Java Source For Asymmetric Key Ciphers

[Luc The Perverse]

Hi - I'm looking for HFE and NTRU java source code.

I don't want to pay for these libraries, because I'm not going to make a
product with them, I only want to read through the algorithms and "play"
with them. I have trouble understanding the algorithm by reading a pper,
and have a better chance of understanding if reading code.

Are they available anywhere for free?

 

[IchBin]

Hi - I'm looking for HFE and NTRU java source code.

I don't want to pay for these libraries, because I'm not going to make a
product with them, I only want to read through the algorithms and "play"
with them. I have trouble understanding the algorithm by reading a pper,
and have a better chance of understanding if reading code.

Are they available anywhere for free?

http://java.sun.com/developer/JDCTechTips/2004/tt0116.html
--

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)

 

[Luc The Perverse]

http://java.sun.com/developer/JDCTechTips/2004/tt0116.html

I probably should use RSA if I have no real need to keep the data secure.

 

[Juuso Hukkanen]

Hi - I'm looking for HFE and NTRU java source code.

I don't want to pay for these libraries, because I'm not going to make a
product with them, I only want to read through the algorithms and "play"
with them. I have trouble understanding the algorithm by reading a pper,
and have a better chance of understanding if reading code.

Are they available anywhere for free?

anywhere...don't know but had fun searching

NTRU java
http://bass.gmu.edu/courses/ECE543/project/reports_2001/dsouza.pdf
http://bass.gmu.edu/courses/ECE543/project/specs-F01/DsouzaThomson.PDF

Apparently NTRU code was not available 2001 so they/ Rodney wrote an
own implementation

Now, where is Rodney... and his code Ok Quick googliing find out
what is true...

Possible address 1/2005
rodney.dsouza AT THE gmail.com

News posts IP (202.163.119.98) says he posted to Google group Windows
XP on 1/2005 from Pakistan Lahore, Punjab
http://groups.google.fi/group/helpwinxp/msg/9664c6184ae15a56?dmode=source&hl=fi

<OT>
In that case the DNS tracer is not mistaking...Hopefully he managed to
avoid being killed in those latest made by USA conducted war-crimes.
(I refer to bombing of a Pakistani village which left 18 civilians
death for no reason. It is interesting to notice that countries are
allowed to try to use large bombs in other countries in order to try
to catch criminals. Let's see that policy allows Russians to launch
cruise missiles to London suburbs in order to 'get' Chechen
politicians/terrorists. In addition that policy would suggest it is ok
for the China to try place a car bomb on a street within the USA, in
order the get their criminals e.g. Falun gong founder, damn Chinese
always trying to kill my religious leaders
</OT>

Right address was in 2001
(e-mail address removed)
(Remove extra-adjective)

Probably would not hurt to try also

Active 2001 ->?
dsouza AND
rodney_dsouza AND
rodney.dsouza AT THE veridian.com

In desperation Who knows maybe still
dsouza AT THE mrj.com WORKS


mars 2005 lists Rodney D'Souza
as mechanical coordinator at Arabian Construction Co's service in
Qatar
but that is propably a not the NTRU Rodney, or has managed to abandon
computers ?


Consider whether to ask if Rodney can make the code publicly available
(public domain).

Was fun...sorry no time for better un-intelligence


Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)

 

[Luc The Perverse]

anywhere...don't know but had fun searching

Don't take this the wrong way - but that seems like a lot of work - and I
don't even know who this guy is.

My current quest is to find a song "Pallas Athena" by Jay Bolton from a 1996
movie which never released its sound track. I am calling the musicians
guild (or something) tommorrow and have a few studio phone numbers . . .
Only one quest at a time please! I'm beginning to think the man and the
song don't exist - they are just myths.

