At 02:58 AM 3/20/96 GMT, ECafe Anonymous Remailer wrote:

could some kind person that got IPGs' many time pad thing post it somewhere so people that never got a copy can see it????????

thanks.

IPG wrote: Obviously, you meet our requirementsfor the release of the IPG ABC Encryption algorithms. We need no further information from you. though we would appreciate your telephone num and snail mail address. The algorithms detailed below are copyrighted 1995 and 1996 by Internet Privacy Guaranteed, Seymour, TX. All rights are reserved. You may not provide them to any other party, or parties, by any means or any media, without the expressed written permission of Internet Privacy Guaranteed. What is specially claimed as copyrighted and or patentable are: 1. The use of the word Ultima for the system, because it is impossible to have a either a more secure system - it is impossible to break the Ultima system, other equally difficult to break systems may exist, or may be formulated in the future, for example a true OTP, and in those cases, they may "theoretically" be more difficult to break than the IPG Ultima System, for example a true OTP. However, that would exist only in theory, because in those eventiualities, none of the systems would be breakable. Furthermore as to speed, Ultima, or simple variations, XOR, OR, or AND, instead of the Add or Subtract, is the fastest possible algorithm which will produce an unbreakable encryption system, without having a single OTP byte for each byte of plain text to be encrypted, as in an OTP. However, with the IPG system, we can obtain the same speed, or theoretically faster speeds than a pure OTP, with some very simple parrallelism - and that begs how you get humoungous OTPs to use, both in terms of generating them and getting them into a stream to be XORed against the plain text. That FACT, that the IPG algorithms are the fastest possible encryption system which will become evident when you examine the algorithms in detail. Thus it is impossible to produce a better system, in terms of either security or speed, thus we call our system Ultima, the ultimate. 2. The use of the term ABC Encryption algorithm that at once describes the basics of the system and its simplicity as will quickly become evident. 3. The use of a hardware generated OTP, which serves as a purely random seed, for the system to be described. 4. The use of a table of prime numbers, any number of which is greater than 3, from which random selections are made to be used in the algorithms to be described. The prime numbers for the system described have been selected for a specific hardware, namely the IBM PC clone, market. With other 16 bit, 32 bit, or 64 bit hardware, other prime numbers could be used to provide immediate results just as in the system to be described. The use of larger numbers, the use of larger adders, or logic gating systems, is self evident in the copyrights/patents. 5. The use of a random 8 bit seed for the dynamic vaiable that links the sets of equations into one system. This variable, D, for dynamic is the real key that distinguishes our system from any other system - excepting hardware implemented systems that use extremely large numbers, and or possible partitions, that encompass possible meaningful message lengths. Such systems, are self evident extensions of the simple IPG system. 6. The use of partitions within one OTP, pure random seed, PRNG stream - either by using parts of the random seeds, or more likely by using fixed intervals within the PRNG stream, for example, arbitrarily say every 100 gigabytes, or 100 terabytes for that matter. Using this technique, one random seed can be used for any abritrary period of time, one message, 10 messages, one day, one week, one year, one century, one millenium or whatever. The use of multiple Ds, in linear partitions, that is within one otp every terabyte fior example, is a self evident extension of the IPG system. 7. The use of a simple serial hardware implementation of the IPG system is self evident, and produces impressive speeds, mutiple megabyte per second, dependent of course on hardware speeds. 8. The use of a very simple single level of parallelism in hardware implementation, where the ABCs are computed in parrallel, and the D is passed along, is a simple self evident extension of the system and will allow a throughput of over 100 megabytes per second, on state of the sart hardware. 9. The use of a three dimensional parallel system, where the PRG stream is chopped up into several partitions, say every terabyte, and then each module proceeds as in paragraph 8, just above, is a simple extension of the basic IPG system, a would enable a system to operate at any conceivable line speed. 