Criticism of a proposed stream cipher requested.
in [Cryptography]
|
Prev: A simple scheme of combining PRNGs
Next: Criticism of a proposed floating point (cs)prng requested.
From: Scott Fluhrer on 2 Jun 2010 14:03 "Paul Rubin" <no.email(a)nospam.invalid> wrote in message news:7xwruh1iy5.fsf(a)ruckus.brouhaha.com... > Francois Grieu <fgrieu(a)gmail.com> writes: >> I suspect that there might be ways to trade abundance of known >> plaintext against less time and/or memory; or perhaps a much more >> devastating attack. But I fail to pinpoint that right now. > > Isn't this a trivial linear algebra problem? Let K1...K100 be the > unknown key bits. Let P1...P100 be the known plaintext. Let C1,C2.... > be the ciphertext. Let Si,j be the j'th bit of the square root of i. > So > > Cn = K1*S1,n + K2*S2,n + ... + K100*S100,n + Pn > > where the multiplication is in GF(2). Solve simultaneous equations to > get K. Am I misunderstanding the question and/or overlooking something > silly? Doh! No, it was me who was overlooking something obvious... -- poncho
From: Mok-Kong Shen on 2 Jun 2010 15:55 Cryptoengineer wrote: [snip] > Of course, it has the key distribution drawbacks of any symmetric > cipher. You have not mentioned whether your key is message specific (unique). If that is the case, then "known-plaintext attacks" wouldn't apply, if I don't err. The efficiency issue, which you admit yourself, seems however to be really very serious IMHO. M. K. Shen
From: Greg Rose on 2 Jun 2010 17:50 In article <hu6d00$e8v$03$1(a)news.t-online.com>, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: As usual, M-K fails to meaningfully contribute to the discussion. Please don't bother to try to educate him. Greg. --
From: Mok-Kong Shen on 2 Jun 2010 20:06 Am 02.06.2010 23:50, schrieb Greg Rose: > In article<hu6d00$e8v$03$1(a)news.t-online.com>, > Mok-Kong Shen<mok-kong.shen(a)t-online.de> wrote: > > As usual, M-K fails to meaningfully contribute to the > discussion. Please don't bother to try to educate him. If you could "explain" you point, then please "do" so. Otherwise you are only doing exactly that yourself that you intend to discredit me! M. K. Shen
From: Keith F. Lynch on 2 Jun 2010 23:09
The "proposed stream cipher" is mine. Except that it's neither "proposed" (I've been using it for years) nor a stream cipher. Peter only explained a part of it, though I explained the whole thing to him. Key distribution is a non-issue, since I only use it for backups, not for communicating with others, as I also explained to Peter. The part he left out is what I call "stirring." This consists of repeatedly reversing substrings within the plaintext. For each of the 256 possible characters, one at a time, in order, I use that character as a delimiter, breaking up the text into some number of substrings. Each of those substrings I reverse in place. I do so circularly, so that the first and last characters also get moved. For instance: Criticism of a proposed stream cipher requested. would get turned into: equed a opriseream phestipof red.Cr strosm cicit Note that this is not a fixed transposition, but depends on the characters in it. For instance: This is what is called a transposition cipher. turns into sihpi dellarti t sita noic snac ahT.rehw sopsi but Is this what is called a transposition cipher? turns into dellarta noihw snac ahpit t sopsisic sI?rehti Note that it was rearranged in a completely different order. My complete system consists of: * Generate S, the hashed together key-defined subset of the square roots of the first hundred primes, as many binary digits of each as there are bits in the plaintext file. * Hash the plaintext with S. * "Stir" the result. * Hash this new result with a "stirred" copy of S. * Reverse-stir the latest result (i.e. start at the end of the 256-character "alphabet" and work backwards). * Hash the latest result with S. Please tell me if any of this is at all unclear. One feature it has is that it's the same forwards and backwards: I don't have to specify whether I'm encrypting or decrypting. The plaintext is typically a compressed file of English ASCII text, compressed using either gzip or bzip2. Why did I design and write my own system? Mostly just for fun. But also because that way I know for an absolute fact that neither the algorithm nor the program that implements it has any secret back doors. Nor has anyone ever worked on breaking this cipher. Nor is anyone ever likely to unless someone *really* wants to read my files, which seems unlikely. "Stirring" has some interesting mathematical properties. Some fairly obvious series which I can generate with it (e.g. what's the maximum repetition time as a function of string length) are *not* in the On-Line Encyclopedia of Integer Sequences, implying that it's original with me. -- Keith F. Lynch - http://keithlynch.net/ Please see http://keithlynch.net/email.html before emailing me. |