From: John Pettitt <jpp@software.net>
Date: Thu, 21 Mar 1996 03:14:56 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
Message-ID: <2.2.32.19960320161456.012102e0@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:58 AM 3/20/96 GMT, ECafe Anonymous Remailer wrote:
>could some kind person that got IPGs' many time pad thing post it
>somewhere so people that never got a copy can see it????????
>
>
>
>thanks.
>
>
>
>
>
>
>
IPG wrote:

Obviously, you meet our requirementsfor the release of the IPG ABC 
Encryption algorithms. We need no further information from you. though we 
would appreciate your telephone num and snail mail address. 

The algorithms detailed below are copyrighted 1995 and 1996 by Internet 
Privacy Guaranteed, Seymour, TX. All rights are reserved. You may not
provide them to any other party, or parties, by any means or 
any media, without the expressed written permission of Internet Privacy 
Guaranteed. What is specially claimed as copyrighted and or patentable are:

     1. The use of the word Ultima for the system, because it is 
        impossible to have a either a more secure system - it is 
        impossible to break the Ultima system, other equally difficult  
        to break systems may exist, or may be formulated in the future,
        for example a true OTP,  and in those cases, they may 
        "theoretically" be more difficult to break than the IPG Ultima 
        System, for example a true OTP. However, that would exist only in 
        theory, because in those eventiualities, none of the 
        systems would be breakable.
        
        Furthermore as to speed, Ultima, or simple variations, XOR, OR,
        or AND, instead of the Add or Subtract, is the fastest possible 
        algorithm which will produce an unbreakable encryption system, 
        without having a single OTP byte for each byte of plain text to be 
        encrypted, as in an OTP. However, with the IPG system, we can 
        obtain the same speed, or theoretically faster speeds than a pure 
        OTP, with some very simple parrallelism - and that begs how 
        you get humoungous OTPs to use, both in terms of generating 
        them and getting them into a stream to be XORed against the plain 
        text. That FACT, that the IPG algorithms are the fastest 
        possible encryption system which will become evident when you 
        examine the algorithms in detail. 
  
        Thus it is impossible to produce a better system, in terms of 
        either security or speed, thus we call our system Ultima, the 
        ultimate.

    2.  The use of the term ABC Encryption algorithm that at once 
        describes the basics of the system and its simplicity as will 
        quickly become evident.


    3.  The use of a hardware generated OTP, which serves as a purely 
        random seed, for the system to be described.

    4.  The use of a table of prime numbers, any number of which is greater 
        than 3, from which random selections are made to be used in the 
        algorithms to be described. The prime numbers for the system 
        described have been selected for a specific hardware, namely the 
        IBM PC clone, market. With other 16 bit, 32 bit, or 64 bit 
        hardware, other prime numbers could be used to provide immediate 
        results just as in the system to be described. The use of 
        larger numbers, the use of larger adders, or logic gating 
        systems, is self evident in the copyrights/patents.    

    5.  The use of a random 8 bit seed for the dynamic vaiable that links 
        the sets of equations into one system. This variable, D, for 
        dynamic is the real key that distinguishes our system from any 
        other system - excepting hardware implemented systems that use 
        extremely large numbers, and or possible partitions, that 
        encompass possible meaningful message lengths. Such systems, are 
        self evident extensions of the simple IPG system.
  
    6.  The use of partitions within one OTP, pure random seed, PRNG stream 
        - either by using parts of the random seeds, or more 
        likely by using fixed intervals within the PRNG stream, for 
        example, arbitrarily say every 100 gigabytes, or 100 terabytes for 
        that matter. Using this technique, one random seed can be used for 
        any abritrary period of time, one message, 10 messages, one day, one 
        week, one year, one century, one millenium or whatever.  The use 
        of multiple Ds, in linear partitions, that is within one otp 
        every terabyte fior example,  is a self evident extension of the 
        IPG system. 

    7. The use of a simple serial hardware implementation of the IPG 
        system is self evident, and produces impressive speeds, mutiple 
        megabyte per second, dependent of course on hardware speeds.

    8. The use of a very simple single level of parallelism in hardware 
       implementation, where the ABCs are computed in parrallel, and 
       the D is passed along, is a simple self evident extension 
       of the system and will allow a throughput of over 
       100 megabytes per second, on state of the sart hardware.

    9. The use of a three dimensional parallel system, where the PRG 
       stream is chopped up into several partitions, say every terabyte, 
       and then each module proceeds as in paragraph 8, just above, is a 
       simple extension of the basic IPG system, a would enable a system 
       to operate at any conceivable line speed. 

   10. The changing of the number of equations, modules, prime number 
       values, length of prime numbers, or length of random sample, probe 
       values, or the other algorithmic values does not change  the basic 
       algorithm. It is the same algorithm with different values.  



With the previously detailed claims relating to the copyrightable and  
patentable features of the IPG algorithm system, IPG prersents 
the the Ultima Algorithms. - the ABC Encryption system.

