Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
possible fractal key exchange algo...
91 views
Skip to first unread message
Chris M. Thomasson
Aug 29, 2015, 7:19:15 PM8/29/15
to
I am thinking of Diffie–Hellman key exchange and how it could
possibly apply to my cipher. Well, I am thinking about the following,
perhaps extremely naive, simplistic method:
_________________________________________________________
Alice and Bob decide on a fractal formula F and a point P.
Alice thinks of a random unsigned integer AN.
Bob thinks of a random unsigned integer BN.
Alice sends Bob AN.
Bob sends Alice BN.
Alice iterates F with P (AN + BN) times and gets a secret point S.
Bob iterates F with P (BN + AN) times and gets S as well.
Alice and Bob now share the secret point S and can use that to send
encrypted
messages to each other using F along with S.
_________________________________________________________
It should work...
What's wrong with it? What am I missing?
Try not to be too harsh as I am new at this stuff!
;^o
possibly apply to my cipher. Well, I am thinking about the following,
perhaps extremely naive, simplistic method:
_________________________________________________________
Alice and Bob decide on a fractal formula F and a point P.
Alice thinks of a random unsigned integer AN.
Bob thinks of a random unsigned integer BN.
Alice sends Bob AN.
Bob sends Alice BN.
Alice iterates F with P (AN + BN) times and gets a secret point S.
Bob iterates F with P (BN + AN) times and gets S as well.
Alice and Bob now share the secret point S and can use that to send
encrypted
messages to each other using F along with S.
_________________________________________________________
It should work...
What's wrong with it? What am I missing?
Try not to be too harsh as I am new at this stuff!
;^o
Chris M. Thomasson
Aug 29, 2015, 7:20:31 PM8/29/15
to
> "Chris M. Thomasson" wrote in message
> news:mrtelf$ks7$1...@speranza.aioe.org...
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
[...]
Wizzofozz kindly planted the idea firmly into my brain!
Thanks again.
:^)
> news:mrtelf$ks7$1...@speranza.aioe.org...
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
Wizzofozz kindly planted the idea firmly into my brain!
Thanks again.
:^)
Chris M. Thomasson
Aug 29, 2015, 7:23:41 PM8/29/15
to
> "Chris M. Thomasson" wrote in message
> news:mrtelf$ks7$1...@speranza.aioe.org...
> news:mrtelf$ks7$1...@speranza.aioe.org...
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
[...]
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
Even better, why should Alice and Bob decide on an initial point?
They should really be defining an initial location in the form of the
min and max of axes.
Something like
{ (-0.5, 0.5), (-0.5, 0.5) } perhaps?
lol.
Richard Heathfield
Aug 29, 2015, 7:32:15 PM8/29/15
to
On 30/08/2015 00:18, Chris M. Thomasson wrote:
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
Stop right there. :-)
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
Diffie-Hellman is not a key exchange. It is a method of establishing a
shared secret over an insecure channel.
The general philosophy is that Alice has a secret A (which she never
communicates to Bob), and Bob has a secret B (which he never
communicates to Alice). Alice publishes (to Bob, Eve, and anyone else
who cares to listen) the result of a one-way function F(A, P) (where P
represents any shared *public* parameters), and Bob publishes F(B, P).
Alice then calculates the shared secret using G(A, F(B, P), P), and Bob
calculates the same shared secret using G(B, F(A, P), P) - P may or may
not be needed in either F() or G(), but the point is that neither A nor
B is ever transmitted over the insecure channel - only the result of a
one-way function is published.
The point is that anything *shared* is shared in public (except the
final result, which is the shared secret).
Eve is listening.
You say that Alice and Bob decide on a fractal formula F and a point P.
For this to be a public establishment of a shared secret, they must
share this information, so it can't be a secret. (If it /is/ a secret,
and they share it, then presumably they shared it over a secure channel,
in which case they may just as well use that secure channel to exchange
a key!)
So Eve knows F and P...
>
> Alice thinks of a random unsigned integer AN.
>
> Bob thinks of a random unsigned integer BN.
>
> Alice sends Bob AN.
>
> Bob sends Alice BN.
...and now Eve knows BN...
>
> Alice iterates F with P (AN + BN) times and gets a secret point S.
>
> Bob iterates F with P (BN + AN) times and gets S as well.
>
> Alice and Bob now share the secret point S and can use that to send
> encrypted
> messages to each other using F along with S.
point.
> It should work...
Er, no, I don't think so.
> What's wrong with it? What am I missing?
vital information back, and yet be able to share a secret.
Alice chooses a secret colour A. Bob chooses a secret colour B. Alice
says to Bob (*publicly*) "my second colour is C". Alice now mixes A and
C and sends the resulting colour to Bob. Eve can't unmix the colours,
because paint doesn't work like that (Eve can't undo the Diffie-Hellman
calc because she lacks a vital element. Bob, meanwhile, mixes B and C
together, and sends the resulting colour to Alice.
Alice now pours A into the colour Bob sent her, while Bob pours B into
the colour Alice sent him. They end up with the same colour, a colour
which Eve can't discover.
> Try not to be too harsh as I am new at this stuff!
--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within
Chris M. Thomasson
Aug 29, 2015, 7:36:29 PM8/29/15
to
> "Richard Heathfield" wrote in message
> news:%hrEx.267578$aP2....@fx38.am4...
>> On 30/08/2015 00:18, Chris M. Thomasson wrote:
>> I am thinking of Diffie–Hellman key exchange and how it could
> > possibly apply to my cipher. Well, I am thinking about the following,
> > perhaps extremely naive, simplistic method:
> > _________________________________________________________
> > Alice and Bob decide on a fractal formula F and a point P.
> Stop right there. :-)
> Diffie-Hellman is not a key exchange. It is a method of establishing a
> shared secret over an insecure channel.
Yup. Not going to work. I have to implement the technique described here:
http://paper.ijcsns.org/07_book/200702/200702B17.pdf
Thanks for the response Richard.
:^)
> news:%hrEx.267578$aP2....@fx38.am4...
>> On 30/08/2015 00:18, Chris M. Thomasson wrote:
>> I am thinking of Diffie–Hellman key exchange and how it could
> > possibly apply to my cipher. Well, I am thinking about the following,
> > perhaps extremely naive, simplistic method:
> > _________________________________________________________
> > Alice and Bob decide on a fractal formula F and a point P.
> Stop right there. :-)
> Diffie-Hellman is not a key exchange. It is a method of establishing a
> shared secret over an insecure channel.
http://paper.ijcsns.org/07_book/200702/200702B17.pdf
Thanks for the response Richard.
:^)
Chris M. Thomasson
Aug 29, 2015, 7:55:11 PM8/29/15
to
> "Chris M. Thomasson" wrote in message
> news:mrtelf$ks7$1...@speranza.aioe.org...
> news:mrtelf$ks7$1...@speranza.aioe.org...
> I am thinking of Diffie–Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
> _________________________________________________________
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
Actually, once Alice and Bob decide on a fractal formula F and a point P,
and as long as
F and P are kept as a shared secret between them, well, that is all that is
needed in order
to setup an encrypted data exchange between them wrt F and P.
Still, I am going to experiment with the key exchange idea from Wizzofozz
anyway.
wizzofozz
Aug 30, 2015, 3:03:14 AM8/30/15
to
>> I am thinking of Diffie???Hellman key exchange and how it could
Chapter 22 Key-Exhange Algorithms
22.1 Diffie-Hellmann
I call it key exchange and in this case at least it also means establishing a shared secret.
<DH description snipped>
>
>> It should work...
>
> Er, no, I don't think so.
>
I don't think it will work either (but I'm not sure if those are the same reasons as Richars's).
Here's the output on my test program and initial idea:
root@kalimero:~/mandelbrot# ./dh.py -0.40001 -0.51000001 10239 4342
Alice and Bob agree on C = (-0.40001-0.51000001j)
Eve knows C = (-0.40001-0.51000001j)
Orbit detected at 509 for (-0.40001-0.51000001j)
Alice chooses a = 10239 as random secret and calculates (-0.359131531317-0.296811367881j)
Alice sends (-0.359131531317-0.296811367881j) to Bob. Eve now knows (-0.359131531317-0.296811367881j) too. Can she figure out a?
Orbit detected at 509 for (-0.40001-0.51000001j)
Bob chooses b= 4342 and calculates (-0.359131531317-0.296811367881j)
He sends (-0.359131531317-0.296811367881j) to Alice and thus to Eve also.
Orbit detected at 4 for (-0.359131531317-0.296811367881j)
Alice applies 10239 more iterations on (-0.359131531317-0.296811367881j) and derives (-0.359131531317-0.296811367881j) as a shared secret.
Orbit detected at 4 for (-0.359131531317-0.296811367881j)
Bob applies 4342 more iterations on (-0.359131531317-0.296811367881j) and derives (-0.359131531317-0.296811367881j) as a shared secret.
One of the problems is the orbit.
Another problem is that I didn't find a way to apply a form of repeated squaring. Now, Eve can bruteforce as fast as Alice can compute.
Will read responses better if I have time.
Ozz
>> possibly apply to my cipher. Well, I am thinking about the following,
>> perhaps extremely naive, simplistic method:
>> _________________________________________________________
>> Alice and Bob decide on a fractal formula F and a point P.
>
> Stop right there. :-)
>
> Diffie-Hellman is not a key exchange. It is a method of establishing a
> shared secret over an insecure channel.
From Schneiers "Applied Cryptography":
>> perhaps extremely naive, simplistic method:
>> _________________________________________________________
>> Alice and Bob decide on a fractal formula F and a point P.
>
> Stop right there. :-)
>
> Diffie-Hellman is not a key exchange. It is a method of establishing a
> shared secret over an insecure channel.
Chapter 22 Key-Exhange Algorithms
22.1 Diffie-Hellmann
I call it key exchange and in this case at least it also means establishing a shared secret.
<DH description snipped>
>
>> It should work...
>
> Er, no, I don't think so.
>
Here's the output on my test program and initial idea:
root@kalimero:~/mandelbrot# ./dh.py -0.40001 -0.51000001 10239 4342
Alice and Bob agree on C = (-0.40001-0.51000001j)
Eve knows C = (-0.40001-0.51000001j)
Orbit detected at 509 for (-0.40001-0.51000001j)
Alice chooses a = 10239 as random secret and calculates (-0.359131531317-0.296811367881j)
Alice sends (-0.359131531317-0.296811367881j) to Bob. Eve now knows (-0.359131531317-0.296811367881j) too. Can she figure out a?
Orbit detected at 509 for (-0.40001-0.51000001j)
Bob chooses b= 4342 and calculates (-0.359131531317-0.296811367881j)
He sends (-0.359131531317-0.296811367881j) to Alice and thus to Eve also.
Orbit detected at 4 for (-0.359131531317-0.296811367881j)
Alice applies 10239 more iterations on (-0.359131531317-0.296811367881j) and derives (-0.359131531317-0.296811367881j) as a shared secret.
Orbit detected at 4 for (-0.359131531317-0.296811367881j)
Bob applies 4342 more iterations on (-0.359131531317-0.296811367881j) and derives (-0.359131531317-0.296811367881j) as a shared secret.
One of the problems is the orbit.
Another problem is that I didn't find a way to apply a form of repeated squaring. Now, Eve can bruteforce as fast as Alice can compute.
Will read responses better if I have time.
Ozz
Richard Heathfield
Aug 30, 2015, 3:09:02 AM8/30/15
to
On 30/08/2015 08:01, wizzofozz wrote:
> Richard Heathfield<r...@cpax.org.uk> wrote:
>> On 30/08/2015 00:18, Chris M. Thomasson wrote:
>>> I am thinking of Diffie???Hellman key exchange and how it could
>>> possibly apply to my cipher. Well, I am thinking about the following,
>>> perhaps extremely naive, simplistic method:
>>> _________________________________________________________
>>> Alice and Bob decide on a fractal formula F and a point P.
