Nonlinear combination of streams
in [Cryptography]
|
Prev: Why is Kerberos ever used, rather than modern public keycryptography?
Next: An Important Distinction being stymied by Ignorance.
From: Mok-Kong Shen on 12 Mar 2010 18:23 Given two streams of natural language texts, one simple and practical way of combining them, in order to somehow gather together their "entropy", is to exploit the idea of polyalphabetic substitution of classical crypto. If one has namely such a substitution table (with each column being a random permutation of the alphabet), one could consider one of the given stream as the plaintext and the other as the key stream. The resulting "ciphertext" is then the desired combination. One can similary do this for arbitrary streams of 8-bit units. Terry Ritter favours to use orthogonal Latin squares (see his webpage http://www.ciphersbyritter.com/#BBMTech) for combination. However, in my humble view, that scheme is designed to be "practically" used for combining streams in units of 8 bits. For operating on larger units, there would be implementation difficulties/inconveniences. Sometime ago, I suggested to combine two computer words X and Y by the formula Z = X*Y + X + Y (mod 2^32 for 32-bit words). In discussions someone suggested to replace one of the + by ^. With some more computing cost, I think one could additionally do a mutual rotation in the sense that one masks out an 8 bit value somewhere in X to cyclically shift Y, and vice versa to cyclically shift X, before the formula is evaluated. (One could even mutually rotate X and Y in forming X*Y in one way and mutually rotate in forming X + Y in another way, if one likes.) I should be grateful for comments and to learn other and better schemes. Thanks, M. K. Shen
From: Mok-Kong Shen on 12 Mar 2010 19:33 Mok-Kong Shen wrote: [snip] > ........ one masks out an 8 bit value somewhere in X to > cyclically shift Y, ....... Typo, sorry. Please read "... an 5 bit value ....". Assumption is one has 32-bit computer words. M. K. Shen
From: Tom St Denis on 13 Mar 2010 08:18 On Mar 12, 6:23 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Sometime ago, I suggested to combine two computer words X and Y by the > formula Z = X*Y + X + Y (mod 2^32 for 32-bit words). In discussions The problem is that's not really non-linear, nor is multiplication modulo 2^32 a BBM function. You could do something multiplication in a field with a prime of the form 2^k + 1 [e.g. p=257] then just promote all values into 1..256, then multiplication is a BBM, but it's still linear. BTW nonlinear combiners exist, for example the stop-gap generator. They're also weak. Of course you'd know this if you did even remedial reading on the subject.... Tom
From: Maaartin on 13 Mar 2010 15:16 On Mar 13, 12:23 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Terry Ritter favours to use orthogonal Latin squares (see his webpagehttp://www.ciphersbyritter.com/#BBMTech) for combination. However, in my > humble view, that scheme is designed to be "practically" used for > combining streams in units of 8 bits. For operating on larger units, > there would be implementation difficulties/inconveniences. Not really, it can be done using something like this X ^= Y; Y ^= f(X) with f(X) = (X<<1) ^ ((X>>31) & C) where ">>" denotes a signed shift and C is a suitable constant, so you need about 8 machine instructions. Sure, it's linear, but... On Mar 13, 2:18 pm, Tom St Denis <t...(a)iahu.ca> wrote: > On Mar 12, 6:23 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > > > Sometime ago, I suggested to combine two computer words X and Y by the > > formula Z = X*Y + X + Y (mod 2^32 for 32-bit words). In discussions > > The problem is that's not really non-linear, Could you pls elaborate on this? I suppose he means to multiply two data words, so it can't be linear. > nor is multiplication modulo 2^32 a BBM function. Moreover, it's not bijective (in either argument), so he looses entropy. The function (X, Y) -> (2*X*Y + X + Y, Y) is bijective, but obviously not BBM (and I don't believe it could be made to BBM). > You could do something multiplication in > a field with a prime of the form 2^k + 1 [e.g. p=257] then just > promote all values into 1..256, then multiplication is a BBM, How? The multiplication returns one result, but you need two, don't you? Ritter writes: "Balanced Block Mixing: An orthogonal pair of Latin squares which reversibly mix two input blocks or values of some power-of-2 size into two output blocks of the original size.". Or do you mean computing (X, Y) -> (a*X+b*Y, c*X+d*Y) in a GF where a, b, c, d, and a*d-b*c are all co-prime to the characteristic of the field? In the latter case, it's clear. > but it's still linear. > > BTW nonlinear combiners exist, for example the stop-gap generator. > They're also weak. Of course you'd know this if you did even remedial > reading on the subject.... I haven't found anything about the stop-gap generator, could you provide me a pointer or some better keywords for google?
From: Maaartin on 13 Mar 2010 15:56
On Mar 13, 9:16 pm, Maaartin <grajc...(a)seznam.cz> wrote: > > You could do something multiplication in > > a field with a prime of the form 2^k + 1 [e.g. p=257] then just > > promote all values into 1..256, then multiplication is a BBM, > > How? The multiplication returns one result, but you need two, don'tyou? Ritter writes: > > "Balanced Block Mixing: An orthogonal pair of Latin squares which > reversibly mix two input blocks or values of some power-of-2 size into > two output blocks of the original size.". > Or do you mean computing > (X, Y) -> (a*X+b*Y, c*X+d*Y) > in a GF where a, b, c, d, and a*d-b*c are all co-prime to the > characteristic of the field? In the latter case, it's clear. No, it's not. In GF(256) or GF(257) it would work, but with your "values promotion" you have only the multiplicative group of GF(257) and no field. So I'm confused in both cases. |