 

[Paul Rubin]

My current quest is to find a song "Pallas Athena" by Jay Bolton from a 1996
movie which never released its sound track. I am calling the musicians
guild (or something) tommorrow and have a few studio phone numbers . . .
Only one quest at a time please! I'm beginning to think the man and the
song don't exist - they are just myths.

http://www.imdb.com/name/nm0093407/

http://www.imdb.com/title/tt0118904/fullcredits

http://www.rottentomatoes.com/m/macon_county_jail/dvd.php

 

[Luc The Perverse]

http://www.imdb.com/name/nm0093407/

http://www.imdb.com/title/tt0118904/fullcredits

http://www.rottentomatoes.com/m/macon_county_jail/dvd.php

Ah some familiar URLs!

One of the first things I did was sign up for a pro trial account of imdb
That is how I got the name of the composer and the number to the studio.

Thanks for trying though.

Call me strange for not wanting to watch a girl get raped every time I want
to hear the song - it just distracts somehow, but as thus far this has been
my only experience with it, perhaps I should be thankful. **lunacy
emerging . . . ** MUST HAVE SONG!!!! AGGGGGGHHHHHHHHHHHH

I didn't mean to get so sidetracked though - we're we talking about
asymmetric ciphers?

 

[Paul Rubin]

Call me strange for not wanting to watch a girl get raped every time I want
to hear the song - it just distracts somehow, but as thus far this has been
my only experience with it, perhaps I should be thankful. **lunacy
emerging . . . ** MUST HAVE SONG!!!! AGGGGGGHHHHHHHHHHHH

I think the idea is get the DVD and upload the audio of the song to
your vorbis player or whatever.

I didn't mean to get so sidetracked though - we're we talking about
asymmetric ciphers?

Ehh.

 

[wwhyte]

You may find the tutorials on the NTRU website helpful --
http://www.ntru.com/cryptolab is the place to start.

Note that we encourage people to develop and play with the algorithms
themselves, but you may not distribute your implementation without a
license from NTRU.

================================

William Whyte,
CTO, NTRU Cryptosystems

 

[Tom St Denis]

You may find the tutorials on the NTRU website helpful --
http://www.ntru.com/cryptolab is the place to start.

Note that we encourage people to develop and play with the algorithms
themselves, but you may not distribute your implementation without a
license from NTRU.

With that final note how many people use NTRU versus says RSA-PKCS or
ECC-X9.6X?

Patents may make business sense but all they do is take a possibly
valid technology and make it moot. By time NTRU is available for the
public domain it'll be 2015 or so. At which point "smart cards" will
be ARM platforms [or other 32-bit platform] and ECC with prime curves
will be more than just fine in software, etc...

Tom

 

[Paul Rubin]

By time NTRU is available for the public domain it'll be 2015 or so.
At which point "smart cards" will be ARM platforms [or other 32-bit
platform] and ECC with prime curves will be more than just fine in
software, etc...

Nah, smart cards will never be more powerful than they need to be. In
2015 there might be 32-bit smart cards that cost the same 2 or 3
dollars that today's 8-bit smart cards cost, but there will also be
8-bit cards like today's, except they will cost 10 cents instead of 2
or 3 dollars. If you're shipping millions (maybe even billions) of
cards, a public key algorithm that can run on a 10 cent card instead
of needing a 2 or 3 dollar card is extremely worthwhile.

 

[Tom St Denis]

By time NTRU is available for the public domain it'll be 2015 or so.
At which point "smart cards" will be ARM platforms [or other 32-bit
platform] and ECC with prime curves will be more than just fine in
software, etc...

Nah, smart cards will never be more powerful than they need to be. In
2015 there might be 32-bit smart cards that cost the same 2 or 3
dollars that today's 8-bit smart cards cost, but there will also be
8-bit cards like today's, except they will cost 10 cents instead of 2
or 3 dollars. If you're shipping millions (maybe even billions) of
cards, a public key algorithm that can run on a 10 cent card instead
of needing a 2 or 3 dollar card is extremely worthwhile.

Provided they're still making them. It may cost 3 cents to make an
8051 but if nobody will license/and/or/use them ... what's the point?