>>
>> Stop right there. :-)
>>
>> Diffie-Hellman is not a key exchange. It is a method of establishing a
>> shared secret over an insecure channel.
>
> From Schneiers "Applied Cryptography":
>
> Chapter 22 Key-Exhange Algorithms
>
> 22.1 Diffie-Hellmann
Bruce? Are you there, Bruce? Er, I got some bad news for you. You know
> Richard Heathfield<r...@cpax.org.uk> wrote:
>> On 30/08/2015 00:18, Chris M. Thomasson wrote:
>>> I am thinking of Diffie???Hellman key exchange and how it could
>>> possibly apply to my cipher. Well, I am thinking about the following,
>>> perhaps extremely naive, simplistic method:
>>> _________________________________________________________
>>> Alice and Bob decide on a fractal formula F and a point P.
>>
>> Stop right there. :-)
>>
>> Diffie-Hellman is not a key exchange. It is a method of establishing a
>> shared secret over an insecure channel.
>
> From Schneiers "Applied Cryptography":
>
> Chapter 22 Key-Exhange Algorithms
>
> 22.1 Diffie-Hellmann
in Chapter 22 of AC you refer to Diffie-Hellmann as a key exchange
algorithm? Well, uh, it isn't. No key is exchanged. DH only exchanges
some of the parameters to, and the results of, one-way functions. At no
point is any key exchanged. It isn't a key exchange algorithm, Bruce, it
really isn't. But the book is otherwise excellent.
> I call it key exchange and in this case at least it also means establishing a shared secret.
<snip>
FromTheRafters
Aug 30, 2015, 9:11:16 AM8/30/15
to
exchange based upon it, that is, the Diffie-Hellmann Key Exchange?
--
...
For long you live and high you fly
But only if you ride the tide
And balanced on the biggest wave
You race towards an early grave.
Richard Heathfield
Aug 30, 2015, 9:34:06 AM8/30/15
to
Just to be sure, I looked up both terms. According to
<http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/CDHandDLP.pdf>,
the Diffie-Hellman (just the one N, apparently, in Hellman) Problem is:
"Is it possible for the evesdropper Eve to determine g^ab from the
communications sent between Alice and Bob?"
And the Diffie-Hellman Key Exchange (so-called) is a term that is
generally misapplied to the Diffie-Hellman protocol:
Alice generates A, M, N (with a constraint on N with respect to M). She
sends a = N^A mod M to Bob.
Bob sends b = N^B mod M to Alice.
Alice computes K = b^A mod M, and Bob computes K = a^B mod M.
At no point is a key exchanged. So this is not a key exchange protocol.
It is a key production protocol, if you like, but no keys are exchanged,
so it's hard to justify the term "key exchange", isn't it?
wizzofozz
Aug 30, 2015, 9:52:55 AM8/30/15
to
Richard Heathfield <r...@cpax.org.uk> wrote:
> <snip>
>
Too bad, that was the interesting part ;-)
Ozz
> On 30/08/2015 08:01, wizzofozz wrote:
>
>> I call it key exchange and in this case at least it also means establishing a shared secret.
>
> Well, if you call a tail a leg, then I guess it's a leg, yes. :-)
>
Ok, point taken. I agree, no keys are exchanged so formally it is a misnomer in that respect.
>
>> I call it key exchange and in this case at least it also means establishing a shared secret.
>
> Well, if you call a tail a leg, then I guess it's a leg, yes. :-)
>
> <snip>
>
Too bad, that was the interesting part ;-)
Ozz
kg
Aug 30, 2015, 10:05:29 AM8/30/15
to
Richard Heathfield <r...@cpax.org.uk> wrote:
>At no point is a key exchanged. So [Diffie-Hellman] is not a key exchange protocol.
happens, experts use "Diffie-Hellman key exchange".
Some use "key agreement protocol". The two phrases are generally
synonymous. (Technically, I guess their meaning varies.)
--
kg
>At no point is a key exchanged. So [Diffie-Hellman] is not a key exchange protocol.
>It is a key production protocol, if you like, but no keys are exchanged,
>so it's hard to justify the term "key exchange", isn't it?
You are correct. Except in believing that language is logical. As it
>so it's hard to justify the term "key exchange", isn't it?
happens, experts use "Diffie-Hellman key exchange".
Some use "key agreement protocol". The two phrases are generally
synonymous. (Technically, I guess their meaning varies.)
--
kg
Bruce Stephens
Aug 30, 2015, 10:07:39 AM8/30/15
to
On 30/08/2015 14:34, Richard Heathfield wrote:
> At no point is a key exchanged. So this is not a key exchange protocol.
> It is a key production protocol, if you like, but no keys are exchanged,
> so it's hard to justify the term "key exchange", isn't it?
I think the usual term is key-agreement protocol.
> At no point is a key exchanged. So this is not a key exchange protocol.
> It is a key production protocol, if you like, but no keys are exchanged,
> so it's hard to justify the term "key exchange", isn't it?
FromTheRafters
Aug 30, 2015, 10:15:06 AM8/30/15
to
Richard Heathfield explained :
Okay, I agree that it is a misnomer - like Fermat's Last Theorem wasn't
really a theorem despite everyone calling it such.
really a theorem despite everyone calling it such.
wizzofozz
Aug 30, 2015, 10:25:59 AM8/30/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
> I am thinking of Diffie???Hellman key exchange and how it could
>
> Alice thinks of a random unsigned integer AN.
>
> Bob thinks of a random unsigned integer BN.
>
Ok
> Alice sends Bob AN.
>
No! Alice sends Bob the result of applying F AN times on P resulting in P'. The question is ; can Eve work out AN from P' (other than brute force)?
> Bob sends Alice BN.
>
No, see above but Bob sends Alice P'' (result of F**BN(P)).
> Alice iterates F with P (AN + BN) times and gets a secret point S.
>
No, Alice now applies F AN times on P'' (she got from Bob) and gets S.
> Bob iterates F with P (BN + AN) times and gets S as well.
No, Bob applies F BN times on P' and gets S.
>
> Alice and Bob now share the secret point S and can use that to send
> encrypted
> messages to each other using F along with S.
Alice and Bob now share S which they can use to encrypt messages.
Here's another working example. It differs from my previous example (same thread, different message) in that it contains no orbits.
./dh.py -0.5 -0.3 13 47
Alice and Bob agree on C = (-0.5-0.3j)
Eve knows C = (-0.5-0.3j)
Alice chooses a = 13 as random secret and calculates (-0.36239736408-0.17114704742j)
Alice sends (-0.36239736408-0.17114704742j) to Bob. Eve now knows (-0.36239736408-0.17114704742j) too. Can she figure out a?
Bob chooses b= 47 and calculates (-0.382547275834-0.169915369356j)
He sends (-0.382547275834-0.169915369356j) to Alice and thus to Eve also.
Alice applies 13 more iterations on (-0.382547275834-0.169915369356j) and derives (-0.382549399433-0.169966035629j) as a shared secret.
Bob applies 47 more iterations on (-0.36239736408-0.17114704742j) and derives (-0.382549399433-0.169966035629j) as a shared secret.
> _________________________________________________________
>
>
> It should work...
>
The above works but Eve can easily bruteforce a, b and thus S.
So, we need some way to quickly calculate P' and P'' much faster then Eve can do it by brute force.
In DH-keywhatever this is achieved by repeated squaring.
Also I *assume* for now that calculating P' and P'' is one-way.
Further, when I use larger a and b, P' and P'' get into an orbit (for all P's I tried) and then Eve can just predict what the outcome of S will be.
>
> What's wrong with it? What am I missing?
At least all of the above :-)
>
> Try not to be too harsh as I am new at this stuff!
>
Having fun just like you.
Here's my code if your interested:
#!/usr/bin/python
import sys
if len(sys.argv) != 5:
print "$0 x y a b "
exit(1)
C=complex(float(sys.argv[1]),float(sys.argv[2]))
a=int(sys.argv[3])
b=int(sys.argv[4])
def mbf(c,ci,sec):
z_slow=complex(c)
z_fast=complex(c)
orbit=-1
escape=-1
for i in range(0,sec):
z_slow=z_slow*z_slow+ci
z_fast=z_fast*z_fast+ci
z_fast=z_fast*z_fast+ci
if z_fast == z_slow and orbit==-1:
print "Orbit detected at ", i, "for", complex(c)
orbit=i
if abs(z_slow)>2 and escape==-1:
print "Warning", complex(c) , 'escaped at interation ',i
escape=i
#print "DEBUG i=",i,"z_slow=",z_slow
return z_slow
print "Alice and Bob agree on C =",C
print "Eve knows C =",C
A=mbf(C,C,a)
print "Alice chooses a =",a,"as random secret and calculates",A
print "Alice sends",A,"to Bob. Eve now knows",A,"too. Can she figure out a?"
B=mbf(C,C,b)
print "Bob chooses b=",b,"and calculates",B
print "He sends",B,"to Alice and thus to Eve also."
AB=mbf(B,C,a)
print "Alice applies",a,"more iterations on",B,"and derives",AB,"as a shared secret."
BA=mbf(A,C,b)
print "Bob applies",b,"more iterations on",A,"and derives",BA,"as a shared secret."
> I am thinking of Diffie???Hellman key exchange and how it could
> possibly apply to my cipher. Well, I am thinking about the following,
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
Yes, let's assume 'standard' mandelbrot and P.
> perhaps extremely naive, simplistic method:
> _________________________________________________________
> Alice and Bob decide on a fractal formula F and a point P.
>
> Alice thinks of a random unsigned integer AN.
>
> Bob thinks of a random unsigned integer BN.
>
> Alice sends Bob AN.
>
No! Alice sends Bob the result of applying F AN times on P resulting in P'. The question is ; can Eve work out AN from P' (other than brute force)?
> Bob sends Alice BN.
>
No, see above but Bob sends Alice P'' (result of F**BN(P)).
> Alice iterates F with P (AN + BN) times and gets a secret point S.
>
> Bob iterates F with P (BN + AN) times and gets S as well.
>
> Alice and Bob now share the secret point S and can use that to send
> encrypted
> messages to each other using F along with S.
Here's another working example. It differs from my previous example (same thread, different message) in that it contains no orbits.
./dh.py -0.5 -0.3 13 47
Alice and Bob agree on C = (-0.5-0.3j)
Eve knows C = (-0.5-0.3j)
Alice chooses a = 13 as random secret and calculates (-0.36239736408-0.17114704742j)
Alice sends (-0.36239736408-0.17114704742j) to Bob. Eve now knows (-0.36239736408-0.17114704742j) too. Can she figure out a?
Bob chooses b= 47 and calculates (-0.382547275834-0.169915369356j)
He sends (-0.382547275834-0.169915369356j) to Alice and thus to Eve also.
Alice applies 13 more iterations on (-0.382547275834-0.169915369356j) and derives (-0.382549399433-0.169966035629j) as a shared secret.
Bob applies 47 more iterations on (-0.36239736408-0.17114704742j) and derives (-0.382549399433-0.169966035629j) as a shared secret.
> _________________________________________________________
>
>
> It should work...
>
The above works but Eve can easily bruteforce a, b and thus S.
So, we need some way to quickly calculate P' and P'' much faster then Eve can do it by brute force.
In DH-keywhatever this is achieved by repeated squaring.
Also I *assume* for now that calculating P' and P'' is one-way.
Further, when I use larger a and b, P' and P'' get into an orbit (for all P's I tried) and then Eve can just predict what the outcome of S will be.
>
> What's wrong with it? What am I missing?
>
> Try not to be too harsh as I am new at this stuff!
