Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption by Hand?

Posted by ryuzaki0 on from the passing-notes-in-algebra-class dept.

Arachn1d writes "A question for all those slashdot math-geeks out there: What's the simplest, but most secure encryption algorithm you can devise or provide a link to that can be carried out with nothing but a pen, some paper and a calculator? Bonus points for any public-key cryptography solutions!" Bruce Schneier developed an encryption algorithm designed to be performed with a deck of cards, but it's rather slow to do for fun. Well, you did say "a calculator", and if we assume a programmable calculator your options probably expand quite a bit...

41 of 77 comments (clear)

  1. Knapsack by heliocentric · · Score: 2, Informative

    I think Knapsack is a simple system to do by "hand" if you know modular arith / number theory (to calculate the inverse modular operation). Plus it meets your public key "bonus."

    It's not the most unbreakable code in the world, but better than ROT13 or even poly alphebetic cyphers (think Kasiski for breaking ploy's).

    --
    Wheeeee
  2. Use a code book! by MarkusQ · · Score: 5, Insightful
    1) Use a code book. Something with a concordence is good, though if you have the book in flat text you can easily make a concordence. Then you could write "fungal:17" to mean "staple" if "staple" (the word you intended) occured N words after (for some pre-agreed N) the seventeenth occurance of "fungal". There are a number of cute ways you could encode seventeen, and it's relatively easy to make N vary as well. Since this is "security through obscurity" you might as well have fun with it.

    2) If you are going to be hand writing the messages as well, you may want to use out of band information (letter shapes, mispellings (with & without crossing out, etc.), line breaks, etc.) to either carry information or make it appear that you have hidden information & thus confuse the issue.

    3) Split the message (e.g. every third word, etc.) in interesting ways.

    4) Play Simon-says; send messages that say things you might have said, but that your recipient knows to ignore because they lack some feature.

    Etc., etc. The list is pretty long, and success mostly depends on doing Odd Things the Bad Guys don't expect, and avoiding the Dumb Things that they will see right through.

    Weren't you ever twelve?

    -- MarkusQ

  3. Just use a one-time pad... by polymath69 · · Score: 2
    it's perfect for this sort of use.

    You don't have to use ASCII, just start with a number mapping that conveys the information you need. Maybe 1-26 for letters and a few more for space, punctuation, etc.

    Then pull the top number off your pad, add your code number, write that down. Tedious but not difficult, and your friend just does the same thing in reverse to decode.

    Plus it's unbreakable, so long as no one gets a hold of your pad and you never reuse it.

    --

    --
    I don't want to rule the world... I just want to be in charge of mayonnaise.
    1. Re:Just use a one-time pad... by wholesomegrits · · Score: 2, Interesting

      Prior to the availability of decent true and pseduo random number generators, a large number of books were published that contain strings of random numbers -- simply because creating such data was hard to do. Most decent universities, probably every single land grant university surely, will have such books. I know we do here. They've been long forgotten, but are an excellent source of truly random data. No need to do all the futzing around, just pull some data from the books.

      --
      No sig is worth reading.
    2. Re:Just use a one-time pad... by SuiteSisterMary · · Score: 2

      Actually, the gov't (to the best of my knowledge, still does) use atmospheric noise. The other option would be SGI's Lava Lamp based RNG. They had a whack of Lava Lamps, would take digital photos, and automagically convert the bitmap into random numbers.

      --
      Vintage computer games and RPG books available. Email me if you're interested.
    3. Re:Just use a one-time pad... by wholesomegrits · · Score: 2

      I've also heard of people using radioactive decay for properly decent random data -- a la Hotbits. Apparently the Pentium III and P4 include a truly random number generator. I was impressed by this, but I'm not sure how the hell one uses it. It seems that most software still used pseduo generators. I suppose it takes additional work to call upon this feature. Here's what Intel said in a press release:
      "Present software pseudo-random number generators still have a pattern that a very sensitive code breaker can ultimately detect and break the encrypted message."

      --
      No sig is worth reading.
  4. an alphabet wheel by josepha48 · · Score: 2

    you dont need a calculator, you just create your own 'hash' table. Like a = f, b = g, etc, or you can do a random thing and map a = g, b= d, etc.. All you need is a peice of paper and a pencil.

