From: John Pettitt <jpp@software.net>
To: cypherpunks@toad.com
Message Hash: 8c5e8cb0e94bfabd429039d1895bda2bf7a4f2fc86dec0166819e54d1727fb4a
Message ID: <2.2.32.19960320161456.012102e0@mail.software.net>
Reply To: N/A
UTC Datetime: 1996-03-20 19:14:56 UTC
Raw Date: Thu, 21 Mar 1996 03:14:56 +0800
From: John Pettitt <jpp@software.net>
Date: Thu, 21 Mar 1996 03:14:56 +0800
To: cypherpunks@toad.com
Subject: Re: IPG message
Message-ID: <2.2.32.19960320161456.012102e0@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain
At 02:58 AM 3/20/96 GMT, ECafe Anonymous Remailer wrote:
>could some kind person that got IPGs' many time pad thing post it
>somewhere so people that never got a copy can see it????????
>
>
>
>thanks.
>
>
>
>
>
>
>
IPG wrote:
Obviously, you meet our requirementsfor the release of the IPG ABC
Encryption algorithms. We need no further information from you. though we
would appreciate your telephone num and snail mail address.
The algorithms detailed below are copyrighted 1995 and 1996 by Internet
Privacy Guaranteed, Seymour, TX. All rights are reserved. You may not
provide them to any other party, or parties, by any means or
any media, without the expressed written permission of Internet Privacy
Guaranteed. What is specially claimed as copyrighted and or patentable are:
1. The use of the word Ultima for the system, because it is
impossible to have a either a more secure system - it is
impossible to break the Ultima system, other equally difficult
to break systems may exist, or may be formulated in the future,
for example a true OTP, and in those cases, they may
"theoretically" be more difficult to break than the IPG Ultima
System, for example a true OTP. However, that would exist only in
theory, because in those eventiualities, none of the
systems would be breakable.
Furthermore as to speed, Ultima, or simple variations, XOR, OR,
or AND, instead of the Add or Subtract, is the fastest possible
algorithm which will produce an unbreakable encryption system,
without having a single OTP byte for each byte of plain text to be
encrypted, as in an OTP. However, with the IPG system, we can
obtain the same speed, or theoretically faster speeds than a pure
OTP, with some very simple parrallelism - and that begs how
you get humoungous OTPs to use, both in terms of generating
them and getting them into a stream to be XORed against the plain
text. That FACT, that the IPG algorithms are the fastest
possible encryption system which will become evident when you
examine the algorithms in detail.
Thus it is impossible to produce a better system, in terms of
either security or speed, thus we call our system Ultima, the
ultimate.
2. The use of the term ABC Encryption algorithm that at once
describes the basics of the system and its simplicity as will
quickly become evident.
3. The use of a hardware generated OTP, which serves as a purely
random seed, for the system to be described.
4. The use of a table of prime numbers, any number of which is greater
than 3, from which random selections are made to be used in the
algorithms to be described. The prime numbers for the system
described have been selected for a specific hardware, namely the
IBM PC clone, market. With other 16 bit, 32 bit, or 64 bit
hardware, other prime numbers could be used to provide immediate
results just as in the system to be described. The use of
larger numbers, the use of larger adders, or logic gating
systems, is self evident in the copyrights/patents.
5. The use of a random 8 bit seed for the dynamic vaiable that links
the sets of equations into one system. This variable, D, for
dynamic is the real key that distinguishes our system from any
other system - excepting hardware implemented systems that use
extremely large numbers, and or possible partitions, that
encompass possible meaningful message lengths. Such systems, are
self evident extensions of the simple IPG system.
6. The use of partitions within one OTP, pure random seed, PRNG stream
- either by using parts of the random seeds, or more
likely by using fixed intervals within the PRNG stream, for
example, arbitrarily say every 100 gigabytes, or 100 terabytes for
that matter. Using this technique, one random seed can be used for
any abritrary period of time, one message, 10 messages, one day, one
week, one year, one century, one millenium or whatever. The use
of multiple Ds, in linear partitions, that is within one otp
every terabyte fior example, is a self evident extension of the
IPG system.
7. The use of a simple serial hardware implementation of the IPG
system is self evident, and produces impressive speeds, mutiple
megabyte per second, dependent of course on hardware speeds.
8. The use of a very simple single level of parallelism in hardware
implementation, where the ABCs are computed in parrallel, and
the D is passed along, is a simple self evident extension
of the system and will allow a throughput of over
100 megabytes per second, on state of the sart hardware.
9. The use of a three dimensional parallel system, where the PRG
stream is chopped up into several partitions, say every terabyte,
and then each module proceeds as in paragraph 8, just above, is a
simple extension of the basic IPG system, a would enable a system
to operate at any conceivable line speed.