>
Here's my code if your interested:
#!/usr/bin/python
import sys
if len(sys.argv) != 5:
print "$0 x y a b "
exit(1)
C=complex(float(sys.argv[1]),float(sys.argv[2]))
a=int(sys.argv[3])
b=int(sys.argv[4])
def mbf(c,ci,sec):
z_slow=complex(c)
z_fast=complex(c)
orbit=-1
escape=-1
for i in range(0,sec):
z_slow=z_slow*z_slow+ci
z_fast=z_fast*z_fast+ci
z_fast=z_fast*z_fast+ci
if z_fast == z_slow and orbit==-1:
print "Orbit detected at ", i, "for", complex(c)
orbit=i
if abs(z_slow)>2 and escape==-1:
print "Warning", complex(c) , 'escaped at interation ',i
escape=i
#print "DEBUG i=",i,"z_slow=",z_slow
return z_slow
print "Alice and Bob agree on C =",C
print "Eve knows C =",C
A=mbf(C,C,a)
print "Alice chooses a =",a,"as random secret and calculates",A
print "Alice sends",A,"to Bob. Eve now knows",A,"too. Can she figure out a?"
B=mbf(C,C,b)
print "Bob chooses b=",b,"and calculates",B
print "He sends",B,"to Alice and thus to Eve also."
AB=mbf(B,C,a)
print "Alice applies",a,"more iterations on",B,"and derives",AB,"as a shared secret."
BA=mbf(A,C,b)
print "Bob applies",b,"more iterations on",A,"and derives",BA,"as a shared secret."
Andrew Swallow
Aug 30, 2015, 11:28:28 AM8/30/15
to
On 30/08/2015 14:11, FromTheRafters wrote:
so a single large number multiplication can be used to calculate the
squaring of a number.
At the end of the exchange both sides have sufficient information to
calculate the session's key variable. The calculation is an extra stage.
Andrew Swallow
Aug 30, 2015, 11:30:47 AM8/30/15
to
On 30/08/2015 14:34, Richard Heathfield wrote:
Ben Bacarisse
Aug 30, 2015, 3:33:35 PM8/30/15
to
Richard Heathfield <r...@cpax.org.uk> writes:
<snip>
D&H themselves. In their '76 paper they write:
"The goal is for two users, A and B, to securely exchange a key over
an insecure charmel. This key is then used by both users in a normal
cryptosystem for both enciphering and deciphering."
But the term they actually use as a name for this class of protocol is
"public key distribution system".
There is certainly a tacit acknowledgement that it's not really a key
exchange because, after discussing Merkle's method (one that involves
the sending and receiving of many messages), they say:
"We now suggest a new public key distribution system which has several
advantages. First, it requires only one 'key' to be exchanged."
The scare quotes make it clear that they keys themselves are not
exchanged, only some key-like data, but I would not be surprised if the
term stuck from that moment on.
--
Ben.
<snip>
> At no point is a key exchanged. So this is not a key exchange
> protocol. It is a key production protocol, if you like, but no keys
> are exchanged, so it's hard to justify the term "key exchange", isn't
> it?
It's an unfortunate term, but it *is* commonly used, and it started with
> protocol. It is a key production protocol, if you like, but no keys
> are exchanged, so it's hard to justify the term "key exchange", isn't
> it?
D&H themselves. In their '76 paper they write:
"The goal is for two users, A and B, to securely exchange a key over
an insecure charmel. This key is then used by both users in a normal
cryptosystem for both enciphering and deciphering."
But the term they actually use as a name for this class of protocol is
"public key distribution system".
There is certainly a tacit acknowledgement that it's not really a key
exchange because, after discussing Merkle's method (one that involves
the sending and receiving of many messages), they say:
"We now suggest a new public key distribution system which has several
advantages. First, it requires only one 'key' to be exchanged."
The scare quotes make it clear that they keys themselves are not
exchanged, only some key-like data, but I would not be surprised if the
term stuck from that moment on.
--
Ben.
Rich
Aug 30, 2015, 4:20:24 PM8/30/15
to
Richard Heathfield <r...@cpax.org.uk> wrote:
> On 30/08/2015 08:01, wizzofozz wrote:
> > Richard Heathfield<r...@cpax.org.uk> wrote:
> >> On 30/08/2015 00:18, Chris M. Thomasson wrote:
> >>> I am thinking of Diffie???Hellman key exchange and how it could
> >>> possibly apply to my cipher. Well, I am thinking about the following,
> >>> perhaps extremely naive, simplistic method:
> >>> _________________________________________________________
> >>> Alice and Bob decide on a fractal formula F and a point P.
> >>
> >> Stop right there. :-)
> >>
> >> Diffie-Hellman is not a key exchange. It is a method of establishing a
> >> shared secret over an insecure channel.
> >
> > From Schneiers "Applied Cryptography":
> >
> > Chapter 22 Key-Exhange Algorithms
> >
> > 22.1 Diffie-Hellmann
> Bruce? Are you there, Bruce? Er, I got some bad news for you. You know
> in Chapter 22 of AC you refer to Diffie-Hellmann as a key exchange
> algorithm? Well, uh, it isn't. No key is exchanged. DH only exchanges
> some of the parameters to, and the results of, one-way functions. At no
> point is any key exchanged. It isn't a key exchange algorithm, Bruce, it
> really isn't. But the book is otherwise excellent.
> > I call it key exchange and in this case at least it also means establishing a shared secret.
> Well, if you call a tail a leg, then I guess it's a leg, yes. :-)
Sadly, general usage often refers to DH as 'key exchange'. I suspect
> On 30/08/2015 08:01, wizzofozz wrote:
> > Richard Heathfield<r...@cpax.org.uk> wrote:
> >> On 30/08/2015 00:18, Chris M. Thomasson wrote:
> >>> I am thinking of Diffie???Hellman key exchange and how it could
> >>> possibly apply to my cipher. Well, I am thinking about the following,
> >>> perhaps extremely naive, simplistic method:
> >>> _________________________________________________________
> >>> Alice and Bob decide on a fractal formula F and a point P.
> >>
> >> Stop right there. :-)
> >>
> >> Diffie-Hellman is not a key exchange. It is a method of establishing a
> >> shared secret over an insecure channel.
> >
> > From Schneiers "Applied Cryptography":
> >
> > Chapter 22 Key-Exhange Algorithms
> >
> > 22.1 Diffie-Hellmann
> Bruce? Are you there, Bruce? Er, I got some bad news for you. You know
> in Chapter 22 of AC you refer to Diffie-Hellmann as a key exchange
> algorithm? Well, uh, it isn't. No key is exchanged. DH only exchanges
> some of the parameters to, and the results of, one-way functions. At no
> point is any key exchanged. It isn't a key exchange algorithm, Bruce, it
> really isn't. But the book is otherwise excellent.
> > I call it key exchange and in this case at least it also means establishing a shared secret.
> Well, if you call a tail a leg, then I guess it's a leg, yes. :-)
this is because the shared secret that DH establishes for the two
parties is, more often than not, immediately utilized as a 'key' for an
encryption algorithm.
So, someone who is not well versed on the terminology might,
mistakenly, think that it allowed them to 'exchange a key'.
So calling it a key exchange is a bit of blending of two, separate,
aspects into one, but it is not technically the correct way to describe
the DH algorithm.
Avon Kerr
Aug 31, 2015, 5:47:36 AM8/31/15
to
Rich <ri...@example.invalid> wrote:
> Sadly, general usage often refers to DH as 'key exchange'. I suspect
> this is because the shared secret that DH establishes for the two
> parties is, more often than not, immediately utilized as a 'key' for an
> encryption algorithm.
>
> So, someone who is not well versed on the terminology might,
> mistakenly, think that it allowed them to 'exchange a key'.
>
> So calling it a key exchange is a bit of blending of two, separate,
> aspects into one, but it is not technically the correct way to describe
> the DH algorithm.
Hi all. Just to say I have just found this newsgroup, subscribed to it, and
> Sadly, general usage often refers to DH as 'key exchange'. I suspect
> this is because the shared secret that DH establishes for the two
> parties is, more often than not, immediately utilized as a 'key' for an
> encryption algorithm.
>
> So, someone who is not well versed on the terminology might,
> mistakenly, think that it allowed them to 'exchange a key'.
>
> So calling it a key exchange is a bit of blending of two, separate,
> aspects into one, but it is not technically the correct way to describe
> the DH algorithm.
am enjoying the quality of the discourse.
Much of what Alice and Bob get up to is beyond me but I'm enjoying learning
some of it,
Regards from New Zealand.
Best, Paul
--
Agency News | news.bbs.geek.nz
Mike Amling
Aug 31, 2015, 11:07:47 AM8/31/15
to
phrase "encrypting with the private key" to describe what we now call
generating a digital signature.
Mike Amling
T3IgYXQgbGVhc3QgUiBkaWQuIEhhdmVuJ3QgaGVhcmQgZnJvbSBTIG9yIEEu
Chris M. Thomasson
Aug 31, 2015, 2:26:49 PM8/31/15
to
> "wizzofozz" wrote in message news:mrv3m8$9mr$1...@dont-email.me...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> > I am thinking of Diffie???Hellman key exchange and how it could
> > possibly apply to my cipher. Well, I am thinking about the following,
> > perhaps extremely naive, simplistic method:
> > _________________________________________________________
> > Alice and Bob decide on a fractal formula F and a point P.
> Yes, let's assume 'standard' mandelbrot and P.
[...]
> > What's wrong with it? What am I missing?
> At least all of the above :-)
> > Try not to be too harsh as I am new at this stuff!
> Having fun just like you.
:^)
After reading what I wrote, and the responses, well, I feel like
kicking and slapping myself in the head at the same time!
Ouch.
> Here's my code if your interested:
[…]
I am VERY interested in it. I am going to translate your program
over to C++.
I think I can be more productive with C++ because my C compilers
do not seem to support threads and complex numbers. For instance,
I had to write a little library for C11 threads:
https://groups.google.com/d/topic/comp.lang.c/WPH7ed5uS4Y/discussion
http://pastebin.com/bJUbDmKy
The reason I mention threading is because the cipher is embarrassingly
parallel.
Anyway, thank you for all of your excellent feedback.
:^D
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> > I am thinking of Diffie???Hellman key exchange and how it could
> > possibly apply to my cipher. Well, I am thinking about the following,
> > perhaps extremely naive, simplistic method:
> > _________________________________________________________
> > Alice and Bob decide on a fractal formula F and a point P.
> Yes, let's assume 'standard' mandelbrot and P.
> > What's wrong with it? What am I missing?
> At least all of the above :-)
> > Try not to be too harsh as I am new at this stuff!
> Having fun just like you.
After reading what I wrote, and the responses, well, I feel like
kicking and slapping myself in the head at the same time!
Ouch.
> Here's my code if your interested:
I am VERY interested in it. I am going to translate your program
over to C++.
I think I can be more productive with C++ because my C compilers
do not seem to support threads and complex numbers. For instance,
I had to write a little library for C11 threads:
https://groups.google.com/d/topic/comp.lang.c/WPH7ed5uS4Y/discussion
http://pastebin.com/bJUbDmKy
The reason I mention threading is because the cipher is embarrassingly
parallel.
Anyway, thank you for all of your excellent feedback.
:^D
Chris M. Thomasson
Sep 1, 2015, 6:44:31 PM9/1/15
to
> "wizzofozz" wrote in message news:mrv3m8$9mr$1...@dont-email.me...
> Chris M. Thomasson <nos...@nospam.nospam> wrote:
[...]
> Having fun just like you.
> Here's my code if your interested:
identical output:
[...]
_________________________________________________
import sys
if len(sys.argv) != 5:
print("$0 x y a b")
if len(sys.argv) != 5:
exit(1)
print("running...")
