From extropians-request@gnu.ai.mit.edu Wed Jun 30 11:52:58 1993 Return-Path: Received: from usc.edu by chaph.usc.edu (4.1/SMI-4.1+ucs-3.0) id AA20351; Wed, 30 Jun 93 11:52:49 PDT Errors-To: Extropians-Request@gnu.ai.mit.edu Received: from wookumz.gnu.ai.mit.edu by usc.edu (4.1/SMI-3.0DEV3-USC+3.1) id AA23121; Wed, 30 Jun 93 11:52:41 PDT Errors-To: Extropians-Request@gnu.ai.mit.edu Received: by wookumz.gnu.ai.mit.edu (5.65/4.0) id ; Wed, 30 Jun 93 13:58:28 -0400 Message-Id: <9306301758.AA22050@wookumz.gnu.ai.mit.edu> To: ExI-Daily@gnu.ai.mit.edu Date: Wed, 30 Jun 93 13:57:49 -0400 X-Original-Message-Id: <9306301757.AA22039@wookumz.gnu.ai.mit.edu> X-Original-To: Extropians@gnu.ai.mit.edu From: Extropians-Request@gnu.ai.mit.edu Subject: Extropians Digest V93 #0366 X-Extropian-Date: Remailed on June 30, 373 P.N.O. [17:58:27 UTC] Reply-To: Extropians@gnu.ai.mit.edu Errors-To: Extropians-Request@gnu.ai.mit.edu Status: OR Extropians Digest Wed, 30 Jun 93 Volume 93 : Issue 0366 Today's Topics: AIT VirtSem: Critical Bits, Structure, and Information [1 msgs] AIT: Deviation to Dominoes [1 msgs] AIT:Ruminations and Queries [3 msgs] ANTISCI: Andrew Kimbrell [1 msgs] BRAIN: obscure speculation [3 msgs] Biotech Prohibitionists, JP & Science [1 msgs] DESCRIBE LIST [1 msgs] Linguistics in SF [1 msgs] NANO: Drexler style nanotech is unworkable [2 msgs] Nightly Market Report [1 msgs] SOC/CHAT- The Truth (Why not Untruth?) [1 msgs] WARLOCK 4.0 Info [1 msgs] Administrivia: This is the digested version of the Extropian mailing list. Please remember that this list is private; messages must not be forwarded without their author's permission. To send mail to the list/digest, address your posts to: extropians@gnu.ai.mit.edu To send add/drop requests for this digest, address your post to: exi-daily-request@gnu.ai.mit.edu To make a formal complaint or an administrative request, address your posts to: extropians-request@gnu.ai.mit.edu If your mail reader is operating correctly, replies to this message will be automatically addressed to the entire list [extropians@gnu.ai.mit.edu] - please avoid long quotes! The Extropian mailing list is brought to you by the Extropy Institute, through hardware, generously provided, by the Free Software Foundation - neither is responsible for its content. Forward, Onward, Outward - Harry Shapiro (habs) List Administrator. Approximate Size: 86771 bytes. ---------------------------------------------------------------------- Date: Tue, 29 Jun 93 17:53:47 PDT From: tcmay@netcom.com (Timothy C. May) Subject: AIT: Deviation to Dominoes Andrew S. Hall writes: ... > One of the volumes I happened on was _The Undecidablity of the Domino > Problem_ by Robert Berger. (# 66). ... > This is not totally relevant to AIT, but deals in the same realms. It is > most amusing to find simple toys like dominoes or pebbles and sand can > now be played with for hours by us non-aged, but older people with a > purpose. Yes, the domino problem (also related: the "domino snake" problem, going from point A to point B) is wonderful. You may recall I use it as a metaphor for theorem-proving in knowledge space. (So does Rucker, so do others...) David Harel's "Algorithmics: The Spirit of Computing" has a wonderful set of chapters on these kinds of puzzles and their connections with computability. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. ------------------------------ Date: Tue, 29 Jun 93 20:57:06 -0400 From: pcm@cs.brown.edu (Peter C. McCluskey) Subject: BRAIN: obscure speculation X-Reposting-Policy: redistribute freely price@price.demon.co.uk (Michael Clive Price) writes: >Thanks to Paul Cisek for the feedback. > >> Yes, memories have to be stored in some sense in some location. The >> hippocampus is the favorite of NN researchers > >Patients with no hippocampi can recall, but cannot store, long term >memories (although they can have a fully functional short-term memory). >Therefore the hippocampus is involved in storage of long term memory, >but does not store memories itself. I can't believe NN researchers have >overlooked this. They haven't. A paper by Mark Gluck and Catherine Myers in NIPS 5 hypothesizes that the hippocampus uses a 2 layer autoassociative network to learn representations of inputs that are more compact than the original, and that these compact representations are then used to train simpler networks elsewhere that do the long-term storage. ----------------------------------------------------------------------------- Peter McCluskey >> Hofstadter's Law: It always takes longer than you expect, pcm@cs.brown.edu >> even when you take into account Hofstadter's Law. ----------------------------------------------------------------------------- ------------------------------ Date: Wed, 30 Jun 93 02:51:19 GMT From: price@price.demon.co.uk (Michael Clive Price) Subject: BRAIN: obscure speculation Peter McCluskey cites an interesting paper: > [..] A paper by Mark Gluck and Catherine Myers in NIPS 5 > hypothesizes that the hippocampus uses a 2 layer autoassociative > network to learn representations of inputs that are more compact than > the original, and that these compact representations are then used to > train simpler networks elsewhere that do the long-term storage. That jibes well with my intuition that long-term memories are more data- compressed than short-term memories. What's the full cite? What does NIPS 5 stand for? I'd like to check out this to gauge the plausibility of their hypothesis beyond my superficial intuition. > Peter McCluskey Mike Price price@price.demon.co.uk AS member (21/3/93) ------------------------------ Date: Tue, 29 Jun 93 23:24:35 EDT From: Andrew S Hall Subject: AIT:Ruminations and Queries 1) I was pondering some of the speculations on complexity and life as my wife kicked me off the computer so she could play her new game. Something from the earlier posts and from Chaitin's AIT got to me. People had discussed optimal strategies in terms of GO and of evolution. What if, in this context, complexity is like an activation energy barrier? An optimal strategy could be one that doesn't necessarily reduce complexity of the end result, but of intervening stages. Roughly analogous is when I do graphics work on my more primitive home machine. I lack memory, so must use huge temp files to do conversions. If the temp files get too big for my hard drive, I crash. If, however, I go about the same process in a different way, I can use smaller temp files and succeed. The end result is the same, size barriers in the middle are just different. It seems to me that this puts some of the discussion in a different light. The complexity of the final result may be meaningless next to the steps needed to get there. This had neat implications for me. It means that complexity is not some barrier of despair, but a challenge. 2) Has anyone else tried to download and run the Mathmetica version of the Omega equation? I have (at work) and IBM with Math. 2.2. It was written in 2.1 and I am told by a co-worker with loads more Math. experience that I that the versions have some compatibilty problems. The equations are filled with boxes (undecipherable to Math.) and the program kind of runs, but the result is meaningless. This problem could easily be me and my lack of Mathmetica experience. Can any one help me out? A. Techno-Anarchy.Neophilia.Economic Freedom.Cryptography.Anti-Statism.Personal Liberty.Laissez-Faire.Privacy Protection.Libertarianism.No Taxes.No Bullshit. ********** Liberty BBS 1-614-798-9537 ********** ********** Dedicated to Freedom. Yours. ********** ------------------------------ Date: Tue, 29 Jun 1993 19:54:07 -0700 (PDT) From: szabo@techbook.com (Nick Szabo) Subject: AIT VirtSem: Critical Bits, Structure, and Information Tim May: > Many thanks to Nick Szabo for his inputs on "schemata" in GP Many welcomes, but hold on! GP hasn't developed a schema theory yet. I was discussing GA schema theory. A good reference is _Genetic Algorithms in Search, Optimization, & Machine Learning_ by David Goldberg, Addison-Wesley 1989. >But in the "real world" of competition, survival, differential >reproduction, etc., the "royal flush" (or any "winning" strategy in Go or >in genome fitness) is dramatically different than some random hand. I think >we all know this, and Nick's point about schemata makes this. It's important to elaborate on this. The term of art "fitness" in evolution theory refers to the number of offspring. In GA this is called "selection", and the test program used to determine who gets selected is called the "fitness function". (Yet another example of ivory-tower researchers working at cross-purposes...) In most games and GA, the fitness function is quite specific -- flush beats three-of-a-kind, for example. This is also mostly true for animal breeding (except for those breeds where aesthetics is important). It is often not at all clear what