April Fool — Cryptographers way

1st April is the day on which no information can be easily taken as fact and is also the day where pranking or fooling anyone tends to bring laughter rather than angry stares.

Yesterday, some of my friends were commenting how many people from different science streams have played elegant pranks on their respective communities and surprisingly (or unsurprisingly) they claimed that Cryptographers have never played any good April fool. Cryptographers have had their own share of April Fool incidents, maybe not as geeky as Google’s annual April fool (I loved the Quantum code testing*); but Crypto April fools have a certain stroke of brilliance in them that cannot be compared to others.

This year PHC (Password Hashing Competition) mailed the following to everyone, sharing this since not many seem to be aware:

After over two years of in-depth analysis and careful deliberation, today the panel is pleased to announce that LM Hash has been unanimously selected as the winner of the PHC. To many panel members, the choice was obvious.

Selection criteria includes the following, in no particular order:

– LM Hash leverages the well-studied and proven DES block cipher.

– Most users only select passwords that are 6 – 8 characters long, so LM Hash’s 14-character limitation is more than reasonable for the majority of use cases.

– LM Hash is not case-sensitive, reducing the number of password reset requests and Help Desk tickets that result from users not remembering their precise passwords.

– Most LM Hash values have already been pre-computed and made publicly available, reducing load on authentication servers.

– LM Hash does not require the use of salt, which aligns with the American Heart Association’s guidelines for a low-sodium diet.

– LM Hash requires little energy to compute, thereby contributing to environment-friendly authentication systems.

As a Microsoft employee, Marsh Ray was the most vocal advocate for LM Hash, noting that Microsoft, IBM, and 3Com have had support for LM Hash since 1988. Alexander Peslyak added that LM Hash is the ideal PHC winner since it’s already well-supported in John the Ripper. Jeremi Gosney and Jens Steube were quick to agree, noting that LM Hash has all of the qualities they desire in a password hash.

Comparing LM Hash to other PHC finalists:

– Unlike LM Hash, Argon and Catena are resistant to TMTO, wasting valuable CPU cycles.

– Battcrypt uses Blowfish, which was developed by that charlatan Bruce Schneier. LM Hash uses DES, which was developed by IBM and the NSA. Which do you trust more?

– Lyra2 relies on a sponge for security, which is by definition full of holes. LM Hash relies on a block cipher. Blocks don’t have holes.

– Pufferfish encrypts the palindrome “Drab as a fool, aloof as a bard.” LM Hash encrypts the string “kgs!@#$%”, saving the user 24 bytes.

– LM Hash is far simpler than yescrypt! It can be described in one line, whereas yescrypt can’t even be described in one book.

– Unlike Makwa, LM Hash is post-quantum!

– Parallel was designed by Steve Thomas, who you can’t trust to hash your password. LM Hash wasn’t designed by Steve but by trusted Microsoft experts.

Being the choice of foremost thought leaders in the field, LM Hash is already a success:

– LM Hash will appear in the next Gartner Magic Quadrant for state-of-the-art password hashing.

– Academic researchers have started applying for grants in order to investigate security proofs of LM Hash in the related-password model under relaxed misuse-resistance assumptions. Leading researchers already expect breakthrough indifferentiability proofs in the ideal cipher model.

– A new secure messaging application will generate one-time-pad masks from user passwords using LM Hash, promising higher security than legacy solutions such as TextSecure.

Rating in terms of other April fool stuffs around, I would easily rather this as first for sure. And since this post is about April fool another good prank played by a Professor on his student can be watched below:


*Google announced that it had successfully modeled all possible states of software using quantum superposition techniques.

Ideal e-voting system

Long time since last post; but the reasons as always being that I am busy trying to get in rhythm, learning to cook efficiently :P and so on..

Recently Australia had its first experiment with e-voting, which while good doesn’t exactly fits the ideal description of what is expected from e-voting schemes. I myself am not a firm believer in the e-voting systems. The main problems that are not answered, which according to me as the bases of any voting scheme, are the properties of Verification, Privacy and Classification

  • Verification: How to verify if votes casted had lead to legitimate elected candidate? How is it possible for voters to verify if the person elected was indeed from majority?

