Q: SAC
in [Cryptography]
|
Prev: RSA key size and safety
Next: MBOL AAOT MBCL LUAT MKAT
From: Mok-Kong Shen on 17 Sep 2009 11:42 Hi, Maybe a rather dumb question: If the property of non-linearity can be disregarded, is there a way of obtaining a n-bit (n>2) bijective function satisfying SAC with low computational cost? Thanks, M. K. Shen
From: biject on 17 Sep 2009 13:45 On Sep 17, 9:42 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Hi, > > Maybe a rather dumb question: If the property of non-linearity can > be disregarded, is there a way of obtaining a n-bit (n>2) bijective > function satisfying SAC with low computational cost? > > Thanks, > > M. K. Shen Yes I humbly agree its a dumb question. Why would you really expect anyone to give you an answer? David A. Scott -- My Crypto code http://bijective.dogma.net/crypto/scott19u.zip http://www.jim.com/jamesd/Kong/scott19u.zip old version My Compression code http://bijective.dogma.net/ **TO EMAIL ME drop the roman "five" ** Disclaimer:I am in no way responsible for any of the statements made in the above text. For all I know I might be drugged. As a famous person once said "any cryptograhic system is only as strong as its weakest link"
From: Mok-Kong Shen on 17 Sep 2009 14:49 biject wrote: > Yes I humbly agree its a dumb question. > Why would you really expect anyone to give > you an answer? Just because you think so, doesn't mean much (especially in view of what I understand is the common valuation of your self-praised software in this group). M. K. Shen
From: Maaartin on 17 Sep 2009 16:34 On Sep 17, 5:42 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Maybe a rather dumb question: If the property of non-linearity can > be disregarded, is there a way of obtaining a n-bit (n>2) bijective > function satisfying SAC with low computational cost? I'm not sure if I did understand you right. Just in case I did: I'd ask another question: Is there any (affine) linear function satisfying the SAC. No, as the expression for each ouput bits looks like C ^ x[n0] ^ x[n1] ^ ... so complementing any single input bit changes any given output bit either always or never - quite far from the required 50% chance. But SAC is quite weak anyway, I read a paper describing a trivial construction of arbitrary large SAC function (which IMHO was of no use).
From: Mok-Kong Shen on 17 Sep 2009 17:29
Maaartin wrote: > I'm not sure if I did understand you right. Just in case I did: > > I'd ask another question: Is there any (affine) linear function > satisfying the SAC. No, as the expression for each ouput bits looks > like > C ^ x[n0] ^ x[n1] ^ ... > so complementing any single input bit changes any given output bit > either always or never - quite far from the required 50% chance. > > But SAC is quite weak anyway, I read a paper describing a trivial > construction of arbitrary large SAC function (which IMHO was of no > use). In the literature there are papers aiming to get highly nonlinear functions satisfying SAC. I guess that, if one doesn't demand anything concerning nonlinearity, one may in return get some saving in computational cost. I am curious to know whether this is the case. So the paper you mentioned would indeed interest me. It would be nice, if you (or anyone in the group) happen to have the exact reference at hand and kindly provide it to me. Thanks, M. K. Shen |