From: Mok-Kong Shen on

According to a just appeared paper of Moshe Rubin:
http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaocipher-Revealed-Algorithm.pdf

J. F. Byrne had already in 1918 employed dynamic substitutions in his
(longtime undisclosed) Chaos cipher, in which the substitution
alphabets get modified after each step of the encryption processing.
It is interesting to note that a contemporary scheme
(http://fiziwig.com/crypto/tile1.html) independently employs some
dynamics of akin nature.

In computer-implemented algorithms, RC4 of R. Rivest has an array
containing the (8-bit) alphabet that has two of its entries swapped
when a byte is encrypted, while T. Ritter has a patent on a
dynamic substitution scheme of his own design (see
http://www.ciphersbyritter.com/#DynSubTechan).

It may be remarked that, while an alphabet of small size (e.g. 26, 256)
can be conveniently stored and dynamically manipulated, a similar
implementation for a size of 2^32 would evidently be unfavourable in
practice. It is possible however to conveniently obtain substitutions
of such a size through employing permutation polynomials mod 2^32,
whose coefficients are dynamically generated by a PRNG. For the
pseudo-randomly determined mapping with such a polynomial may be
computationally reversed (albeit with comparatively higher computing
cost).

M. K. Shen
From: WTShaw on
On Jul 2, 5:29 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> According to a just appeared paper of Moshe Rubin:http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaociph...
>
> It may be remarked that, while an alphabet of small size (e.g. 26, 256)
> can be conveniently stored and dynamically manipulated, a similar
> implementation for a size of 2^32 would evidently be unfavourable in
> practice. It is possible however to conveniently obtain substitutions
> of such a size through employing permutation polynomials mod 2^32,
> whose coefficients are dynamically generated by a PRNG. For the
> pseudo-randomly determined mapping with such a polynomial may be
> computationally reversed (albeit with comparatively higher computing
> cost).
>
> M. K. Shen

Please demonstrate the viability of your idea by implementing it, a
requirement I usually demand of myself before talking about any
dreamt gizmo.
From: Tran Ngoc Duong on
On Jul 3, 5:29 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> According to a just appeared paper of Moshe Rubin:http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaociph...
>
> J. F. Byrne had already in 1918 employed dynamic substitutions in his
> (longtime undisclosed) Chaos cipher, in which the substitution
> alphabets get modified after each step of the encryption processing.
> It is interesting to note that a contemporary scheme
> (http://fiziwig.com/crypto/tile1.html) independently employs some
> dynamics of akin nature.
>
> In computer-implemented algorithms, RC4 of R. Rivest has an array
> containing the (8-bit) alphabet that has two of its entries swapped
> when a byte is encrypted, while T. Ritter has a patent on a
> dynamic substitution scheme of his own design (seehttp://www.ciphersbyritter.com/#DynSubTechan).
>
> It may be remarked that, while an alphabet of small size (e.g. 26, 256)
> can be conveniently stored and dynamically manipulated, a similar
> implementation for a size of 2^32 would evidently be unfavourable in
> practice. It is possible however to conveniently obtain substitutions
> of such a size through employing permutation polynomials mod 2^32,
> whose coefficients are dynamically generated by a PRNG.
>
Is the PRNG, itself, required to be cryptographically strong?

If yes, then maybe it leads to a chicken-and-egg problem: how to
construct it? Yet to mention that a CS PRNG would immediately give you
a strong [stream] cipher, without using any complicated permutation
polynomial.

If no, then maybe it leads to a system of linear equations which,
given a small yet enough number of known plain/ciphertext pairs, can
be solved easily.
From: Mok-Kong Shen on
Tran Ngoc Duong wrote:

> Is the PRNG, itself, required to be cryptographically strong?
>
> If yes, then maybe it leads to a chicken-and-egg problem: how to
> construct it? Yet to mention that a CS PRNG would immediately give you
> a strong [stream] cipher, without using any complicated permutation
> polynomial.
>
> If no, then maybe it leads to a system of linear equations which,
> given a small yet enough number of known plain/ciphertext pairs, can
> be solved easily.

I was addressing the issue where one desires a 32-bit wide bijective
mapping for whatever reason.

As to PRNG (which one may also use for xoring, if there is no need
of a bijective mapping) I personally consider the CSPRNGs are
inconvenient to implement or slow and like to avoid them as far as
possible. That's BTW the motivation of my two posts in the thread
"A simple scheme of combining PRNGs" of 01.06.2010. For eventual
comments and critiques there I should be grateful.

Thanks.

M. K. Shen



From: Mok-Kong Shen on
WTShaw wrote:

> Please demonstrate the viability of your idea by implementing it, a
> requirement I usually demand of myself before talking about any
> dreamt gizmo.

You certainly meant the coding of the permutaion polynomials, right?
Please see the thread "A C-code for permutation polynomials mod 2^n"
of 21.03.2010.

M. K. Shen