C=complex(float(sys.argv[1]),float(sys.argv[2]))
a=int(sys.argv[3])
b=int(sys.argv[4])
def mbf(c,ci,sec):
z_slow=complex(c)
z_fast=complex(c)
orbit=-1
escape=-1
for i in range(0,sec):
z_slow=z_slow*z_slow+ci
z_fast=z_fast*z_fast+ci
z_fast=z_fast*z_fast+ci
if z_fast == z_slow and orbit==-1:
print("Orbit detected at ", i, "for", complex(c))
a=int(sys.argv[3])
b=int(sys.argv[4])
def mbf(c,ci,sec):
z_slow=complex(c)
z_fast=complex(c)
orbit=-1
escape=-1
for i in range(0,sec):
z_slow=z_slow*z_slow+ci
z_fast=z_fast*z_fast+ci
z_fast=z_fast*z_fast+ci
if z_fast == z_slow and orbit==-1:
orbit=i
if abs(z_slow)>2 and escape==-1:
print("Warning", complex(c) , 'escaped at interation ',i)
if abs(z_slow)>2 and escape==-1:
escape=i
#print("DEBUG i=",i,"z_slow=",z_slow)
return z_slow
print("Alice and Bob agree on C =",C)
print("Eve knows C =",C)
A=mbf(C,C,a)
print("Alice chooses a =",a,"as random secret and calculates",A)
print("Alice sends",A,"to Bob. Eve now knows",A,"too. Can she figure out
a?")
B=mbf(C,C,b)
print("Bob chooses b=",b,"and calculates",B)
print("He sends",B,"to Alice and thus to Eve also.")
AB=mbf(B,C,a)
print("Alice applies",a,"more iterations on",B,"and derives",AB,"as a shared
secret.")
BA=mbf(A,C,b)
print("Bob applies",b,"more iterations on",A,"and derives",BA,"as a shared
secret.")
_________________________________________________
Thanks again. :^)
Chris M. Thomasson
Sep 1, 2015, 7:14:01 PM9/1/15
to
> "wizzofozz" wrote in message news:mrv3m8$9mr$1...@dont-email.me...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
[...]
> > Alice sends Bob AN.
> No! Alice sends Bob the result of applying F AN times on P resulting in
> P'.
> The question is ; can Eve work out AN from P' (other than brute force)?
Since Eve knows the origin point C, she can just iterate that and
> No! Alice sends Bob the result of applying F AN times on P resulting in
> P'.
> The question is ; can Eve work out AN from P' (other than brute force)?
detect all the points that are very close to the public points.
She can build a list of escape counts for "detected points",
and a and b should be in that list.
This would be a brute force method that you mentioned up thread.
Ben Bacarisse
Sep 1, 2015, 8:20:43 PM9/1/15
to
result is A? She'll then know a won't she?
--
Ben.
Chris M. Thomasson
Sep 1, 2015, 10:36:00 PM9/1/15
to
> "Ben Bacarisse" wrote in message news:87fv2xk...@bsb.me.uk...
> > "Chris M. Thomasson" <nos...@nospam.nospam> writes:
> >> "wizzofozz" wrote in message news:mrv3m8$9mr$1...@dont-email.me...
> >
> >
> >> Chris M. Thomasson <nos...@nospam.nospam> wrote:
> > [...]
> >
> >> Having fun just like you.
> >
> >> Here's my code if your interested:
> >
> > I had to convert your code over to Python 3, but it works and I get
> > identical output:
[...]
However, when there are orbits Eve should get multiple hits during iteration
of C, the iteration counts a and b should be in that list.
This would be a brute force attack as Wizzofozz pointed out up thread.
> > "Chris M. Thomasson" <nos...@nospam.nospam> writes:
> >> "wizzofozz" wrote in message news:mrv3m8$9mr$1...@dont-email.me...
> >
> >
> >> Chris M. Thomasson <nos...@nospam.nospam> wrote:
> > [...]
> >
> >> Having fun just like you.
> >
> >> Here's my code if your interested:
> >
> > I had to convert your code over to Python 3, but it works and I get
> > identical output:
[...]
> What stops Eve simply running the mbf calculation step by step until the
> result is A? She'll then know a won't she?
If there are no orbits then Eve should be able to get a and b. Since Eve
> result is A? She'll then know a won't she?
knows the origin point C, she can just iterate that and detect all the
points that are very close to the public points A and B. She can build a
list of escape counts for "detected points", and a and b should be in that
list.
If there are no orbits then a and b should be the only values in the list.
list.
However, when there are orbits Eve should get multiple hits during iteration
of C, the iteration counts a and b should be in that list.
This would be a brute force attack as Wizzofozz pointed out up thread.
Chris M. Thomasson
Sep 2, 2015, 1:36:12 AM9/2/15
to
Let me try again here...
_________________________________________________________
Alice and Bob decide on a public point (C).
Alice thinks of a random number (a) and a random point (ap).
Bob thinks of a random number (b) and a random point (bp).
Alice computes a public point (A) from (C ), (ap) and (a).
Bob computes a public point (B) from (C ), (bp) and (b).
Alice sends (A) to Bob.
Bob sends (B) to Alice.
Alice computes the point (ab) using (B), (C ), (ap) and (a).
Bob computes the point (ba) using (A), (C ), (bp) and (b).
(ab) = (ba), so Alice and Bob now have a shared secret point.
_________________________________________________________
Here is a simple C++ program that demonstrates the technique:
_________________________________________________________
#include <iostream>
#include <complex>
typedef std::complex<double> complex_t;
complex_t
mbrot(
complex_t c0, // origin
complex_t c1,
complex_t c2,
unsigned int imax
){
complex_t z(c0);
for (unsigned int i = 0; i < imax; ++i)
{
double ir = 1.0 + i / ((double)imax) * 0.2;
z = z * c1 * c2 * ir;
}
return z;
}
int
main()
{
// this is a known public point.
complex_t C(-0.75, 0.01);
// these are private to Alice
unsigned int a = 13; // iteration count
complex_t ap(0.1, 0.5); // Alice's private point
// these are private to Bob
unsigned int b = 76; // iteration count
complex_t bp(-1.2, -0.4); // Bob's private point
// Alice computes a public point A
complex_t A = mbrot(C, C, ap, a);
// Bob computes a public point B
complex_t B = mbrot(C, C, bp, b);
// Alice and Bob exchange A and B
// Alice uses B to get a point ap
complex_t ab = mbrot(B, C, ap, a);
// Bob uses A to get a point ba
complex_t ba = mbrot(A, C, bp, b);
// ap and ba are equal, and is now a shared secret.
// Eve knows A, B and C.
std::cout << "a = " << a << "\r\n";
std::cout << "b = " << b << "\r\n\r\n";
std::cout << "ap = " << ap << "\r\n";
std::cout << "bp = " << bp << "\r\n\r\n";
std::cout << "A = " << A << "\r\n";
std::cout << "B = " << B << "\r\n\r\n";
std::cout << "ab = " << ab << "\r\n";
std::cout << "ba = " << ba << "\r\n";
return 0;
}
_________________________________________________________
Now, I don't know how to go about cracking this. Eve has the points
(A), (B) and (C ), but I have no idea how she would manage to get the
secret key. This is more secure that using iteration counts alone.
Alice and Bob use their own private random location and random iteration
count. These are not known to Eve. Bob does not know anything about
Alice's private information, and she does not know anything about his.
This seems like it would be fairly difficult for Eve...
Any ideas?
_________________________________________________________
Alice and Bob decide on a public point (C).
Alice thinks of a random number (a) and a random point (ap).
Bob thinks of a random number (b) and a random point (bp).
Alice computes a public point (A) from (C ), (ap) and (a).
Bob computes a public point (B) from (C ), (bp) and (b).
Alice sends (A) to Bob.
Bob sends (B) to Alice.
Alice computes the point (ab) using (B), (C ), (ap) and (a).
Bob computes the point (ba) using (A), (C ), (bp) and (b).
(ab) = (ba), so Alice and Bob now have a shared secret point.
_________________________________________________________
Here is a simple C++ program that demonstrates the technique:
_________________________________________________________
#include <iostream>
#include <complex>
typedef std::complex<double> complex_t;
complex_t
mbrot(
complex_t c0, // origin
complex_t c1,
complex_t c2,
unsigned int imax
){
complex_t z(c0);
for (unsigned int i = 0; i < imax; ++i)
{
double ir = 1.0 + i / ((double)imax) * 0.2;
z = z * c1 * c2 * ir;
}
return z;
}
int
main()
{
// this is a known public point.
complex_t C(-0.75, 0.01);
// these are private to Alice
unsigned int a = 13; // iteration count
complex_t ap(0.1, 0.5); // Alice's private point
// these are private to Bob
unsigned int b = 76; // iteration count
complex_t bp(-1.2, -0.4); // Bob's private point
// Alice computes a public point A
complex_t A = mbrot(C, C, ap, a);
// Bob computes a public point B
complex_t B = mbrot(C, C, bp, b);
// Alice and Bob exchange A and B
// Alice uses B to get a point ap
complex_t ab = mbrot(B, C, ap, a);
// Bob uses A to get a point ba
complex_t ba = mbrot(A, C, bp, b);
// ap and ba are equal, and is now a shared secret.
// Eve knows A, B and C.
std::cout << "a = " << a << "\r\n";
std::cout << "b = " << b << "\r\n\r\n";
std::cout << "ap = " << ap << "\r\n";
std::cout << "bp = " << bp << "\r\n\r\n";
std::cout << "A = " << A << "\r\n";
std::cout << "B = " << B << "\r\n\r\n";
std::cout << "ab = " << ab << "\r\n";
std::cout << "ba = " << ba << "\r\n";
return 0;
}
_________________________________________________________
Now, I don't know how to go about cracking this. Eve has the points
(A), (B) and (C ), but I have no idea how she would manage to get the
secret key. This is more secure that using iteration counts alone.
Alice and Bob use their own private random location and random iteration
count. These are not known to Eve. Bob does not know anything about
Alice's private information, and she does not know anything about his.
This seems like it would be fairly difficult for Eve...
Any ideas?
kg
Sep 2, 2015, 7:09:00 AM9/2/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
>Now, I don't know how to go about cracking this. Eve has the points
>(A), (B) and (C ),
Here's how you go about breaking this.
>(A), (B) and (C ),
Forget everything about fractals and whatnot.
Write:
- A in terms of C and the secret values ap and a.
- B in terms of C and the secret values bp and b.
- ab = ba in terms of C and the secret values ap, bp, a and b.
Stare at the three equations.
Write down equation for ab in terms of A, B and C.
The key is that the secret values ap, bp, a or b aren't important.
The shared value ab = ba is the value that is important.
This is a common misunderstanding. When textbooks analyse Diffie-Hellman,
they sometimes observe that Eve needs to solve the Diffie-Hellman problem,
then say that if Eve can solve the discrete logarithm problem, she can
solve the Diffie-Hellman problem. Then they proceed to study the discrete
logarithm problem.
Some textbooks fail to point out the really important part, which is
that it is generally believed that computing discrete logarithms is the
best way to solve the Diffie-Hellman problem.
--
kg
Ben Bacarisse
Sep 2, 2015, 10:38:50 AM9/2/15
to
smaller than normal numbers) because I'm not sure of the permitted (or
useful) range of any of the parameters you are using here. I picked a
few at random and could easily get the same shared secret that Alice and
Bob get.
--
Ben.
wizzofozz
Sep 2, 2015, 12:25:24 PM9/2/15
to
Ben Bacarisse <ben.u...@bsb.me.uk> wrote:
>
> I'm still not seeing it. Can you give an actual example (maybe using
> smaller than normal numbers) because I'm not sure of the permitted (or
> useful) range of any of the parameters you are using here. I picked a
> few at random and could easily get the same shared secret that Alice and
> Bob get.
>
You can get the same shared secret easily because we've been discussing a broken scheme.
>
> I'm still not seeing it. Can you give an actual example (maybe using
> smaller than normal numbers) because I'm not sure of the permitted (or
> useful) range of any of the parameters you are using here. I picked a
> few at random and could easily get the same shared secret that Alice and
> Bob get.
>
I was thinking out loud when I proposed to do DH using fractals and Chris jumped onto that.