Example: In a classical voting system, a voter puts a vote on paper, folds it and drops it inside the designated box. In this case, a voter knows for sure that his/her vote is being considered and would be counted in the final outcome. Furthermore, the voter can also be assured that the vote cased is a real and valid vote. This verifiability property seems to be missing from e-votings. Although it is worth noting that many protocols do offer this property where the voter can check his/her vote against final tally. (Estonian voting protocols are prime example)

  • Privacy: In an ideal voting system a voter will be free from social aspects of voting i.e. from the pressure of friends, family and society in general. In classical setting, a voter is free (theoretically*) to vote as there wont be anyone peeking over the shoulder of the voter or a family verifying that it is voted for bias voting. In e-voting, this scenario seems unlikely! How and when would be voter cast a vote such that he/she is not being influence by social environment or is isolated enough to cast a vote that is in a sense anonymous. Given this situation, e-voting makes a very bad candidate for a democratic e-voting system.

Some protocols do exist that allows for the voters to re-cast votes and the last vote casted is considered as a valid one. But that does not exactly provide a optimal solution.

  • Classification: How would a vote that been nullifies be verified as being intentionally nullified or due to some technical glitch?

Example: (Valid for India) Whenever a voter wants to decline voting due to no suitable candidate standing for the election, then he has two options:

  1. Declare that at the polling station which might possible earn him retribution from the winning candidate after the election session.
  2. (in case of Ballot paper)To invalid the vote by stamping (casting vote) at odd location or stamping more than one candidate.

This option of invalidating the vote (and remaining anonymous), besides not casting the vote, seems to be missing in e-voting. Furthermore, current e-voting systems are also not being ‘democratic’, so to speak.

* Theoretical in a sense that there are lots of realistic stuffs that do infact influence the voting outcomes (Bribing, fake-voting, vote-for-money…)

Underhanded Crypto Contest

For everyone playing around with Crypto there are certainly moments where the developed and implemented algorithm does just the opposite of what is expected; which leads to the code thrown off in some dark corner of the hard-disk. If this is same case with you, now is the good time to get all those codes that out because there is a new crypto competition!

Underhanded Crypto Contest

The Underhanded Crypto Contest is a competition to write or modify crypto code that appears to be secure, but actually does something evil. For example:

* A password hashing library that always accepts the password “monkey.”

* A MAC algorithm that can be broken if you know some fixed secret key.

* Something that leaks the key through a reliable side channel, padding, IV, etc.

* A user interface that makes it easy to accidentally spread your secrets all over the Internet.


Submission deadline is Dec 2, 2014, in accordance to the rules

Winners will be announced on Dec 30, 2014.

Quantum computation

A couple of days back, I received an interesting email from a rather curious mind.

The author of said email apparently found my contact details from one of the conference proceeding where I had submitted a paper.

Now, the author of the email posed rather curious questions, namely

…what exactly makes a quantum computer different from normal?…numerous articles point that quantum computer are superior because they can exist in two simultaneous states, but how does that exactly make a difference?…Lastly, every machine has its limits, so why is it being flaunted around as super machine?

Admittedly, given this was second email to me from a curious student so I was rather existed to answer it. Mind you, this person was also first one to continue conversations with follow up emails.

Anyways, while I did replied answers to all his questions, to the best of my abilities, it was later that I stumbled around this excellent article “What Quantum Computers Do Faster, with Caveats“. It is excellent articles that explains in short about the limitations of quantum computation. The author of this articles also uses Quantum Fourier Transform as example to explain the limitations.

One of the main idea about quantum world that I found hard to explain to him was that of superposition, something which he found surprisingly difficult to grasp; which may be attributed to his completely non-physics background.

