Composing large block cipher from smaller ones
in [Cryptography]
|
Prev: No more conservation of telecommunication data in Germany
Next: Final: An obvious pattern found in the first 37Million Prime Sums using the log of the golden ratio Lp!
From: Mok-Kong Shen on 7 Mar 2010 08:22 Maaartin wrote: > Mok-Kong Shen wrote: >> Should I behave like a few of others in this group in always attempting >> to (undeservedly) present oneself as an 'expert'? > > No, pls don't. Just try more reading and thinking, this a what J.D. > meant and what you was told already. There're many thousands of people > worldwide interested in crypto. If only one per cent of them would > behave like you, there were daily many thousands of question here and > nothing else. If "some" of the people in the group stop to react to posts that they don't like for whatever reasons and generate thereby posts that do personal insults instead of arguing on scientific grounds (errors can be "succintly" pointed out, if one "has" the time and will to point them out, otherwise do nothing!!), then there would be "less" waste of bandwidth (waste of course can't be "principally" prevented, since this group is not moderated and posting is entirely "free") and the annoyance to the many thousands of people worldwide interested in crypto and subscribing to sci.crypt would be highly "alleviated". Anyway, if you (I mean anyone) jugde that a post is nonsense, then the best you "can" do is the "same" that you would do with the spam mails that come everyday into your email box! M. K. Shen
From: Mok-Kong Shen on 7 Mar 2010 09:44 In view of the susceptibility to slide attacks, as was pointed out in the discussions by J.D., the code (here only pseudo-code, actual C-code has to be suitably written) for the "horizontal" case has to be modified as follows, employing a number of master keys MK0, MK1 ... to generate in counter mode the keys to be employed in the different rounds of the composite scheme (IVMK is an initialization value): for (i=0; i<numberofrounds, i++) { Cn = IVMK + i; k0i = E(MK0,Cn); k1i = E(MK1,Cn); K2i = E(MK2,Cn); K3i = E(MK3,Cn); } for (i=0; i<numberofrounds, i++) { B_0 ^= E(K1i,B_1); B1 ^= E(K0i,B0); B_2 ^= E(K3i,B_3); B3 ^= E(K2i,B2); B_0 ^= E(K2i,B_2); B2 ^= E(K0i,B0); B_1 ^= E(K3i,B_3); B3 ^= E(K1i,B1); } Analogous is to be done for the "vertical" case. If one applies also the "outer" dynamics, as detailed in the thread "Introducing dynamics into block encryptions", one could, for the processing of each new block (large block of the composite scheme) of plaintext, generate a new set of keys for use for the different rounds of the composite scheme, via e.g. updating IVMK in the above with IVMK += numberofrounds; In this opportunity, I like to take the liberty to once again sincerely request discussions from experts of the group on the correctness and practical feasibility of "inner" and "outer" dynamics in the thread mentioned above. Thanks in advance, M. K. Shen ------------------------------------------------------------------------- My favourite citation for scientific discussions: Was sich ueberhaupt sagen laesst, laesst sich klar sagen; und wovon man nicht sprechen kann, darueber muss man schweigen. L. Wittgenstein
From: Richard Outerbridge on 7 Mar 2010 20:26 In article <hmnvb7$s11$03$1(a)news.t-online.com>, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > Given a block cipher E of block length n, could one advantageously use > it to compose a larger block cipher in a rather simple manner? I like > to solicit some good ideas on this from the group via presenting my own > humble one. This is (was?) the way DEAL worked. The problems with it were its speed (or lack thereof) and its key scheduling - particularly the latter. outer
From: Mok-Kong Shen on 8 Mar 2010 09:08 Richard Outerbridge: > Mok-Kong Shen<mok-kong.shen wrote: > >> Given a block cipher E of block length n, could one advantageously use >> it to compose a larger block cipher in a rather simple manner? I like >> to solicit some good ideas on this from the group via presenting my own >> humble one. > > This is (was?) the way DEAL worked. The problems with it were its speed > (or lack thereof) and its key scheduling - particularly the latter. I attempted to avoid the problem to devise a new key-schedule by simply using different keys (obtained from a run with master keys in counter mode) for the different component ciphers, see the final version posted 07.03.2010 15:44. M. K. Shen
From: Tom St Denis on 8 Mar 2010 09:37
On Mar 7, 8:22 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > If "some" of the people in the group stop to react to posts that they > don't like for whatever reasons and generate thereby posts that do > personal insults instead of arguing on scientific grounds (errors > can be "succintly" pointed out, if one "has" the time and will to point > them out, otherwise do nothing!!), then there would be "less" waste of > bandwidth (waste of course can't be "principally" prevented, since > this group is not moderated and posting is entirely "free") and the > annoyance to the many thousands of people worldwide interested in > crypto and subscribing to sci.crypt would be highly "alleviated". > > Anyway, if you (I mean anyone) jugde that a post is nonsense, then > the best you "can" do is the "same" that you would do with the spam > mails that come everyday into your email box! The reason people get upset with you isn't because you ask questions, it's because you ask questions in direct opposition to the advice and knowledge people are voluntarily trying to impart on you. When I pointed out Turtle for instance you clearly did not read the paper, and then continued on your line of questioning. I can't make you a good researcher, you'll have to do that yourself. But if you keep asking questions despite me and others already answering them people are just going to get pissed off at you. You need to learn how to actually take in information people give you instead of trying to get everything spelt out in the last detail. We don't work for you, but we'll help you just the same if you show a sincere effort in learning. Tom |