Given:

    1. A 1792 BIT OTP, RANDOM SEED, generated from a hardware 
       source.

    2. A Table of 319 Prime Numbers in the range of 6,667 to 11,997, out 
       of the 580+ available, the 384 selected for dynamic variance, 
       the table is called BPRIMES.

    3. A Table of 319 prime numbers in the range of 14,007 to 19,997, out 
       of the 800+ available, the 384 selected for dynamic variance, 
       the table is called CPRIMES 


       The 1792 bits of OTP, Random Seed, are allocated as follows. 

          1. 512 bits for the 64 probes, for 64 C vales
          2. 512 bits for the 64 probes, for 64 B values
          3. 512 bits for the 64 starting A values 
          4.   8 bits for the initial ID value.

          Those 1544 bits are the actual random seed used for generating 
          the PRNG stream, if you insist on calling it that. In addition, 
          there are 248 bits used as follows.  

          5. 128 bits for the offset, partition, if applicable into the 
             PRNG stream. Actually they are used to encrypt the 
             actual underlying value of the partition, if any - note - in 
             this case the mode is actually a true OTP, the first time 
             only ot really does not help to know the offset unless 
             you know the OTP, Random Seed. 
          6. 72 bits for uniquely identifying the OTP being used.
          7. 48 bits as spares temporarily - can be used as different D
             values for partitions. If more As, Bs, Cs, are needed the 
             random seed, OTP, can be expanded as necessary. Unlike RSA, 
             there is no practical limit - I am actually sending you 1792
             BYTE Random seeds, so that you can test other variations if you 
             like, or use each of them, there are 32 of them in all, as 8 
             random seeds for the 1792 bit algorithm.  
   
       8 bit random starting A values are sufficient because we are 
       only talking about the effect on the low order 8 bits in our PRNG 
       stream. We actually AND these values with the constant 13,568 
       to give us a start that will intially have a dynamic effect 
       on the A, B, and C values, that is the smallest possible 
       B+13568, exceeds that largest possible C value.       
       
       This selection process of course makes the A, B and C values 
       random, 8 bits, as well as the initial ID value - the random range of 
       each set is 2 to 32 but as you will see they are interlimked 
       with the Dynamic variable, D.  

  The procedure is as follows:

      1. Using the 64 bytes for B selection, we select 64 Bs,
         B1,..,B64,  as follows.

         B1=BPRIMES(SB1) WHERE SB1 is the first byte of the Random Number 
            Seed, thus B1 is one of the BPRIMES, BPRIMES(0),..BPRIMES(255)
            then
         BPRIMES(SB1)=BPRIMES(256)   
             then
         B2=BPRIMES(SB2) AS BEFORE EXCEPT Byte 2 of the OTP, Random Seed, 
            is used. 
            then  
         BRPIMES(SB2)=BPRIMES(257) 
         and so forth through 64

        Thus you have 64 constants, B1,..,B64, each of which is an unique 
        prime number. This of course, is the same as a lottery selection, 
        except there is no denominator and the section pool does not 
        shrink. Thus you have 1 in 2 to the 512 possibilities of a 
        repeat, or guessing the selections. 

     2. The same procedure is used for selecting 64 C values, C1 through 
        C64.       
      
     3. The 64 starting A byte values, from the random seed, are 
        ANDed to 13,568 to give the 64 starting A values, random, at least 8 
        bit random.

     4. 8 Bits are used for the starting D value
  
     Thus the B  and Cs are constants - the As and D changes   

     Then quite simply, you have 64 equation sets as follows. 

     A1=(A1+B1) MOD C1  (Move, Add, Compare, Conditional Subtract)    
     D=(D+A1) AND 255  (Really just use DL in assembly language)
          + 
     A2=(A2+B2) MOD C2
     D=(D+A2) AND 255 
     ..............
          + 
     A63=(A63+B63) MOD C63
     D=(D+A63) AND 255 
          +
     A64=(A64+B64) MOD C64    
     D=(D+A64) AND 255
     
     the XOR operation against the plain text may vary. In our case, we 
     accumulate a pair of DLs in CX, and then XOR it against a wor, two 
     bytes of plain text. Thus we have one XOR for each set of two 
     equations above, 32 XORs for the 64 equations. We string A1 type 
     8 sets of those 64 equations together,  essentially duplicates of each 
     other except for the XOR operation, which are constants, as opposed to
     indexed variables. Thus we do a disk sector at a time, with only the 
     A values and D being variables. With double buffering, you can see 
     that it cooks, to say the very least.  
      
     Obviously by definition, there can be no repeat before the product of 
     the C values, that is (C1*C2*C3,..,*C63*C64), and that does not take 
     into account the starting A values and the starting D value. The 
     average C value is slightly over 14 bits. Accordingly, no repeat 
     is possible before 2 to the 864th power,minimum, or 2 to the 
     896th power average, 10 to the 267th power minimum, which will handle 
     anything that can possibly occur, ever, ever, ever. If every atom in 
     the universe was a Googol of Cray T3E's and they had been computing 
     since the big bang, the possibilities they would have tried so far 
     would be less than 1 part in 1 Googol. And that does not take into 
     account the other 2 to the 1543+ possibilities. 