When I had started to study about quantum information processing, I used to note down every interesting example or problem that would be capable of explaining a specific concept in a flash. Following is one of those noted example:

For example related to computer programming for understanding the superposition, one may look at a data structure called a linked list. Each data node in the list contains a pointer, to the next data node. The program traverses the list by jumping to the next data node indicated by the pointer. In a doubly-linked list, the data node contains two pointers, one for traversing to the top of the list, and another for traversing to the bottom of the list.

Another way of implementing a doubly-linked list is to use a single pointer space that contains the exclusive-or (XOR) or the two adjacent pointers. Figure below shows a link list node with pointer S that is the XOR of reference A (before) and reference B(after). To traverse the link list upward, the program XORs the current pointer (S) with the one it just left (B), and the result is the pointer of the next node (A). The same process works when traversing down the list. This superpositioning of node pointers is analogous to how the quantum states are maintained simultaneously in a quantum bit.

We can define those lists mathematically as follow:

 A = S \wedge B \uparrow


B = S \wedge A \downarrow


Earlier on, I also had bad habit of never noting down important points without due citation or source for the information. So credit for this example to original poster or author of blog post or paper, respectively. If anyone is aware of where this appears, kindly comment.

Lastly, there are two excellent articles on the Limits of Quantum Computers by Scott Aaronson here and here.

On the next Q+ Hangout

The next Q+ hangout is all set to run on 22nd April, 14:00 UTC+1. Surprisingly, the topic this time “On the Uncertainty of the Ordering of Nonlocal Wavefunction Collapse when Relativity is Considered”, which I had earlier read through and found to be highly interesting and no less entangled, no pun.

In the EPR experiment, if Alice makes a measurement on her particle then the state of Bob’s particle collapses to the result anti-correlated to Alice’s measurement. This process is said to be  happen instantaneously.

This ‘instantaneous’ gives rise to a paradox. For example, if in one reference frame Alice measures first then Bob’s state collapses. In a different inertial frame, an observer might say that Bob measured first leading to the collapse of Alice’s state. This leads to the identity paradox for who collapsed whose first!

This paper uses a type of clock device that functions on the laws of quantum-mechanics. This device in the experiment keeps the above paradox from occurring.

The bottom line being that in the experiment, Alice and Bob’s measurements cannot be made with infinite precision, rather they are constrained due to the energy-time uncertainty principle. Since energy and time are not relativistic invariant quantities, different observers in different reference frames must transform their uncertainty principles accordingly.

Concluding the paper rightfully claims the uncertainty principle in time always outruns the time difference induced by the change in reference frames. Neither Alice nor Bob will ever, with certainty, observe the two measurements swap temporal order. Furthermore, it can be said that  if a time measurement performed an entangled biphoton is simultaneous in one shared reference frame then it can be considered simultaneous to all measuring observers who do not share a reference frame.

On a personal note, it was only while going through the paper I thought about the time it takes for a EPR photon to collapse when measurement taken on its pair. People have already calculated it experimentally. This hangout already sounds like exciting, fingers crossed that I can attend it uninterrupted this time, have a couple of questions for the presenter.

Further Reading

On the Uncertainty of the Ordering of Nonlocal Wavefunction Collapse when Relativity is Considered arXiv:1310.4956 [quant-ph]

The Uncertainty Relation Between Energy and Time in Non-relativistic Quantum Mechanics DOI: 10.1007/978-3-642-74626-0_8

Experimental test of relativistic quantum state collapse with moving reference frames DOI: 10.1088/0305-4470/34/35/334

Apostille by MEA (Ministry of External Affairs), India [PART 2]

This is in continuation of my previous post Apostille by MEA (Ministry of External Affairs), India [PART 1].

This information is current as of April 2nd 2014 and applicable for educational documents ONLY.

The following is true for Maharashtra State Government. State attestation can be completed in one day, in official work hours.