10. The changing of the number of equations, modules, prime number
values, length of prime numbers, or length of random sample, probe
values, or the other algorithmic values does not change the basic
algorithm. It is the same algorithm with different values.
With the previously detailed claims relating to the copyrightable and
patentable features of the IPG algorithm system, IPG prersents
the the Ultima Algorithms. - the ABC Encryption system.
Given:
1. A 1792 BIT OTP, RANDOM SEED, generated from a hardware
source.
2. A Table of 319 Prime Numbers in the range of 6,667 to 11,997, out
of the 580+ available, the 384 selected for dynamic variance,
the table is called BPRIMES.
3. A Table of 319 prime numbers in the range of 14,007 to 19,997, out
of the 800+ available, the 384 selected for dynamic variance,
the table is called CPRIMES
The 1792 bits of OTP, Random Seed, are allocated as follows.
1. 512 bits for the 64 probes, for 64 C vales
2. 512 bits for the 64 probes, for 64 B values
3. 512 bits for the 64 starting A values
4. 8 bits for the initial ID value.
Those 1544 bits are the actual random seed used for generating
the PRNG stream, if you insist on calling it that. In addition,
there are 248 bits used as follows.
5. 128 bits for the offset, partition, if applicable into the
PRNG stream. Actually they are used to encrypt the
actual underlying value of the partition, if any - note - in
this case the mode is actually a true OTP, the first time
only ot really does not help to know the offset unless
you know the OTP, Random Seed.
6. 72 bits for uniquely identifying the OTP being used.
7. 48 bits as spares temporarily - can be used as different D
values for partitions. If more As, Bs, Cs, are needed the
random seed, OTP, can be expanded as necessary. Unlike RSA,
there is no practical limit - I am actually sending you 1792
BYTE Random seeds, so that you can test other variations if you
like, or use each of them, there are 32 of them in all, as 8
random seeds for the 1792 bit algorithm.
8 bit random starting A values are sufficient because we are
only talking about the effect on the low order 8 bits in our PRNG
stream. We actually AND these values with the constant 13,568
to give us a start that will intially have a dynamic effect
on the A, B, and C values, that is the smallest possible
B+13568, exceeds that largest possible C value.
This selection process of course makes the A, B and C values
random, 8 bits, as well as the initial ID value - the random range of
each set is 2 to 32 but as you will see they are interlimked
with the Dynamic variable, D.
The procedure is as follows:
1. Using the 64 bytes for B selection, we select 64 Bs,
B1,..,B64, as follows.
B1=BPRIMES(SB1) WHERE SB1 is the first byte of the Random Number
Seed, thus B1 is one of the BPRIMES, BPRIMES(0),..BPRIMES(255)
then
BPRIMES(SB1)=BPRIMES(256)
then
B2=BPRIMES(SB2) AS BEFORE EXCEPT Byte 2 of the OTP, Random Seed,
is used.
then
BRPIMES(SB2)=BPRIMES(257)
and so forth through 64
Thus you have 64 constants, B1,..,B64, each of which is an unique
prime number. This of course, is the same as a lottery selection,
except there is no denominator and the section pool does not
shrink. Thus you have 1 in 2 to the 512 possibilities of a
repeat, or guessing the selections.
2. The same procedure is used for selecting 64 C values, C1 through
C64.
3. The 64 starting A byte values, from the random seed, are
ANDed to 13,568 to give the 64 starting A values, random, at least 8
bit random.
4. 8 Bits are used for the starting D value
Thus the B and Cs are constants - the As and D changes
Then quite simply, you have 64 equation sets as follows.
A1=(A1+B1) MOD C1 (Move, Add, Compare, Conditional Subtract)
D=(D+A1) AND 255 (Really just use DL in assembly language)
+
A2=(A2+B2) MOD C2
D=(D+A2) AND 255
..............
+
A63=(A63+B63) MOD C63
D=(D+A63) AND 255
+
A64=(A64+B64) MOD C64
D=(D+A64) AND 255
the XOR operation against the plain text may vary. In our case, we
accumulate a pair of DLs in CX, and then XOR it against a wor, two
bytes of plain text. Thus we have one XOR for each set of two
equations above, 32 XORs for the 64 equations. We string A1 type
8 sets of those 64 equations together, essentially duplicates of each
other except for the XOR operation, which are constants, as opposed to
indexed variables. Thus we do a disk sector at a time, with only the
A values and D being variables. With double buffering, you can see
that it cooks, to say the very least.
Obviously by definition, there can be no repeat before the product of
the C values, that is (C1*C2*C3,..,*C63*C64), and that does not take
into account the starting A values and the starting D value. The
average C value is slightly over 14 bits. Accordingly, no repeat
is possible before 2 to the 864th power,minimum, or 2 to the
896th power average, 10 to the 267th power minimum, which will handle
anything that can possibly occur, ever, ever, ever. If every atom in
the universe was a Googol of Cray T3E's and they had been computing
since the big bang, the possibilities they would have tried so far
would be less than 1 part in 1 Googol. And that does not take into
account the other 2 to the 1543+ possibilities.