He proposed a scheme in which he gave the secret directly to Eve.
I 'improved' on that by proposing a scheme where Alice and Bob don't directly send the secret to Eve. Unfortunately, Eve can easily bruteforce the secret values in my proposed scheme (because I couldn't think of an equivalent of repeated squaring or double and add (which is used for elliptic curves)).
There is also another problem with that scheme, namely that of 'orbits'. If those occur than Eve can simply predict the outcome of the secret.
Now Chris has come up with a different scheme which might work but which looks like a re-invention of https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf (section 6.1). But that is described in another subthread.
Maybe this clears things up.
Ozz
Ben Bacarisse
Sep 2, 2015, 1:05:19 PM9/2/15
to
wizzofozz <wizz...@cuckoosnest.colo.transip.net> writes:
> Ben Bacarisse <ben.u...@bsb.me.uk> wrote:
>>
>> I'm still not seeing it. Can you give an actual example (maybe using
>> smaller than normal numbers) because I'm not sure of the permitted (or
>> useful) range of any of the parameters you are using here. I picked a
>> few at random and could easily get the same shared secret that Alice and
>> Bob get.
>>
>
> You can get the same shared secret easily because we've been
> discussing a broken scheme.
Er, OK.
> Ben Bacarisse <ben.u...@bsb.me.uk> wrote:
>>
>> I'm still not seeing it. Can you give an actual example (maybe using
>> smaller than normal numbers) because I'm not sure of the permitted (or
>> useful) range of any of the parameters you are using here. I picked a
>> few at random and could easily get the same shared secret that Alice and
>> Bob get.
>>
>
> You can get the same shared secret easily because we've been
> discussing a broken scheme.
> I was thinking out loud when I proposed to do DH using fractals and
> Chris jumped onto that.
> He proposed a scheme in which he gave the secret directly to Eve.
> I 'improved' on that by proposing a scheme where Alice and Bob don't
> directly send the secret to Eve. Unfortunately, Eve can easily
> bruteforce the secret values in my proposed scheme (because I couldn't
> think of an equivalent of repeated squaring or double and add (which
> is used for elliptic curves)).
relatively expensive -- searching some large space. But it looks to me
as if Eve can just repeat the work that Alice does. This is based on
what the Python code seems to do.
> There is also another problem with that scheme, namely that of
> 'orbits'. If those occur than Eve can simply predict the outcome of
> the secret.
>
> Now Chris has come up with a different scheme which might work but
> which looks like a re-invention of
> https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf
> (section 6.1). But that is described in another subthread.
The code Chris posted seemed to have only one secret -- the integer a
(a and b for B).
> Maybe this clears things up.
floating around and some may well work.
I was commenting only on the posted Python code. That implies a scheme
that seems to offer no security and looks very different to the one
proposed in the paper you cite above.
--
Ben.
wizzofozz
Sep 2, 2015, 1:37:44 PM9/2/15
to
Ben Bacarisse <ben.u...@bsb.me.uk> wrote:
That's why I keep stressing the issue of 'repeated squaring' and 'double and add' which I wasn't able to do in the 'mandelbrot'-case.
That is what makes the work for Alice O(log(n)) and for Eve O(n) in other schemes (given a one-way function). That is why in this case Alice and Eve have to do the same work and why the scheme is broken.
The python example code was just there to illustrate the point of not directly giving the secret to Eve.
I admit that this has become a very long and fuzzy thread. Sorry for the confusion!
>
>> Now Chris has come up with a different scheme which might work but
>> which looks like a re-invention of
>> https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf
>> (section 6.1). But that is described in another subthread.
>
> That looks different because the things invented by A and B are pairs.
> The code Chris posted seemed to have only one secret -- the integer a
> (a and b for B).
>
No, in another subthread he introduces secret points for Alice and Bob (in addition to a and b).
> I was commenting only on the posted Python code. That implies a scheme
> that seems to offer no security and looks very different to the one
> proposed in the paper you cite above.
>
True, forget about the python code :-)
Ozz
> wizzofozz <wizz...@cuckoosnest.colo.transip.net> writes:
>
>> I was thinking out loud when I proposed to do DH using fractals and
>> Chris jumped onto that.
>> He proposed a scheme in which he gave the secret directly to Eve.
>> I 'improved' on that by proposing a scheme where Alice and Bob don't
>> directly send the secret to Eve. Unfortunately, Eve can easily
>> bruteforce the secret values in my proposed scheme (because I couldn't
>> think of an equivalent of repeated squaring or double and add (which
>> is used for elliptic curves)).
>
> I don't understand "brute-force" here. It usually means doing something
> relatively expensive -- searching some large space. But it looks to me
> as if Eve can just repeat the work that Alice does. This is based on
> what the Python code seems to do.
Ok, so we interpret brute-force differently. For me it's just searching (naively) the space of possible keys which happens to be not very large in this case.
>
>> I was thinking out loud when I proposed to do DH using fractals and
>> Chris jumped onto that.
>> He proposed a scheme in which he gave the secret directly to Eve.
>> I 'improved' on that by proposing a scheme where Alice and Bob don't
>> directly send the secret to Eve. Unfortunately, Eve can easily
>> bruteforce the secret values in my proposed scheme (because I couldn't
>> think of an equivalent of repeated squaring or double and add (which
>> is used for elliptic curves)).
>
> I don't understand "brute-force" here. It usually means doing something
> relatively expensive -- searching some large space. But it looks to me
> as if Eve can just repeat the work that Alice does. This is based on
> what the Python code seems to do.
That's why I keep stressing the issue of 'repeated squaring' and 'double and add' which I wasn't able to do in the 'mandelbrot'-case.
That is what makes the work for Alice O(log(n)) and for Eve O(n) in other schemes (given a one-way function). That is why in this case Alice and Eve have to do the same work and why the scheme is broken.
The python example code was just there to illustrate the point of not directly giving the secret to Eve.
I admit that this has become a very long and fuzzy thread. Sorry for the confusion!
>
>> Now Chris has come up with a different scheme which might work but
>> which looks like a re-invention of
>> https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf
>> (section 6.1). But that is described in another subthread.
>
> That looks different because the things invented by A and B are pairs.
> The code Chris posted seemed to have only one secret -- the integer a
> (a and b for B).
>
> I was commenting only on the posted Python code. That implies a scheme
> that seems to offer no security and looks very different to the one
> proposed in the paper you cite above.
>
Ozz
Richard Heathfield
Sep 2, 2015, 1:57:23 PM9/2/15
to
On 02/09/2015 18:35, wizzofozz wrote:
> Ben Bacarisse<ben.u...@bsb.me.uk> wrote:
<snip>
>> I don't understand "brute-force" here. It usually means doing something
>> relatively expensive -- searching some large space. But it looks to me
>> as if Eve can just repeat the work that Alice does. This is based on
>> what the Python code seems to do.
>
> Ok, so we interpret brute-force differently. For me it's just searching (naively) the space of possible keys
Right. Having said that, we can reasonably apply the term to a subset of
possible keys, provided that we make it clear that that's what we mean.
For example, a polyalphabetic substitution cipher (with ordered
alphabets) has infinitely many possible keys, but we might do a Kasiski
analysis and determine that the key length is either 6 or 12. We could
then say "so we'll brute-force the six-byte keyspace and see what
happens - if we don't get a result, then we'll take the key length as 12
and proceed in the classical manner".
> That is why in this case Alice and Eve have to do the same work and why the scheme is broken.
Given that Eve is determined to do this work anyway, one wonders why
Alice doesn't just hire her as a sub-contractor.
> Ben Bacarisse<ben.u...@bsb.me.uk> wrote:
<snip>
>> I don't understand "brute-force" here. It usually means doing something
>> relatively expensive -- searching some large space. But it looks to me
>> as if Eve can just repeat the work that Alice does. This is based on
>> what the Python code seems to do.
>
> Ok, so we interpret brute-force differently. For me it's just searching (naively) the space of possible keys
possible keys, provided that we make it clear that that's what we mean.
For example, a polyalphabetic substitution cipher (with ordered
alphabets) has infinitely many possible keys, but we might do a Kasiski
analysis and determine that the key length is either 6 or 12. We could
then say "so we'll brute-force the six-byte keyspace and see what
happens - if we don't get a result, then we'll take the key length as 12
and proceed in the classical manner".
> That is why in this case Alice and Eve have to do the same work and why the scheme is broken.
Alice doesn't just hire her as a sub-contractor.
Chris M. Thomasson
Sep 2, 2015, 2:23:48 PM9/2/15
to
>"kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>>Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>Now, I don't know how to go about cracking this. Eve has the points
>>(A), (B) and (C ),
>Here's how you go about breaking this.
>Forget everything about fractals and whatnot.
>Write:
>- A in terms of C and the secret values ap and a.
>- B in terms of C and the secret values bp and b.
>- ab = ba in terms of C and the secret values ap, bp, a and b.
>Stare at the three equations.
>Write down equation for ab in terms of A, B and C.
>The key is that the secret values ap, bp, a or b aren't important.
>The shared value ab = ba is the value that is important.
Thank you so much kg!
Okay before I try to crack it using your excellent logic, I
thought I would post some output from my program where Alice
iterates three times, and Bob two:
----------------------------------------------------
[0i]: z = (0.413932,0.387707), ir = 1
[1i]: z = (0.810792,0.317827), ir = 1.16667
[2i]: z = (1.89182,0.114769), ir = 1.33333
Bob computes a public point B
_________________________________
[0i]: z = (0.0820621,0.233165), ir = 1
[1i]: z = (0.0489396,0.176626), ir = 1.25
Alice computes a shared secret point ab
_________________________________
[0i]: z = (0.125512,0.146648), ir = 1
[1i]: z = (0.262377,0.137865), ir = 1.16667
[2i]: z = (0.635667,0.10964), ir = 1.33333
Bob computes a shared secret point ba
_________________________________
[0i]: z = (0.865378,0.0891787), ir = 1
[1i]: z = (0.635667,0.10964), ir = 1.25
C = (0.2,0.5)
a = 3
b = 2
ap = (-0.799,1)
bp = (-0.745555,0.5)
A = (1.89182,0.114769)
B = (0.0489396,0.176626)
ab = (0.635667,0.10964)
ba = (0.635667,0.10964)
________________
Completed!
----------------------------------------------------
Okay, not its time to think about your crack.
Thanks again.
:^D
>>Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>Now, I don't know how to go about cracking this. Eve has the points
>>(A), (B) and (C ),
>Here's how you go about breaking this.
>Forget everything about fractals and whatnot.
>Write:
>- A in terms of C and the secret values ap and a.
>- B in terms of C and the secret values bp and b.
>- ab = ba in terms of C and the secret values ap, bp, a and b.
>Stare at the three equations.
>Write down equation for ab in terms of A, B and C.
>The key is that the secret values ap, bp, a or b aren't important.
>The shared value ab = ba is the value that is important.
Okay before I try to crack it using your excellent logic, I
thought I would post some output from my program where Alice
iterates three times, and Bob two:
----------------------------------------------------
Alice computes a public point A
_________________________________
[0i]: z = (0.413932,0.387707), ir = 1
[1i]: z = (0.810792,0.317827), ir = 1.16667
[2i]: z = (1.89182,0.114769), ir = 1.33333
Bob computes a public point B
[0i]: z = (0.0820621,0.233165), ir = 1
[1i]: z = (0.0489396,0.176626), ir = 1.25
Alice computes a shared secret point ab
_________________________________
[0i]: z = (0.125512,0.146648), ir = 1
[1i]: z = (0.262377,0.137865), ir = 1.16667
[2i]: z = (0.635667,0.10964), ir = 1.33333
Bob computes a shared secret point ba
_________________________________
[0i]: z = (0.865378,0.0891787), ir = 1
[1i]: z = (0.635667,0.10964), ir = 1.25
C = (0.2,0.5)
a = 3
b = 2
ap = (-0.799,1)
bp = (-0.745555,0.5)
A = (1.89182,0.114769)
B = (0.0489396,0.176626)
ab = (0.635667,0.10964)
ba = (0.635667,0.10964)
________________
Completed!
