- cypherpunks - lists.cpunks.org

Re: [Cryptography] Lavabit's and Snowden's Solos
by John Young 16 Mar '16

16 Mar '16

Ladar Levison challenges USG misuse of Lavabit case: https://www.facebook.com/KingLadar/posts/10156714933135038

2 1

Apple Reply to USG Opposition to Vacate Decrypt
by John Young 16 Mar '16

16 Mar '16

Apple Reply to USG Opposition to Vacate Decrypt, March 15, 2016 https://cryptome.org/2016/03/usg-apple-177.pdf (351 pp, 22MB)

1 0

Intelius opt-out
by Michael Best 15 Mar '16

15 Mar '16

Should make it harder to find you by searching, at least in the U.S. https://www.intelius.com/optout If you trust them. FWIW. -- Veritas aequitas liberabit vos Veri universum vici That 1 Archive <http://that1archive.neocities.org/> @NatSecGeek <https://twitter.com/NatSecGeek>

3 2

Remember, remember the Fukushima nuclear disaster on this day?
by Georgi Guninski 15 Mar '16

15 Mar '16

Remember the Fukushima nuclear disaster and the causes for it? The punky angle is that sufficiently large boom will kill all punks as a side effect.

9 21

Re: [Cryptography] Govt Can't Let Smartphones Be 'Black Boxes, ' Obama Says
by grarpamp 15 Mar '16

15 Mar '16

On 3/13/16, Henry Baker <hbaker1(a)pipeline.com> wrote: > At 05:59 PM 3/13/2016, Michael Froomkin - U.Miami School of Law wrote: >>No, you really can't argue this in good faith in court. The designation of >> crypto as a 'munition' was done by an administrative agency as a >> classificatory convenience to manage the export control regime (it was >> considered a dual use technology). That has no constitutional resonance >> at all. >> >>On Sat, 12 Mar 2016, Henry Baker wrote: >> >>>A case could be made that citizen crypto is protected -- at least in the >>> U.S. -- by the *Second* Amendment. Crypto has been considered "arms" on >>> & off for hundreds of years, so crypto is as much a right under the >>> Second Amendment as a firearm. > > One if by land; two if by sea. > > Code/encryption -- all part of being a militia. > > The real reason no one wants to argue this is that most of the folks who are > for citizen encryption are against citizen guns. So they've tied their own > hands when they go to argue in court. Even if said crypto citizens don't argue... the one group that is for citizen guns, the NRA [1], is also rather against surveillance / spying and databases and for privacy [2][3], so were you to reach out to them you might find a powerful symbiotic ally in the crypto fight. [1] And other similar RKBA groups. [2] See their national rally videos on youtube. [3] Though they may not know how to reach out to crypto to consult and integrate the philosophy into their position for their benefit. https://www.nra.org/ https://www.nraila.org/

1 0

They call it "Going Dark" because you wouldn't be scared if they called it "Bad Guy Go Buh Bye"
by Rayzer 15 Mar '16

15 Mar '16

In light of Apple’s very public battle <https://theintercept.com/search/?s=apple%20fbi> with the FBI over encryption, John Oliver designed a satirical ad for Apple to help “both their customers and the government” understand just how hard it is to protect data. The host of /Last Week Tonight/ – who last April famously boiled down the argument about NSA surveillance to its core issue, dick picks <https://theintercept.com/2015/04/06/john-oliver-interview-political-disenga…> – said he takes Apple’s side, but acknowledged that the company wasn’t doing a very good job of explaining its position. Watch the two-minute fake ad here <https://www.youtube.com/watch?v=zsjZ2r9Ygzw&feature=youtu.be&t=15m50s>. It’s the last two minutes of the segment, embedded below. “We’re barely one step ahead of hackers at all times,” a voiceover actress explains. “So that when you idiots lose your phone, your information doesn’t wind up in the hands of guys like Gary.” Gary is a creepy hacker gratifying himself over family photos on a phone he stole. Apple engineers are pictured panicking and cursing. “So if the FBI comes to us and asks us if we can undermine our encryption without compromising everyone’s emails, texts, and skateboarding videos, this is our response,” the voiceover continues. “Are you fucking kidding me? We’re engineers, not wizards,” says an engineer. https://theintercept.com/2016/03/14/john-oliver-produces-fake-ad-for-apple-… RR "Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"

