Re: simple math question

On Apr 14, 1:30 pm, "Antony Clements" <antony.cleme...@xxxxxxxxxxx>
wrote:
<t...@xxxxxxx> wrote in message

news:30ed6055-e526-4926-8981-18c86cdd63e1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



No offense, but he didn't ask for books to read.  Just listing the
contents of your bookshelf isn't going to help things.
People like Antony [and the other random trolls] genuinely make use of
the fact that they can just ask anything here and people will respond
[regardless of repetition, obviousness, or lack of perceived
progress].
So people like pubkeybreaker are dead on then they direct people to re-
examine their process.  It's not enough to tell them "hey read this
book, or read that book" you really need to first drill in that
"USENET WILL NOT EDUCATE YOU" they need to take it upon themselves to
find stuff to read and study.  It's not like it's impossible to find.
I taught myself quite a bit about cryptography before I was even
finished high school and before the net was nearly as big.  In fact
when I started, the "net" was something that my high school had in a
lab with 10 or so really old Macs.
So the resources are out there.  They're not hard to find, they just
have to look for them.  And so long as people like you will answer
every single little question they ever ask ... they'll never change.
And that said,  someone with their obvious lack of knowledge of
computer science, algorithms and math, let alone crypto, should NOT be
designing algorithms.  Not because "oh, they're not cool enough to
play with the big boys" but because they're really reaching and won't
learn anything from the process.  They're missing so many pieces that
they won't be able to make sense of anything they "discover."  In the
end, it'll be one tired "experiment" [and I use that term lightly]
after another with no end in sight.
To Antony:  Honestly, and without reservation, stop trying to design
algorithms or whatever.  Learn computer science first.  Learn about
algorithms like sorting, searching.  Learn math.  Learn about
cryptanalysis, etc.  Above all, be resourceful.  The net is big, and

r> esources are plenty.

If a 15/16 yr old can be learning about differential cryptanalysis
[among other things] in a high school library in 1997 [30 minutes at
time...], then surely to god, anyone can find the material and learn
in 2009.  Heck, I have more bandwidth [and ram for that matter] on my
cell phone than I did when my family finally got net in the late 90s.

USENET will still be here when you get back.

Tom

Criticism noted, and not entirely inaccurate either. I topped Comp Sci in
high school, I didn't study it at all in college. I'm a general programmer,
my interest in cryptography didn't really 'spark' until after college. I do
have problems learning some things, which I get around (much to everyone
elses chargrin) by asking a lot of the same questions in different ways so I
can fully articulate what I am learning, or attempting to learn. My
knowledge of math is somewhat bizarre as I have no problems with the basic
stuff, or even some physical math, but some of the things in between I have
problems with. I am also somewhat forgetful from time to time causing me to
re-ask things a dozen or so times. I don't know how asking which of 2 sums
is correct translates to me having a lack of knowledge of basic math is
beyond me, but ok I may need to brush up on things a little, no argument
from me there. My algorithm has taken MANY different forms over the few
years i've been taking it seriously (I redesign parts of it based on things
I learn or achieve a greater understanding of). Things that I HAVE learnt
include s-box's linear bitshifts, correct use of keys, creating a key at
runtime, the use of polynomials (to a small extent), the use of salts,
nonce, some forms of cryptanalysis (brute force, related key, as yet I
haven't had a serious look at the others and they will likely take me months
to learn), and the list goes on. It's a case of "a little knowledge can be
dangerous in the wrong hands". I don't know it all, hell I don't even know a
quarter of it.

Let me share you my sci.crypt experience ... :-)

I started in this group when I was 16 or so [around 97/98 timeframe],
and of course I had my own algorithm and all. It was of course a
lame, totally predictably weak, and ultimately inefficient algorithm.
Instead of walking away from that experience thinking my next big
break would be around the corner I took the chance to throw away what
I was doing, by a few texts, find as many papers as I could and got a
bit more educated about it.

I proceeded to develop a series of ciphers (shamlessly ripping the
nomenclature from Rivest and calling them Tom's Ciphers), pretty much
all of them were weak [at least the first set] but they were
progressively better and better. My TC5 turned out to be a re-
invention of Blaze's Turtle cipher, by time I was hitting TC15 the
regulars were having harder and harder time breaking them [so was I].
Each design incorporated a new design idea, from SPNs to feistels,
sboxes to algebraic, etc..

The goal wasn't to invent the new AES, it was to apply what I was
learning and then learn more by breaking it.

Eventually, it led to research into specific things, for example, I
wrote a paper proving you can bound the branch of FPHTs over finite
fields. Something Vaudenay couldn't (or didn't) do in his CS-Cipher
(and for ref, my proof agrees with his empirical bounds). As a
result, I designed CS^2 which is a 128-bit version of CS and was able
to prove it resists LC and DC attacks (Serge himself gave permission
to call it CS^2).

So there is nothing wrong with designing algorithms for the sole
purpose of breaking them and learning from the results. But you still
need the basic reading. If you haven't read your share of
differential cryptanalysis, linear cryptanalysis, etc, papers you're
ill equipped to design an algorithm. If you can't read those papers
because you don't get the math, you need to start lower.

We can't teach you cryptography [or anything for that matter] since
this is usenet. We can point you in the right direction, help verify
things, answer short questions, etc. But ultimately, if you want to
learn a subject you need books, journals, and papers, and you need to
read them over and over and over until you understand them.

I read the Biham DES DC paper probably two dozen times, and it was
only on the 24th reading that it all clicked in my head. I've read
Matsui's LC paper a few times, etc...

A lot of these papers are available for free on the web.
eprint.iacr.org is a handy resource but it only goes back a few
years. You can google people like Biham, Shamir, Wagner, Kelsey,
Ferguson, etc.. for more. Read the citations in those papers to get
ideas of where else to look.

Ultimately, it depends on what your goal is. I knew I wanted to work
security in comp.sci when I was a teenager, so while I had a long way
to go before I was proficient in the field, it was for the most part
worth it. If this is just a hobby you may find it harder to keep
focused. But if you want to learn what makes crypto tick, you don't
need to design algorithms, you have to read about why other algorithms
are "broken."

Long story short, if you want to learn crypto on the cheap you're
going to have to be resourceful. Look at designing algorithms as
"exercises" and not "replacements for AES" and you'll start to get in
the right mindset. And feel free to ask questions here, but don't
expect to be taught lessons.

Tom
.

Relevant Pages