----------------------------------------------------
Okay, not its time to think about your crack.
Thanks again.
:^D
Chris M. Thomasson
Sep 2, 2015, 2:26:23 PM9/2/15
to
OH SHIT!
I FORGOT to mention the FACT that I changed the (mbrot) function!
Here is the one I used for the output I just posted:
________________________________________________
z = z * std::cos(c1 * ir) * std::sin(c2 * ir);
std::cout << "ir = " << ir << "\r\n";
}
std::cout << "\r\n";
return z;
}
________________________________________________
Sorry about that TOTAL NON-SENSE!
;^o
I FORGOT to mention the FACT that I changed the (mbrot) function!
Here is the one I used for the output I just posted:
________________________________________________
complex_t
mbrot(
complex_t c0, // origin
complex_t c1,
complex_t c2,
unsigned int imax
){
complex_t z(c0);
for (unsigned int i = 0; i < imax; ++i)
{
double ir = 1.0 + i / ((double)imax) * 0.5;
mbrot(
complex_t c0, // origin
complex_t c1,
complex_t c2,
unsigned int imax
){
complex_t z(c0);
for (unsigned int i = 0; i < imax; ++i)
{
z = z * std::cos(c1 * ir) * std::sin(c2 * ir);
z = z * c1 * c2 * ir;
std::cout << "[" << i << "i]: z = " << z << ", ";
std::cout << "ir = " << ir << "\r\n";
}
std::cout << "\r\n";
return z;
}
________________________________________________
Sorry about that TOTAL NON-SENSE!
;^o
Chris M. Thomasson
Sep 2, 2015, 2:32:26 PM9/2/15
to
> "Chris M. Thomasson" wrote in message
> news:ms7ere$fjk$1...@speranza.aioe.org...
> >"kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
[...]
> Okay, not its time to think about your crack.
> Thanks again.
Ummm, that should read as:
Okay, NOW IT IS TIME to think about your crack.
Wow, all this math is making me go off into deep thought land way too much.
I need to calm down and FOCUS!!!
Sorry everybody.
;^(
> news:ms7ere$fjk$1...@speranza.aioe.org...
> >"kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
> Okay, not its time to think about your crack.
> Thanks again.
Okay, NOW IT IS TIME to think about your crack.
Wow, all this math is making me go off into deep thought land way too much.
I need to calm down and FOCUS!!!
Sorry everybody.
;^(
Richard Heathfield
Sep 2, 2015, 2:43:26 PM9/2/15
to
On 02/09/2015 19:32, Chris M. Thomasson wrote:
>> "Chris M. Thomasson" wrote in message
>> news:ms7ere$fjk$1...@speranza.aioe.org...
>
>> >"kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>
> [...]
>
>> Okay, not its time to think about your crack.
>
>> Thanks again.
>
> Ummm, that should read as:
>
> Okay, NOW IT IS TIME to think about your crack.
We, er, figured that out for ourselves. :-)
>> "Chris M. Thomasson" wrote in message
>> news:ms7ere$fjk$1...@speranza.aioe.org...
>
>> >"kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>
> [...]
>
>> Okay, not its time to think about your crack.
>
>> Thanks again.
>
> Ummm, that should read as:
>
> Okay, NOW IT IS TIME to think about your crack.
By the way, there's no need to shout. We can read lower case perfectly
well. You can get away with, perhaps, one shout every ten or twelve
posts. More than that is... well, too loud.
>
> Wow, all this math is making me go off into deep thought land way too much.
>
> I need to calm down and FOCUS!!!
"Multiple exclamation marks," he went on, shaking his head, "are a sure
sign of a diseased mind." - Terry Pratchett, in "Eric".
+++++++++
But... after saying all that, I should add a certain amount of
admiration for the way you're attacking your own algorithm, seeking
other people's help in attacking it, co-operating with them, discussing
it with them, listening to them, learning from them, searching out the
weaknesses of your cryptosystem - that's *exactly* the right attitude
for a cryptographer. If I were marking you (which I'm not), I'd
definitely give you 100% for attitude.
kg
Sep 2, 2015, 2:51:50 PM9/2/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
>I FORGOT to mention the FACT that I changed the (mbrot) function!
Don't worry.
It doesn't matter.
--
kg
Chris M. Thomasson
Sep 2, 2015, 2:54:21 PM9/2/15
to
>"kg" wrote in message news:ms7gg4$b9v$1...@orkan.itea.ntnu.no...
Okay, what I get from that is that it is cracked, and that’s that.
Now, I have to learn, and write a program for myself, that demonstrates the
crack.
Thanks again kg.
:^)
Now, I have to learn, and write a program for myself, that demonstrates the
crack.
Thanks again kg.
:^)
Chris M. Thomasson
Sep 2, 2015, 3:01:28 PM9/2/15
to
> "Richard Heathfield" wrote in message
> news:erHFx.538687$cf5.3...@fx08.am4...
> > On 02/09/2015 19:32, Chris M. Thomasson wrote:
[...]
> We, er, figured that out for ourselves. :-)
> By the way, there's no need to shout.
Sorry about that. I think I may have succumb to a bit of "engineers disease"
today.
;^o
> news:erHFx.538687$cf5.3...@fx08.am4...
> > On 02/09/2015 19:32, Chris M. Thomasson wrote:
> > Ummm, that should read as:
> >
> > Okay, NOW IT IS TIME to think about your crack. [from kg]
> >
> We, er, figured that out for ourselves. :-)
> By the way, there's no need to shout.
today.
;^o
Chris M. Thomasson
Sep 2, 2015, 3:49:47 PM9/2/15
to
> "wizzofozz" wrote in message news:ms77q2$dnb$1...@dont-email.me...
[...]
> Now Chris has come up with a different scheme which might work but
> which looks like a re-invention of
> https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf
Its very close. AFAICT, too close to be called any sort of invention.
Humm...
[...]
> Now Chris has come up with a different scheme which might work but
> which looks like a re-invention of
> https://www.kth.se/social/files/5504b42ff276543e4aa5f5a1/An_introduction_to_the_Mandelbrot_Set.pdf
Humm...
Chris M. Thomasson
Sep 2, 2015, 4:28:29 PM9/2/15
to
> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> >Now, I don't know how to go about cracking this. Eve has the points
> >(A), (B) and (C ),
> Here's how you go about breaking this.
>
> Forget everything about fractals and whatnot.
> Write:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
I reduced it to the following equations:
__________________________
A = C * C * ap
B = C * C * bp
ab = B * C * ap
ba = A * C * bp
__________________________
Time to solve.
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> >Now, I don't know how to go about cracking this. Eve has the points
> >(A), (B) and (C ),
> Here's how you go about breaking this.
>
> Forget everything about fractals and whatnot.
> Write:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
__________________________
A = C * C * ap
B = C * C * bp
ab = B * C * ap
ba = A * C * bp
__________________________
Time to solve.
Chris M. Thomasson
Sep 2, 2015, 4:32:41 PM9/2/15
to
> > > "Chris M. Thomasson" wrote in message
> > > news:ms7m56$1lf$1...@speranza.aioe.org...
> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> >Now, I don't know how to go about cracking this. Eve has the points (A),
> >(B) and (C ),
> Here's how you go about breaking this.
>
> Forget everything about fractals and whatnot.
> Write:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
> > > I reduced it to the following equations:
FWIW, here is the output:
-----------------------------------------------------------------
Alice computes a public point A
_________________________________
[0i]: z = (-0.03221,-0.3698),
Bob computes a public point B
_________________________________
[0i]: z = (0.0565665,-0.254111),
Alice computes a shared secret point ab
_________________________________
[0i]: z = (-0.0880178,0.156377),
_________________________________
Bob computes a shared secret point ba
_________________________________
[0i]: z = (-0.0880178,0.156377),
_________________________________
C = (0.2,0.5)
a = 1
b = 1
ap = (-0.799,1)
bp = (-0.745555,0.5)
B = (0.0565665,-0.254111)
ab = (-0.0880178,0.156377)
ba = (-0.0880178,0.156377)
-----------------------------------------------------------------
Completed!
Chris M. Thomasson
Sep 2, 2015, 4:45:01 PM9/2/15
to
> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> >Now, I don't know how to go about cracking this. Eve has the points (A),
> >(B) and (C ),
> Here's how you go about breaking this.
>
> Forget everything about fractals and whatnot.
> Write:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
A = C * C * AP
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> >Now, I don't know how to go about cracking this. Eve has the points (A),
> >(B) and (C ),
> Here's how you go about breaking this.
>
> Forget everything about fractals and whatnot.
> Write:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
S = B * C * AP
AP = S / (B * C)
In order for Eve to get AP, she would have to know S, which means she would
have to know AP ahead of time?
Humm... I hope I am making some bone headed mistake here.
:^o
Chris M. Thomasson
Sep 2, 2015, 4:54:54 PM9/2/15
to
> "Chris M. Thomasson" wrote in message
> news:ms7n46$46c$1...@speranza.aioe.org...
[...]
> A = C * C * AP
> S = B * C * AP
> AP = S / (B * C)
Eve could try to factor A and perhaps get a hit on AP?
> S = B * C * AP
> AP = S / (B * C)
Humm...
Chris M. Thomasson
Sep 2, 2015, 5:03:32 PM9/2/15
to
> "Chris M. Thomasson" wrote in message
> news:ms7md4$29c$1...@speranza.aioe.org...
[...]
The output assumes Eve gets a little bit lucky wrt Alice and Bob both
choosing to iterate
the formula a single time.
Rich
Sep 2, 2015, 7:26:54 PM9/2/15
to
interested in learning how to better interact with others in the world
at large.
Sadly, not only do I rather expect he is ignoring this thread, but he
will refuse to learn from it even if he were to be reading it.
kg
Sep 3, 2015, 3:03:15 AM9/3/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
>> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>
>> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>> >Now, I don't know how to go about cracking this. Eve has the points (A),
>> >(B) and (C ),
>
>> Here's how you go about breaking this.
>>
>> Forget everything about fractals and whatnot.
>
>> Write:
>
>> - A in terms of C and the secret values ap and a.
>> - B in terms of C and the secret values bp and b.
>> - ab = ba in terms of C and the secret values ap, bp, a and b.
>
>A = C * C * AP
>S = B * C * AP
>AP = S / (B * C)
You aren't following the instructions. :-)
>> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>
>> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>> >Now, I don't know how to go about cracking this. Eve has the points (A),
>> >(B) and (C ),
>
>> Here's how you go about breaking this.
>>
>> Forget everything about fractals and whatnot.
>
>> Write:
>
>> - A in terms of C and the secret values ap and a.
>> - B in terms of C and the secret values bp and b.
>> - ab = ba in terms of C and the secret values ap, bp, a and b.
>
>A = C * C * AP
>S = B * C * AP
>AP = S / (B * C)
Write out the equation for B as well.
Somehow get rid of the B in the equation for S.
Then stare.
Remember, only the shared secret (ab or ba or now S) is interesting.
It's an interesting exercise for you to also consider the case where a
or b is greater than 1.
--
kg
wizzofozz
Sep 3, 2015, 1:06:01 PM9/3/15
to
kg <kristi...@math.ntnu.no> wrote:
> Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>>
>>> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> >Now, I don't know how to go about cracking this. Eve has the points (A),
>>> >(B) and (C ),
>>
>>> Here's how you go about breaking this.
>>>
>>> Forget everything about fractals and whatnot.
>>
>>> Write:
>>
>>> - A in terms of C and the secret values ap and a.
>>> - B in terms of C and the secret values bp and b.
>>> - ab = ba in terms of C and the secret values ap, bp, a and b.
