From: Mok-Kong Shen on 2 Jul 2010 18:29 According to a just appeared paper of Moshe Rubin: http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaocipher-Revealed-Algorithm.pdf J. F. Byrne had already in 1918 employed dynamic substitutions in his (longtime undisclosed) Chaos cipher, in which the substitution alphabets get modified after each step of the encryption processing. It is interesting to note that a contemporary scheme (http://fiziwig.com/crypto/tile1.html) independently employs some dynamics of akin nature. In computer-implemented algorithms, RC4 of R. Rivest has an array containing the (8-bit) alphabet that has two of its entries swapped when a byte is encrypted, while T. Ritter has a patent on a dynamic substitution scheme of his own design (see http://www.ciphersbyritter.com/#DynSubTechan). It may be remarked that, while an alphabet of small size (e.g. 26, 256) can be conveniently stored and dynamically manipulated, a similar implementation for a size of 2^32 would evidently be unfavourable in practice. It is possible however to conveniently obtain substitutions of such a size through employing permutation polynomials mod 2^32, whose coefficients are dynamically generated by a PRNG. For the pseudo-randomly determined mapping with such a polynomial may be computationally reversed (albeit with comparatively higher computing cost). M. K. Shen
From: WTShaw on 4 Jul 2010 09:25 On Jul 2, 5:29 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > According to a just appeared paper of Moshe Rubin:http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaociph... > > It may be remarked that, while an alphabet of small size (e.g. 26, 256) > can be conveniently stored and dynamically manipulated, a similar > implementation for a size of 2^32 would evidently be unfavourable in > practice. It is possible however to conveniently obtain substitutions > of such a size through employing permutation polynomials mod 2^32, > whose coefficients are dynamically generated by a PRNG. For the > pseudo-randomly determined mapping with such a polynomial may be > computationally reversed (albeit with comparatively higher computing > cost). > > M. K. Shen Please demonstrate the viability of your idea by implementing it, a requirement I usually demand of myself before talking about any dreamt gizmo.
From: Tran Ngoc Duong on 4 Jul 2010 11:25 On Jul 3, 5:29 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > According to a just appeared paper of Moshe Rubin:http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaociph... > > J. F. Byrne had already in 1918 employed dynamic substitutions in his > (longtime undisclosed) Chaos cipher, in which the substitution > alphabets get modified after each step of the encryption processing. > It is interesting to note that a contemporary scheme > (http://fiziwig.com/crypto/tile1.html) independently employs some > dynamics of akin nature. > > In computer-implemented algorithms, RC4 of R. Rivest has an array > containing the (8-bit) alphabet that has two of its entries swapped > when a byte is encrypted, while T. Ritter has a patent on a > dynamic substitution scheme of his own design (seehttp://www.ciphersbyritter.com/#DynSubTechan). > > It may be remarked that, while an alphabet of small size (e.g. 26, 256) > can be conveniently stored and dynamically manipulated, a similar > implementation for a size of 2^32 would evidently be unfavourable in > practice. It is possible however to conveniently obtain substitutions > of such a size through employing permutation polynomials mod 2^32, > whose coefficients are dynamically generated by a PRNG. > Is the PRNG, itself, required to be cryptographically strong? If yes, then maybe it leads to a chicken-and-egg problem: how to construct it? Yet to mention that a CS PRNG would immediately give you a strong [stream] cipher, without using any complicated permutation polynomial. If no, then maybe it leads to a system of linear equations which, given a small yet enough number of known plain/ciphertext pairs, can be solved easily.
From: Mok-Kong Shen on 4 Jul 2010 15:01 Tran Ngoc Duong wrote: > Is the PRNG, itself, required to be cryptographically strong? > > If yes, then maybe it leads to a chicken-and-egg problem: how to > construct it? Yet to mention that a CS PRNG would immediately give you > a strong [stream] cipher, without using any complicated permutation > polynomial. > > If no, then maybe it leads to a system of linear equations which, > given a small yet enough number of known plain/ciphertext pairs, can > be solved easily. I was addressing the issue where one desires a 32-bit wide bijective mapping for whatever reason. As to PRNG (which one may also use for xoring, if there is no need of a bijective mapping) I personally consider the CSPRNGs are inconvenient to implement or slow and like to avoid them as far as possible. That's BTW the motivation of my two posts in the thread "A simple scheme of combining PRNGs" of 01.06.2010. For eventual comments and critiques there I should be grateful. Thanks. M. K. Shen
From: Mok-Kong Shen on 4 Jul 2010 15:05 WTShaw wrote: > Please demonstrate the viability of your idea by implementing it, a > requirement I usually demand of myself before talking about any > dreamt gizmo. You certainly meant the coding of the permutaion polynomials, right? Please see the thread "A C-code for permutation polynomials mod 2^n" of 21.03.2010. M. K. Shen
|
Pages: 1 Prev: The Chaocipher algorithm revealed at last! Next: Call for participants |