    --

    Only 'flamers' flame!

    1. Re:an alphabet wheel by swillden · · Score: 2

      Except that the original question asked for the "simplest, but most secure" algorithm. A simple monoalphabetic substitution cipher like you suggest is horrendously weak. The code puzzles in the newspaper are often harder than that.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. do-it-yourself one time pad by chongo · · Score: 5, Informative
    For a non-public key stream cipher:

    If you allow the addition of dice, say a d20 ...

    Setup by the sender:

    1. Generate a one-time pad by rolling the d20 and writing down the 1's digits (d20 face value mod 10).
    2. Transmit the one-time pad in a secure fashion (use somebody's public key suggestion, hand carry, etc.)
    Setup by the receiver:
    1. Receive the one-time pad from the sender.
    2. Store in a secure place.

    To encrypt:

    1. Convert each plaintext symbol into an alphabet of 100 values (00 thru 99).
    2. For each plaintext digit, remove a digit from the one-time pad and transmit the sum mod 10.
    3. Destroy the used digits of the one-time pad.

    To decrypt:

    1. Receive the cipher text from the sender.
    2. For each digit in the cipher, remove the next digit from the one-time pad and subtract mod 10, from the cipher digit.
    3. Convert the result, pairwise, (00 thru 99 alphabet) into plaintext symbols.
    4. Destroy the used digits of the one-time pad.

    Encrypt example:

    1. Plaintext: Hello
    2. One-time: 9690367034
    3. Alphabet: 0730373740
    4. Transmit: 9320630774

    Decrypt example:

    1. Receive Ciphertext: 9320630774
    2. Receive One-time: 9690367034
    3. Subtract mod 10: 0730373740
    4. Convert to text: Hello

    And yes, the devil in the details is in the secure transmission of the one-time pad (step 2 of sender setup). Key management is never easy. Storage and transmission of one-time pads is one of the reason why this form of crypto is not a realistic choice for most applications. However if you have some way to transmit the one-time pad ahead of time, say visiting the sender ahead of time and dropping off the one-time pad it is not a bad choice.

    --
    chongo (was here) /\oo/\
    1. Re:do-it-yourself one time pad by addaon · · Score: 2

      I ask this as an honest question, just wondering if there's something I'm missing... why not a d10? Also, if you can reduce your alphabet to 20 letters (text is remarkably readable with w transmitted as uu, k and c collapsed, etc) you can avoid the modulus entirely. Just thoughts.

      --

      I've had this sig for three days.
    2. Re:do-it-yourself one time pad by |_uke · · Score: 2, Interesting

      Actually one time pads where used a lot by the government (English, American, etc) a few years ago.

      Typically you have a person sitting at a bingo roller thingy... who pulls out letters at random.
      These random letters are then written down on a big peice of paper as a one time pad.

      A copy of this is given to the person who needs to send data, and a copy is given to the reciever.

      The person doing the encoding takes another peice of paper and every three lines writes the pad down. (Maybe the paper with the pad it self had two lines between each pad sequance... I dont remember hehehe)

      On the second line is the message...

      on the third line, you do a bit of addition mod(26) (Actually I believe they left out a few letters to make the msg easier to read...)

      The person then writes their message under the pad sequence. So you might have something like this:

      a=1, b=2, c=3...

      (note, I am just hitting keys, replace with a real random sequance)

      ahfxd adbgf ewefg hzqdf wrhwd wrghl
      thisi sthem essag etobe sentx xxxxx
      upoqm txjls jpxgp mtffk pwv........

      so
      a + t = 1 + 20 = 21 = u
      h + h = 8 + 8 = 16 = p
      etc etc

      Urgh... my ride is here so I have to take off... but you get the idea. I might have mad a few mistakes in this post because I did the entire thing in a bit of a hurry.

      A good (and really fun) book to read is Cryptonomicon. Its based in two timelines and during the story it talks a lot about cryptography. Quite a good book.

      Anyways, sorry I could not finish the post. Good luck

      --
      Luke
    3. Re:do-it-yourself one time pad by PurpleBob · · Score: 2

      There is no such thing as a d10.