brings fitness in natural selection. I think of the environment as a "fitness function", an ever-changing landscape shaped by the physical environment and competing evolving organisms. Thus natural selection can be modelled as a co-evolving, many-player game against both both nature and against each other. Despite the vague, ever-changing quality of her "fitness function", nature has evolved a great amount of complex function -- swimming, walking, running, flying, tool-making, language, etc. to take advantage of various "niches". In some sense Extropians consider the "Extropian Principles" to be our "fitness function". I've previously suggested we develop more explicit measures of "extropy", and suggested some theoretical models. Eg given self-rep robots/computer viruses as a model of genes & memes, what computer program(s) should the designer put in the robots that would tend to propagate them most quickly around the universe (an extropian outcome), and which would tend to stabilize or destroy the robots (an "entropic" outcome). Of course many Extropians are quite individualist, and tend to reject such moral observations. There are basic philosophical issues to be explored here. (More on Extropian philosophy/direction below). >[(criticality,memory/compressibility,time/logical depth) space] This is interesting. In some ways criticality may be a function of time: fitness increases as O(log(t)) in GA, and many other learning/evolving situations (follows the "learning curve"). The schemata get harder to break up to make something better. That is, editing distance'/fitness' increases as O(log(t)). (The actual curve will be a "punctuated equilibrium" depending on the topology of the space and how it is sampled). On the other hand, in a small structure that can be expanded to a large one -- eg the two "analog bits" (as Rucker puts it) that define an ellipse -- all the bits are critical to defining that unique ellipse. If we sample a bunch of points along an orbit, the only critical bits are the errors, those parts of the measurement that deviate from a perfect ellipse (for reasons of either measurement error or perturbation by other bodies in the solar system). Going to general "why are we doing this" philosophy: I agree that tackling simpler examples like poker, binary strings, etc. can be fruitful. On the other hand I don't want to wait forever to design cell-repair machines, etc. Much of the Extropian vision revolves around the "Scientific Pascal's Wager", making it critically important we get a handle on P(reanimation), P(uploading), etc. One might even call these probabilities the "critical bits" of Extropian thought. Even order-of-magnitude estimates would be extremely valuable. Getting such estimates means getting a handle on what's theoretically possible in the future, no matter how complex or impractical it seems today. Working on both specific designs and highly simplified/theoretical models in parallel seems like the way to go for me. The two tasks need each other to stay on course. Nick Szabo szabo@techbook.com ------------------------------ Date: Tue, 29 Jun 93 19:51:02 PDT From: Bruce.Baugh@p23.f40.n105.z1.fidonet.org (Bruce Baugh) Subject: Linguistics in SF U> From: mmcclask@bigcat.missouri.edu (Mike McClaskey) U> Date: Mon, 28 Jun 1993 11:37:47 -0500 (CDT) U> I'll throw my hat in the ring with the suggestion that Stephenson is U> a superior prose stylist to W. Gibson, but his (Stephenson's) ideas U> and visions take on a slambang _anima_ cartoon quality, while U> Gibson's seem more plausible... Stephenson does achieve great comic U> effect in "SC" with his exploration of privitization taken to its U> logical extremes. Actually, I found Stephenson's world somewhat more credible than Gibson's Sprawl precisely _because_ it's somewhat goony. So's reality. -- A somewhat digressing anecdote: A few years ago my lady love lost her husband to muscular dystrophy. The usual cause of death for MD is complications from pneumonia; the lungs fill and can't drain. One night he had to be hurried to the hospital for what turned out to be the next-to-last time, and the two of them had a dark, scary night. It was complicated by the situation in the room next door...occupied by a visiting Gypsy queen who'd broken an ankle and who was being visited by every Gypsy in the area code and some from beyond. Bonnie still doesn't quite know whether to laugh or cry. Here she was, in emotional torment, watching her husband in physical torment, with wailing music, tambourines, and gaudy costumes passing by to and fro just outside the door, until hospital security succeeded in clearing them all out. SNOW CRASH feels like that to me. I believe it. I also find his future very plausible, with nation-states not admitting they're dead. Institutions live past their "natural" lives in the modern world. Bruce --- GoldED 2.41 -- uucp: uunet!m2xenix!puddle!40.23!Bruce.Baugh Internet: Bruce.Baugh@p23.f40.n105.z1.fidonet.org ------------------------------ Date: Tue, 29 Jun 93 23:59:31 EDT From: The Hawthorne Exchange Subject: Nightly Market Report The Hawthorne Exchange - HEx Nightly Market Report For more information on HEx, send email to HEx@sea.east.sun.com with the Subject info. Report Time: Tue Jun 29 23:59:10 EDT 1993 News: (None) Newly Registered Reputations: BLAIR Blair Haworth EISRAEL changed to E LEFTY Lefty MWM Mark_McFadden SGP Sameer Parekh New Share Issues: Symbol Shares Issued ROWAN 10000 BLAIR 10000 P 10000 E 10000 PRICE 10000 IMMFR 10000 Share Splits: Symbol n-for-1 Total Issued PRICE 1000 10000000 Total Shares Symbol Bid Ask Last Issued Outstanding Market Value ANTO 0 0 0 NA NA NA BLAIR 30 0 0 10000 0 NA DEREK 0 0 0 NA NA NA E 100 100 100 10000 5 500 ESR 0 0 0 NA NA NA EXI 0 0 0 NA NA NA FCP 0 0 0 NA NA NA GOBEL 0 0 0 NA NA NA H 0 0 0 NA NA NA HEX 100 100 100 10000 2149 214900 HFINN 0 0 0 NA NA NA IMMFR 0 0 0 10000 0 NA LEFTY 0 0 0 NA NA NA LIST 0 0 0 NA NA NA LL 0 0 0 NA NA NA MARCR 0 0 0 NA NA NA MLINK 0 0 0 NA NA NA MWM 0 0 0 NA NA NA N 32 0 0 10000 0 NA P 30 0 0 10000 0 NA PRICE 0 0 0 10000000 0 NA ROMA 0 0 0 NA NA NA ROWAN 0 50 0 10000 0 NA SGP 0 0 0 NA NA NA TIM* 0 0 0 NA NA NA TRADE 20 0 0 10000 0 NA WILKEN 0 10 10 10000 1 10 ------------------------------ Date: Tue, 29 Jun 93 21:34:38 -0700 From: tcmay@netcom.com (Timothy C. May) Subject: AIT:Ruminations and Queries Andrew S. Hall writes: >1) I was pondering some of the speculations on complexity and life as my > wife kicked me off the computer so she could play her new game. Something > from the earlier posts and from Chaitin's AIT got to me. People had > discussed optimal strategies in terms of GO and of evolution. What if, > in this context, complexity is like an activation energy barrier? > > An optimal strategy could be one that doesn't necessarily reduce > complexity of the end result, but of intervening stages. Roughly > analogous is when I do graphics work on my more primitive home machine. > I lack memory, so must use huge temp files to do conversions. If the > temp files get too big for my hard drive, I crash. If, however, I go > about the same process in a different way, I can use smaller temp files > and succeed. The end result is the same, size barriers in the middle > are just different. Perhaps. I don't think we have any real idea as to whether life is trying to reduce or increase complexity "of the end result." (The genome seems to gradually be getting more complex--e.coli's 4 MB vs. our 4 GB--but what this means locally, in the slow process of expanding into and "colonizing" the space of possible configurations, I sure don't know. I think it doesn't matter whether an organism is "more complex" or "less complex," only how well it survives to reproduce (and how many children it has). The external environment, the other critters, and even its own kind will have major effects. Sometimes simplicity will win out in a niche (the billion-year old cockroach, the simple reptiles, and everything less complex than we are!), sometimes complexity will win out (the overall trend toward more complexity/specializatin and longer or more "evolutionarily compressed" genomes). > It seems to me that this puts some of the discussion in a different > light. The complexity of the final result may be meaningless next to > the steps needed to get there. This had neat implications for me. > It means that complexity is not some barrier of despair, but a challenge. I view complexity as exciting, not disheartening. It means there's more to the Universe than simple banality. (I've told the list how burned out I got on physics, circa 1973, thinking--foolishly--that the only interesting physics was the very large (cosmology, black holes) or the very small (particle physics). Boy, was I wrong. Now I see nearly limitless opportunity even in very simple systems. Of course, it's not "basic physics," but combinatorics, computer science, and math.) Some mathematicians freaked out when Godel proved his incompleteness theorems. Today, most folks view it as opportunity. Ditto for Chaitin, Turing, etc. >2) Has anyone else tried to download and run the Mathmetica version of > the Omega equation? I have (at work) and IBM with Math. 2.2. It was > written in 2.1 and I am told by a co-worker with loads more Math. > experience that I that the versions have some compatibilty problems. > The equations are filled with boxes (undecipherable to Math.) and the > program kind of runs, but the result is meaningless. > > This problem could easily be me and my lack of Mathmetica experience. > Can any one help me out? I downloaded all the Macintosh version files (the Mathematica code is of course not Mac-dependent) and have begun to play with them. (These are availabel by ftp'ing to mathsource.wri.com and looking in pub/Communications/Books for the files Chaitin.