10. The changing of the number of equations, modules, prime number values, length of prime numbers, or length of random sample, probe values, or the other algorithmic values does not change the basic algorithm. It is the same algorithm with different values. With the previously detailed claims relating to the copyrightable and patentable features of the IPG algorithm system, IPG prersents the the Ultima Algorithms. - the ABC Encryption system. Given: 1. A 1792 BIT OTP, RANDOM SEED, generated from a hardware source. 2. A Table of 319 Prime Numbers in the range of 6,667 to 11,997, out of the 580+ available, the 384 selected for dynamic variance, the table is called BPRIMES. 3. A Table of 319 prime numbers in the range of 14,007 to 19,997, out of the 800+ available, the 384 selected for dynamic variance, the table is called CPRIMES The 1792 bits of OTP, Random Seed, are allocated as follows. 1. 512 bits for the 64 probes, for 64 C vales 2. 512 bits for the 64 probes, for 64 B values 3. 512 bits for the 64 starting A values 4. 8 bits for the initial ID value. Those 1544 bits are the actual random seed used for generating the PRNG stream, if you insist on calling it that. In addition, there are 248 bits used as follows. 5. 128 bits for the offset, partition, if applicable into the PRNG stream. Actually they are used to encrypt the actual underlying value of the partition, if any - note - in this case the mode is actually a true OTP, the first time only ot really does not help to know the offset unless you know the OTP, Random Seed. 6. 72 bits for uniquely identifying the OTP being used. 7. 48 bits as spares temporarily - can be used as different D values for partitions. If more As, Bs, Cs, are needed the random seed, OTP, can be expanded as necessary. Unlike RSA, there is no practical limit - I am actually sending you 1792 BYTE Random seeds, so that you can test other variations if you like, or use each of them, there are 32 of them in all, as 8 random seeds for the 1792 bit algorithm. 8 bit random starting A values are sufficient because we are only talking about the effect on the low order 8 bits in our PRNG stream. We actually AND these values with the constant 13,568 to give us a start that will intially have a dynamic effect on the A, B, and C values, that is the smallest possible B+13568, exceeds that largest possible C value. This selection process of course makes the A, B and C values random, 8 bits, as well as the initial ID value - the random range of each set is 2 to 32 but as you will see they are interlimked with the Dynamic variable, D. The procedure is as follows: 1. Using the 64 bytes for B selection, we select 64 Bs, B1,..,B64, as follows. B1=BPRIMES(SB1) WHERE SB1 is the first byte of the Random Number Seed, thus B1 is one of the BPRIMES, BPRIMES(0),..BPRIMES(255) then BPRIMES(SB1)=BPRIMES(256) then B2=BPRIMES(SB2) AS BEFORE EXCEPT Byte 2 of the OTP, Random Seed, is used. then BRPIMES(SB2)=BPRIMES(257) and so forth through 64 Thus you have 64 constants, B1,..,B64, each of which is an unique prime number. This of course, is the same as a lottery selection, except there is no denominator and the section pool does not shrink. Thus you have 1 in 2 to the 512 possibilities of a repeat, or guessing the selections. 2. The same procedure is used for selecting 64 C values, C1 through C64. 3. The 64 starting A byte values, from the random seed, are ANDed to 13,568 to give the 64 starting A values, random, at least 8 bit random. 4. 8 Bits are used for the starting D value Thus the B and Cs are constants - the As and D changes Then quite simply, you have 64 equation sets as follows. A1=(A1+B1) MOD C1 (Move, Add, Compare, Conditional Subtract) D=(D+A1) AND 255 (Really just use DL in assembly language) + A2=(A2+B2) MOD C2 D=(D+A2) AND 255 .............. + A63=(A63+B63) MOD C63 D=(D+A63) AND 255 + A64=(A64+B64) MOD C64 D=(D+A64) AND 255 the XOR operation against the plain text may vary. In our case, we accumulate a pair of DLs in CX, and then XOR it against a wor, two bytes of plain text. Thus we have one XOR for each set of two equations above, 32 XORs for the 64 equations. We string A1 type 8 sets of those 64 equations together, essentially duplicates of each other except for the XOR operation, which are constants, as opposed to indexed variables. Thus we do a disk sector at a time, with only the A values and D being variables. With double buffering, you can see that it cooks, to say the very least. Obviously by definition, there can be no repeat before the product of the C values, that is (C1*C2*C3,..,*C63*C64), and that does not take into account the starting A values and the starting D value. The average C value is slightly over 14 bits. Accordingly, no repeat is possible before 2 to the 864th power,minimum, or 2 to the 896th power average, 10 to the 267th power minimum, which will handle anything that can possibly occur, ever, ever, ever. If every atom in the universe was a Googol of Cray T3E's and they had been computing since the big bang, the possibilities they would have tried so far would be less than 1 part in 1 Googol. And that does not take into account the other 2 to the 1543+ possibilities. There is absolutely no way to prove that