      The thing about dice that makes them work is that they are Platonic solids, so that all the faces and vertices are shaped the same. If you had a 10-faced solid, some of its faces would have to be different shapes.

      --
      Win dain a lotica, en vai tu ri silota
    4. Re:do-it-yourself one time pad by Pedersen · · Score: 2
      There is no such thing as a d10.

      Really? Well, in the off chance that you're not joking, I provide you with this link, which has pictures of mroe than a few. Now, to my mind (looking at a few of the d10's that I have) the various faces do look the same, so I'm not sure where you're coming from.

      --

      GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.
    5. Re:do-it-yourself one time pad by PurpleBob · · Score: 2

      Oh, I see.

      I was wrong, then - a die does not have to be a Platonic solid. On a d10, the corners are not all identical (the top and bottom are very obtuse angles) but this just means they're more likely to stay in whatever half of the die is up when it hits the table. Since that should be random anyway, the die works.

      Thanks for pointing that out. d10s look neat.

      --
      Win dain a lotica, en vai tu ri silota
    6. Re:do-it-yourself one time pad by DaveHowe · · Score: 2
      There are also platonic-solid d10's available; they are 20 sided, but list each number twice.

      you can make one yourself semi-trivially by taking a standard D20 and striking out the high digit whenever present :)

      --
      -=DaveHowe=-
  6. Search the literature by coyote-san · · Score: 2

    Search the literature - what was used before the mechanical systems of WW-II?

    These were the strongest ciphers that could be used in an era before mechanical assistance (and you could even simulate the Engima machine with pen and paper!), so they satisfy two of your requirements. But you won't find asymmetrical ciphers from that era.

    However, you can find some ciphers far stronger than the simple rotor engines others are suggesting.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
    1. Re:Search the literature by heliocentric · · Score: 2, Interesting

      One of the most popular pre-WWII ciphers was the Playfair Cipher. Very simple, just know the code word of the day.

      --
      Wheeeee
  7. It'd be difficult, but... by 42forty-two42 · · Score: 2, Interesting

    What about ciphersaber?

  8. Don't do that!! by epsalon · · Score: 3, Insightful

    These numbers, which are probably random, are not crytographically secure precisely because it's in a book you can find in the library.

    An attacker can easily find out which book you are using from quite a small portion of plaintext and thus reveal all messages past and future.

    One Time Pad relies on the utmost security of the key, and the fact that it's only used once (for any purpose).

    --

    Make even shorter URLs - 8LN.org

  9. Cryptonomicon ... by geophile · · Score: 2

    ... had a system that relied on a deck of cards, and figured in the plot. The scheme was designed by Bruce Schneier, and described in great detail in an appendix. The system looked quite difficult in practice.

  10. Even better, use a Q20 by MarkusQ · · Score: 4, Funny

    Even better, if you can get them: a pair of twenty sided quantum-entangled dice. That way, both sender and receiver can extend the pad at need, just by rolling up more numbers.

    The only tricky part is reading the dice without looking at them. There are several ways to do this, but none of them actually work in practice and at least one of them is suspected of causing space-time errosion (& thus you will need to file an Environmental Impact Statement, including the plain text of the message being sent, thus reducing the utility of the system).

    Another problem is keeping the dice cold. They have to be kept very, very cold, and of course this is very very expensive (C = A*exp(K-T)+B*N, where C is cost, K is Boltzman's constant, T is the temp., A and B are arbitrary constants related to local tax laws, and N is undefined).

    But the main advantage of using quantum dice is that it would be too nerdly for words (at least three equations would be required) and you could probably get your picture in some magazine, wearing a white lab coat with coloured lights hitting you from odd angles.

    -- MarkusQ

    P.S. The original post was sound, but if you buy any of this post, I have a startup I'm trying to fund...

    1. Re:Even better, use a Q20 by Graymalkin · · Score: 2

      I mod you +1 Funny in the slashdot moderation system of my mind. Too bad that's too long for a .sig.

      --
      I'm a loner Dottie, a Rebel.
  11. AES by cperciva · · Score: 2

    Seriously. You can run AES by hand; and given a few sheets (and an hour of setup time) for precomputed tables, you can get the time down to half an hour per block.