*) Along with the 4 inches of other books and papers, Chaitin sent me his 94-page manual, "Exhibiting Randomness in Arithmetic using Mathematica and C," June 11, 1993, which has more detailed instructions than the Chaitin.README file. (I don't have a PS printer...he may have included the full text of this manual somewhere on-line.) Several of the files are compilers, abstract machines, converters, etc. In any case, the output will not be something dramatic or obvious, like a graphic, but something like a large Diophantine equation. One of his programs, though, starts making an approximation to Omega (presumably for some chosen Turing Machine model)...I am hoping it actually computes something like Omega-sub-this-model = 0.97312..., adding more places of accuracy very slowly. The difference between MMA 2.1 and 2.2 is not major, and should be explained in the docs anyway. Also, 2.2 has only been out a short while, so you may have 2.1 laying around. My guess is that any problems you have (Andrew, that is) are 97.312..% likely to be due to understandable confusion about which files to load, how to load the Omega machine, etc. (I'm holding off on fooling with these files until I've read more of the basics, so I'll know what I'm doing.) I expect our seminar will talk about this in a few weeks, giving both Andrew and me a chance to play with it some more. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. ------------------------------ Date: Wed, 30 Jun 1993 02:56:55 -0400 From: Alexander Chislenko Subject: ANTISCI: Andrew Kimbrell A few days ago, I watched Andrew Kimbrell on CNN's "Crossfire" devoted to organ transplant issues. If somebody deliberately tried to play an extremely anti-extropian type, he couldn't have possibly done a better job. Sometimes I couldn't believe that anybody could have that crap for an opinion. Like saying that one can't donate organs for $ after death (aside from respectable religious reasons), 'cause it's prohibited by... Constitution which forbids 'cruel and unusual punishment', which is somehow inseparably connected with the 'rights of the dead, recognised in every society'. Also he said, 'You should understand: human body is not a commodity!'. Of course, he is the one who can determine how I should treat my body... - BTW, he is also the author of 'The human body shop'. I can't believe that a vicious idiot like this can head the Foundation on Economic Trends. Could we do something about him? ------------------------------------------------------------------------------ | Alexander Chislenko | sasha@cs.umb.edu | Cambridge, MA | (617) 864-3382 | ------------------------------------------------------------------------------ ------------------------------ Date: Tue, 29 Jun 93 23:52:41 -0700 From: davisd@nimitz.ee.washington.edu Subject: SOC/CHAT- The Truth (Why not Untruth?) From: "Nancy Schorr" Ask Romana about the Stanford ID she faked so she could pose in Playboy as a Stanford student. So, she has been holding out on the pictures we really want to see, eh? This is indeed serious. Ask about her engineering career sending email to herself all day. And ask her if her department has any more openings. Buy Buy -- Dan Davis ------------------------------ Date: Wed, 30 Jun 93 8:01:44 GMT From: starr@genie.slhs.udel.edu Subject: Biotech Prohibitionists, JP & Science The op-ed Mark Venture posted about biotech was by an official of the Foundation on Economic Trends. The FET is Jeremy Rifkin's organization. Rifkin is a biotech crypto-prohibitionist. I would expect that his policy director, the author of the op-ed, is, too. The FET originated as a front group for a fusion of the New Left and the Old Left. Rifkin came out of the New Left. As far as I'm concerned, he's the main memetic opposition we have. I take a different view of Jurassic Park and the view of science it conveys that any I've seen here so far. But, since I haven't seen the movie yet, this is only based upon descriptions of it that I've read here. It's a variant on one of the oldest tricks in the book, one that Rousseau used when he wrote novels about sex, then snuck in nice prudish morals at the end of the story. That way, people could indulge their prurient interests in vicarious sex and be absolved of guilt for it at the end. Crichton's version seems to be allowing people to indulge their interests in scientific and technological wonders, with nice eco-fascist morals at the end of the story to absolve people of their guilt for having had a positive experience of science and technology, of man's mastery over nature. Of course, the problem with both of these things is that neither sex nor science and technology are crimes or sins, so there's nothing for anyone to be guilty about in indulging in either. Tim Starr - Renaissance Now! Assistant Editor: Freedom Network News, the newsletter of ISIL, The International Society for Individual Liberty, 1800 Market St., San Francisco, CA 94102 (415) 864-0952; FAX: (415) 864-7506; 71034.2711@compuserve.com Think Universally, Act Selfishly - starr@genie.slhs.udel.edu ------------------------------ Date: Wed, 30 Jun 93 08:59:12 -0400 From: pcm@cs.brown.edu (Peter C. McCluskey) Subject: BRAIN: obscure speculation X-Reposting-Policy: redistribute freely price@price.demon.co.uk (Michael Clive Price) writes: >That jibes well with my intuition that long-term memories are more data- >compressed than short-term memories. What's the full cite? What does >NIPS 5 stand for? I'd like to check out this to gauge the plausibility >of their hypothesis beyond my superficial intuition. Mark A. Gluck and Catherine E. Myers, "Adaptive Stimulus Representations: A Computational Theory of Hippocampal-Region Function" in Neural Information Processing Systems 5, edited by Steven J. Hanson, Jack Cowan, and C. Lee Giles. Morgan Kaufman, 1993. ----------------------------------------------------------------------------- Peter McCluskey >> Hofstadter's Law: It always takes longer than you expect, pcm@cs.brown.edu >> even when you take into account Hofstadter's Law. ----------------------------------------------------------------------------- ------------------------------ Date: Wed, 30 Jun 1993 09:37:53 -0400 (EDT) From: bhaworth@acpub.duke.edu (W. Blair Haworth Jr.) Subject: DESCRIBE LIST ------------------------------ Date: Wed, 30 Jun 93 10:42:55 EDT From: Andrew S Hall Subject: AIT:Ruminations and Queries I wrote: > > An optimal strategy could be one that doesn't necessarily reduce > > complexity of the end result, but of intervening stages. Tim replied: > Perhaps. I don't think we have any real idea as to whether life is trying > to reduce or increase complexity "of the end result." > I think it doesn't matter whether an organism is "more complex" or "less > complex," only how well it survives to reproduce (and how many children it > has). Sorry, I was unclear in what I meant. I didn't mean to say that life systems were heading toward complexity or that more complex was a better strategy. What I meant was that survival is the goal and life is the "program" attempting to achieve it. Complexity can present barriers to this goal. (i.e. a hump) A more competitive strategy could be one that "goes around" the hump. A. Techno-Anarchy.Neophilia.Economic Freedom.Cryptography.Anti-Statism.Personal Liberty.Laissez-Faire.Privacy Protection.Libertarianism.No Taxes.No Bullshit. ********** Liberty BBS 1-614-798-9537 ********** ********** Dedicated to Freedom. Yours. ********** ------------------------------ Date: Wed, 30 Jun 1993 12:56:34 -0400 From: "Perry E. Metzger" Subject: NANO: Drexler style nanotech is unworkable X-Reposting-Policy: redistribute only with permission "James A. Donald" says: > There is an obvious and basic error in Drexler's work. > > Drexler proposes to make nanomachines of large rigid > molecules, but for large rigid molecules the glass point is > well above the decomposition point, meaning static > friction is so high that they break before they