Prev: A New/Old code Just For Fun
Next: Chua's treatment of Wolfram's result
From: Mok-Kong Shen on 29 Jul 2010 09:34
Mok-Kong Shen wrote:

> (b) A good candidate for Fi(B_i) seems to be a key dependent (randomly
> generated) permutation polynomial mod 2^n of full period, say, of 2nd
> or higher degree.[snip]

To avoid misunderstanding: For the same i, Fi(B_i) is different for
different rounds and, since the availability of PRNGs is implicitly
assumed (I personally favour the scheme presented in my thread "A simple
scheme of combining PRNGs of 01.06.2010), it may vary from block to
block.

M. K. Shen




From: Maaartin on 31 Jul 2010 18:25
On Jul 29, 2:52 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> To avoid misunderstanding: if the words of a block are numbered 1..n,
> then the pivot sequence is a pseudo-random permutation of that.

What if there are more than n rounds?

You wrote "B_2 = F1(B_1) ^ B_2 B_3 = F1(B_1) ^ B_3 Below we'll say
that in the above B_1 is the pivot field in the
operation. Should it mean that F1(B_1) gets xored to all other fields?
If yes, why? If no, how you choose the field(s) to be modified?
From: Mok-Kong Shen on 1 Aug 2010 04:09
Maaartin wrote:
> wrote:
>> To avoid misunderstanding: if the words of a block are numbered 1..n,
>> then the pivot sequence is a pseudo-random permutation of that.
>
> What if there are more than n rounds?
>
> You wrote "B_2 = F1(B_1) ^ B_2 B_3 = F1(B_1) ^ B_3 Below we'll say
> that in the above B_1 is the pivot field in the
> operation. Should it mean that F1(B_1) gets xored to all other fields?
> If yes, why? If no, how you choose the field(s) to be modified?

Sorry that there are apparently still stuffs not very clear.

In the original Feistel scheme (that was used in DES) there were only
2 fields. From that it was unclear what Feistel would have done if
there are more than 2 fileds. One possibility is that a non-linear
function of one field is xored to only one another field. The other
possibility is that the xoring is done to more than one field. As I
said, the computation of the non-linear function is certainly more
expensive than one xoring operation. So, once a non-linear function
is evaluated, it could advantageously be used to xor (thus affect)
more than one field. Thus I choose to xor all the other fields. For
that way it would be more 'economical'/efficient for the scheme as
a whole.

A pivot sequence of round j is a pseudo-random permutation Q_j of 1..n
(a block has n fields), which is dependent on j, i.e. different for
different j. Since F_i of all rounds are pseudo-randomly generated and
hence, for the same i, F_i of one round is different from F_i of
another round (the probability of identity is practically zero with
a properly implemented PRNG), it doesn't matter, if the last element
of Q_(j-1) happens to be identical to the first element of Q_j.
(Otherwise the two xoring from the same pivot would have cancelled
each other.)

xor can be replaced by addition/subtraction. If desired, the choice
of the three operations could also be pseudo-randomly dynamically
determined.

I like to stress once again that all the randomizations stated can be
dynamically done for the individual blocks, i.e. they can be different
for different blocks. The message key, from which all the randominations
depend (since the PRNG or PRNGs are constructed from it), should be
unique to the meaasge. This could be easily done through suitably
combining a master key (which is used for a longer period for different
messages) with message specific informations, e.g. time and message
number.

It may be noted that practically nothing in our scheme is thus 'fixed'.
Almost everything is 'dynamic' and this, so to say, knocks the bottom
out of all those known analysis techniques of block encryptions that
assume that the algorithm to be attacked is a static one.

For pseudo-random number generation I am taking the liberty to once
again mention my personal favourite, a combination of two or more
constituent PRNGs, as described in the thread "A simple scheme of
combining PRNGs" of 01.06.2010.

Many thanks for you detailed examinations.

M. K. Shen
From: Mok-Kong Shen on 1 Aug 2010 04:58
Mok-Kong Shen wrote:
> Maaartin wrote:
[snip]

I forgot to address your question "What if there are more than
n rounds?" For e.g. n=4, there are only 24 different permutations.
It could thus happen that successive pivot sequences generated,
Q_j and Q_(j+1), are the same. This doesn't matter in our scheme.
(Cf. DES, where the pivot sequence is a constant one.)

M. K. Shen
First  |  Prev  | 
Pages: 1 2 3
Prev: A New/Old code Just For Fun
Next: Chua's treatment of Wolfram's result