There is absolutely no way to prove that any message of any possible
length is or is not possible, without trying all of the 1 to the
470th power possibilities, which of course is impossible. As John
von Neumann once said to Dr. Bloome (Dottie), in my presence - it
in a similar but totally unrelated case, it is not enough to say
that it some theoretical message may not be theoretically possible, you
must prove that at least one specific message is not possible. Of
course, like JvN's case, that is not possible in the case of the IPG
system.
Continuing along that line, we in recognize that because we are
working with a 1544 bit key, over 2 to 1543, but someewhat less than 2
to the 1544, that we only have approximately 10 to the 478th
possibilities, that is 2 to the 1543+. Thus with a 125,000 byte message,
we do not have 2 to 1,000,000th possible keys, but only 2 to the 1544
possible PRNG streams. Having said that, and fully recognizing that as
incontrovertible, we invite you to test a long PRNG generated stream
by the method, using a truly random seed of 1544 bits. You will
find over both short and long sample sizes that the "effect" is
indistinguishable from an OTP of the same length.
To facilitate this, we are including herewith:
I combined all these files listed below under BSD UNIX with the zip
program so you shouldn't have any problems extracting them. If you do,
please get back in touch with us and we can re-send the file under a
different format, PKZIP.
Note: The zipped files are considerably larger than the original
because they are random unzippable data files.
I promise you that with these, you can write the program to generate
the PRNG streams in somewhat less than two hours. I am referring to the
64 sets of the equations set out above:
This approach will also demonstrate how incredibly fast the system is
and also how incredibly secure it is.
Therefore, please find attached in the zipped file BINARY.ZIP
consisting of:
1. BPRIMES.DAT - 384 prime numbers used for randomly selecting the
B1,..,B64 values in what we are now calling the 1792 bit system - I
am including 384 instead of 319 in case you want to try variations..
2. CPRIMES.DAT - 384 prime numbers used for randomly selecting the
C1,..,C64 values in the 1792 bit system - again 384 in case yopu
want to try variations.
3. 32 - 1792 BYTE Hardware generated OTPs, specifically
OTP.001,..,OTP.032. - any of these may be used in the 1792 BIT
system, or the 5600 BIT system, or the 12288 BIT system. Further,
any of the 32, can be used for other possible system
configurations. The L1792 BYTE OTPs, can also be broken down
into 8 - 1792 BIT OTPs.
With these variables, you will not have any problem doing any
kind of test that you may desire.
As a prelude, consider, if you will, the 1st 64 bytes of the PRNG stream.
1. Byte 1
D is random
A1=(A1+B1) MOD C1: is where A1 is random, 8 bit, and B1 and C1 are
randomly selected from a table of primes and become a
constant for that OTP, random seed. THE resultant A1 is some
indeterminate number between 0 and C1-1. A1 MOD 256 is
therefore likewise some random number between 0 and 255.
There are 16,677,216 possible variations, and only 1 is the
actual.
ID=(ID+A1) AND 255. ID is random and A1 is pseudo random with
16,677,216 possible variations.
Accordingly: by definition the new TD is random.
Now therefore: if D was used for only this equation, there
would only be 2 to the 32nd possible, 8 ID - 8 A1 - 8 B1
& 8 C1 possible variations and what you would have would
be a system partioned into 64 didfferent subsystems. However,
that is obviously not the case, D is passed from one
equation set to the next, so there is no repeat possible until at
the very least ID short of the entire C1*C2,..*C63*C64 cycles.
2. Byte 2, The process is the same and the resultant ID is
random.
The process is the same for all the other 62 bytes.
Accordingly, how is it possible to determine the first 512 bits of the
PRNG stream? That is 10 to the 158th power possibilities. Obviously
they cannot all be tried - and any of the possible 2 to the 512th
power of underlying clear text is possible.
As stated, the reultant system is absolutely unbreakable - no ifs,
no ands, no buts, no maybes, no anything. Also, as you can clearly
demonstrate for yourself, there is no more robust system, with
respect to speed, possible. It is truly Ultima, the ultimate
system, as you will find out for yourself.
Enough, I assume. After you have satisfied yourself that the ABC
Encryption system is absolutely unbreakable and the fastest system
possible. We will proceed to the demonstrate that the Key
distribution is no problem and as stated, we are willing to license
the process as desired by users.
I invite your response,
Thanks so much,
Ralph,
John Pettitt, jpp@software.net
VP Engineering, CyberSource Corporation, 415 473 3065
"Technology is a way of organizing the universe so that man
doesn't have to experience it." - Max Frisch
PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705
Return to March 1996
Return to “Michael Froomkin <froomkin@law.miami.edu>”