shift. Okay, I'll bite. Why don't the molecular systems in the human body, typically made of large rigid molecules, fail for this reason? > People have made Drexler style micro machines etched out > of silicon, using line widths of several micrometers. > When enough force is applied to make them move, they > shatter, because static friction overwhelms mechanical > strength. Now, this is bullshit for two reasons. The first is that silicon micromachines are NOT nanotechnology, and the second is that I've met several people involved in micromachines that the things do work, and quite well. In other words, your whole paragraph is just plain wrong. > The Drexler approach has been tried and, as predicted, has > failed. The smaller you get, the larger static friction > becomes relative to mechanical strength Huh? Its a shame you aren't registered on HEx. I'd sell you short. Perry ------------------------------ Date: Wednesday, 30 June 1993 07:51:02 PST8 From: "James A. Donald" Subject: NANO: Drexler style nanotech is unworkable In <9306281702.AA25659@wookumz.gnu.ai.mit.edu>, fnerd@smds.com (FutureNerd Steve Witham) wrote: > > James A. Donald writes some criticisms of > Drexler's nanotech ideas, from a perspective that seems tilted toward > biological molecules floating in solution: > > > The fundamental problem in constructing nanostructures is that it is > > extremely difficult to predict how the nano structure will behave, > > for example the unsolved, and perhaps insoluble, protein folding problem. > > .... gives the impression that > the folding behavior of large free-floating proteins has something ("the > fundamental problem") to do with nanotech, which it doesn't much. ..... > Mr. Donald suggests molecules in solution as a way to reduce friction. > He points out that this is difficult to design, but I think the main > problem is that it's difficult to mix the two styles of molecules- > -moving-randomly-in-solution with hard-deterministic-machines-in- > vacuum-boxes. Hard deterministic machines in a cold vacuum cannot work for components smaller than a few micrometers, at least they cannot work with components that anyone has designed so far. There is an obvious and basic error in Drexler's work. Drexler proposes to make nanomachines of large rigid molecules, but for large rigid molecules the glass point is well above the decomposition point, meaning static friction is so high that they break before they shift. It is not clear that nanomachines of the style of hard stuff working in a vacuum at low temperature can be designed to reduce static friction to acceptable levels, and Drexler makes no attempt to do this. This problem becomes difficult at micrometer scales, and the difficulty increases very rapidly indeed as you go to smaller and smaller sizes. Normal macroscopic designs become non functional due to static friction at scales of a few micrometers. People have tried them and, as predicted from scaling laws, they fail. People have made Drexler style micro machines etched out of silicon, using line widths of several micrometers. When enough force is applied to make them move, they shatter, because static friction overwhelms mechanical strength. The Drexler approach has been tried and, as predicted, has failed. The smaller you get, the larger static friction becomes relative to mechanical strength Designs that will work on a scale a thousand times smaller will need to be fundamentally different. They will look nothing like macro machines. They will consist of highly flexible molecules floating in a very large amount of lubricant, with vastly more lubricant than machinery. The molecules of the lubricant need to be as small as possible and to have high solvation capability in order to separate the nanostructures. Water is probably the best such lubricant. In other words nanomachinery must very strongly resemble living protoplasm, and will not resemble rigid clockwork at all. In nanosystems static friction is very high compared to the likely strength of large molecules, but for structures that are flexible or contain many solvent molecules brownian motion can reduce the effective static friction to zero, in effect converting static friction into viscous friction for movement rates that are small compared to the brownian motion. The kind of molecules used in the nanomachinery of living cells are flexible, and are often separated by many solvent molecules. Thus thermal motion makes the components shift randomly in relation to each other. When they are in contact they still move randomly caterpillar style because they are highly flexible. Any small external driving force will then give rise to a small net motion, superimposed on the large thermal brownian motion. In cellular nanomachinery the flexibility of the structures and the large numbers of solvent molecules mean that at ambient temperatures the machinery is well above its glass point, hence static friction is zero for motion rates that are small compared with the (large) brownian motion. In effect we only encounter viscous friction not static friction. Drexler's proposed nanomachinery is designed to have insignificant brownian motion, in order to make its behavior intelligible and predictable. This means a high glass point, which means his proposed machines would act similarly to the equivalent macroscopic machine if that macroscopic machine had been filled with molten glass and the glass allowed to cool down and become solid. Such behavior is a little bit *too* predictable. The qualities that make cellular nanomachines capable of organized motion on a nanometer scale, also makes it difficult to understand how they work, and difficult to design systems that would work in a like fashion. Perhaps once we gain some experience, it will not seem so hard, but simply fashioning macroscopic machines on a smaller scale, as Drexler proposes, will not work due to the scaling laws that he ignores. Designing nanomachines will be much harder than designing macro machines, and although powerful design tools will make it less hard, it will always be much harder than designing macro machines, because nano machines must move randomly through a very very large number of states in accordance with the laws of thermodynamics, whereas macroscopic machines move through a fixed predictable sequence of states in accordance with Newtonian physics --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesdon@infoserv.com | the arbitrary power of the omnipotent state. ------------------------------ Date: 30 Jun 93 09:14:13 U From: "Kent Hastings" Subject: WARLOCK 4.0 Info WARLOCK 4.0 Info The enclosed file is the documentation for WARLOCK 4.0, "A New Matrix-based Paradigm for Public Key Cryptography." The source code and executeable MS-DOS program are included in the shareware version, but my internet gateway complains "permission denied" if I try to send out the ZIP file. Hmm. The text file is about 43k and the ZIP is only 78k. Oh well. This is the first I've heard of WARLOCK. "NIST DSS and RSA systems suffice for authentication but are too slow for ordinary encryption/decryption functions forcing users to employ more complicated hybrid systems resulting in 'double exposure'." "WARNING: The WARLOCK cryptosystem provided herein is a copy- righted system protected by patents (awarded and pending) and is provided solely for private personal use and evaluation only, etc ..." For more info, contact WARLOCK@ACM.org. Kent - kent_hastings@qmail2.aero.org. <<<<<< Attached TEXT file follows >>>>>> .OJ OFF .UL ON WARLOCK - A New Matrix-based Paradigm for Public Key Cryptography (C) 1993 by William J. Wilson and C. Larry Craig 1. INTRODUCTION The following narrative briefly reviews the functionality of contemporary private key and public key (PK) cryptosystems in meeting current and future private sector security needs. To assist in meeting these needs, the WARLOCK paradigm for achieving matrix-based PK cryptosystems is presented and explained. Sys- tems based on this paradigm are designed as alternatives to RSA and RSA-hybrid systems by making available single, high-speed, full bandwidth systems capable of the basic cryptographic func- tions of encryption, decryption, and source authentication (digital signature). The WARLOCK paradigm is outlined in the following paragraphs with actual examples of system keys and step-by-step encryption, decryption, and authentications transformations effected by those keys. User evaluations, comments and suggestions are solicited on the WARLOCK paradigm as well as the particular WARLOCK 4.0 PC imple- mentation (available in C++ source code from file WARLOCK.CPP and in MS DOS executable code as WARLOCK.EXE). Please direct such input to WARLOCK@ACM.org or Datasec Systems, PO Box 4152, Hunts- ville AL 35815-4152, or by calling Wilson at (205) 881-8002. User suggestions and improvements will be incorporated, as