     There is absolutely no way to prove that any message of any possible
     length is or is not possible, without trying all of the 1 to the 
     470th power possibilities, which of course is impossible. As John 
     von Neumann once said to Dr. Bloome (Dottie), in my presence - it 
     in a similar but totally unrelated case, it is not enough to say 
     that it some theoretical message may not be theoretically possible, you 
     must prove that at least one specific message is not possible.  Of 
     course, like JvN's case, that is not possible in the case of the IPG 
     system.     

  Continuing along that line, we in recognize that because we are 
  working with a 1544 bit key, over 2 to 1543, but someewhat less than 2 
  to the 1544, that we only have approximately 10 to the 478th 
  possibilities, that is 2 to the 1543+. Thus with a 125,000 byte message,
  we do not have 2 to 1,000,000th possible keys, but only 2 to the 1544 
  possible PRNG streams. Having said that, and fully recognizing that as
  incontrovertible, we invite you to test a long PRNG generated stream
  by the method, using a truly random seed of 1544 bits. You will 
  find over both short and long sample sizes that the "effect" is 
  indistinguishable from an OTP of the same length. 

  To facilitate this, we are including herewith: 


I combined all these files listed below under BSD UNIX with the zip 
program so you shouldn't have any problems extracting them. If you do,
please get back in touch with us and we can re-send the file under a 
different format, PKZIP. 

Note: The zipped files are considerably larger than the original 
      because they are random unzippable data files.

I promise you that with these, you can write the program to generate 
the PRNG streams in somewhat less than two hours. I am referring to the
64 sets of the equations set out above:

This approach will  also demonstrate how incredibly fast the system is 
and also how incredibly secure it is. 

 Therefore, please find attached in the zipped file BINARY.ZIP
 consisting of:

 
   1. BPRIMES.DAT - 384 prime numbers used for randomly selecting the 
      B1,..,B64 values in what we are now calling the 1792 bit system - I 
      am including 384 instead of 319 in case you want to try variations.. 

   2. CPRIMES.DAT - 384 prime numbers used for randomly selecting the
      C1,..,C64 values in the 1792 bit system - again 384 in case yopu 
      want to try variations.

   3. 32 - 1792 BYTE Hardware generated OTPs, specifically  
      OTP.001,..,OTP.032. - any of these may be used in the 1792 BIT 
      system, or the 5600 BIT system, or the 12288 BIT system. Further, 
      any of the 32, can be used for other possible system 
      configurations. The L1792 BYTE OTPs, can also be broken down 
      into 8 - 1792 BIT OTPs.


With these variables, you will not have any problem doing any 
kind of test that you may desire.

As a prelude, consider, if you will, the 1st 64 bytes of the PRNG stream.

    1. Byte 1

       D is random 
       A1=(A1+B1) MOD C1: is where A1 is random, 8 bit, and B1 and C1 are 
           randomly selected  from a table of primes and become a 
           constant for that OTP, random seed. THE resultant A1 is some 
           indeterminate number between 0 and C1-1. A1 MOD 256 is 
           therefore likewise some random number between 0 and 255.
           There are 16,677,216 possible variations, and only 1 is the 
           actual.   
       ID=(ID+A1) AND 255. ID is random and A1 is pseudo random with 
           16,677,216 possible variations.

       Accordingly: by definition the new TD is random.     
       
       Now therefore: if D was used for only this equation, there 
           would only be 2 to the 32nd possible, 8 ID - 8 A1 - 8 B1 
           & 8 C1 possible variations and what you would have would 
           be a system partioned into 64 didfferent subsystems. However,
           that is obviously not the case, D is passed from one 
           equation set to the next, so there is no repeat possible until at 
           the very least  ID short of the entire C1*C2,..*C63*C64 cycles.
       
   
     2. Byte 2, The process is the same and the resultant ID is 
        random.

     The process is the same for all the other 62 bytes. 

     Accordingly, how is it possible to determine the first 512 bits of the 
     PRNG stream? That is 10 to the 158th power possibilities. Obviously 
     they cannot all be tried - and any of the possible 2 to the 512th 
     power of underlying clear text is possible. 

     As stated, the reultant system is absolutely unbreakable - no ifs, 
     no ands, no buts, no maybes, no anything. Also, as you can clearly 
     demonstrate for yourself, there is no more robust system, with 
     respect to speed, possible. It is truly Ultima, the ultimate 
     system, as you will find out for yourself.   

     Enough, I assume. After you have satisfied yourself that the ABC 
     Encryption system is absolutely unbreakable and the fastest system 
     possible. We will proceed to the demonstrate that the Key 
     distribution is no problem and as stated, we are willing to license  
     the process as desired by users. 
        
  I invite your response,

  Thanks so much,

  Ralph,

      
  



John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
 "Technology is a way of organizing the universe so that man
  doesn't have to experience it." - Max Frisch

PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705