Also I imagine in the next 9 years we'll see more capable RISC
processors ending up on opencores.org. There are already a few there
now.

So you can use the DW8051 that comes with your cell library ... or
fetch a 32-bit 5-stage MIPS/Mhz processor off opencores and use it for
free as well... etc. ARM processors are already highly area efficient
and a hell of a lot more efficient in terms of mips/watt than an 8051
or 6805. I mean you'd have to clock an ARM down around <100Khz to
match the throughput of operations of an 8051.

Point is in the next decade things will only get better. Making the
"desire" to use lower efficiency 8-bit micros even lower and lower.

Tom

 

[Paul Rubin]

So you can use the DW8051 that comes with your cell library ... or
fetch a 32-bit 5-stage MIPS/Mhz processor off opencores and use it for
free as well... etc. ARM processors are already highly area efficient
and a hell of a lot more efficient in terms of mips/watt than an 8051
or 6805. I mean you'd have to clock an ARM down around <100Khz to
match the throughput of operations of an 8051.

I think power efficiency isn't a big issue for smart cards. If you
offer today's smart card buyer a choice between 50% power savings or
2% cost savings, he'll take the 2% cost savings without hesitating for
an instant. Question is, how many gates (chip area) does an ARM need
compared with the 8 bitter?

Point is in the next decade things will only get better. Making the
"desire" to use lower efficiency 8-bit micros even lower and lower.

The desire to pay as little as possible for any piece of functionality
is as old as history and will always be present.

 

[Tom St Denis]

I think power efficiency isn't a big issue for smart cards. If you
offer today's smart card buyer a choice between 50% power savings or
2% cost savings, he'll take the 2% cost savings without hesitating for
an instant. Question is, how many gates (chip area) does an ARM need
compared with the 8 bitter?

About 1 or 2 mm^2 in 130nm technology.

10 years from now in 65 or 45nm [when it becomes common for the fabs]
this will be moot.

But you missed the point. Custom RISC processors will likely be
available to the public [e.g. LGPL or similar license] and it won't
make sense to use the free DW51 when a free RISC core is available that
lets you do so much more.

The desire to pay as little as possible for any piece of functionality
is as old as history and will always be present.

They also compromise. Why use P-256 it's slow on my 16-bit MCU...
let's use P-160 or lower! it'll be fast enough!

Tom

 

[Paul Rubin]

About 1 or 2 mm^2 in 130nm technology.

10 years from now in 65 or 45nm [when it becomes common for the fabs]
this will be moot.

How can you say it will be moot? What smart cards are made in 130nm
today? Why would anyone use a 130nm process if they can use 3 microns
for much less cost?

But you missed the point. Custom RISC processors will likely be
available to the public [e.g. LGPL or similar license] and it won't
make sense to use the free DW51 when a free RISC core is available that
lets you do so much more.

Sure, there will be high end applications that need a 32 bit card but
the most common applications will still be stuff like SIM phone cards,
that just hold a few account numbers and keys. Right now I doubt most
of them can even do public key operations. Public key may become
economically feasible sometime, but remember these things are made by
the billions, so they'll still want to use 8-bit cards if they can.
The difference between a 27 cent, 8-bit card and a 28 cent, 32-bit
card is megabucks in the bank.

They also compromise. Why use P-256 it's slow on my 16-bit MCU...
let's use P-160 or lower! it'll be fast enough!

I think they're using closer to p-120. Since they're also using
single-DES....

 

[Tom St Denis]

About 1 or 2 mm^2 in 130nm technology.

10 years from now in 65 or 45nm [when it becomes common for the fabs]
this will be moot.

How can you say it will be moot? What smart cards are made in 130nm
today? Why would anyone use a 130nm process if they can use 3 microns
for much less cost?

Well the two biggest reasons why full blown processors aren't used.

1. License cost for the cpu
2. Area it requires would require package changes [e.g. larger].

I just checked over opencores.org and it's quite slim pickings. There
are a few MIPS designs but no PPC like designs or ARM...