appro- priate, and improved versions (as well as other implementations of the WARLOCK paradigm) will made available to interested users in the future. ***************************************************************** WARNING: The WARLOCK cryptosystem provided herein is a copy- righted system protected by patents (awarded and pending) and is provided solely for private personal use and evaluation only. Modifications to (or copies of) WARLOCK source or executable programs must retain the warning and proprietary legend displayed on the first user screen. The use of WARLOCK cryptosystems for private-sector commercial or public-sector governmental purposes is strictly prohibited with- out proper licensing arrangements. Licensing information can be obtained from the above-noted sources. ***************************************************************** 2. BACKGROUND Today's telecommunications and information system designers contemplating cryptographic technology are confronted with a relatively limited set of choices and capabilities (e.g. DES, RSA, proposed NIST DSS (Digital Signature Standard), etc.) which, even when combined in hybrid systems, are inadequate in our opinion to the complex security and authentication needs of the burgeoning information age and the even more daunting require- ments of the emerging digital multimedia revolution. For exam- ple, the NIST DSS and RSA systems suffice for authentication but are too slow for ordinary encryption/decryption functions forcing users to employ more complicated hybrid systems resulting in "double exposure". Hybrid systems typically use the DES standard which has been widely assailed for its all-too-short key length (56 bits). Nor has the proposed NIST standard met with a warm reception either since it presently provides only a time-consum- ing signature capability. In terms of variety, flexibility, speed, and selectable and provable levels of security, we feel that contemporary cryptosystems fall short of efficiently meeting the wide range of known and predicted private sector application security needs, e.g. encrypted digital voice and video, digital satellite communication, ISDN, wireless LAN's, source authentica- tion, IFF (Interrogate Friend or Foe) protocols, smart cards, and a host of other emerging applications. To meet these needs, the authors over the past several years have developed and tested scores of high-speed matrix-based PK crypto- systems beginning with a patented private-key version of the Hill cipher and culminating in the development of the WARLOCK family of PK cryptosystems. Our goal throughout has been the attainment of a single, full-bandwidth PK cryptosystem paradigm (with digi- tal signature) of sufficient simplicity, speed, and selectable levels of security for meeting current and expected cryptographic needs of the private sector. 3. THE HILL PARADIGM In 1929 Lester H. Hill proposed a unique, matrix-based, block ciphering system (1.) unlike any ever proposed before. Although manifestly linear and later shown to be susceptible of chosen plaintext attack, Hill's system represented a quantum leap in the art of cryptography providing for the first time a true block ciphering capability with strengths substantially beyond those of the polyalphabetic systems of his day. If fact, if computing (but not creating) the inverse of a matrix were as difficult as computing its permanent, Hill would have invented in a single stroke the first provably secure public key cryptosystem complete with digital signature. Notwithstanding, Hill's method, employ- ing standard matrix transformations, established a new direction whose full cryptographic potential in our opinion is still unrealized and one capable of nullifying in large measure the standard tools of conventional cryptanalysis. Apart from the issue of cryptographic strength, Hill succeeded in inventing the first two-key cryptosystem and it remained only for Hellman and Diffie to establish a rigorous mathematical paradigm (2.) for one-way, two-key public key cryptosystems and for Rivest et al. to provide the first viable example of such a system (3.). In a later development, McEliece developed a matrix-based public key system (4.) based on Goppa error correction codes. Although inefficient in terms of bandwidth and initially lacking digital signature, his system demonstrated that workable matrix-based PK systems were indeed possible. In spite of the fact that the McEliece system was recently cryptanalyzed (5.), it nevertheless represented a significant step in the evolution of matrix-based cryptosystems. Still later, Rodney Cooper extended Hill's mod 26 systems to Galois Fields GF(p) and GF(q^n) to create a cryptosystem based on matrix theory and Galois Fields (6). In essence, Cooper provided for a matrix of polynomials (subject to two moduli) to be used as an encryption key with the paramount advantage that such ma- trices can be made as large as needed to accommodate any required level of user security. In fact, Patti (7.) has implemented such extensible multi-magabit cryptokeys in PC-based extended memory in which he also concatenates random bits with the plaintext vector prior to encryption to defeat linear attacks (cited in the above reference) as well as known-plaintext and chosen-plaintext attack. Rather than trying to impress a known NP-hard problem into the service of PK cryptography as others such as Merkle et al. (8.) have attempted, we have employed a two-step process instead. In the first step, we developed weak but workable full-bandwidth PK systems with digital signature capability. In the second step, we hardened the resulting system by incorporating artificial com- plexities in the key generation, encryption, and decryption processes with the goal of attaining selectable and provable levels of security -- ideally NP-hard. Payne and McMillen's formula (9.) defines the number of nonsingu- lar nxn binary matrices possible for each dimension of n and thereby the number of reversible linear mappings of n-bit strings possible with such matrices. It is worth noting that such map- pings are a tiny subset of the full range of (2**n)! possible mappings of unique n-bit values. Unfortunately, as Chaitin has noted in another context (10.), all but a small fraction of these mappings are essentially noncomputable and can be effected only by table lookup -- as the small S-box mechanisms of DES exempli- fy. For the WARLOCK paradigm, one of the required private keys consists of a large, non-singular nxn matrix used to disguise the rectangular mxn public key. In the implementation provided here, a smaller nonsingular nxn private key matrix is also required. In the paragraphs that follow, the term "matrix" always refers to a binary matrix and all forms of the term "addition" indicated by the + symbol designate addition modulo-two (XOR operation). Supporting figures for the WARLOCK paradigm and the particular implementation are all found at the end of the paper. 4. THE WARLOCK PARADIGM Overview WARLOCK is a paradigm for a family of advanced, high-speed, full- bandwidth, matrix-based PK cryptosystems with full digital signa- ture. These systems can be operated in ordinary encryption/de- cryption mode or in superencrypted mode, (achieving encryption and authentication simultaneously) as necessary with key and block sizes incrementally selectable according to security needs. All implementations of the WARLOCK paradigm share certain common- alities: - use of a single public key K consisting of a rectangular mxn binary matrix where m>n and where n is the system block size of plaintext and ciphertext - achievement of nonlinear plaintext to ciphertext mappings such that for plaintexts A and B under key K, the follow ing is true: MAP(A,K) + MAP(B,K) <> MAP(A+B). - incorporation of secret "row identifiers" in rows of the public key (which are injected in disguised form into the ciphertext by the encryption process) allowing a private key holder to identify public key rows selected by the encryption process. - use of entropy increasing "noise bits" for selected bit positions of the public key not occupied by row identifiers - use of a secret, nonsingular nxn matrix M to disguise the public key and to serve (in inverse form) as a private key - user-selectable key and system block sizes to accommodate varying levels of security requirements - system key generation from user-supplied "key-seeds" or pass phrases of 1 to 85 bytes As the example below shows, the public key for the implementation provided here is initially constructed of two parts -- an A-part and a B-part. The A-part consists of a key-seed generated and triplicated nxn nonsingular matrix whose n dimension is exactly 1/3 the row dimension of the public key. Construction of the B-part begins with a template matrix (T- matrix) containing a diagonal of submatrices each comprised of "row identifiers" whose