Newest or Updated MCG Site Entries


Unicity, DES Unicity, Open-Keys, Unknown-Keys - 
Revisits the concept of unicity and shows that key-length is not the most important parameter to evaluate the security of cryptographic systems, discussing possible weakness in current systems and alternatives. As an example, it presents a +70-bit exportable DES, directly  based on 56-bit DES.
Some Non-Random DES Characteristics and an Identification Attack on DES - 
Shows some non-random characteristics of DES, explained as a collateral effect of its 56-bit key-length versus 64-bit plaintext space. Also describes the  "Identification Attack",  used to explore this vulnerability to break DES with just three letters.
Intrinsic examples - 
Discusses intrinsic identification, identity and certification -- with easy-to-follow examples for each. It is part of the "Intrinsic Certification" series of short communications.
Identification and Privacy are not Antinomies - 
Even though motivated by the Internet, as a practical arena, the concepts reported here can be applied to improve any 
identification method -- including the present proposal by the US Government for a national ID card..
What is identification, that we can identify it?, Part II - 
A continuation, this work defines Identification-level I-3, with 64 identification types. Understanding is defined as a nexus -- a linked collective of elements. Reference, Sense and Entity are derived as predicates of understanding -- and not as "ad hoc" attributes of an "identity".
What is identification, that we can identify it? - 
Identification can be understood not only in the sense of an "identity" connection, but in the wider sense of "any" connection. Which one to use is just a matter of protocol expression, need, cost and (very importantly) privacy concerns.
What is the Internet Paradigm? - 
The Internet provides raw power. Thus, it works as an amplifier which can reward results and self-discipline, or problems and inefficiency. The talk discusses the growth of the Internet and its working paradigms, as well as its evolution. 
MC-ware potential and objectives - 
There are varied ways to implement the precise functional features of MC.  This message calls for a focus upon how MC obtains, retains, and treats data/objects in support of its unique functionalities.
Towards Real-World Models of Trust: Reliance on Received Information - 
This work presents an abstract definition of trust which allows any number of compatible explicit trust definitions to be derived specifically for each application area such as communication systems, digital certificates, cryptography,  law, linguistics and social uses, of which more than 30 examples are discussed.
New slide material - 
View the  new slide topics on Certification, Security and Internet.
Overview of Certification Systems: X.509, CA, PGP and SKIP - 
New updated and summarized PDF version -- Reviews current certification methods and weakenesses, as well as possible solutions (also directly in Postscript, plain .ps or .zip format). The HTML version of this work was visited more than 50,000 times in one year -- see
The Unabridged X.509 Certificate - 
Contains the full explicit and implicit content of a generic X.509 certificate and thus may  well represent what is meant by any X.509 Certificate that the reader may need to accept or buy, such as for https (SSL) access, for S/MIME e-mail, etc. 
Cerimony and non-repudiation in e-commerce - 
Digital signature effects can be legally questioned (semantic repudiation), rather easily -- even though the signature itself may not (syntactic non-repudiation), e.g., as given by passive certificates. This work discusses how passive certificates can also allow legal cerimonies to be introduced in digital signatures, which affords a legal base for non-repudiable transactions.
Must e-commerce deals expire with certs? - 
To allow certificates to be useful for legal tasks -- e-commerce -- one needs to be able to verify signatures that were done when the certificate was valid, even 35 years afterwards. This work shows how that can be done with passive certificates.
Intrinsic Certification at a glance, part I - 
This is the first essay, in a series of short communications that intend to be a "road-guide" for developers, security specialists and users, into the subject of Intrinsic Certification and their implementation by Meta-Certificates. 
Why is certification harder than it looks? - 
The paradox is that while certification is harder than it looks, it must be made amenable to the average user.
First-Year  Technical Report: MCG 1997-1998 - 
Certification is shown to depend at least on two concepts: "proper trust" and "proper keys". Which must first be adequately qualified in communication theory terms and then modeled in an useful way.