Prev: PE Scrambler
Next: Steganography Software
From: Mok-Kong Shen on 25 Apr 2010 10:58

In my humble view, indirectness and variability are principles/features
that are to be strived at in encryption processing. Let's consider the
case of employment of a (not too poor) PRNG. If one uses its outputs
"directly" to xor the plaintext, then there is the well known risk of
prediction in the scenario of known-plaintext attack. On the other
hand, if one uses its outputs to pseudo-randomly select segments (the
selection may be done dynamically also) from n publically known
(readily available or computable) sequences, e.g. mathematical
constants or published natural language texts, and combine these with
xor or better with some nonlinear operations on the computer word
level, then it is intuitively clear that the difficulty of analysis of
the resulting stream would very quickly (super-exponentially I would
think) increase with the value of n. I suppose that this is in fact
entirely trivially evident but wonders why one doesn't see its
practical relevance being explicitly mentioned in the crypto
literatures (or did I miss the right references?).

Thanks.

M. K. Shen
From: WTShaw on 25 Apr 2010 13:32
On Apr 25, 9:58 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> In my humble view, indirectness and variability are principles/features
> that are to be strived at in encryption processing. Let's consider the
> case of employment of a (not too poor) PRNG. If one uses its outputs
> "directly" to xor the plaintext, then there is the well known risk of
> prediction in the scenario of known-plaintext attack. On the other
> hand, if one uses its outputs to pseudo-randomly select segments (the
> selection may be done dynamically also) from n publically known
> (readily available or computable) sequences, e.g. mathematical
> constants or published natural language texts, and combine these with
> xor or better with some nonlinear operations on the computer word
> level, then it is intuitively clear that the difficulty of analysis of
> the resulting stream would very quickly (super-exponentially I would
> think) increase with the value of n. I suppose that this is in fact
> entirely trivially evident but wonders why one doesn't see its
> practical relevance being explicitly mentioned in the crypto
> literatures (or did I miss the right references?).
>
> Thanks.
>
> M. K. Shen

The agendas of many are rather mercenary, not scientific.
From: Mok-Kong Shen on 25 Apr 2010 14:10
WTShaw wrote:

> The agendas of many are rather mercenary, not scientific.

Sorry that my non-native English is not good enough to properly
interpret your sentence in the present context. Could you kindly
elaborate it? (The gist of my post was that I fail to find
anything in the said direction 'at all'. I personally have no
doubt of the seriousness of authors of the majority of textbooks
or published papers.)

Thanks,

M. K. Shen

From: Maaartin on 25 Apr 2010 16:49
On Apr 25, 8:10 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> WTShaw wrote:
> > The agendas of many are rather mercenary, not scientific.
>
> Sorry that my non-native English is not good enough to properly
> interpret your sentence in the present context.

In the meantime you should already know: NOBODY's English is good
enough. Single words have meaning, sometimes even whole sentences, but
it nearly never related either to cryptography or to what speaks
about.

I seams like you're trying to communicate to a program like emacs
doctor.

> Could you kindly
> elaborate it? (The gist of my post was that I fail to find
> anything in the said direction 'at all'. I personally have no
> doubt of the seriousness of authors of the majority of textbooks
> or published papers.)

IMHO, the indirection doesn't get used much, see e.g.,
http://www.ciphersbyritter.com/GLOSSARY.HTM#DynamicSubstitutionCombiner

Any key or data dependent memory access can make the thing (cipher,
prng, ...) vulnerable to timing attacks because of cache misses. This
was not quite clear in the times of the AES contest. Currently most
people sticks with the simplest operations like XOR, ADD, AND, and
fixed-distance rotations.
 | 
Pages: 1
Prev: PE Scrambler
Next: Steganography Software