Use of simple schemes
in [Cryptography]
|
Prev: Merry Christmas 10
Next: test
From: Mok-Kong Shen on 11 Nov 2009 09:26 Hi, Thanks to Moore's law and other economic/technical factors, computing speed always tends to increase and the cost of hardware as a rule tends to decrease and consequently nowadays even a normal user is able to do computations that decades ago were not easy jobs for the supercomputing centres. I suppose that in crypto computations, like in the general case of numerical mathematical computations, there is always a trade-off between computing cost and complexity of computing procedure employed. I mean that, since now computing cost is often a minor issue, one could, as an alternative to applying sophisticated algorithms that require deep analysis in their design and much care in implementation, employ certain simple primitive procedures, using a much higher number of steps of operations to compensate for their inherent weakness with respect to the complex procedures underlying the sophisticated algorithms. I remember that years ago Terry Ritter had the following suggestion: Append to a given block of plaintext bits a number of bits such that there are in total the same number of 0's and 1's and then perform a random permutation of the bits to become the ciphertext block. (Perhaps for sufficiently large block lengths one could for ease of handling relax the requirement of exact equality of number of 0's and 1's to an approximate equality or even simply extend a given plaintext block of length L with, say, three blocks of length L that contain pseudo-random bits.) Recently Marsaglia has published a fast PRNG with very good statistical qualities. I suppose that it could possibly render Ritter's scheme to become viable in practical applications. Are there other schemes that in similar manner could profit from the permanent trend of ever cheaper and higher performance of computer hardware? Thanks, M. K. Shen
From: Le Chaud Lapin on 12 Nov 2009 01:02 On Nov 11, 8:26 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Are there other schemes that in similar manner could profit from the > permanent trend of ever cheaper and higher performance of computer > hardware? Well, I do not know of any clever algorithms that could become more attractive due to massively-cheap computing power, but if someone were to speed up modular reduction by a couple orders of magnitude, doing whatever is necessary in conventional CPU's, ... sigh. :( -Le Chaud Lapin-
From: Mok-Kong Shen on 12 Nov 2009 16:01 Another scheme that is also (theoretically) very simple but fa�rly expensive in computing is, I suppose, Hill's scheme employing matrices. Now the Hill cipher is said to be weak in textbooks because, if the matrix is n*n and one has n^2 units of corresponding plain and cipher text, then the matrix can be found and the whole thing broken. But one could afford to use a good sufficiently fast PRNG to dynamically generate as many matrices as needed, using even any one n*n matrix for much less than n^2 units of plaintext, when the computing cost is low and the speed is acceptable. This way, Hill's scheme would be practically applicable (eventually as a component of a larger scheme) in my humble view. M. K. Shen
From: Maaartin on 12 Nov 2009 17:03 On Nov 12, 10:01 pm, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Another scheme that is also (theoretically) very simple but faírly > expensive in computing is, I suppose, Hill's scheme employing matrices. > Now the Hill cipher is said to be weak in textbooks because, if the > matrix is n*n and one has n^2 units of corresponding plain and cipher > text, then the matrix can be found and the whole thing broken. But one > could afford to use a good sufficiently fast PRNG to dynamically > generate as many matrices as needed, using even any one n*n matrix for > much less than n^2 units of plaintext, when the computing cost is low > and the speed is acceptable. This way, Hill's scheme would be > practically applicable (eventually as a component of a larger scheme) > in my humble view. But having a fast perfectly secure PRNG you could simply xor it's output with the plaintext. Using an unsecure PRNG makes the Hill's scheme vulnarable again. And again, you need an expensive analysis of the cipher what is just what you wanted to avoid.
From: biject on 12 Nov 2009 18:15
On Nov 11, 7:26 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > Hi, > > Thanks to Moore's law and other economic/technical factors, computing > speed always tends to increase and the cost of hardware as a rule > tends to decrease and consequently nowadays even a normal user is able > to do computations that decades ago were not easy jobs for the > supercomputing centres. > > I suppose that in crypto computations, like in the general case of > numerical mathematical computations, there is always a trade-off > between computing cost and complexity of computing procedure employed. > I mean that, since now computing cost is often a minor issue, one > could, as an alternative to applying sophisticated algorithms that > require deep analysis in their design and much care in implementation, > employ certain simple primitive procedures, using a much higher number > of steps of operations to compensate for their inherent weakness with > respect to the complex procedures underlying the sophisticated > algorithms. > > I remember that years ago Terry Ritter had the following suggestion: > Append to a given block of plaintext bits a number of bits such that > there are in total the same number of 0's and 1's and then perform > a random permutation of the bits to become the ciphertext block. > (Perhaps for sufficiently large block lengths one could for ease of > handling relax the requirement of exact equality of number of 0's and > 1's to an approximate equality or even simply extend a given plaintext > block of length L with, say, three blocks of length L that contain > pseudo-random bits.) Recently Marsaglia has published a fast PRNG > with very good statistical qualities. I suppose that it could possibly > render Ritter's scheme to become viable in practical applications. > Are there other schemes that in similar manner could profit from the > permanent trend of ever cheaper and higher performance of computer > hardware? > > Thanks, > > M. K. Shen A realitively easy scheme would be to use the XOR program I wrote years ago where the two files do not have to be the same length. One of the files could be the first part of a long key. When you XOR the two files then do some sort of bijective binary BWT on the result file. then do another XOR with a second different key file. Some day I will but a binary bijective BWT type of program on web since it is the fist stage of a simple bijective binary BWT type of compression program. David A. Scott -- My Crypto code http://bijective.dogma.net/crypto/scott19u.zip http://www.jim.com/jamesd/Kong/scott19u.zip old version My Compression code http://bijective.dogma.net/ **TO EMAIL ME drop the roman "five" ** Disclaimer:I am in no way responsible for any of the statements made in the above text. For all I know I might be drugged. As a famous person once said "any cryptograhic system is only as strong as its weakest link" |