That said, that can all change in 10 years. So license issues are
moot.

Now with a process that would take [say] 2mm^2 now ... in 65nm will be
much smaller thus requiring no package changes [at least externally].

It isn't like credit card sized smart cards will be getting smaller.

But you missed the point. Custom RISC processors will likely be
available to the public [e.g. LGPL or similar license] and it won't
make sense to use the free DW51 when a free RISC core is available that
lets you do so much more.

Sure, there will be high end applications that need a 32 bit card but
the most common applications will still be stuff like SIM phone cards,
that just hold a few account numbers and keys. Right now I doubt most
of them can even do public key operations. Public key may become
economically feasible sometime, but remember these things are made by
the billions, so they'll still want to use 8-bit cards if they can.
The difference between a 27 cent, 8-bit card and a 28 cent, 32-bit
card is megabucks in the bank.

Again, that's today. Even now things are moving to ARM despite the
license costs. Most people in the BT SIG are ARM users. So you'd see
things like mice and keyboards with enough power to do ECC P-192 mults
in 1M cycles!!!

An ARM license can run you usually a few dollars per core. Which slows
adoption rates a bit, specially for smart cards. But there clearly is
demand for the power. Just need a public domain core to feed the
engineers.

I really don't see cost being an issue once a 32-bit public domain core
is out there. Heck if I was an EE I'd probably do it myself just to
stir shit up. But so far I'm 4 years of school and about another 4
years of experience too short to do that

I think they're using closer to p-120. Since they're also using
single-DES....

My point exactly.

Tom

 

[wwhyte]

Patents may make business sense but all they do is take a possibly

valid technology and make it moot.

If the second part is true, then they don't make business sense...

.... but there are many factors involved in technology choices.
Licensing terms are only one, and there are plenty of examples
of customers choosing (for example) to pay for Windows rather
than install Linux themselves. Closer to home, remember that
the NSA recently paid Certicom $25 million for a subset of their
ECC patents. I understand that patents are annoying to the
developer who wants to use the patented technology, but I don't
think you can argue (as you seem to be trying to do here) that
they're inherently self-defeating.

William

 

[Luc The Perverse]

If the second part is true, then they don't make business sense...

... but there are many factors involved in technology choices.
Licensing terms are only one, and there are plenty of examples
of customers choosing (for example) to pay for Windows rather
than install Linux themselves. Closer to home, remember that
the NSA recently paid Certicom $25 million for a subset of their
ECC patents. I understand that patents are annoying to the
developer who wants to use the patented technology, but I don't
think you can argue (as you seem to be trying to do here) that
they're inherently self-defeating.

William

That's odd - why did they do that? Were they afraid of them? Wanted to use
them theirselves?

 

[Tom St Denis]

If the second part is true, then they don't make business sense...

Business sense != common sense.

It makes perfect "business sense" for Intel and Apple to partner. It
makes no common sense to do so [variety == better chance of
survivability].

... but there are many factors involved in technology choices.
Licensing terms are only one, and there are plenty of examples
of customers choosing (for example) to pay for Windows rather
than install Linux themselves. Closer to home, remember that
the NSA recently paid Certicom $25 million for a subset of their
ECC patents. I understand that patents are annoying to the
developer who wants to use the patented technology, but I don't
think you can argue (as you seem to be trying to do here) that
they're inherently self-defeating.

I don't know what the NSA "licensed". ECC over prime fields is not
patented. Things like MQV are but who gives two shits? Just use DH
with EC-DSA and you're all set, etc...

I've asked a lot of people what they know of the Certicom patents and
the answer I keep getting is "I don't know". And it's just that, all
hype and little substance.

For instance, I implemented prime curves in LTC for the longest while.
My software is used all over. I have yet to hear from Certicom. Is
that because I'm still to obscure or that they can't really do shit
all?

Patenting a PK algorithm is similar to patenting a block cipher. Other
choices are available and there isn't enough drive.

