You are not logged in.
arrgghhh! why are crypto related papers so annoying????
c1 00000000000000000000000000001f6f3
r 85 1f c4 0c 34 67 ac 0b e0 5c c2 04 04 f3 f7 00
m(r) mod 2130 - 5 321e58e25a69d7f8f27060770b3f8bb9c
k ec 07 4c 83 55 80 74 17 01 42 5b 62 32 35 ad d6
n fb 44 73 50 c4 e8 68 c5 2a c3 27 5c f9 d4 32 7e
AESk(n) 58 0b 3b 0f 94 47 bb 1e 69 d0 95 b5 92 8b 6d bc
Poly1305r(m; AESk(n)) f4 c6 33 c3 04 4f c1 45 f8 4f 33 5c b8 19 53 de
c1 1d1944d37edcb4227341e7f4a721208ab
c2 1f0fa9144c0f2309881b3455d79b8c636
c3 167cb3431faa0e4c3b218808be4620c99
c4 001f91b5c0921cbc461d994c958e183fa
r 12 97 6a 08 c4 42 6d 0c e8 a8 24 07 c4 f4 82 07
m(r) mod 2130 - 5 0c3c4f37c464bbd44306c9f8502ea5bd1
k e1 a5 66 8a 4d 5b 66 a5 f6 8c c5 42 4e d5 98 2d
n 9a e8 31 e7 43 97 8d 3a 23 52 7c 71 28 14 9e 3a
AESk(n) 80 f8 c2 0a a7 12 02 d1 e2 91 79 cb cb 55 5a 57
Poly1305r(m; AESk(n)) 51 54 ad 0d 2c b2 6e 01 27 4f c5 11 48 49 1f 1bim getting 43586ce55792075e53a953450d024f6d too. so what in the world is this guy talking about???
Hi bobbym
the examples are at the very end of the paper, where the weird grid/tables are
and i have no idea why he doesnt reduce to the smallest number. i havent really read the analysis yet (maybe something with fitting the values into 4 32 bit registers?)
as for m(r), i just used the equation in the first post, since its the only equation that remotely makes sense to use
given the values
#Values are in hex
c1 124bcb676f4f39395d883fb0f19ea3c66 # i got this
c2 1366165d05266af8cdb6aa27e1079e6d7 # i got this
# so, in this case, q = 2
r 48443d0bb0d21109c89a100b5ce2c208 # given
m(r) mod (2^130 - 5) 1cfb6f98add6a0ea7c631de020225cc8b # i am not getting this
AES_k(n) 83149c69b561dd88298a1798b10716ef # i got thisand the equation
can someone please tell me what the output is?
a paper (http://cr.yp.to/mac/poly1305-20050329.pdf) is giving me problems with this. the answer is supposed to be 0ee1c16bb73f0f4fd19881753c01cdbe
darn. i guess im stuck with it then
thanks for your help bobbym!!!
hm... its sort of like inverse square+adding.
so what would you recommend to do instead of squaring? i have to add the values one way or another
ah ha! i knew it. so, what should i change the squaring+adding to?
its my own: hash2x 3. im trying to get the second to last outputs to be changed into something massive, so they can be shrunk down to the proper size in the last function. right now, im squaring the numbers, which is not very helpful if i need a 32 bit number but the output is 1. also, i assume that squaring+adding can be undone somehow, even if the values are added together (something like [5,3,6]-> [25,9,36]-> 70). thus, im looking for a function that increases the value of any output by a lot, is one to one, and causes some randomness
http://calccrypto.wikidot.com/hash-2x-v3
well the algorithm im messing around with is supposed to be a crypto hash, which are used for data integrity. its like error detection, but it really is meant for checking if someone has tampered with the data that was sent, rather than if a byte here or there got lost. they are basically the same thing, but used for [similar, but] different reasons
okay. my mistake. its really a checksum, but it seems like a shredder because it takes [a copy of the] data apart and gets a value from that data
weird. why are government publications so annoying???
im afraid that the equation is giving me similar incorrect values for the values i got wrong, and the correct values that i got correct. weird
>>> igamc(2,1.6/2)
0.80879213541099948 0.9057
igamc(1,.596953/2)
0.74194771741659604 correct
igamc(4,.502193/2)
5.9991863583757725 0.261961
>>> igamc(1.5,4.882605/2)
0.16003494020523146 0.180598
or did i mess up the equation in my program?
def igamc(s,z):
return ((e**-z)*(z**(s-1))*(z*((s**2)-s*(2*z+9)+z*(z+11)+26)+6))/(-s**3 + 3*s**2*(z +3) - s*(3*z*(z+7)+26) + z*((z+6)**2)+24)
EDIT: it turns out that the values are more or less correct, but the reference paper has weird answers
Thanks! but what about for s<2?
ooh... could you? im terrible with finding programs i need/want
after editing the formula to
upper = 1 - lower_incomplete_gamma-> upper / gamma(a), im still getting the same correct values, but different wrong values.
weird. i just remembered to look at wolfram, and i found another way to do it: 1 - lower_incomplete_gamma (the equation involving sigma), but the values that come out are weird. some values come out correctly, but others dont
>>> igamc(1.,2.13333/2)
0.34415436045553527 correct
>>> igamc(1.5,4.882605/2)
0.19091682276034516 off slightly
>>> igamc(1,.596953/2)
0.74194771741659593 correct
>>> igamc(1.5,.5)
0.65129687629720212 supposed correct answer is 0.801252, wolfram is giving me 0.710091
and i have not yet figured out how to do those continued fractions, so im afraid no luck there for the moment
oops. forgot that dt
im downloading the book right now, but its taking a bit long (43mb)
thanks!
so the functions are transformed some how? how would that work for a small program? a large library of familiar functions? that would be crazy
the function im working on is
How do non-symbolic programs integrate to infinity? sometimes using a large upper bound isnt good enough
it sort of is like a shredder program. crypto hashes take data apart and create short, unrecoverable, (supposedly) unique outputs
sorry for replying so late. ive been pretty busy
well im not trying to get back the values. i just dont want other people to be able to
so maybe i should change values in the rng every round, and seed it every round, and only use 1 output number?
i worded myself terribly. i should have made the title something like "how to change a number in a way that is hard to recover, with randomness as a side-effect"
theres really no example. since the values could be anything, i can just as well say output value = 0xf3d (12 bits) or 0x1f0dd13 (28 bits), and the output size is 128 bits, so f(0x1f0dd13) -> some 120 bit number. however, f^-1(0x1f0dd13) is very hard/impossible to get back
i meant that the values will not come out as f(x) = x1->f(x1)=x2..., depending on how many times the generator is used. im trying to find a standalone function. thats what i mean by 'no link'. not completely independent of each other, but not just a series of numbers generated by recursion
come to think of it, maybe i can constantly change the values of a linear congruential rng...
hi bobbym
actually, linear congruential rngs are terrible for crypto purposes. im not sure if i can convey the difference that i see in my mind: im not really looking for a way to generate a series of random numbers. im looking for a way to mess one number at a time, so there is no link between one output and the next.