value and row positions uniquely identify each matrix row. In the first hardening step, the area above the diagonal is filled with key-seed generated "noise bits" and the area below the diagonal is filled with "replacement bits" con- sisting of key-seed generated but replicated row values. The A- part and the B-part are concatenated to form an mxn matrix where mn and where n is the block size of both the input plaintext and the resulting ciphertext. The purpose of row group jumbling is to disguise the original A-part and B-part row group sequence. WARLOCK encryption is accomplished by expanding an n-bit plain- text block in a nonlinear manner to form an m-bit vector which is multiplied by the public key to create an n-bit ciphertext. This multiplication is greatly hastened (as are all binary matrix multiplications) by the simple expedient of associating each bit position of the expanded vector with a row of K allowing 1-bits in the expanded plaintext vector to select corresponding rows of K which are added modulo two to produce the plaintext. In the first step of the decryption process, the ciphertext is multiplied by private key M_inverse to create the same value as if the plaintext had been multiplied by the completed T-matrix. Rows selected by the encryption process (whose row identifiers are encoded in the ciphertext) are then retrieved by a deconvolu- tion process which removes the effects of the noise bits identi- fied in the private key T-matrix. Accomplishing the inverse of the row selection process employed during encryption serves to identify the original plaintext. Like most computer-based cryptosystems, WARLOCK consists of three basic modules: a key generation module, an encryption module, and a decryption module. Digital signatures (as well as superencryp- tion) are accomplished conventionally by concatenating decryption and encryption functions employing appropriate public and private keys. WARLOCK Key Generation The WARLOCK T matrix is comprised of two major parts: an A-part and a B-part. The A-part consists of a triplicated and expanded nonsingular A matrix as shown in Figures 1. through 3. and the B- part consists of a set of rows each containing a unique 3-bit row identifiers as shown in Figure 5. Note that the triplicated rows of the A part when selected always produce a "fat bit" consisting of 000 or 111. These "fat bits" when combined with the row identifiers of the B-part in the encryption process either pre- serve the row identifier value or complement it with the result that identifiers are recovered in original or complemented form. For example, a row identifier 100 in a given ciphertext row position will be recovered either as 100 or as its complement 011 -- both identifying a particular B-part row selected in the encryption process. Row identifier values for the B-Part are chosen as shown below such that their values and their comple- ments form a unique set of unduplicated values allowing unambigu- ous row identification. 4-let Row Identifier Row Identifier Complement 1 100 011 2 010 101 3 001 110 4 111 000 In the encryption process, an information containing fat bit from the A-part consisting of 000 or 111 is always added to each 3-bit identifier value selected in the B-part. This technique not only preserves identification of the B-part row selected, but permits identification of the value of the information carrying fat bit as well. In other words, if a row identifier is recovered un- changed, its fat bit is known to be 000 otherwise its fat bit is known to be 111. Since the selection of fat bits is also deter- mined by plaintext values, fat bits are also information carry- ing. |----------| | | | B-part | | | |__________| | A-Part | |__________| WARLOCK T-matrix The A-part of the WARLOCK T-matrix is created as follows. A key- seed generated, nonsingular nxn matrix A (whose n dimension is exactly 1/3 the width of the T-matrix) and its inverse A_inverse is initially created as shown in Figures 1. and 2. The A-matrix is then triplicated to create the matrix shown in Fig. 3. As al- ready noted, triplication of the columns of matrix A produces the fat bits required by the encryption process. In the next step, shown in Fig. 4., the matrix row dimension is increased by adding each row pair of the matrix in Fig. 3. to create a third row. A fourth all-zero row is then created completing the row expansion. This last step is necessary to create A-part row groups (4-lets) that allow the row selection process (governed by plaintext values) to be identical for both the A-part and the B-part. Construction of the B-part of the T-matrix begins with an initial template containing row identifiers as shown in Figure 5. In the first hardening step, key-seed generated noise bits are added above the submatrix diagonal to produce the intermediate version shown in Figure 6. In the next step, the A-part and the B-part are joined to form a single T-matrix shown in Figure 7. To eliminate the "sea of zeroes" under the diagonal of the B-part (and to further disguise the T-matrix), a special "replacement bit or R-bit" matrix shown in Figure 8. is created with row values identical for each row 4-let. This matrix is added to the matrix in Figure 7. to produce the final T-matrix shown in Fig. 9. Not only does this step eliminate the "sea of zeroes" under the diagonal, but it also displaces and further disguises all other bits in the T-matrix. If the set of unique replacement row values in the R-matrix has been initially selected to sum to zero, the replacement row values vanish in the encryption proc- ess; otherwise their sum must be removed from the ciphertext as a special step in the decryption process. In the penultimate step of key generation, the T-matrix is multi- plied by the M-matrix in Figure 10. to produce the public key K- matrix shown in Figure 12. In the final step, this key is then key-seed jumbled in two ways: in four row groups (4-lets) and (optionally) by rows within groups. In the example below 4-lets are jumbled as follows: From To 4-let 4-let 6 1 4 2 1 3 2 4 3 5 5 6 WARLOCK Encryption Process The first encryption step consists of expanding the input plain- text block of n-bits (K-matrix column dimension) to a bit vector of m-bits (K-matrix row dimension) in accordance with the trans- lation table below. In the second and final step, this vector is then multiplied as a column vector by public key K to produce the ciphertext. Alternatively, the plaintext bit values could simply select the applicable rows of K directly as mentioned above and add them together. Expanded Plaintext Plaintext 2-bit Seg- Vector ment Segment 00 0001 01 1000 10 0100 11 0010 WARLOCK Decryption Process Decryption is a multi-step process. In the first step, the ciphertext is multiplied by private key M_inverse to produce an "unmasked version" having the same value as if the expanded plaintext had been multiplied by the T-matrix. In the second step, row identifiers of the B-part are recovered beginning with the leftmost row identifier which is always recov- ered in undisguised or complementary form (since it has not been altered by noise bits). The noise bits associated with this identifier row can now be identified using T-matrix private key information and removed from the ciphertext revealing the next leftmost row identifier in the same manner. This process is repeated iteratively until all row identifiers have been identi- fied -- in their original or complemented form. Each identifier value, thus recovered, unequivocally identifies an applicable 4- bit sector of the invoking expanded plaintext vector which, in turn, identifies a 2-bit sector of the plaintext. In addition, each recovered row identifier identifies its associated fat bit value as 000 or 111. When all row identifiers have been recovered, 2/3 of the plain- text has been decrypted. The remaining 1/3 can now be decrypted by examining fat bit values derived from the recovered identifier values themselves, i.e. for unchanged row identifiers, the ap- plicable fat bit = 000; otherwise the applicable fat bit = 111. When all fat bits have been identified, they are reduced from 3 bits to 1 bit and concatenated to form a value which is multi- plied by private key A_inverse (in Fig. 2.) to recover the re- maining 1/3 of the plaintext. In the final step of decryption, the full set of 2-bit plaintext segments are unjumbled to reverse the effects of the row 4-let jumbling of the public key. 7. WARLOCK 4.0 MANUAL EXAMPLE As an example of WARLOCK 4.0 operation, the WARLOCK 4.0 crypto- graphic keys shown in Figures 6., 11., and 12. may be used to manually encrypt and decrypt 12-bit inputs and to create and verify 12-bit digital signatures as desired. For example, to encrypt plain_text P = 001110000110 using pub- lic_key_K shown in Figure 12., accomplish the following steps: Expand plain_text P to expanded_text 