State Attestation:

I.                   After completing the previous step, collect the following documents:

  • One Xerox copy of your passport, make sure that the Xerox has both the pages of your passport. The address page and the identification page. This Xerox copy must be self-attested. Be sure to also carry your passport.
  • All the original documents with due stamps from university and notary stamp.
  • One written application to Joint Secretory stating why you seek state-attestation.  Be sure to attach all relevant information in it for e.g. the name of the program and university which seeks apostille etc. The application must be signed by applicant.
  • Two passport size photos.
  • 1 blue pen and 1 black.
  • One nice book or perhaps portable video player to pass time (trust me it would be life saver).
  • Attestation is free of charge but be sure to carry change cash as you will need to pay for some Xerox.

II.               Travel to Mumbai. It is highly recommended that you travel as early as possible (on weekdays and non-national or state holidays only). 

  • The address one needs to travel first is:

Higher & Technical Education Department, Government of Maharashtra, Room No. 422, 4th floor,  Mantralaya, Mumbai – 400032. Tel No.: 022-22043018.

  • There are two ways you can travel there, by local bus, which runs every day during morning from every major bus stop or by local train. My city has bus daily directly till Mantralaya so I cannot provide accurate information about local trains, but from the enquiries I did with people around Mantralaya, local trains for Church gate were ideal option for reaching there.
  • Once you have reached there, from 9:30 the distribution of gate pass begins. First task is to secure a gate pass, fill up all the relevant information on it. Once filled up, queue for getting your pass authorized. You need to furnish original identification card to get your pass authorized. ID card can be: Driving License, PAN Card, and Passport.
  • Your gate pass would provide you the entry time as after 14:00. For now, keep the pass secured with you.
  • The reason to secure the gate pass earlier is due to the huge influx of people that gather for securing pass at later time.

III.            Around 13:20, line up for entry to Home department.

  • The Home Department of Maharashtra Government is situated in another building. The complete address is:

Section officer, Home Department, Government of Maharashtra, 9th floor, New Administrative Building, Opp. Mantralaya, Mumbai – 400032. Tel No. 022-22022688

  • This building in directly behind the one where you secured the gate pass. The other building does not require gate pass.
  • You need to note down purpose of visit with the security person. Additionally you need to furnish ID proof as well. Just write down 9th floor in place of department you wish to visit.
  • Once inside you can either take elevator or stairs to reach 9th floor. When I reached inside, there were queues (!) to use the elevator. I took up stairs rather than wasting time waiting for my turn.
  • On 9th floor the Home Department is exactly to the left side, if you arrived from staircase.
  • Go inside the first compartment of the Home Department.
  • Inside, the first table would provide you with first set of stamps and the other tables with signatures.
  • You will be asked for ID proof (if presenting the documents yourself, in case of proxy, a signed consent letter is required)

IV.             After completing with Home Department

  • Head back to the road where you sought the gate pass. Now head down the road, you will find yourself at a ‘T’ junction. Head left to find some Xerox shops.
  • Take two copies of all the original documents. Take Xerox of both sides.

V.                Head back to Mantralaya

  • Go to 4th floor of the Mantralaya building. On that floor ask anyone to point you towards Higher and Technical Education Department.
  • Inside, seek the lady (as of now) sitting at the desk which is infront of the cabin in the department.
  • Ask her to provide form for state attestation.
  • Fill the form in Black ink only. You will need to note down all the documents and its associated unique number on the form, which you seek attestation for. Also specify contact details of two persons in you locality to vouch for your behavior.
  • Paste you passport size photo to the application form.
  • Staple the written application and passport Xerox to the form.
  • Submit all the above along with Originals and Xerox of the same.
  • It will be checked and stamped in an hour or so.
  • For me it took 2 hours since the Joint Secretory was busy in meetings.

That’s all with state attestation. Final apostille procedure will be detailed in next post.


  • The toilets and wash rooms are 2 minutes distance from Mantralaya building (You cannot use the one available inside the building). It is near the bus stop.
  • There are some good places for having lunch or light snacks nearby. Be sure to ask the police force in case of any assistance in finding right place.
  • When you receive your documents back, be sure to double check if all the documents are stamped and signed. It happened with me that one document was unsigned.
  • You can use the free time in between taking gate pass and queuing for Home department by reading nice book or listening music etc.