A poorman's stream encryption algorithm
in [Cryptography]
|
From: unruh on 23 Mar 2010 21:23 On 2010-03-23, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > unruh wrote: > >> All of your schemes are far harder to memorize than say rc4, and are >> weaker and slower. And implimenting encryption on the cheap does >> absolutely no good if the other side of the communication does not have >> the scheme. They are far more likely to be able to get say rc4 than you >> be able to send them your scheme. > > I think RC4 is nice, but my compound PRNG is meant to be much bigger > in general (it operates on words and is meant to use a quite large ??? words? pool? > pool). BTW, I must admit I have till now a little bit personal problem > of understanding RC4. The alphabet in it gets modified through certain > swapping. How was that particular swapping decided upon? Could you or > someone else kindly help? (Sorry for this dumb question.) Ron Rivest decided on it. He designed RC4. It is quite a good scheme with some evidence that on the level of Megabytes, there is a very small bias in the output. > > To the implementation point of yours: The schemes are not meant to be > sent. It is assumed that both partners can easily understand the > foundations underlying the kind of scheme I depicted and thus can agree > on one to be implemented by them individually. Further, it is likely to And how is person 2 supposed to know what was used to encrypt the scheme? They decided beforehand? But then there was loads of time to do something decent. > be the case that only one partner will be a poorman (due to e.g. > unfavourable political environment etc. etc.), while the other is rich. > So, if the poorman manages to implement, there is no problem at all > on the side of his partner (in this case). Sure there is. He has to know what is implimented. And it is a lot easier if he knows it is some bog standard scheme.
From: Mok-Kong Shen on 24 Mar 2010 03:45 unruh wrote: > Mok-Kong Shen wrote: >> I think RC4 is nice, but my compound PRNG is meant to be much bigger >> in general (it operates on words and is meant to use a quite large > > ??? words? pool? I have sketched my compond PRNG in the thread "Update of my old idea on random number generation". It is intended to work with entire computer words. A manster-key generates a user-chosen large number of constituent PRNGs, which I term a pool of PRNGs. >> pool). BTW, I must admit I have till now a little bit personal problem >> of understanding RC4. The alphabet in it gets modified through certain >> swapping. How was that particular swapping decided upon? Could you or >> someone else kindly help? (Sorry for this dumb question.) > > Ron Rivest decided on it. He designed RC4. It is quite a good scheme > with some evidence that on the level of Megabytes, there is a very small > bias in the output. I know that. But he didn't tell us his excellent insight in selecting that particular swapping. In fact, I pondered quite a while on the question but failed to answer it myself. Note in this connection that in the description of all my schemes I have tried (I hope I haven't overlooked) to exclude stuffs that would seem to be "arbitrary" decisions to a third person and that therefore would have to be kept in momory via learning by rote. That is, one has only to keep in mind the basic and simple to comprehend principles. This tends to reduce eventual errors in implementations, as the poorman, according to our assumptions, has to implement everything from scratch without any external aid. Thanks, M. K. Shen
From: unruh on 24 Mar 2010 12:02 On 2010-03-24, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > unruh wrote: >> Mok-Kong Shen wrote: >>> I think RC4 is nice, but my compound PRNG is meant to be much bigger >>> in general (it operates on words and is meant to use a quite large >> >> ??? words? pool? > > I have sketched my compond PRNG in the thread "Update of my old idea on > random number generation". It is intended to work with entire computer > words. A manster-key generates a user-chosen large number of constituent > PRNGs, which I term a pool of PRNGs. > >>> pool). BTW, I must admit I have till now a little bit personal problem >>> of understanding RC4. The alphabet in it gets modified through certain >>> swapping. How was that particular swapping decided upon? Could you or >>> someone else kindly help? (Sorry for this dumb question.) >> >> Ron Rivest decided on it. He designed RC4. It is quite a good scheme >> with some evidence that on the level of Megabytes, there is a very small >> bias in the output. > > I know that. But he didn't tell us his excellent insight in selecting > that particular swapping. In fact, I pondered quite a while on the > question but failed to answer it myself. Note in this connection that > in the description of all my schemes I have tried (I hope I haven't > overlooked) to exclude stuffs that would seem to be "arbitrary" > decisions to a third person and that therefore would have to be kept in > momory via learning by rote. That is, one has only to keep in mind the > basic and simple to comprehend principles. This tends to reduce > eventual errors in implementations, as the poorman, according to our > assumptions, has to implement everything from scratch without any > external aid. The swap rules ( two lines of code) of rc4 are a lot easier to remember than any reasons for those rules. Some things are far easier to just memorize. Your "rules" for your complicated mess have no unique implimentation so you have to memorize a bunch of pretty complicated stuff. And what in the world is this "word" stuff? If you really want to impliment RC4 on words you just need a 60000 entry mixing matrix. And some have argued that this is less biased than is the simply RC4. > > Thanks, > > M. K. Shen > >
From: Maaartin on 24 Mar 2010 13:30 On Mar 24, 5:02 pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote: > And what in the world is this "word" stuff? If you really want to > impliment RC4 on words you just need a 60000 entry mixing matrix. And > some have argued that this is less biased than is the simply RC4. You surely means word = 16 bits, this is quite common (Intel and Microsoft use it this way), but others (IMHO including MKS) use it to denote the most natural (efficient) unit of CPU. Expanding RC4 to 16 bits has at least two drawbacks: The initial mixing needs to be much longer, so the overhead for short messages is too high. The speed on general purpose CPUs may be in fact lower than when using 8 bits - you obviously win a factor of 2 but may get a lot of L1 cache misses. AFAIK, expanding RC4 to 32 bits is quite impossible. That said, I fully agree with you (and state that you surely know much more about the subject than I do). MKS: Do you think your description is easy to memorize and to implement? Assume there're 10 people implementing what you described here, how many different implementation do you get? One? Ten?
From: unruh on 24 Mar 2010 13:49
On 2010-03-24, Maaartin <grajcar1(a)seznam.cz> wrote: > On Mar 24, 5:02?pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote: >> And what in the world is this "word" stuff? If you really want to >> impliment RC4 on words you just need a 60000 entry mixing matrix. And >> some have argued that this is less biased than is the simply RC4. > > You surely means word = 16 bits, this is quite common (Intel and Yes, so that requires a mixing matrix of 2^16 entries, which is approx 60000. > Microsoft use it this way), but others (IMHO including MKS) use it to > denote the most natural (efficient) unit of CPU. Expanding RC4 to 16 > bits has at least two drawbacks: The initial mixing needs to be much > longer, so the overhead for short messages is too high. The speed on Agreed. > general purpose CPUs may be in fact lower than when using 8 bits - you > obviously win a factor of 2 but may get a lot of L1 cache misses. > AFAIK, expanding RC4 to 32 bits is quite impossible. Not impossible, but having a 4GB matrix will definitely produce caching missing every time. (And running the initial mix to get rid of the small initial biases will take a while, I agree). > > That said, I fully agree with you (and state that you surely know much > more about the subject than I do). > > MKS: Do you think your description is easy to memorize and to > implement? Assume there're 10 people implementing what you described > here, how many different implementation do you get? One? Ten? |