000100100100000110000100. Select and add rows of public_key_K under control of 1-bits in expanded_text to produce encrypted_text as follows: bit 4 selects row 4 of K = 101000100001 bit 7 selects row 7 of K = 011110010011 bit 10 selects row 10 of K = 110011110001 bit 16 selects row 16 of K = 011000001000 bit 17 selects row 17 of K = 000010100101 bit 22 selects row 22 of K = 001001110001 encrypted_text = 010110011111 To facilitate understanding of the more complex decryption proce- dure detailed below, the following reference table is provided which relates row identifier values (as recovered) to the follow- ing necessary information: (1) row position selected within each row 4-let (2) selecting 2-bit plaintext values and (3) applicable fat bit values. Row Row Identi- Selected Selecting Associated fier Value within Plaintext Fat Bit (as recovered 4-let Value Value 100 1 01 000 011 1 01 111 010 2 10 000 101 2 10 111 001 3 11 000 110 3 11 111 000 4 00 000 111 4 00 111 The following steps detail the decryption process: A. Multiply encrypted_text 010110011111 by private key key_M_inverse shown in Figure 11. to create the initial value of reverted_text 100101101111. Note that the leftmost row identifier in bit positions 1, 5, and 9 is unaffected by noise bits and is seen to have the value 101 indicating that row 2 of the applica- ble 4-let of the public key was chosen. Accordingly, 1. Initialize the value of resultant_text with the first 2 recovered plaintext bit values, e.g. resultant_text 10. 2. Create the first iteration of intermediate_text by remov- ing from reverted_text the noise bits associated with row 2 of private key key_T_with_noise by XORing subject row 2 with the reverted_text to produce the first intermediate_text value as follows: 100101101111 (reverted_text) 011010010000 (row 2 template and noise bit values) 111111111111 (intermediate_text) This step also records the fat bits in positions 1, 5, and 9. of the intermediate_text and the reduced fat bit in position 1. B. Note that the value of the row identifier in bits 2, 6, and 10 "uncovered" by the previous step is seen to be 111 indicating that row position 4 of its respective 4-let was selected and further indicating an invoking plaintext value of 00 and an associated fat bit value of 000. Accordingly, 1. Append recovered plaintext bits 00 to the current result- ant_text value giving new resultant_text 1000. 2. Remove from the current intermediate_text value the noise bits associated with applicable row 4 of key_T_with_noise_bits by XORing subject row 4 with intermediate_text to produce a new intermediate_text value as follows: 111111111111 (current intermediate_text) 010101110110 (row 4 template and noise bit values) 101010001001 (new intermediate_text) This step also records the reduced fat bits in positions 1 and 2 of the new intermediate_text. C. The value of the third row identifier (bits 3, 7, and 11) uncovered by the previous step is seen to be 100 indicating that row 1 of its respective 4-let was invoked by a plaintext value of 01 and that its associated fat bit value is 000. Accordingly, 1. Append the recovered plaintext bits 01 to the current re- sultant_text value giving 10000. 2. Remove from the intermediate_text the noise bits associ- ated with row position 1 of private key key_T_with_noise_bits by XORing subject row 1 with the current intermediate_text to pro- duce a new intermediate_text value as follows: 101010001001 (current intermediate_text) 001000000000 (row 1 template and noise bit values) 100010001001 (new intermediate_text) This step also records the reduced fat bits in positions 1, 2, and 3 of the new intermediate_text. D. The fourth and final row identifier (bit positions 4, 8, and 12) uncovered by the previous step is seen to be 001 indicating that row 3 was selected by a plaintext value of 11 and that its associated fat bit value is 000. Accordingly, 1. Append recovered plaintext bits 11 to current resultant_text value giving 10000111. 2. Remove from the current intermediate_text value the noise bits associated with row position 3 of the subject 4-let of key_T_with_noise_bits by XORing row 3 with the current intermedi- ate_text to produce a new intermediate_text_value as follows: 100010001001 (current intermediate_text) 000000000001 (row 3 template value) 100010001000 (new intermediate_text) This step also records the final reduced fat bit in position 4 of the new intermediate_text whose current value is now seen to be 1000. D. This completed intermediate_text value 1000 will be multiplied by private key A_inverse to recover the final plaintext values (originally encoded by the A-part of the public key) as follows: 1000 x A_inverse = 1000 The recovered plaintext value 1000 is then appended to the cur- rent value of resultant_text to produce resultant_text = 100001111000. J. The completed resultant_text value 100001111000 (now seen to be a 2-bit permutation of the original plaintext) must now be unjumbled in the final decryption step by reversing the row jumbling accomplished in the last step of the key generation process (described on page 7.) as follows: Source Bit Desti- Destination Source Pair Position nation Bit Pair Position Bit Pair (resultant_ Bit Pair (decrypted_ Number text)/(value) Number text)/(value) 6 11-12 (00) 1 1-2 (00) 4 7-8 (11) 2 3-4 (11) 1 1-2 (10) 3 5-6 (10) 3 3-4 (00) 4 7-8 (00) 2 5-6 (01) 5 9-10 (01) 5 9-10 (10) 6 11-12 (10) This final permutation step produces the sought plaintext value 001110000110 completing the decryption process. Source Authentication and Superencryption To create a source authentication value S (for source authentica- tion purposes) represented by any selected 12-bit value, S must first be "decrypted" by the decryption module by the steps noted in the foregoing paragraphs to create signature value S*. When submitted to the encryption module for validation, S* produces the sought value S thereby proving unequivocally that S emanated from the private key holder. Because of the relatively high encryption and decryption speeds of WARLOCK 4.0, Alice and Bob may choose for purposes of enhanced security to exchange messages that are simultaneously encrypted and authenticated. To accomplish this, Alice and Bob first obtain each others public keys. In encrypting messages for Bob, Alice accomplishes the following: 1. Alice first "decrypts" each plaintext block using her private key to create an "authenticated version" of the plaintext. She then encrypts this version by Bob's public key to create a final ciphertext block which she transmits to Bob. 2. Bob first decrypts the ciphertext block by his private key recovering the "authenticated version". He then transforms this version to Alice's original plaintext by "encrypting" it with Alice's public key thus proving Alice to be the originator of the plaintext since she is the only holder of the private key. In encrypting messages for Alice, Bob follows the same procedure with the appropriate public and private keys. 8. SEEDING THE WARLOCK KEY GENERATION FUNCTION A basic desideratum of classic private key cryptosystems was easily generated and memorized keys to avoid a possibly compro- mising (or incriminating) recording of the key. This desideratum has all but vanished with DES and the advent of PK systems. Who, for example, can remember a thousand-bit RSA modulus or its constituent primes. Nevertheless, there are many occasions where one would not wish to transport private keys to a new operating locations, but regenerate them at their new location, use them, and destroy them. Such a capability is available through the unique WARLOCK key seeding feature which allows users to seed the key generation process with a user secret key-seed (or pass phrase) of 1 to 85 bytes (8 to 680 bits). Such a feature is typically absent from number theoretic cryptosystems such as RSA and the NIST DSS. With the WARLOCK key seeding feature, users can establish simple mnemonic seeding tokens or create elaborate- ly structured key-seeds as needed. Key seeding also facilitates the use of WARLOCK as a stream cipher where Bob and Alice at different locations independently generate a common private key based on a secret shared key-seed. Such a procedure allows then to generate and synchronize a common pseudorandom bit stream beginning with an agreed-on starting value v which is "decrypted" by the private key and the result XORed with plaintext to encrypt and decrypt in the manner of one- time pads or Vernam ciphers. The starting value v would then be incremented by +1 each iteration yielding a nonrepeating cycle of 2**n iterations where n is the system block size in bits. Key seeding also facilitates opportunistic encryption using devices such as PC's and workstations that are generally avail- able but not portable. For example, Bob could freely transport the encryption/decryption program on a 3 1/2" floppy in his shirt pocket without fear of compromising his secret key-seed. Alice could encrypt from any available PC initialized with an installed WARLOCK program. Both would enter their secret key-seed at the time of message exchange. As yet another example of the potential of key seeding, consider an environment where Bob and Alice are deployed as secret agents who must unequivocally authenticate each other's identity prior to commencing their mission. Each has memorized a key-seed given them by their faceless directors and each carries an unknown ciphertext segment as well. When they finally rendezvous in Vienna, Bob and Alice XOR the ASCII representation of their key- seeds to produce a new key-seed value which they use to generate cryptographic keys. Each then decrypts his ciphertext segment with the newly-generated keys. Bob hands his decrypted message to Alice who reads, "Of course, you know my name isn't Bob at all, it's Travis and I am pleased to meet you at last, Tatiana AKA Alice." 