any message of any possible length is or is not possible, without trying all of the 1 to the 470th power possibilities, which of course is impossible. As John von Neumann once said to Dr. Bloome (Dottie), in my presence - it in a similar but totally unrelated case, it is not enough to say that it some theoretical message may not be theoretically possible, you must prove that at least one specific message is not possible. Of course, like JvN's case, that is not possible in the case of the IPG system. Continuing along that line, we in recognize that because we are working with a 1544 bit key, over 2 to 1543, but someewhat less than 2 to the 1544, that we only have approximately 10 to the 478th possibilities, that is 2 to the 1543+. Thus with a 125,000 byte message, we do not have 2 to 1,000,000th possible keys, but only 2 to the 1544 possible PRNG streams. Having said that, and fully recognizing that as incontrovertible, we invite you to test a long PRNG generated stream by the method, using a truly random seed of 1544 bits. You will find over both short and long sample sizes that the "effect" is indistinguishable from an OTP of the same length. To facilitate this, we are including herewith: I combined all these files listed below under BSD UNIX with the zip program so you shouldn't have any problems extracting them. If you do, please get back in touch with us and we can re-send the file under a different format, PKZIP. Note: The zipped files are considerably larger than the original because they are random unzippable data files. I promise you that with these, you can write the program to generate the PRNG streams in somewhat less than two hours. I am referring to the 64 sets of the equations set out above: This approach will also demonstrate how incredibly fast the system is and also how incredibly secure it is. Therefore, please find attached in the zipped file BINARY.ZIP consisting of: 1. BPRIMES.DAT - 384 prime numbers used for randomly selecting the B1,..,B64 values in what we are now calling the 1792 bit system - I am including 384 instead of 319 in case you want to try variations.. 2. CPRIMES.DAT - 384 prime numbers used for randomly selecting the C1,..,C64 values in the 1792 bit system - again 384 in case yopu want to try variations. 3. 32 - 1792 BYTE Hardware generated OTPs, specifically OTP.001,..,OTP.032. - any of these may be used in the 1792 BIT system, or the 5600 BIT system, or the 12288 BIT system. Further, any of the 32, can be used for other possible system configurations. The L1792 BYTE OTPs, can also be broken down into 8 - 1792 BIT OTPs. With these variables, you will not have any problem doing any kind of test that you may desire. As a prelude, consider, if you will, the 1st 64 bytes of the PRNG stream. 1. Byte 1 D is random A1=(A1+B1) MOD C1: is where A1 is random, 8 bit, and B1 and C1 are randomly selected from a table of primes and become a constant for that OTP, random seed. THE resultant A1 is some indeterminate number between 0 and C1-1. A1 MOD 256 is therefore likewise some random number between 0 and 255. There are 16,677,216 possible variations, and only 1 is the actual. ID=(ID+A1) AND 255. ID is random and A1 is pseudo random with 16,677,216 possible variations. Accordingly: by definition the new TD is random. Now therefore: if D was used for only this equation, there would only be 2 to the 32nd possible, 8 ID - 8 A1 - 8 B1 & 8 C1 possible variations and what you would have would be a system partioned into 64 didfferent subsystems. However, that is obviously not the case, D is passed from one equation set to the next, so there is no repeat possible until at the very least ID short of the entire C1*C2,..*C63*C64 cycles. 2. Byte 2, The process is the same and the resultant ID is random. The process is the same for all the other 62 bytes. Accordingly, how is it possible to determine the first 512 bits of the PRNG stream? That is 10 to the 158th power possibilities. Obviously they cannot all be tried - and any of the possible 2 to the 512th power of underlying clear text is possible. As stated, the reultant system is absolutely unbreakable - no ifs, no ands, no buts, no maybes, no anything. Also, as you can clearly demonstrate for yourself, there is no more robust system, with respect to speed, possible. It is truly Ultima, the ultimate system, as you will find out for yourself. Enough, I assume. After you have satisfied yourself that the ABC Encryption system is absolutely unbreakable and the fastest system possible. We will proceed to the demonstrate that the Key distribution is no problem and as stated, we are willing to license the process as desired by users. I invite your response, Thanks so much, Ralph, John Pettitt, jpp@software.net VP Engineering, CyberSource Corporation, 415 473 3065 "Technology is a way of organizing the universe so that man doesn't have to experience it." - Max Frisch PGP Key available at: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705