1 0

Arithmetic Coding and Blinding for Lattice Cryptography
by coderman 14 Mar '16

14 Mar '16

https://eprint.iacr.org/2016/276 Abstract: In this work we apply information theoretically optimal arithmetic coding and a number of novel side-channel blinding countermeasure techniques to create BLZZRD, a practical, compact, and more quantum-resistant variant of the BLISS Ring-LWE Signature Scheme. We show how the hash-based random oracle can be modified to be more secure against quantum preimage attacks while decreasing signature size at any given security level. Most lattice-based cryptographic algorithms require non-uniformly distributed ciphertext, signature, and public/private key data to be stored and transmitted; hence there is a requirement for compression. Arithmetic Coding offers an information theoretically optimal compression for stationary and memoryless sources, such as the discrete Gaussian distributions often used in Lattice-based cryptography. We show that this technique gives better signature sizes than the previously proposed advanced Huffman-based compressors. We further demonstrate that arithmetic decoding from an uniform source to target distribution is also an optimal Gaussian sampling method in the sense that a minimal amount of true random bits is required. Performance of the new Binary Arithmetic Coding (BAC) sampler is comparable to other mainstream samplers. The same code, tables, or circuitry can be utilised for both tasks, eliminating the need for separate sampling and compression components. We also describe a simple blinding technique that can be applied to anti-cyclic polynomial multiplication to mask timing- and power consumption side-channels in ring arithmetic. We further show that Gaussian sampling can also be blinded by a split-and-permute technique while reducing the size of required CDF tables.

2 1

Mathematicians Discover Prime Conspiracy
by coderman 14 Mar '16

14 Mar '16

Mathematicians Discover Prime Conspiracy A previously unnoticed property of prime numbers seems to violate a longstanding assumption about how they behave. By: Erica Klarreich March 13, 2016 Two mathematicians have uncovered a simple, previously unnoticed property of prime numbers — those numbers that are divisible only by 1 and themselves. Prime numbers, it seems, have decided preferences about the final digits of the primes that immediately follow them. Among the first billion prime numbers, for instance, a prime ending in 9 is almost 65 percent more likely to be followed by a prime ending in 1 than another prime ending in 9. In a paper posted online today, Kannan Soundararajan and Robert Lemke Oliver of Stanford University present both numerical and theoretical evidence that prime numbers repel other would-be primes that end in the same digit, and have varied predilections for being followed by primes ending in the other possible final digits. “We’ve been studying primes for a long time, and no one spotted this before,” said Andrew Granville, a number theorist at the University of Montreal and University College London. “It’s crazy.” The discovery is the exact opposite of what most mathematicians would have predicted, said Ken Ono, a number theorist at Emory University in Atlanta. When he first heard the news, he said, “I was floored. I thought, ‘For sure, your program’s not working.’” This conspiracy among prime numbers seems, at first glance, to violate a longstanding assumption in number theory: that prime numbers behave much like random numbers. Most mathematicians would have assumed, Granville and Ono agreed, that a prime should have an equal chance of being followed by a prime ending in 1, 3, 7 or 9 (the four possible endings for all prime numbers except 2 and 5). “I can’t believe anyone in the world would have guessed this,” Granville said. Even after having seen Lemke Oliver and Soundararajan’s analysis of their phenomenon, he said, “it still seems like a strange thing.” Yet the pair’s work doesn’t upend the notion that primes behave randomly so much as point to how subtle their particular mix of randomness and order is. “Can we redefine what ‘random’ means in this context so that once again, [this phenomenon] looks like it might be random?” Soundararajan said. “That’s what we think we’ve done.” Prime Preferences Soundararajan was drawn to study consecutive primes after hearing a lecture at Stanford by the mathematician Tadashi Tokieda, of the University of Cambridge, in which he mentioned a counterintuitive property of coin-tossing: If Alice tosses a coin until she sees a head followed by a tail, and Bob tosses a coin until he sees two heads in a row, then on average, Alice will require four tosses while Bob will require six tosses (try this at home!), even though head-tail and head-head have an equal chance of appearing after two coin tosses. Soundararajan wondered if similarly strange phenomena appear in other contexts. Since he has studied the primes for decades, he turned to them — and found something even stranger than he had bargained for. Looking at prime numbers written in base 3 — in which roughly half the primes end in 1 and half end in 2 — he found that among primes smaller than 1,000, a prime ending in 1 is more than twice as likely to be followed by a prime ending in 2 than by another prime ending in 1. Likewise, a prime ending in 2 prefers to be followed a prime ending in 1. Soundararajan showed his findings to postdoctoral researcher Lemke Oliver, who was shocked. He immediately wrote a program that searched much farther out along the number line — through the first 400 billion primes. Lemke Oliver again found that primes seem to avoid being followed by another prime with the same final digit. The primes “really hate to repeat themselves,” Lemke Oliver said. Lemke Oliver and Soundararajan discovered that this sort of bias in the final digits of consecutive primes holds not just in base 3, but also in base 10 and several other bases; they conjecture that it’s true in every base. The biases that they found appear to even out, little by little, as you go farther along the number line — but they do so at a snail’s pace. “It’s the rate at which they even out which is surprising to me,” said James