Public key encryption in Javascript?
adv...@my-deja.com
is simple enough to implement in javascript. No need for key
generation. I don't even think we need decryption in javascript.
I've looked around at various crypto libraries and they make my head
swim. Then I think about implementing them in braindead-slow
javascript...
All my work is opensource/GPL.
Can anyone point me in a helpful direction?
John
Sent via Deja.com http://www.deja.com/
Before you buy.
Paul Rubin
> I believe there is a distinct need for an encryption suite which
> supports key exchange and for which the source code can be directly
> inspected by the parties.
If the parties don't trust each other, it doesn't matter whether the
encryption is any good. The party at the other end of a connection
can misuse the information regardless of whether the connection is secure.
William A. McKee
i'll send you a copy for free.
Cheers,
Will.
--
William A. McKee <wam...@msn.com>
http://www.cjkware.com/wamckee/
Asia Communications Quebec Inc.
http://www.cjkware.com/
"We're starfleet: weirdness is part of the job." - Janeway
"I have seen things I cannot deny." - Scully
PGP public key at http://www.cjkware.com/wamckee/pgp/
Finger Print: F5B8 6251 050C 7595 6A84 6C37 6041 4258 1116 2FF2
"We need your help... " - http://www.distributed.net/
<adv...@my-deja.com> wrote in message news:901fjf$lvm$1...@nnrp1.deja.com...
John Bailey
>Hi. I'm looking for a public key (asymetric) encryption algorythm which
>is simple enough to implement in javascript. No need for key
>generation. I don't even think we need decryption in javascript.
>
>I've looked around at various crypto libraries and they make my head
>swim. Then I think about implementing them in braindead-slow
>javascript...
Have a look at the source code behind:
http://www.frontiernet.net/~jmb184/interests/sci.crypt/small_num_expont.html
which impliments modular exponentiation in javascript
also
http://www.frontiernet.net/~jmb184/interests/sci.crypt/old_trunk/
which contain skeletal code for all public key functions (RSA like)
The problem with javascript is finding a way to use sufficiently long
numbers. I have considered trying to use a chinese remainder theorem
apporach to extend the number size of javascript but never got around
to it.
On a totally different tack, consider US Patent 4306111:
http://www.delphion.com/details?&pn=US04306111__ which is a simplified
knapsack
(quoting the patent summary)
public encryption key (c1, c2, r) in which r is the product of two
relatively prime numbers, and in which c1 and r, as well as c2 and r,
are relatively prime numbers, is used in an encryption algorithm x=c1
m1 +c2 m2 (mod r). The decryption algorithm will be equivalent to
solving simultaneous linear equations derived from the encryption
algorithm. Thus, both encrypting and decrypting are quite simplified
while still maintaining a high degree of security.
(end quote)
This one is probably flawed. A quick scan does not readily reveal why
its authors consider it immune from a straightforward application of
Euclid's algorithm.
I believe there is a distinct need for an encryption suite which
supports key exchange and for which the source code can be directly
inspected by the parties. There should be no more than slight
compromise on security level but it would be okay to restrict the
range of input to numbers only. Your post implied one other
compromise: encrypt only (eg use a larger system to decrypt) That
might be useful in some circumstances--eg key exchange with a
trustworth server.
John
John
adv...@my-deja.com
> Have a look at the source code behind:
>
http://www.frontiernet.net/~jmb184/interests/sci.crypt/small_num_expont.
html
> which impliments modular exponentiation in javascript
Thanks... This is very interesting and fun... I'm not sure it's useful,
but it is fun!
j
John Bailey
wrote:
>jmb...@frontiernet.net (John Bailey) writes:
>> I believe there is a distinct need for an encryption suite which
>> supports key exchange and for which the source code can be directly
>> inspected by the parties.
>
>If the parties don't trust each other, it doesn't matter whether the
>encryption is any good. The party at the other end of a connection
>can misuse the information regardless of whether the connection is secure.
Whats their mutual trust got to do with it? The concern is the back
door added by the third party cryptographic software supplier, which
enables evesdropping. How about a key exchange which appears to be
Diffie Hellman, but routlinely selects from a limited set of keys. The
code at:
http://www.frontiernet.net/~jmb184/interests/sci.crypt/old_trunk/PAIRMKR.BC
makes pairs, but can easily be set-up to generate pairs for which the
private key can be generated in a straightforward way, knowing the
public key. It doesn't matter that I trust the receiver or he trusts
me. Its the software supplier that is the worry.
If you aren't paranoid, why encrypt?
John
adv...@my-deja.com
jmb...@frontiernet.net (John Bailey) wrote:
> Have a look at the source code behind:
>
http://www.frontiernet.net/~jmb184/interests/sci.crypt/small_num_expont.
html
> which impliments modular exponentiation in javascript
Ok, so you got my mind spinning with some options... This is what I
came up with. It's perl (cause that's easier for me to tinker with than
Javascript), but I think it might work.
Of course there's many optimizations which I'm sure I missed in the
arbitrary precision binary add, multiply, subtract and modulo
functions, but the scarey thing is that I think it works! I hope I
don't get sued for posting this on usenet... Which, by the way, do you
suppose this violates any patent/copyright laws?