    Of course, making sure you don't make any mistakes along the way is rather critical, so I'd suggest spending another half an hour to verify your cryptotext.

    --
    Tarsnap: Online backups for the truly paranoid
  12. RC4 by phr1 · · Score: 3, Insightful
    Check the RC4 algorithm, which normally is done on a 256-element vector so we'll call it RC4-256.

    It's pretty obvious that you can use vector sizes different from 256. For example, you can do RC4-52 with a deck of cards face up on a table (4 rows of 13 so you have to do arithmetic in your head mod 13 and 4 on the cards and suits--you figure out the details). Or you can do RC4-99 (9x11 grid) or maybe RC4-100 (10x10 grid) with pencil, paper, and eraser.

    Then as several people mentioned, there's always the one-time pad. If you want to encrypt just one or two very short messages (total a few dozen characters or less), one innocuous way to carry the pad is as a wad of cash (I mean just a normal quantity of $1 and $5 bills in your wallet, not a suspicious roll of $50's and $100's). Use the serial numbers as the pad and spend the bills when you're done with them.

    Forget public key. Public key cryptography in any known form is impossible without a programmable device. The calculations are just too cumbersome to do by hand. Anyway, public key probably isn't too useful in this situation. Public key solves the "n**2 problem" when a bunch of independent mutually distrustful peers are all trying to talk to each other--you only need one secret per person, instead of n**2 different secrets. For pencil and paper ciphers you're probably only communicating with trusted peers, so a shared secret is ok.

    Of course if you have even a crude programmable device like a pocket organizer (even some of the ones much less fancy than a Palm Pilot) or a Java-enabled cellular phone, you can run all the usual computer cryptography algorithms on it.

    1. Re:RC4 by jonesvery · · Score: 2

      Then as several people mentioned, there's always the one-time pad. If you want to encrypt just one or two very short messages (total a few dozen characters or less), one innocuous way to carry the pad is as a wad of cash (I mean just a normal quantity of $1 and $5 bills in your wallet, not a suspicious roll of $50's and $100's). Use the serial numbers as the pad and spend the bills when you're done with them.

      Which is a nice, secure approach as long as you don't want to decrypt the messages afterwards... =)

      It's important to remember that there have to be two copies of a one-time pad in order for it to work: one copy encrypts the message, the other copy decrypts it.

      --

      * * *
      It is a dada story -- it has no moral.

  13. Do it the Russian way... by Kirruth · · Score: 3, Informative

    To avoid the embarassment of being caught with code books, an old method was to take an obscure out of print book, then refer to a letter by page, paragraph, word, then position in the word. The trick is not to repeat a reference, and to change the book you use frequently. Russian spies in England in the 60s (for example the "Lonsdales") used this trick. If you control the channel the message is sent by (for example, dead-letter drops), and if you use other codes in the source (for example, code names for contacts), you can make your own cold-war communications system.

    --
    "Well, put a stake in my heart and drag me into sunlight."
  14. Soviet Encoding Technique by Detritus · · Score: 2
    The Russians used a clever technique to convert text into numbers before encrypting with the OTP.

    They used a table like this:

    ..0123456789
    ..ETAOINSH
    8 BCDFGJKLMP
    9 QRUVWXYZ/.

    The common letters in the first line are encoded as the single digits 0..7. The less common letters are encoded as the double digits 80..99.

    This has two advantages. It provides some compression of the text and it eliminates any simple one-to-one correspondence between letters and pairs of digits.

    Example:

    SLASHDOT

    S = 6
    L = 87
    A = 2
    S = 6
    H = 7
    D = 82
    O = 3
    T = 1

    6 87 2 6 7 82 3 1

    68726 78231

    --
    Mea navis aericumbens anguillis abundat
  15. Re:G�del Incompleteness Theorem by heliocentric · · Score: 2

    Yes and No. I did leave out details. Consider this revised proof:

    Definition: Interesting Numbers - numbers that have a name or a special property that describes them. Examples: Primes, telephone numbers, population of some town, etc...