>>
>>A = C * C * AP
>>S = B * C * AP
>>AP = S / (B * C)
>
> You aren't following the instructions. :-)
>
I tried to follow the instructions and I get S=A*B/C. Unfortunately (in case my equation is correct) for Alice and Bob, A,B and C are all public.
> Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
>>
>>> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> >Now, I don't know how to go about cracking this. Eve has the points (A),
>>> >(B) and (C ),
>>
>>> Here's how you go about breaking this.
>>>
>>> Forget everything about fractals and whatnot.
>>
>>> Write:
>>
>>> - A in terms of C and the secret values ap and a.
>>> - B in terms of C and the secret values bp and b.
>>> - ab = ba in terms of C and the secret values ap, bp, a and b.
>>
>>A = C * C * AP
>>S = B * C * AP
>>AP = S / (B * C)
>
> You aren't following the instructions. :-)
>
I checked he equation against the two examples given by Chris and for these the equation holds.
For example:
C=complex(0.2,0.5)
ab = (0.635667,0.10964)
ba = (0.635667,0.10964)
A = complex(1.89182,0.114769)
ba = (0.635667,0.10964)
B = complex(0.0489396,0.176626)
(A*B)/C ---> (0.6356669623165517+0.10963933557062071j)
>
> It's an interesting exercise for you to also consider the case where a
> or b is greater than 1.
>
How did you know this kg? Did you recognize some pattern or did you find out by doing the writing out of the equations?
Ozz
kg
Sep 3, 2015, 1:46:02 PM9/3/15
to
wizzofozz <wizz...@cuckoosnest.colo.transip.net> wrote:
>I tried to follow the instructions and I get S=A*B/C. Unfortunately (in case my equation is correct) for Alice and Bob, A,B and C are all public.
Excellent! Well done! Alice and Bob have lost.
>I tried to follow the instructions and I get S=A*B/C. Unfortunately (in case my equation is correct) for Alice and Bob, A,B and C are all public.
>How did you know this kg? Did you recognize some pattern or did you find out by doing the writing out of the equations?
At which point it is obvious.
Equations trump code for analysis, any day.
--
kg
Chris M. Thomasson
Sep 3, 2015, 4:43:02 PM9/3/15
to
>"kg" wrote in message news:ms8rbh$a3f$1...@orkan.itea.ntnu.no...
>>Chris M. Thomasson <nos...@nospam.nospam> wrote:
[...]
Anyway, I decided to use some simple integers for clarity, so here is the
correct output
derived from Wizzofozz's answer where (EVE = A * B / C):
___________________________________________________
C = 5
a = 1
b = 1
ap = 2
bp = 3
Alice's point (A) iteration...
[0](z = z * c1 * c2)->(50 = 5 * 5 * 2) = 50
Bob's point (B) iteration...
[0](z = z * c1 * c2)->(75 = 5 * 5 * 3) = 75
Alice's point (ab) iteration...
[0](z = z * c1 * c2)->(750 = 75 * 5 * 2) = 750
Bob's point (ba) iteration...
[0](z = z * c1 * c2)->(750 = 50 * 5 * 3) = 750
(A = C * C * ap)->(50 = 5 * 5 * 2) = 50
(B = C * C * bp)->(75 = 5 * 5 * 3) = 75
(ab = B * C * ap)->(750 = 75 * 5 * 2) = 750
(ba = A * C * bp)->(750 = 50 * 5 * 3) = 750
(EVE = A * B / C)->(750 = 50 * 75 / 5) = 750
(AP = EVE / (B * C))->(2 = 750 / (75 * 5)) = 2
(BP = EVE / (A * C))->(3 = 750 / (50 * 5)) = 3
(ab = ba = EVE)->(750 = 750 = 750)
___________________________________________________
Now I need to explore different iteration counts between
Alice and Bob.
>>Chris M. Thomasson <nos...@nospam.nospam> wrote:
> - A in terms of C and the secret values ap and a.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
> - B in terms of C and the secret values bp and b.
> - ab = ba in terms of C and the secret values ap, bp, a and b.
>You aren't following the instructions. :-)
DOH! ;^(
Anyway, I decided to use some simple integers for clarity, so here is the
correct output
derived from Wizzofozz's answer where (EVE = A * B / C):
___________________________________________________
C = 5
a = 1
b = 1
bp = 3
Alice's point (A) iteration...
[0](z = z * c1 * c2)->(50 = 5 * 5 * 2) = 50
Bob's point (B) iteration...
[0](z = z * c1 * c2)->(75 = 5 * 5 * 3) = 75
Alice's point (ab) iteration...
[0](z = z * c1 * c2)->(750 = 75 * 5 * 2) = 750
Bob's point (ba) iteration...
[0](z = z * c1 * c2)->(750 = 50 * 5 * 3) = 750
(A = C * C * ap)->(50 = 5 * 5 * 2) = 50
(B = C * C * bp)->(75 = 5 * 5 * 3) = 75
(ab = B * C * ap)->(750 = 75 * 5 * 2) = 750
(ba = A * C * bp)->(750 = 50 * 5 * 3) = 750
(EVE = A * B / C)->(750 = 50 * 75 / 5) = 750
(AP = EVE / (B * C))->(2 = 750 / (75 * 5)) = 2
(BP = EVE / (A * C))->(3 = 750 / (50 * 5)) = 3
(ab = ba = EVE)->(750 = 750 = 750)
___________________________________________________
Now I need to explore different iteration counts between
Alice and Bob.
Chris M. Thomasson
Sep 3, 2015, 5:16:54 PM9/3/15
to
>"wizzofozz" wrote in message news:ms9ui8$1b8$1...@dont-email.me...
[...]
increaces,
and Bob's stays the same at one.
BTW, the AP (prediction of ap) is way off: 2000 instead of 2.
_______________________________________________________
C = 5
a = 4
[2](z = z * c1 * c2)->(5000 = 500 * 5 * 2) = 5000
[3](z = z * c1 * c2)->(50000 = 5000 * 5 * 2) = 50000
Bob's point (B) iteration...
[0](z = z * c1 * c2)->(75 = 5 * 5 * 3) = 75
Alice's point (ab) iteration...
[0](z = z * c1 * c2)->(750 = 75 * 5 * 2) = 750
[1](z = z * c1 * c2)->(7500 = 750 * 5 * 2) = 7500
[2](z = z * c1 * c2)->(75000 = 7500 * 5 * 2) = 75000
[3](z = z * c1 * c2)->(750000 = 75000 * 5 * 2) = 750000
Bob's point (ba) iteration...
[0](z = z * c1 * c2)->(750000 = 50000 * 5 * 3) = 750000
(A = C * C * ap)->(50000 = 5 * 5 * 2) = 50000
(ba = A * C * bp)->(750000 = 50000 * 5 * 3) = 750000
(EVE = A * B / C)->(750000 = 50000 * 75 / 5) = 750000
(AP = EVE / (B * C))->(2000 = 750000 / (75 * 5)) = 2000
(BP = EVE / (A * C))->(3 = 750000 / (50000 * 5)) = 3
(ab = ba = EVE)->(750000 = 750000 = 750000)
_______________________________________________________
Trying to find AP sounds interesting to me.
[...]
[...]
>> It's an interesting exercise for you to also consider the case where a
>> or b is greater than 1.
>
> Will try that too (by writing out).
FWIW, your correct anwser holds for EVE as Alice's iteration count
>> or b is greater than 1.
>
> Will try that too (by writing out).
increaces,
and Bob's stays the same at one.
BTW, the AP (prediction of ap) is way off: 2000 instead of 2.
_______________________________________________________
C = 5
a = 4
b = 1
ap = 2
bp = 3
Alice's point (A) iteration...
[0](z = z * c1 * c2)->(50 = 5 * 5 * 2) = 50
[1](z = z * c1 * c2)->(500 = 50 * 5 * 2) = 500
ap = 2
bp = 3
Alice's point (A) iteration...
[0](z = z * c1 * c2)->(50 = 5 * 5 * 2) = 50
[2](z = z * c1 * c2)->(5000 = 500 * 5 * 2) = 5000
[3](z = z * c1 * c2)->(50000 = 5000 * 5 * 2) = 50000
Bob's point (B) iteration...
[0](z = z * c1 * c2)->(75 = 5 * 5 * 3) = 75
Alice's point (ab) iteration...
[0](z = z * c1 * c2)->(750 = 75 * 5 * 2) = 750
[2](z = z * c1 * c2)->(75000 = 7500 * 5 * 2) = 75000
[3](z = z * c1 * c2)->(750000 = 75000 * 5 * 2) = 750000
Bob's point (ba) iteration...
(A = C * C * ap)->(50000 = 5 * 5 * 2) = 50000
(B = C * C * bp)->(75 = 5 * 5 * 3) = 75
(ab = B * C * ap)->(750000 = 75 * 5 * 2) = 750000
(ba = A * C * bp)->(750000 = 50000 * 5 * 3) = 750000
(EVE = A * B / C)->(750000 = 50000 * 75 / 5) = 750000
(AP = EVE / (B * C))->(2000 = 750000 / (75 * 5)) = 2000
(BP = EVE / (A * C))->(3 = 750000 / (50000 * 5)) = 3
(ab = ba = EVE)->(750000 = 750000 = 750000)
_______________________________________________________
Trying to find AP sounds interesting to me.
[...]
Chris M. Thomasson
Sep 3, 2015, 5:31:45 PM9/3/15
to
> "Chris M. Thomasson" wrote in message
> >"wizzofozz" wrote in message news:ms9ui8$1b8$1...@dont-email.me...
> >>kg <kristi...@math.ntnu.no> wrote:
> >>> Chris M. Thomasson <nos...@nospam.nospam> wrote:
> [...]
> >> It's an interesting exercise for you to also consider the case where a
> >> or b is greater than 1.
> >
> > Will try that too (by writing out).
> FWIW, your correct anwser holds for EVE as Alice's iteration count
> increaces,
> and Bob's stays the same at one.
Anyway, the answer for EVE holds no matter what (a, b) Alice and Bob happen
to choose.
wizzofozz
Sep 3, 2015, 6:09:17 PM9/3/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
> derived from Wizzofozz's answer where (EVE = A * B / C):
Of course credits go to kg for pointing this out in the first place and telling us how to solve.
> derived from Wizzofozz's answer where (EVE = A * B / C):
Ozz
Chris M. Thomasson
Sep 3, 2015, 7:10:08 PM9/3/15
to
> > > "kg" wrote in message news:ms6lca$ecb$2...@orkan.itea.ntnu.no...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
[...]
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
> > I reduced it to the following equations:
> > __________________________
> > A = C * C * ap
> > B = C * C * bp
> > ab = B * C * ap
> > ba = A * C * bp
> > __________________________
> > Time to solve.
I just noticed that given:
> > __________________________
> > A = C * C * ap
> > B = C * C * bp
> > ab = B * C * ap
> > ba = A * C * bp
> > __________________________
> > Time to solve.
EVE = A * B / C
AP = EVE / (B * C)
BP = EVE / (A * C)
then:
A / B = AP / BP
This holds for different values of a, b, ap and bp respectively.
This should be able to help Eve figure out the points ap and bp?
Chris M. Thomasson
Sep 3, 2015, 7:10:30 PM9/3/15
to
> "wizzofozz" wrote in message news:msagas$8dh$1...@dont-email.me...
I second that.
Chris M. Thomasson
Sep 3, 2015, 7:47:05 PM9/3/15
to
> "Chris M. Thomasson" wrote in message
> news:msak0c$qqh$1...@speranza.aioe.org...
[...]
> A / B = AP / BP
[...]
FWIW, here is some output demonstrating (A / B = AP / BP):
________________________________________________________________
C = 2
a = 8
b = 3
ap = 3
bp = 2
Alice's point (A) iteration...