It might be a bit slow, but I think it's linear time.
j
# my attempt at modular exponentiation with
# arbitrary precision binary numbers
# in perl :-)
# consider this (C) 2000 John M Hanna under the GPL
sub badd { # binary add
local($a,$b,$r,$c)=@_;
while($a || $b) {
$c=chop($a) + chop($b) + $c;
if($c & 1) {
$r="1$r";
} else {
$r="0$r";
}
$c>>=1;
}
$r="1$r" if $c;
$r;
}
sub bsub { # binary subtract
local($a,$b,$r,$c)=@_;
while($a || $b) {
$c=chop($a) - chop($b) - $c;
if($c==0) {
$r="0$r";
} elsif($c == 1) {
$r="1$r";
$c=0;
} elsif($c == -1) {
$r="1$r";
$c=1;
} else {
$r="0$r";
$c=1;
}
return '' if !$a && ($b || $c);
}
$r=~s/^0+//;
$r='0' unless $r;
$r;
}
sub bmul { # binary multiply
local($a,$b,$r,$p)=@_;
while($a) {
if(chop($a) eq '1') {
$r=&badd($r,"$b$p");
}
$p.='0';
}
$r;
}
sub bmod { # binary modulo
local($a,$m,$p,$lm,$d)=@_;
$lm=length($m);
while($a) {
return $a if length($a)<$lm;
$p=substr($a,0,$lm); $a=substr($a,$lm);
$d=&bsub($p,$m);
return $p if $d eq '' && $a eq '';
unless(length($d)) {
$p.=substr($a,0,1); $a=substr($a,1);
$d=&bsub($p,$m);
}
$a="$d$a";
$a=~s/^0+//;
}
'0';
}
sub bmodexp { # binary modular exponentiation
local($x,$y,$m,$r)=@_;
$r=1;
while($y) {
if(chop($y) eq '1') {
$r=&bmod(&bmul($r,$x),$m);
}
$x=&bmod(&bmul($x,$x),$m);
}
return $r;
}
sub i2b { # convert integer to binary
local($i,$r)=@_;
while($i) {
if($i & 1) { $r="1$r";} else {$r="0$r";}
$i>>=1;
}
$r || '0';
}
# an example where I know the results
print &bmodexp(&i2b(123),&i2b(17),&i2b(3233)),"=?",&i2b(855),"\n";
print &bmodexp(&i2b(855),&i2b(2753),&i2b(3233)),"=?",&i2b(123),"\n";
Paul Rubin
that's part of the standard perl distribution (Camel book 2nd ed. p. 460).
Doing a 512-bit modexp in the obvious way with that library takes a
few seconds on a current x86 workstation.
Paul Rubin
> Of course there's many optimizations which I'm sure I missed in the
> arbitrary precision binary add, multiply, subtract and modulo
> functions, but the scarey thing is that I think it works! I hope I
> don't get sued for posting this on usenet... Which, by the way, do you
> suppose this violates any patent/copyright laws?
Certainly it should win some sort of prize ;-). Very cute.
adv...@my-deja.com
familiar with perl. Now that I know it works I'll try to rewrite it in
Javascript.
Math::BigInt is such a copout... Watching all my strings of ones and
zeros fly by -- now that's what cryptography is all about, right?
j
In article <7xsno9j...@ruckus.brouhaha.com>,
BreakingNews
If its windows and java you looking for have a look at this package
Its brilliant!!!
http://www.kewlstuff.co.za/
http://www4.50megs.com/johnnyco/
You can encrypt in HTML pages and send it to an ASP server.
All in about 20 lines of code, and its easy.
<adv...@my-deja.com> wrote in message news:901fjf$lvm$1...@nnrp1.deja.com...
> Hi. I'm looking for a public key (asymetric) encryption algorythm which
> is simple enough to implement in javascript. No need for key
> generation. I don't even think we need decryption in javascript.
>
> I've looked around at various crypto libraries and they make my head
> swim. Then I think about implementing them in braindead-slow
> javascript...
>
> All my work is opensource/GPL.
>
> Can anyone point me in a helpful direction?
>
> John
>
>
Benjamin Goldberg
>
> If you're trying to do it in perl, just use the Math::BigInt module
> that's part of the standard perl distribution (Camel book 2nd ed. p.
> 460). Doing a 512-bit modexp in the obvious way with that library
> takes a few seconds on a current x86 workstation.
One thing I don't like about perl's BigInt is that it stores numbers as
very long decimal numbers. Is there any chance of ever seeing a kind of
BigInteger package whose representation is packed integers? Besides
being inefficient in terms of size, calculating with decimal is slow.
If the operators are all done right, it could automatically convert
normal scalars to BigIntegers when one argument of +, -, *, /, %, etc is
a BigInteger, and the other is a scalar. Operator "" would convert to a
string, etc.
I don't have perl on my computer (I'll install it eventually), but I
think that the builtin operator 'vec' would probably very useful for
this package.
--
There are three methods for writing code in which no bug can be found:
1) Make the code so straightforward that there are obviously no bugs.
2) Make the code so complicated that there are no obvious bugs.
3) Insist that any apparent bugs were really intentional features.
JustBrowsing
I really really like it.
Not sure of the hash alg but it clearly uses RSA and DH.
Think it will become very popular.
Well done.
BreakingNews <Ne...@CNN.com> wrote in message
news:909f9t$9ns$1...@ctb-nnrp2.saix.net...