    Theorem: All Natural Numbers are interesting.

    Proof: Assume that not all natural numbers are interesting. This implies there exists an uninteresting natural number or a set of uninteresting natural numbers. Now, we must only prove that this set is indeed interesting.

    Method One:
    Basis: By the well ordering principle there exists a minimum value in this set. Because this number can be described as the minimum value in the set of ALL uninteresting numbers that means there is a description of this number and thus it is somewhat interesting and does not belong in this set.

    We can inductively show numbers in the set are interesting. Not that each is now the minimum uninteresting, rather the ith member of the uninteresting set, thus making it interesting.

    Method Two:
    Just state that being the member of a set for which there is a descritption makes all numbers in that set interesting (since they were just described). I do not really like this method however since it makes the entire proof un-elegantly trivial. To prove all numbers interesting we can just define two sets: the set of all numbers equal to 2, and those that are no equal to two. Maybe we need to argue that the cardinality of a set should not be 1 or 0 but then we can just make a set of all numbers greater than 1 and less than 4, and all numbers that aren't. Then there's the "interesting" issue of making two sets of equal size that partition the universe: even and odd numbers. It is easily shown that all natural numbers are either even or odd, and being odd or even is arguably interesting, thus all natural numbers are interesting. Then again, I'm babbling on about a truely meaningless property of numbers that I just use in an intro class to talk about simple proofs and WOP and induction, etc...

    As for your barber problem, if you introduce a second barber they can each cut each other's hair, and thus begins the old joke about the small town with two barbers, one having nice hair, the other having horrible - which do you go to?

    --
    Wheeeee
  16. Re:Do you want it to be secure if so, none exist by heliocentric · · Score: 2

    Pretty much any other key based one is doomed

    Ok, I'll grant you that yes, on the basis of other algs, finding the key (ie guessing) will produce the answer. However, you need to be careful when you use the concept of "pretty much" and then go on stating how something is not secure due to the inherent key guessing restrictions. Although I can't say there is one point or another that you make that I completely disagree with, it's probably just ambiguities in the language that erk me. Ok, yes, you can guess all the keys, but if you do not know what alg. I used (you do need to know what to stick your keys and the cipher text into, right?) your time to break my code grows - and it grows very large. Especially if I take a known alg. and alter it in a way that does not introduce some flaw, let's say I alter the SBoxes in DES to just as secure sets - now you have to know what alg. I used and what alterations I used. Then, how do you know when your brute force spits out the right answer? I could have sent the message: "SNaRFt" to my friends who happen to know that this means they need to attack at 1:21PM EDT. Presumably you will stumble upon key / alg. combos that will produce just as meaningful (to you) plain texts.

    Yes, given enough time you can try all keys (within a finite length) and I guess you can try every SBox combo in DES (within a finite range of values) but how much time are we talking for just this set? Let alone the fact that you don't know if maybe I just used regular blowfish, or AES, or whatever.

    Are Blowfish, AES, DES, whatever unbreakable? Heck no. But does that mean that even given a year you could break a particular code of mine? How about infinite time and the obvious issues shared with one time pads that you are not sure which possible plain text is the right one - can you ever say for sure you've cracked it?

    Basic idea: is it theoretically possible to break something? Yup. Might the sun go nova before you get done? Pretty much. Would you even know when you got it? Hard to say.

    --
    Wheeeee
  17. That system is still breakable by phr1 · · Score: 2
    That's called a book code and it's still breakable, because different letters in the words in a book aren't randomly distributed. See Kahn's "The Codebreakers" for more info on how to break these systems. Ken Follett's spy novel "The Key To Rebecca" is also about breaking such a code.

    In WW2 and the 60's, breaking book codes was difficult but not impossible. Today, if the attacker has the text of your book in a computer (he doesn't have to know which book it is, he just needs a big library of online books that includes yours), book codes are probably quite weak.

    Stage 5 of Simon Singh's cipher challenge was also a book code. It turned out to be possibly the hardest of all 10 stages. But even though the message was just a few dozen characters long (and turned out to be written in Spanish), several people managed to solve it.