Now if you had a patent on fast ECC math you'd stand more chance
because at least people would still be within the realm of standards.
If I go out and license NTRU which ISO, IEEE, ANSI or FIPS standards am
I adhering to?

And this has nothing to do with technical merits. Do I care that NTRU
is faster? or more secure or more suitable for my platform? Not
really. If I'm to pick any protocols they have to be something that I
can tell my clients that I'm following a spec.

I *am* for new tech though. Don't think I'm a traveling NIST monkey or
something. If you recall I emailed NTRU [I think you replied] a long
while back about me adding NTRU to the library. You said no. I said
"ok bye bye" and haven't looked back since. I'm sure others are the
same.

While you will score enough contracts to stay in business you won't
have a lasting meaningful impact since nobody will inherit from your
work. Say Gizmo 1000 uses NTRU then gets bought up by another company.
Gizmo 2000 has more cpu or wants to be FIPS compatible. NTRU gone.

Or more like say Gizmo 1000 uses NTRU and Gizma 1500 uses something
else, then they merge... etc, etc, etc.

Point is the patents on NTRU basically make it unattractive for most
educated folk and really limit it's exposure. Which is a shame since
it's a cool protocol...

/rant

Tom

 

[Jean-Luc Cooke]

Doesn't NTRU have (or had) security problems in the past? Their
$100,000 challanges getting solved in record times and the complexity
big-O formula starts getting closer and closer to N rather than N^2.

I never bothered to research it (or even learn it, lattice
reductions...) since it was patented and I spent my time learning
something that had a chance of "making it".

JLC

Business sense != common sense.

It makes perfect "business sense" for Intel and Apple to partner. It
makes no common sense to do so [variety == better chance of
survivability].

... but there are many factors involved in technology choices.
Licensing terms are only one, and there are plenty of examples
of customers choosing (for example) to pay for Windows rather
than install Linux themselves. Closer to home, remember that
the NSA recently paid Certicom $25 million for a subset of their
ECC patents. I understand that patents are annoying to the
developer who wants to use the patented technology, but I don't
think you can argue (as you seem to be trying to do here) that
they're inherently self-defeating.

I don't know what the NSA "licensed". ECC over prime fields is not
patented. Things like MQV are but who gives two shits? Just use DH
with EC-DSA and you're all set, etc...

I've asked a lot of people what they know of the Certicom patents and
the answer I keep getting is "I don't know". And it's just that, all
hype and little substance.

For instance, I implemented prime curves in LTC for the longest while.
My software is used all over. I have yet to hear from Certicom. Is
that because I'm still to obscure or that they can't really do shit
all?

Patenting a PK algorithm is similar to patenting a block cipher. Other
choices are available and there isn't enough drive.

Now if you had a patent on fast ECC math you'd stand more chance
because at least people would still be within the realm of standards.
If I go out and license NTRU which ISO, IEEE, ANSI or FIPS standards am
I adhering to?

And this has nothing to do with technical merits. Do I care that NTRU
is faster? or more secure or more suitable for my platform? Not
really. If I'm to pick any protocols they have to be something that I
can tell my clients that I'm following a spec.

I *am* for new tech though. Don't think I'm a traveling NIST monkey or
something. If you recall I emailed NTRU [I think you replied] a long
while back about me adding NTRU to the library. You said no. I said
"ok bye bye" and haven't looked back since. I'm sure others are the
same.

While you will score enough contracts to stay in business you won't
have a lasting meaningful impact since nobody will inherit from your
work. Say Gizmo 1000 uses NTRU then gets bought up by another company.
Gizmo 2000 has more cpu or wants to be FIPS compatible. NTRU gone.

Or more like say Gizmo 1000 uses NTRU and Gizma 1500 uses something
else, then they merge... etc, etc, etc.

Point is the patents on NTRU basically make it unattractive for most
educated folk and really limit it's exposure. Which is a shame since
it's a cool protocol...

Tom

--