From: Mok-Kong Shen on 23 Jul 2010 03:11 Mok-Kong Shen wrote: > (4) .... For, if the last pivot field of a permutation > "happens" to be the first pivot field of the following permutation, > then the effect of xoring would be cancelled out (except when one > also uses rotation of bits, see (5), in between the two steps). Please read: (4) .... For, if the last pivot field of a permutation "happens" to be the first pivot field of the following permutation and Fi "happens" also to be chosen to be the same, then the effect of xoring would be cancelled out (except when one also uses rotation of bits, see (5), in between the two steps). But this is an extreme pedantic caution. For the probability of this happening is only theoretically possible and is pratically zero. M. K. Shen
From: Mok-Kong Shen on 29 Jul 2010 03:09 Mok-Kong Shen wrote: [snip] > (2) In the common description of the unbalanced Feistel cipher, e.g. > http://en.wikipedia.org/wiki/Feistel_cipher, a pivot field (in my term) > is used to only process one another field. Since however the computation > of Fi(B_i) is certainly much more expensive than xor, it's sort of > waste that way. So I want in the present scheme to have each Fi(B_i) > xor (and thus affect) all the other fields so to achieve a higher > overall computational efficiency. > > (3) In the common description of the unbalanced Feister cipher, the > pivot fields are chosen in sequential order. Since having that order > key dependent instead (and also having different permutations of the > order in the processing of a block) essentially complicates analysis > but involves almost no cost, I have introduced that. [snip] I like to add a couple of tiny points: (a) An entire short message consisting of an arbitrary number of computer words could be advantageously treated as a single block this way. (b) A good candidate for Fi(B_i) seems to be a key dependent (randomly generated) permutation polynomial mod 2^n of full period, say, of 2nd or higher degree. See V. Anashin, A. Khrennikov, Applied Algebraic Dynamics, p.283. One could, for simplicity of memory/implementation, employ the following simplified (hence stronger) criteria, where c_i is the coefficent of x^i of the polynomial: c_0 = 1 mod 4 c_1 = 1 mod 4 c_i = 0 mod 4 for all other i. M. K. Shen
From: Maaartin on 29 Jul 2010 08:22 On Jul 29, 9:09 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > > (3) In the common description of the unbalanced Feister cipher, the > > pivot fields are chosen in sequential order. Since having that order > > key dependent instead (and also having different permutations of the > > order in the processing of a block) essentially complicates analysis > > but involves almost no cost, I have introduced that. As you know, design decisions tend to have disadvantages, too. I hope you thought about them and can give us a short analysis. How exactly should the pivot be determined?
From: Mok-Kong Shen on 29 Jul 2010 08:46 Maaartin wrote: > On Jul 29, 9:09 am, Mok-Kong Shen<mok-kong.s...(a)t-online.de> wrote: >>> (3) In the common description of the unbalanced Feister cipher, the >>> pivot fields are chosen in sequential order. Since having that order >>> key dependent instead (and also having different permutations of the >>> order in the processing of a block) essentially complicates analysis >>> but involves almost no cost, I have introduced that. > > As you know, design decisions tend to have disadvantages, too. I hope > you thought about them and can give us a short analysis. > > How exactly should the pivot be determined? I suggested that the pivot sequence (in each round, if more rounds) be psudo-randomly determined (by a PRNG generated from the message unique key). M. K. Shen
From: Mok-Kong Shen on 29 Jul 2010 08:52 Mok-Kong Shen wrote: > Maaartin wrote: >> Mok-Kong Shen wrote: >>>> (3) In the common description of the unbalanced Feister cipher, the >>>> pivot fields are chosen in sequential order. Since having that order >>>> key dependent instead (and also having different permutations of the >>>> order in the processing of a block) essentially complicates analysis >>>> but involves almost no cost, I have introduced that. >> >> As you know, design decisions tend to have disadvantages, too. I hope >> you thought about them and can give us a short analysis. >> >> How exactly should the pivot be determined? > > I suggested that the pivot sequence (in each round, if more rounds) > be psudo-randomly determined (by a PRNG generated from the message > unique key). To avoid misunderstanding: if the words of a block are numbered 1..n, then the pivot sequence is a pseudo-random permutation of that. M. K. Shen
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: A New/Old code Just For Fun Next: Chua's treatment of Wolfram's result |