  18. one-time pad by phr1 · · Score: 2

    Yes, the idea is the person at the other end has the list of serial numbers. In all these examples the purpose of encrypting it is to send it to another person, not to store the info so you can decode it yourself later. Sorry about any confusion.

  19. Pen and paper methods can be secure by phr1 · · Score: 2
    For example, almost all SSL web browsing is secured by RC4-256 encryption and there are no known breaks for that. You could do RC4-256 with pen and paper (well, pencil and paper and eraser) pretty straightforwardly, though RC4-100 might be easier (and possibly less secure, though again there are no known useful breaks).

    Bruce Schneier's Solitaire algorithm (the one that uses a deck of cards) also has no known breaks, though it turns out to not have all the properties that the designer had hoped for.

  20. Characters in spy novels always want to do this by phr1 · · Score: 2

    With computers everywhere these days, pen and paper ciphers are mostly just an intellectual challenge. Still, the subject comes up on sci.crypt regularly. It figures into Neal Stephenson's Cryptonomicon if that's of any interest.

  21. OTP printed on a fruit roll-up by cowtamer · · Score: 2, Funny

    Of course, the proper way to encode the key
    would be on something like Fruit Roll-Ups (TM),
    which are like paper but edible. That way, both you and the recipient could eat the key after using it.

    Cryptograpy has never been so delicious!!!

  22. Not such a good plan by phr1 · · Score: 2
    The ciphers used before WW2 were in general pretty weak. We could deploy better ones now, just because we understand the subject better.

    The Codebreakers, by David Kahn, is the standard reference on historical ciphers, btw. That's the first place to look if you want to know how those old systems worked.

  23. RC4 by phr1 · · Score: 2

    The closest thing anyone has found to weaknesses in RC4 are "distinguishing attacks". If you have a gigabyte or so of RC4 output, you can statistically show that it's not actual random data (you can distinguish RC4 from a true random number source). However, that's a long way from being able to break the algorithm.

  24. Re:G�del Incompleteness Theorem by joto · · Score: 2
    No, the proof as it is stated is valid. While self-referential sets can be troublesome, that is not the problem here. The problem is of course the loosely defined notion of "interesting numbers". And in that regard, the conclusion that all naturals are "interesting" is not really surprising. I'm sure a real mathematician like Ramanujan would quickly find an interesting property to any natural, such as: 478394739274019283740192837409128376354342

    On the other hand, I can't...

  25. Re:G�del Incompleteness Theorem by joto · · Score: 2
    Except that this set of interesting numbers is not self-referential. It is a proper subset of the naturals, and therefore cannot include itself. And the same can be said about the barber paradox.

    I will not delve deeply into set-theory here. But what you remember from your classes about a class versus a set is true. A class C is defined as: C = {x | x has property P }

    On the other hand, with the use of Zermelo-Fraenkels axiom number 4 from standard ZF-set-theory, the following is a completely ok way to define a set: S = {x | (x is element of T) and (x has property P) }, whenever T is a well-defined set.

    In both definitions above, it is of course important that the property P is something we can express in a formal language, otherwise it is impossible to even in theory tell wether something is part of a set (note that it is ok for P to be very hard to compute, but it should at least be possible to express P in a formal language).

    In the barber paradox, you have the set of all people: P. Populations are usually finite, so this set can be listed by enumeration, and is thus well-defined. Then you have the set of all people shaving themselves: S. And the set of all people not shaving themselves P\S. And we have the set B of all people shaved by the barber. All of those sets are well-defined. Now, you introduce the assumption that B=P\S. This leads to a contradiction, thus the assumption is wrong, the barber cannot possibly shave everyone who doesn't shave themselves. It is not a paradox, it is a simple proof (reductio ad absurdum), and there is no need to involve heavy set-theoretic stuff.

    On the other hand, in the "interesting numbers" theorem, we have the set N of naturals. We define a subset I of "interesting" numbers. The trouble with I is that the "interesting"-property is not something we can express in a formal language. Thus I is not a well-defined set. Wrongly, we continue developing the proof under the false assumption that I is well-defined. Since our intention is to prove that I=N, it is natural to assume the opposite (not I=N), and in this case the well-ordering property of N gives us that there is a least number n in N, but not in I. Given our completely unformal definition of "interesting" above, it seems perfectly ok to say that n is "interesting". But if n is "interesting" then it must be in I. This is again a contradictory result, and thus we must conclude that not not I=N, which most people who aren't anal intuitionists, agree to mean the same thing as I=N.

