A poorman's block encryption algorithm
in [Cryptography]
|
From: Maaartin on 12 Mar 2010 16:41 On Mar 12, 10:31 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > My point was, to fomulate stronger, that there is no authentication > scheme based on a (strict) stream cipher at all (to my humble > knowledge). Or are you of different opinion? I'm not aware about anything like this (and about so many other things :D ). > On the other hand, I myself recently proposed an authentication > scheme that, compared to one known scheme, has the advantage of > using one key instead of two and with a chaining value that is > unknown to the analyst. Comments and critiques to that would > be very appreciated. It's slow. You need only one key but do 2 encryptions per block. There're schemes like iacbc or poly1305 or gcm which are about twice as fast (i.e., they have only a small overhead over encryption alone).
From: Mok-Kong Shen on 12 Mar 2010 16:55 Maaartin wrote: > Mok-Kong Shen wrote: >> My point was, to fomulate stronger, that there is no authentication >> scheme based on a (strict) stream cipher at all (to my humble >> knowledge). Or are you of different opinion? > > I'm not aware about anything like this (and about so many other > things :D ). O.K. Let's see whether some experts could name an authentication scheme based on stream ciphers. >> On the other hand, I myself recently proposed an authentication >> scheme that, compared to one known scheme, has the advantage of >> using one key instead of two and with a chaining value that is >> unknown to the analyst. Comments and critiques to that would >> be very appreciated. > > It's slow. You need only one key but do 2 encryptions per block. > There're schemes like iacbc or poly1305 or gcm which are about twice > as fast (i.e., they have only a small overhead over encryption alone). I was comparing my scheme with the well-known CBC MAC. That also needs 2 encrpytions per block. CBC MAC is fairly popular to my humble knowledge. The schemes you named are new to me (for they are not mentioned in the couple of books that I have). M. K. Shen
From: J.D. on 12 Mar 2010 17:02 > Don't listen to M-K. For what it's worth, I would like to add my voice in support of Greg Rose's statement above. From what I can tell from the search engine, Mok-Kong Shen has been on this list for years, and yet he still has only the most superficial grasp of cryptology. You can tell, for example, the extent of his ignorance when he says things like this from a few posts below: "there is no authentication scheme based on a (strict) stream cipher at all (to my humble knowledge)". There is an ambiguity in his statement, so I cannot tell if he is saying there is no stream cipher with built in message authentication (such as Phelix), or that there is no message authentication scheme that is built out of a stream cipher engine (e.g. Panama). Or perhaps he doesn't believe these stream ciphers are "strict" stream ciphers (whatever that means). Either way the statement is wrong, and demonstrates how truly "humble" his knowledge is. Nevertheless, he persists in making "humble" suggestions and proposals, that have little (if any) merit. This is all well and good, as he is easily ignored; but if you are just beginning in cryptology you might be mislead by his crack-pottery. Thus I add my voice to Greg Rose: Don't listen to MK.
From: Tom St Denis on 12 Mar 2010 17:19 On Mar 12, 5:02 pm, "J.D." <degolyer...(a)yahoo.com> wrote: > Nevertheless, he persists in making "humble" suggestions and > proposals, that have little (if any) merit. This is all well and > good, as he is easily ignored; but if you are just beginning in > cryptology you might be mislead by his crack-pottery. Thus I add my > voice to Greg Rose: > > Don't listen to MK. Basically. He's just a troll who has been told many times that he really ought to do more studying and less posting. He almost never reads cited material when sent as a reply to one of his "questions," and even then he usually only performs a cursory glance over the material. The gist of his process is he tries to drag out a thread as long as possible by asking as many seemingly unrelated questions as possible all while never really addressing anything anyone says to him. The only time I really reply to him is either once in a blue moon where I'm testing the waters to see if he's changed, or to mock him. Tom
From: Mok-Kong Shen on 12 Mar 2010 17:43
Mok-Kong Shen wrote: > Maaartin wrote: >> Mok-Kong Shen wrote: >>> My point was, to fomulate stronger, that there is no authentication >>> scheme based on a (strict) stream cipher at all (to my humble >>> knowledge). Or are you of different opinion? >> >> I'm not aware about anything like this (and about so many other >> things :D ). > > O.K. Let's see whether some experts could name an authentication > scheme based on stream ciphers. I like to remark that I don't want to cause lenghty discussions on the "definition" of stream ciphers. Once I mentioned something like doing addition of a 32-bit computer word output from a PRNG to 32 bit of plaintext as a stream encryption operation and someone promptly opposed, saying that's a "block" operation. On the other hand, I read in descriptions of stream ciphers phrases like "consists of a sequence of blocks", "the complete block function", etc. Evidently, different people have different opinions on what's "exactly" a stream cipher and what is not and there is thus not much sense to debate on its "definition". M. K. Shen |