Prev: A New/Old code Just For Fun
Next: Chua's treatment of Wolfram's result
From: Mok-Kong Shen on 23 Jul 2010 03:11
Mok-Kong Shen wrote:

> (4) .... For, if the last pivot field of a permutation
> "happens" to be the first pivot field of the following permutation,
> then the effect of xoring would be cancelled out (except when one
> also uses rotation of bits, see (5), in between the two steps).

Please read:

(4) .... For, if the last pivot field of a permutation
"happens" to be the first pivot field of the following permutation
and Fi "happens" also to be chosen to be the same, then the effect of
xoring would be cancelled out (except when one also uses rotation of
bits, see (5), in between the two steps). But this is an extreme
pedantic caution. For the probability of this happening is only
theoretically possible and is pratically zero.

M. K. Shen

From: Mok-Kong Shen on 29 Jul 2010 03:09
Mok-Kong Shen wrote:
[snip]
> (2) In the common description of the unbalanced Feistel cipher, e.g.
> http://en.wikipedia.org/wiki/Feistel_cipher, a pivot field (in my term)
> is used to only process one another field. Since however the computation
> of Fi(B_i) is certainly much more expensive than xor, it's sort of
> waste that way. So I want in the present scheme to have each Fi(B_i)
> xor (and thus affect) all the other fields so to achieve a higher
> overall computational efficiency.
>
> (3) In the common description of the unbalanced Feister cipher, the
> pivot fields are chosen in sequential order. Since having that order
> key dependent instead (and also having different permutations of the
> order in the processing of a block) essentially complicates analysis
> but involves almost no cost, I have introduced that.
[snip]

I like to add a couple of tiny points:

(a) An entire short message consisting of an arbitrary number of
computer words could be advantageously treated as a single block this
way.

(b) A good candidate for Fi(B_i) seems to be a key dependent (randomly
generated) permutation polynomial mod 2^n of full period, say, of 2nd
or higher degree. See V. Anashin, A. Khrennikov, Applied Algebraic
Dynamics, p.283. One could, for simplicity of memory/implementation,
employ the following simplified (hence stronger) criteria, where c_i is
the coefficent of x^i of the polynomial:

c_0 = 1 mod 4

c_1 = 1 mod 4

c_i = 0 mod 4 for all other i.

M. K. Shen
From: Maaartin on 29 Jul 2010 08:22
On Jul 29, 9:09 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote:
> > (3) In the common description of the unbalanced Feister cipher, the
> > pivot fields are chosen in sequential order. Since having that order
> > key dependent instead (and also having different permutations of the
> > order in the processing of a block) essentially complicates analysis
> > but involves almost no cost, I have introduced that.

As you know, design decisions tend to have disadvantages, too. I hope
you thought about them and can give us a short analysis.

How exactly should the pivot be determined?
From: Mok-Kong Shen on 29 Jul 2010 08:46
Maaartin wrote:
> On Jul 29, 9:09 am, Mok-Kong Shen<mok-kong.s...(a)t-online.de> wrote:
>>> (3) In the common description of the unbalanced Feister cipher, the
>>> pivot fields are chosen in sequential order. Since having that order
>>> key dependent instead (and also having different permutations of the
>>> order in the processing of a block) essentially complicates analysis
>>> but involves almost no cost, I have introduced that.
>
> As you know, design decisions tend to have disadvantages, too. I hope
> you thought about them and can give us a short analysis.
>
> How exactly should the pivot be determined?

I suggested that the pivot sequence (in each round, if more rounds)
be psudo-randomly determined (by a PRNG generated from the message
unique key).

M. K. Shen


From: Mok-Kong Shen on 29 Jul 2010 08:52
Mok-Kong Shen wrote:
> Maaartin wrote:
>> Mok-Kong Shen wrote:
>>>> (3) In the common description of the unbalanced Feister cipher, the
>>>> pivot fields are chosen in sequential order. Since having that order
>>>> key dependent instead (and also having different permutations of the
>>>> order in the processing of a block) essentially complicates analysis
>>>> but involves almost no cost, I have introduced that.
>>
>> As you know, design decisions tend to have disadvantages, too. I hope
>> you thought about them and can give us a short analysis.
>>
>> How exactly should the pivot be determined?
>
> I suggested that the pivot sequence (in each round, if more rounds)
> be psudo-randomly determined (by a PRNG generated from the message
> unique key).

To avoid misunderstanding: if the words of a block are numbered 1..n,
then the pivot sequence is a pseudo-random permutation of that.

M. K. Shen



First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: A New/Old code Just For Fun
Next: Chua's treatment of Wolfram's result