairly clear. But if the sbox is known, there seems > to be no purpose to use it at all (for crypto), isn't it? That's a stupid question, even from you. The sbox is a design principle of the cipher, it's ASSUMED to be public knowledge. I can't say this in any more stressful fashion so I'll cruise on caps... ALL OF MODERN CRYPTOGRAPHY'S SECURITY IS [IDEALLY] BASED ON THE PREMISE THAT THE CIPHER OR ALGORITHM IS PUBLICLY DISCLOSED AND THAT THE KEY(S) REMAIN SECRET. Tom
From: Greg Rose on 23 Sep 2009 13:30 In article <h9d82c$6tj$00$1(a)news.t-online.com>, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: >Maaartin wrote: > >> Did you tried it? What's the probability of such a matrix being >> regular? I'd guess, quite low, but I'm not sure. >> Nonetheless, designing an algorithm making regular matrices should be >> very easy. > >I am not sure that one could have an algorithm that gives a >non-singular matrix having columns with 50% 0 and 50% 1 >(quite randomly) and yet without having to go through an iteration >process (i.e. here trial and error). Simply getting an arbitrarily >quite random appearing non-singular matrix is of course entirely >trivial. I have come up with an algorithm to ensure that such a matrix is invertible, with about 5 minutes of thought. (Start with an identity matrix, and for each column, add other columns until they have the desired number of ones. It must terminate and can't be terribly inefficient, I don't think.) However I must say that I'm depressed that Mok-Kong Shen is back. In my opinion he's the worst of the trolls ever to hit sci.crypt, because he absolutely refuses to do independent thinking, always apologizes for refusing to learn, and yet sounds so plausible. So I will no longer reply to him, and I urge others not to, too. Greg. -- Greg Rose 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
From: Mok-Kong Shen on 24 Sep 2009 13:52 Tom St Denis wrote: > On Sep 23, 9:23 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: >> Tom St Denis wrote: >>> ..... For example, take a >>> simple cipher >>> C = sbox[P xor K] >>> Where K is random. Even if sbox[] were known [and bijective] the >>> output would still be "random" provided that K is random. >> That seems to be fairly clear. But if the sbox is known, there seems >> to be no purpose to use it at all (for crypto), isn't it? > > That's a stupid question, even from you. > > The sbox is a design principle of the cipher, it's ASSUMED to be > public knowledge. I can't say this in any more stressful fashion so > I'll cruise on caps... > > ALL OF MODERN CRYPTOGRAPHY'S SECURITY IS [IDEALLY] BASED ON THE > PREMISE THAT THE CIPHER OR ALGORITHM IS PUBLICLY DISCLOSED AND THAT > THE KEY(S) REMAIN SECRET. No. I was criticizing your stating that's a cipher. I mean, since the opponent knows the Sbox, he can strip it right away, so the "existence" of the sbox in the cipher serves no purpose (no designer would add an absolutely redundant component). Saying C = P xor K is a an example of a simple cipher is o.k. Do you get it? M. K. Shen
From: Mok-Kong Shen on 24 Sep 2009 14:39 Greg Rose wrote: > Mok-Kong Shen wrote: >> I am not sure that one could have an algorithm that gives a >> non-singular matrix having columns with 50% 0 and 50% 1 >> (quite randomly) and yet without having to go through an iteration >> process (i.e. here trial and error). Simply getting an arbitrarily >> quite random appearing non-singular matrix is of course entirely >> trivial. > > I have come up with an algorithm to ensure that > such a matrix is invertible, with about 5 minutes > of thought. (Start with an identity matrix, and > for each column, add other columns until they have > the desired number of ones. It must terminate and > can't be terribly inefficient, I don't think.) I am fairly sure that that wouldn't work. In the following, I started with a 4*4 identity matrix. I did 3 steps to achieve 50% 0 and 50% 1 in the first 3 columns, but then I am stuck. There is evidently no way to get the 4-th column to satisfy the required condition. 1000 1000 1000 1000 0100 1100 1100 1100 0010 0010 0110 0110 0001 0001 0001 0011 > However I must say that I'm depressed that > Mok-Kong Shen is back. In my opinion he's the > worst of the trolls ever to hit sci.crypt, because > he absolutely refuses to do independent thinking, > always apologizes for refusing to learn, and yet > sounds so plausible. > > So I will no longer reply to him, and I urge others > not to, too. I hope that you, as a good scientist, would "valuate" science over any personal feelings/opinions and therefore would nonetheless (at least in this "special" case) answer to my demonstration above, because it very clearly shows that your modified idea of constructing an non-singular matrix satsifying my stated condition cannot work at all. Of course, I would also be grateful, if anyone of the group (in your place) could show that your idea indeed works, in case I am wrong. Thanks. M. K. Shen ----------------------------------------------------------------- My favourite citation for scientific discussions: Was sich ueberhaupt sagen laesst, laesst sich klar sagen; und wovon man nicht sprechen kann, darueber muss man schweigen. L. Wittgenstein.
From: Unruh on 24 Sep 2009 18:21
Mok-Kong Shen <mok-kong.shen(a)t-online.de> writes: >Tom St Denis wrote: >> On Sep 23, 9:23 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: >>> Tom St Denis wrote: >>>> ..... For example, take a >>>> simple cipher >>>> C = sbox[P xor K] >>>> Where K is random. Even if sbox[] were known [and bijective] the >>>> output would still be "random" provided that K is random. >>> That seems to be fairly clear. But if the sbox is known, there seems >>> to be no purpose to use it at all (for crypto), isn't it? >> >> That's a stupid question, even from you. >> >> The sbox is a design principle of the cipher, it's ASSUMED to be >> public knowledge. I can't say this in any more stressful fashion so >> I'll cruise on caps... >> >> ALL OF MODERN CRYPTOGRAPHY'S SECURITY IS [IDEALLY] BASED ON THE >> PREMISE THAT THE CIPHER OR ALGORITHM IS PUBLICLY DISCLOSED AND THAT >> THE KEY(S) REMAIN SECRET. >No. I was criticizing your stating that's a cipher. I mean, since the >opponent knows the Sbox, he can strip it right away, so the "existence" >of the sbox in the cipher serves no purpose (no designer would >add an absolutely redundant component). Saying C = P xor K is a an >example of a simple cipher is o.k. Do you get it? No, you cannot strip it away. You maybe could IF it were "bijective" Ie a simple permuation, but and Sbox is a non-linear many to one map. You cannot undo it. For every output there are many inputs. The cypher as a whole is one to one, but the subsets of it are not. Ie, given the outputs of the sbox, you do not know what the inputs are. Thus you cannot strip it away. >M. K. Shen |