-----BEGIN PGP SIGNED MESSAGE----- First, thanks for the obvious 'kind' thoughts Tim... It's heartening that you took the time to add some substantial info to the thread. However...

On 12/18/95 At 12:36 AM -0500, Timothy C. May wrote:

...

What caught my attention was the architecture.

A "hybrid design linking two supercomputer processors with an array of HALF A MILLION inexpensive processors" that were designed by the U.S. government laboratory affiliated with the NSA. The same chip house that brought us Clipper.

First, half a million chips is not that big a deal...the Connection Machine had up to 64,000. Very few cryptographic problems of interest to us will be affected by a mere factor of a million or so.

O.K. Just a factor of 16 increase over the CM architecture right? Not knowing the computational capabilities of the individual processors, it might be difficult to say what the machine is capable of. Wouldn't that have some bearing?

Second, there was work on a "processor-in-memory" architecture, in conjunction with a Bowie, Maryland spook-connected company. Perhaps this is what you are thinking of?

I didn't mention a 'processor-in-memory' architecture and neither did the NYT article. Don't know about any other company involvement, just CCC and NSA.

Third, all avenues of continued funding having fallen through, Cray Computer (not Cray Research, of course) was shut down and assets liquidated. I haven't heard what's become of Seymour, though. (He is undoubtedly an asset, buy I doubt the Agency would have him liquidated.)

You mean the avenues that are of PUBLIC record. The possibility could always exist that the development continues 'in-house'. It wouldn't be the first time that sort of move has been played.

...

I've not kept up with the "ultimate" demise that eventually befell Cray Computer Company, but the October 16 FBI filing on capacity for Digital Telephony got me thinking back to this article. 1% seems like a rather huge need for horsepower. And what if GAK doesn't fly? And the widespread use of hard crypto just keeps increasing?

The tightly-coupled supercomputers are hardly needed for these sorts of problems.

You mean the problem of data collection? Well, it's true that this would be a misuse of a supercomputer's specialized talents.

...

This kind of machine could, in theory:

1) Implement ALL Clipper(II) based Key Escrow functionality in silicon (the easy part) AND allow for simultaneous decrypt and surveil of 'who knows how many' Clipper based data streams.

Huh? First, what evidence do you have for this claim? Second, who cares? Implementing Clipper in a Cray Computer machine--why bother?

[Rant mode on] Speculation Tim... I'm SPECULATING. Could, in theory... AND my kind of theory probably has holes you could drive a FLEET of Mack trucks through. I have NO evidence. I'm not sure WHO would care. I'M A PARANOID DILLUSIONAL PSYCHOPATH! O.K. well maybe not that last part... but I'm asking the questions, remember? I said I'm new here, so if your going to blow holes in my pet theories, then do me the 'kindness' of using an accurate weapon... that's why I posted...

As to the claim that a million-processor machine could do this, you need to work out the math. (If a backdoor exists, or the LEAF has been gotten, a supercomputer is not needed....)

Again... I claimed NOTHING! SPECULATED MUCH! Now it's your turn... Why would YOU build a machine like this? What could POSSIBLY be it's capabilities? Speculate with me for a moment... *_take a chance_*.

...

2) Implement general RSA based Prime Factoring functionality in silicon (the not so easy part) AND allow massively parallel decrypt and surveil of 'who knows how many' RSA/etc. based data streams.

Prime Factoring? Primes are easy to factor, of course. (Hint: Every prime has two factors.)

Yes, my terminology sucks! But you get the drift don't you? Math is not a strength of mine, I only know in very general terms what is involved (why, then, am I even bothering to bring this up?). Because I AM however, VERY concerned in the continual erosion of privacy rights in all forms communications, electronic and otherwise. [Rant mode off]

If you mean using supercomputers to brute force the general factoring of an RSA modulus, this is nonsense. While there may be math shortcuts we don't yet publically know about which make factoring easier than we currently think it is, a mere million or even a billion processors will not make a dent in the factoring of, say, a 700-digit modulus. See the tables in Schneier and elsewhere for some estimates of factoring efforts needed.

Nonsense? Is that 700 decimal digits or 700 binary digits? I don't have the tables that you refer to. Where may I find them? (LOL)

...

3) Implement it all, AND 'on-line' transaction based surveillance via the FBI's 1% capacity infrastructure.

Let's see some numbers. (On second thought, let's not.)

No, I've already said that math is not a strength I possess. I've wondered about the ability of the FBI to count on ten fingers and ten toes given some of the justification that I've read for this capacity figure...

...

Chilling... Who needs key escrow (or RSA private keys) when you've got a massively parallel prime factoring machine. What if GAK was to become a 'non-issue'? How fast do you think a machine such as this could factor RSA 129?

Well, do the math. The MIPS-years for the RSA-129 crack were publicized, so the computation for a million SPARC-equivalent (or even UltraSPARC-equivalent) can be done.

Sorry... I asked the question... and your speculation is (I would hope) MUCH more accurate than mine. Again, math is not a strength of mine.

When you've done this, and concluded that RSA-129 could be done in, say, X minutes, then move on to RSA-384 (the BlackNet key cracked by the MIT group), and on to the 1024- and 2048-bit keys. Tell us how many years or centuries it will take. (Hint: Rivest and Schneier have done these calculations....)

Yes, I believe that I've read Rivest's paper on the statistical probabilities. I've never really believed in statistics, AND I'm sure you don't have the time to convince me Tim (I'm sorry if I've been less than reverencial about this, but I'm from Illinois which is right next door to Missouri).

--Tim May, who fears that he's just been trolled by Derek Atkins

No Tim, you have not... but on another note...

It'll be _many_ years before a 384-decimal-digit number is factored, I suspect. Let alone a 600-digit modulus, with or without the mysterious "transphaser" technology mentioned by Anitro.

The "transphaser" is an optical equivalent to the transistor. It is a quantum threshold optical switch, but it is not a 'mystery'. You should read Scientific American more often ;> O.K. I'm done with this line of discussion, you may however, continue to elaborate as I will, no doubt, continue to read... Anitro "I have a little shadow that goes in and out with me, And what can be the use of him is more than I can see" R. L. Stevenson - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMNiv8SoZzwIn1bdtAQHyewF+OXlM8KueHrCynKGhjqXy8eHLSonn12Df vcAdDoaajoi5t7CfY9lP/+FNeO2JKE+v =SIKC -----END PGP SIGNATURE-----