  26. Re:G�del Incompleteness Theorem by joto · · Score: 2
    I am certainly no set-theorist either, so you should probably ask Dr. Konvolina again about these things if it becomes unclear (or the horror: I've been wrong). But I have worked for at least a year with logic and formal systems, and mostly found out that those people who actually make progress there, are way smarter than me...

    But just to clear up: B=P\S is not a definition of a set. It is a statement in logic, it can be either true or false.

    The old definition of set's were equal to todays classes. I don't know why we need classes, but I'm sure real mathematicians use them for some sort of thing (real mathematicians don't worry much about foundations, only logicians (and thus computer scientists) do).

    The meaning of a self-referential set involves a set with itself as a member. Such as "the set of all sets", "the set only having itself as member", or anything in between. Of course, "the set of all sets except itself" is equally troublesome, since the complement would be self-referential. (And in those days, the complement of a set really meant that, it was not taken with respect to another well-defined set, but to a universal set including every set).

    Your definition of the set I (either a prime, or the smallest number not in I is however legal, as the property of being prime or being the smallest number not (already) in I), is certainly expressible in a formal system. It is almost comparable to a standard recursive definition, e.g. where you define a binary tree to be either an empty tree, or a node with two subtrees named "left" and "right". If you reformulate that definition as one defining the set of all binary trees it looks almost (but maybe not completely) as "weird". And upon inspection this definition of I is certainly simple enough. If you are used to inductive proofs, it is immediately obvious that I=N.

  27. Re:G�del Incompleteness Theorem by joto · · Score: 2
    No: B is already defined. P\S is already defined, it contains all the elements of P except those that are in S. Saying that the two sets are equal is not a set, it is an equation. An equation is a statement of logic, and can be either true or false.

    The current popular reformulation of sets (ZF-axioms) doesn't involve classes. I don't know what real mathematicians need classes for, but it's most likely something, otherwise they wouldn't be needed.

    Subtracting sets (e.g) P\S doesn't involve any big problems. The problems shows only up if you involve negations of sets without a clearly defined universe of discourse. If you allow this universe to be the set of all sets, then you are in trouble. Because it could include such sets itself, and so on. It might be the case that classes were introduced just for this purpose, to allow people to do it anyway, but without destroying the foundation of mathematics, which is built on top of sets.

    Yes, I don't like your definition of I. I agree that it is troublesome. The easy way out is to declare it meaningless (since you cannot define something in terms of itself (circular definitions)), or to reformulate it as an inductive definition. And in a typical formal system of notation (logic), you would be forced to do this choice.

    Either way, the proof that all naturals are interesting, revolves around the non-formal definition of I. You can define it in a completely informal way (my way), in a way that is not meaningful (your way), in a way that is questionable (my reinterpretation of your way), and so on...

    I don't think there is anything deep or fishy here. Circular definitions are certainly meaningless, but my reinterpretation clearly shows one of the deficiensies of the human brain. In an attempt to try to understand something that didn't make sense, I reformulated it in another way that perhaps could make sense (although highly doubtful), instead of pointing out the obvious fault that it was a circular definition. (And as most circular definitions of this kind, when trying to interpret it anyway, you would either reach everything N, or nothing (bottom)).

  28. Re:G�del Incompleteness Theorem by joto · · Score: 2
    Thanks for the link, but unfortunately it didn't clear much up. I think we both knew that a class was a (ill-behaved) extension of set. Now, what I was wondering about was for what reason they existed in the first place. If they only have historical value, then it seems kind of stupid to keep them around. ZF-theory doesn't seem to need them, and almost all of mathematics can be reformulated in ZF-theory.

    To say that sets can be constructed from classes is just a reformulation of saying that they can be formulated from other sets, and a property. So to me, it doesn't add any value. But I am not a set-theorist, and maybe classes really add something useful. Or maybe they are just a convenient notational device. Or maybe neither.