[1](z = z * c1 * c2)->(72 = 12 * 2 * 3) = 72
[2](z = z * c1 * c2)->(432 = 72 * 2 * 3) = 432
[3](z = z * c1 * c2)->(2592 = 432 * 2 * 3) = 2592
[4](z = z * c1 * c2)->(15552 = 2592 * 2 * 3) = 15552
[5](z = z * c1 * c2)->(93312 = 15552 * 2 * 3) = 93312
[6](z = z * c1 * c2)->(559872 = 93312 * 2 * 3) = 559872
[7](z = z * c1 * c2)->(3359232 = 559872 * 2 * 3) = 3359232
Bob's point (B) iteration...
[1](z = z * c1 * c2)->(32 = 8 * 2 * 2) = 32
[2](z = z * c1 * c2)->(128 = 32 * 2 * 2) = 128
Alice's point (ab) iteration...
[1](z = z * c1 * c2)->(4608 = 768 * 2 * 3) = 4608
[2](z = z * c1 * c2)->(27648 = 4608 * 2 * 3) = 27648
[3](z = z * c1 * c2)->(165888 = 27648 * 2 * 3) = 165888
[4](z = z * c1 * c2)->(995328 = 165888 * 2 * 3) = 995328
[5](z = z * c1 * c2)->(5971968 = 995328 * 2 * 3) = 5971968
[6](z = z * c1 * c2)->(35831808 = 5971968 * 2 * 3) = 35831808
[7](z = z * c1 * c2)->(214990848 = 35831808 * 2 * 3) = 214990848
Bob's point (ba) iteration...
[1](z = z * c1 * c2)->(53747712 = 13436928 * 2 * 2) = 53747712
[2](z = z * c1 * c2)->(214990848 = 53747712 * 2 * 2) = 214990848
A = 3359232
B = 128
ab = 214990848
ba = 214990848
EVE = 214990848
AP = 839808
BP = 32
(A / B = AP / BP)->(3359232 / 128 = 839808 / 32) = (26244 = 26244)
(ab = ba = EVE)->(214990848 = 214990848 = 214990848)
________________________________________________________________
Any thoughts?
wizzofozz
Sep 4, 2015, 1:15:05 PM9/4/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
>> "Chris M. Thomasson" wrote in message
>> news:msak0c$qqh$1...@speranza.aioe.org...
>
> Any thoughts?
>> news:msak0c$qqh$1...@speranza.aioe.org...
>
>
It depends on what you are trying to do. Remember, as kg already pointed out, that when Eve knows the shared secret, she's done.
She doesn't need to find AP or any other secret value Alice or Bob have made up.
So you can continue your search for an equation for the secret values of Alice and Bob, but Eve wouldn't be interested anyway.
Maybe it's better to concentrate on the paper for your encryption scheme or refine the Diffie-Hellman thing. Or investigate whether the cited articles suffer from the same flaw, and if not, why not (your scheme looked pretty close to the last paper I cited).
Cheers,
Ozz
Chris M. Thomasson
Sep 4, 2015, 6:04:25 PM9/4/15
to
> "wizzofozz" wrote in message news:mscjf7$7r6$1...@dont-email.me...
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> "Chris M. Thomasson" wrote in message
>>> news:msak0c$qqh$1...@speranza.aioe.org...
> >
> > Any thoughts?
> It depends on what you are trying to do. Remember, as kg already
> pointed out, that when Eve knows the shared secret, she's done.
> She doesn't need to find AP or any other secret value Alice or
> Bob have made up. So you can continue your search for an equation
> for the secret values of Alice and Bob, but Eve wouldn't be interested
> anyway.
Agreed.
> Maybe it's better to concentrate on the paper for your encryption
> scheme or refine the Diffie-Hellman thing. Or investigate whether the
> cited articles suffer from the same flaw, and if not, why not (your
> scheme looked pretty close to the last paper I cited).
Agreed. I got side tracked with Eve somehow being interested in the private
numbers from Alice and Bob. She just might want to know in order to gain a
database of their personal choices that might help “fast track” certain
aspect's
of a future attack... Is that line of thought total non-sense?
WRT the paper you cited, can you get an iteration that happens to reproduce
the
numbers for A and B used as the example exchange between Alice and Bob? Or
at
least something that really close to them?
WRT my paper, well, here is an example of my writing style:
http://webpages.charter.net/appcore/vzoom/round-1.pdf
http://webpages.charter.net/appcore/vzoom/round-2.pdf
I hope this is not total crap wrt style and content! ;^)
Diagram style:
http://webpages.charter.net/appcore/vzoom/msgsys.pdf
http://fractallife247.deviantart.com/art/Steep-Peaks-489072708
http://fractallife247.deviantart.com/art/9-Space-EquipGrav-Field-471731047
Equation style:
http://webpages.charter.net/appcore/fractal/ttr/circle_isect/circle_isect_draft.pdf
If you see a way that could help me improve, please tell me about it.
Thanks.
> > Chris M. Thomasson <nos...@nospam.nospam> wrote:
>>> "Chris M. Thomasson" wrote in message
>>> news:msak0c$qqh$1...@speranza.aioe.org...
> >
> > Any thoughts?
> It depends on what you are trying to do. Remember, as kg already
> pointed out, that when Eve knows the shared secret, she's done.
> She doesn't need to find AP or any other secret value Alice or
> Bob have made up. So you can continue your search for an equation
> for the secret values of Alice and Bob, but Eve wouldn't be interested
> anyway.
> Maybe it's better to concentrate on the paper for your encryption
> scheme or refine the Diffie-Hellman thing. Or investigate whether the
> cited articles suffer from the same flaw, and if not, why not (your
> scheme looked pretty close to the last paper I cited).
numbers from Alice and Bob. She just might want to know in order to gain a
database of their personal choices that might help “fast track” certain
aspect's
of a future attack... Is that line of thought total non-sense?
WRT the paper you cited, can you get an iteration that happens to reproduce
the
numbers for A and B used as the example exchange between Alice and Bob? Or
at
least something that really close to them?
WRT my paper, well, here is an example of my writing style:
http://webpages.charter.net/appcore/vzoom/round-1.pdf
http://webpages.charter.net/appcore/vzoom/round-2.pdf
I hope this is not total crap wrt style and content! ;^)
Diagram style:
http://webpages.charter.net/appcore/vzoom/msgsys.pdf
http://fractallife247.deviantart.com/art/Steep-Peaks-489072708
http://fractallife247.deviantart.com/art/9-Space-EquipGrav-Field-471731047
Equation style:
http://webpages.charter.net/appcore/fractal/ttr/circle_isect/circle_isect_draft.pdf
If you see a way that could help me improve, please tell me about it.
Thanks.
Chris M. Thomasson
Sep 4, 2015, 6:41:56 PM9/4/15
to
> "Chris M. Thomasson" wrote in message
> news:msd4h5$utl$1...@speranza.aioe.org...
[...]
> WRT my paper, well, here is an example of my writing style:
> http://webpages.charter.net/appcore/vzoom/round-1.pdf
https://groups.google.com/d/msg/comp.arch/9mSU7gk-yd0/RWTR_Y2B-I4J
https://groups.google.com/d/msg/comp.arch/TJdEHWcE2KE/Sz6ddMnm87wJ
;^)
kg
Sep 5, 2015, 2:49:08 AM9/5/15
to
Chris M. Thomasson <nos...@nospam.nospam> wrote:
>[...] Eve somehow being interested in the private
>numbers from Alice and Bob. She just might want to know in order to gain a
>database of their personal choices that might help “fast track” certain
>aspect's
>of a future attack... Is that line of thought total non-sense?
Remember, in the real world, crypto is done by computers. The computers
>database of their personal choices that might help “fast track” certain
>aspect's
>of a future attack... Is that line of thought total non-sense?
would choose random numbers according to some predetermined distribution
(usually uniform, but other distributions have been used).
So finding Alice's and Bob's random choices would not be interesting.
In theory, one can of course find scenarios where it could be
interesting. For instance, finding their pseudo-random choices could be
a stepping-stone to recovering their pseudo-random generator's state,
which could allow for more powerful attacks, but that's in theory only,
since we design systems to be secure against such attacks.
--
kg
Chris M. Thomasson
Sep 9, 2015, 4:43:21 PM9/9/15
to
> "kg" wrote in message news:mse391$p22$1...@orkan.itea.ntnu.no...
[...]
Let us assume that Eve is very smart, and has access to several super
computers...
;^)
[...]
> Remember, in the real world, crypto is done by computers.
I am trying to think of Eve as some sort of intelligent super computer.
Let us assume that Eve is very smart, and has access to several super
computers...
;^)
Chris M. Thomasson
Sep 9, 2015, 4:58:25 PM9/9/15
to
> "Chris M. Thomasson" wrote in message
> news:msadb2$at2$1...@speranza.aioe.org...
[...]
SON OF A BITC%!
I made an massive error in the standard output functions!
> (ab = B * C * ap)->(750000 = 75 * 5 * 2) = 750000
functions for the results have an error!
;^/
Chris M. Thomasson
Sep 11, 2015, 12:46:40 AM9/11/15
to
> "Chris M. Thomasson" wrote in message
> news:msam5m$vd8$1...@speranza.aioe.org... [...]
> FWIW, here is some output demonstrating (A / B = AP / BP):
________________________________________________________________
>
> Alice's point (ab) iteration...
> [0](z = z * c1 * c2)->(768 = 128 * 2 * 3) = 768
> [1](z = z * c1 * c2)->(4608 = 768 * 2 * 3) = 4608
> [2](z = z * c1 * c2)->(27648 = 4608 * 2 * 3) = 27648
> [3](z = z * c1 * c2)->(165888 = 27648 * 2 * 3) = 165888
> [4](z = z * c1 * c2)->(995328 = 165888 * 2 * 3) = 995328
> [5](z = z * c1 * c2)->(5971968 = 995328 * 2 * 3) = 5971968
> [6](z = z * c1 * c2)->(35831808 = 5971968 * 2 * 3) = 35831808
> [7](z = z * c1 * c2)->(214990848 = 35831808 * 2 * 3) = 214990848
> ________________________________________________________________
> [0](z = z * c1 * c2)->(768 = 128 * 2 * 3) = 768
> [1](z = z * c1 * c2)->(4608 = 768 * 2 * 3) = 4608
> [2](z = z * c1 * c2)->(27648 = 4608 * 2 * 3) = 27648
> [3](z = z * c1 * c2)->(165888 = 27648 * 2 * 3) = 165888
> [4](z = z * c1 * c2)->(995328 = 165888 * 2 * 3) = 995328
> [5](z = z * c1 * c2)->(5971968 = 995328 * 2 * 3) = 5971968
> [6](z = z * c1 * c2)->(35831808 = 5971968 * 2 * 3) = 35831808
> [7](z = z * c1 * c2)->(214990848 = 35831808 * 2 * 3) = 214990848
Reduced equation for the iterative sequence above:
eve_ab[n] = B * 6^n
Chris M. Thomasson
Sep 11, 2015, 1:11:49 AM9/11/15
to
> "Chris M. Thomasson" wrote in message
> news:mstmbd$ds1$1...@speranza.aioe.org...
[...]
> [0](z = z * c1 * c2)->(768 = 128 * 2 * 3) = 768
> [1](z = z * c1 * c2)->(4608 = 768 * 2 * 3) = 4608
> [2](z = z * c1 * c2)->(27648 = 4608 * 2 * 3) = 27648
>
> [1](z = z * c1 * c2)->(4608 = 768 * 2 * 3) = 4608
> [2](z = z * c1 * c2)->(27648 = 4608 * 2 * 3) = 27648
>
> eve_ab[n] = B * 6^n
Well, with index zero, it would be better to write this as:
eve_ab[n] = B * 6^(n+1)
eve_ab[0] = 128 * 6^1 = 768
eve_ab[1] = 128 * 6^2 = 4608
eve_ab[2] = 128 * 6^3 = 27648
That’s better.
0 new messages