9. WARLOCK CRYPTOGRAPHIC STRENGTH It would be presumptuous at this point to assert that WARLOCK is categorically unassailable -- particularly in light of the vast resources of linear algebraic techniques (most of which are unknown to the authors) that might be mustered for its cryptanal- ysis. The rise and fall of numerous PK cryptosystems proposed during the last decade certainly recommend caution as well. However, based on our experience to date in making and breaking scores of matrix-based PK cryptosystems, it is our feeling that the only potentially effective assault possible against WARLOCK is the derivation of private keys (or workable alternatives) from the public key (assuming that the keys are sufficiently large to preclude other attacks). Clearly, the keys themselves cannot be exhaustively enumerated owing to their size. Simmons generalized PK system attack (11.) can be precluded in several ways. Users may choose to operate in superencrypted mode which accomplishes encryption and source authentication simultaneously or they may choose a suitably large system block size. Various kinds of pre- encryption scrambling (to increase input entropy) and post-de- cryption unscrambling may also be employed. Thus far we have been unable to cryptanalyze WARLOCK 4.0 with techniques successful against ancestors of WARLOCK. Under all the attacks that we have been able to muster, the work factor required to cryptanalyze WARLOCK 4.0 is an exponential function of block size which can be made arbitrarily large. What we are seeking from the user community is an assessment of the viability of the WARLOCK paradigm as well as a more precise quantification of the work factor required to cryptanalyze WARLOCK 4.0. 10. CONCLUSION Apart from the undecided issue of security, the WARLOCK paradigm meets our objective of providing users with single high-speed general purpose PK cryptosystems (exemplified by WARLOCK 4.0) as alternatives to number theoretic systems. We feel that WARLOCK cryptosystems can serve the security needs of private users to whom we grant free use subject to the restrictions noted in the source code and in the introduction to this paper. The WARLOCK paradigm also suggests a new direction for the development of PK systems free of the computational burden of number theoretic systems. Finally, the WARLOCK paradigm suggests a potentially fruitful direction for achieving a viable cryptographic embodi- ment of the NP-hard coding problem cited by Berlekamp et al.(12.). 11. WARLOCK 4.0 NUMBERED FIGURES Note: To facilitate de- 1000 1000 101010101010 cryption, Row 1. is row 2 1010 0110 100010001000 of Matrix A triplica- 1110 1100 001000100010 ted. Row 2 is row 1 0011 1101 000000000000 triplicated; row 3 is 001100110011 the XOR of rows 1 and Figure 1. Figure 2. 111011101110 2 and row 4 is the A-Part Private Key 110111011101 XOR of rows 1, 2, and Matrix A Matrix A_ 000000000000 3. The same process inverse using remaining row Figure 3. pairs of Matrix A is re- A-expanded peated to create A_expan- ded. 100000000000 100010101101 101101000011 010000000000 010100100010 011010010000 001000000000 001011001000 000001001110 111000000000 111111001001 110011001111 000100000000 000100101011 011000010011 000010000000 000010111111 001101110011 000001000000 000001111100 001100100110 000111000000 000111011110 010101110110 000000100000 000000100000 001000000000 000000010000 000000010001 000000100001 000000001000 000000001001 000000000011 000000111000 000000111000 001000100010 000000000100 000000000100 000100000000 000000000011 000000000010 000000010000 000000000001 000000000001 000000000001 000000000111 000000000111 000100010001 Figure 4. Figure 5. Figure 6. B-Part B-Part B-Part Initial key_T_temp- Columnar re- key_T_temp- late with arrangement late noise bits = key_T_with_ noise_bits 110000001000 101001010100 000110100011 100100111100 100000100001 010001110011 110101011011 000001101100 111010111100 001111001000 110101000010 110010110100 001000111100 110110001110 100100010001 111111110010 011000000100 101101101000 100001111010 110101000111 000000010010 111111110000 010111011110 010111011010 .OJ OFF Figure 7. Figure 8. key_M Private Key key_M_inverse 101101000011 110100100010 011001100001 011010010000 110100100010 101110110010 000001001110 110100100010 110101101100 110011001111 110100100010 000111101101 011000010011 001101010001 010101000010 001101110011 001101010001 000000100010 001100100110 001101010001 000001110111 010101110110 001101010001 011000100111 001000000000 010011011011 011011011011 000000100001 010011011011 010011111010 000000000011 010011011011 010011011000 001000100010 010011011011 011011111001 000100000000 101100110010 101000110010 000000010000 101100110010 101100100010 000000000001 101100110010 101100110011 000100010001 101100110010 101000100011 101010101010 011111101001 110101000011 100010001000 011111101001 111101100001 001000100010 011111101001 010111001011 000000000000 011111101001 011111101001 001100110011 011001110011 010101000000 111011101110 011001110011 100010011101 110111011101 011001110011 101110101110 000000000000 011001110011 011001110011 Figure 9. Figure 10. Figure 11. key_T_with_ replacement_ key_T_replaced noise (A rows (Figure 9. and B-Part XOR'd with Fi- joined) gure 10.) 11. BIOGRAPHICAL DATA William J. Wilson is an early-retiree of the Sperry half of the current UNISYS corporation. During his 23 years there, he spe- cialized in database design, information storage and retrieval, and system security. He is a member of ACM occasionally consult- ing in his areas of expertise and is also identified in the current Directory of American Fiction Writers and Poets as both a writer (science fiction and horror) and a poet. His light and satirical verse appeared frequently in DATAMATION (Churl's Garden of Verses, Solid-state Jabberwocky, Ode to the Indomitable GOTO, etc.) and other magazines. C. Larry Craig (co-inventor of WARLOCK and author of the C++ WARLOCK program) currently works as a private consultant and software designer in the fields of digital communication, commu- nication networks, and cellular and telephony applications. 12. REFERENCES 1. Hill, L. "Cryptography in an Algebraic Alphabet," Amer. Math. Monthly. 36: 306-312, 1929. 2. Diffie, W., and Hellman, M.E. "New Directions in Cryptog- raphy," IEEE Trans. Inform. Theory IT-22, 644-654, Nov. 1976. 3. Rivest, R. et al., A Method for Obtaining Digital Signa- tures and Public-key Cryptosystems, Communications of the ACM 21, pp. 120-126, Feb 1978. 4. McEleice, R.J. "A Public-key cryptosystem based on Alge- braic Coding Theory," DSN Progress Rep. 42-44, Jet Propulsion Laboratory, pp. 114-116, 1978. 5. Korzhik, V.L. and Turkin, A.I., "Cryptanalysis of McE- liece's Public-key Cryptosystem," Advances in Cryptology - Euro- crypt '91 Proceedings. 6. Cooper, R. "Linear Transformations in Galois Fields and Their Application to Cryptography," Cryptologia, Vol 4., No. 3, pp. 184-188, 1992. 7. Patti, T. "The SUMMIT Cryptosystem," Cryptosystems Jour- na, Vol 2., No. 2, 1992. 8. Merkle, C. and Hellman, M.E. "Hiding Information and Signatures in Trapdoor Knapsacks," IEEE Trans. Inform. Theory.IT- 24: pp. 525-530, 1978. 9. Payne, W.H. and McMillan, K.L., Orderly Enumeration of Nonsingular Binary Matrices Applied to Text Encryption, Communi- cations of the ACM, pp. 259-265, April 1978. 10. Chaitin, G. J. ""Randomness and Mathematical Proof," Scientific American pp. 47-52, May 1975. 11. Simmons, G.J., Forward Search as a Cryptanalytic Tool Against a Public Key Privacy Channel, Proceedings of the IEEE Symposium on Security and Privacy, April 1982. 12. Berlecamp, E.R., McEleice, R.J., and van Tilborg, H.C.A., On the Inherent Intractability of Certain Coding Problems, IEEE Trans. Inform. Theory, IT-24, pp. 384-386, May 1978. #000# ------------------------------ End of Extropians Digest V93 Issue #0366 ****************************************