Maynard, a number theorist at the University of Oxford. When Soundararajan first told Maynard what the pair had discovered, “I only half believed him,” Maynard said. “As soon as I went back to my office, I ran a numerical experiment to check this myself.” Lemke Oliver and Soundararajan’s first guess for why this bias occurs was a simple one: Maybe a prime ending in 3, say, is more likely to be followed by a prime ending in 7, 9 or 1 merely because it encounters numbers with those endings before it reaches another number ending in 3. For example, 43 is followed by 47, 49 and 51 before it hits 53, and one of those numbers, 47, is prime. But the pair of mathematicians soon realized that this potential explanation couldn’t account for the magnitude of the biases they found. Nor could it explain why, as the pair found, primes ending in 3 seem to like being followed by primes ending in 9 more than 1 or 7. To explain these and other preferences, Lemke Oliver and Soundararajan had to delve into the deepest model mathematicians have for random behavior in the primes. Random Primes Prime numbers, of course, are not really random at all — they are completely determined. Yet in many respects, they seem to behave like a list of random numbers, governed by just one overarching rule: The approximate density of primes near any number is inversely proportional to how many digits the number has. In 1936, Swedish mathematician Harald Cramér explored this idea using an elementary model for generating random prime-like numbers: At every whole number, flip a weighted coin — weighted by the prime density near that number — to decide whether to include that number in your list of random “primes.” Cramér showed that this coin-tossing model does an excellent job of predicting certain features of the real primes, such as how many to expect between two consecutive perfect squares. Despite its predictive power, Cramér’s model is a vast oversimplification. For instance, even numbers have as good a chance of being chosen as odd numbers, whereas real primes are never even, apart from the number 2. Over the years, mathematicians have developed refinements of Cramér’s model that, for instance, bar even numbers and numbers divisible by 3, 5, and other small primes. These simple coin-tossing models tend to be very useful rules of thumb about how prime numbers behave. They accurately predict, among other things, that prime numbers shouldn’t care what their final digit is — and indeed, primes ending in 1, 3, 7 and 9 occur with roughly equal frequency. Yet similar logic seems to suggest that primes shouldn’t care what digit the prime after them ends in. It was probably mathematicians’ overreliance on the simple coin-tossing heuristics that made them miss the biases in consecutive primes for so long, Granville said. “It’s easy to take too much for granted — to assume that your first guess is true.” The primes’ preferences about the final digits of the primes that follow them can be explained, Soundararajan and Lemke Oliver found, using a much more refined model of randomness in primes, something called the prime k-tuples conjecture. Originally stated by mathematicians G. H. Hardy and J. E. Littlewood in 1923, the conjecture provides precise estimates of how often every possible constellation of primes with a given spacing pattern will appear. A wealth of numerical evidence supports the conjecture, but so far a proof has eluded mathematicians. The prime k-tuples conjecture subsumes many of the most central open problems in prime numbers, such as the twin primes conjecture, which posits that there are infinitely many pairs of primes — such as 17 and 19 — that are only two apart. Most mathematicians believe the twin primes conjecture not so much because they keep finding more twin primes, Maynard said, but because the number of twin primes they’ve found fits so neatly with what the prime k-tuples conjecture predicts. In a similar way, Soundararajan and Lemke Oliver have found that the biases they uncovered in consecutive primes come very close to what the prime k-tuples conjecture predicts. In other words, the most sophisticated conjecture mathematicians have about randomness in primes forces the primes to display strong biases. “I have to rethink how I teach my class in analytic number theory now,” Ono said. At this early stage, mathematicians say, it’s hard to know whether these biases are isolated peculiarities, or whether they have deep connections to other mathematical structures in the primes or elsewhere. Ono predicts, however, that mathematicians will immediately start looking for similar biases in related contexts, such as prime polynomials — fundamental objects in number theory that can’t be factored into simpler polynomials. And the finding will make mathematicians look at the primes themselves with fresh eyes, Granville said. “You could wonder, what else have we missed about the primes?” --- https://www.quantamagazine.org/20160313-mathematicians-discover-prime-consp…

2 1

Apple in EDNY added as interested party in another iPhone case in EDNY
by John Young 13 Mar '16

13 Mar '16

Apple in EDNY added as interested party in another iPhone case in EDNY https://cryptome.org/2016/03/usg-apple-feng-edny-144.pdf (151 pp, 10MB) Magistrate Judge James Orenstein: The Clerk of Court shall add Apple Inc. as an interested party in United States v. Feng. All documents must be filed on both dockets. (Brodie, Margo) (Entered: 03/12/2016)

1 0

[OT] Would someone please check if links2 and elinks verify certificates on clean install of Debian 8?
by Georgi Guninski 13 Mar '16

13 Mar '16

Apologies for offtopic (this might be mildly ontopic about the current state of crypto in open source). Would someone please check if links2 and elinks verify certificates on fresh install of Debian 8? To verify, try to open site which doesn't properly chain to trusted root, say https://cacert.org (unless you trust their root ) and check if it opens or there is error/warning. For me, on updated system, both don't verify certificates. Looks like at least ubuntu and fedora killed the elinks bug long ago. Searching the web for "$browser self signed certificate" shows some relevant results.

2 2