Prev: Volume on Advanced Linear Cryptanalysis -- Contributions sollicited
Next: OAEP vs. PSS in PKCS#1
From: unruh on 9 Mar 2010 22:12
On 2010-03-09, WTShaw <lurens1(a)gmail.com> wrote:
> According to the dictionary in my computer, "commutative" is a
> mathematical term involving the condition that a group of quantities
> connected by operators gives the same result whatever the order of the
> quantities involved. A rare usage is relating to or involving
> substitution or exchange.
>
> Perhaps there are other shades of meaning that might be considered in
> crypto matters. One is that if the same distinct algorithm could be
> used with multiple sequential keys and execution of the processes
> could be done in any order with the same result, we could say that it
> shows the property of commutation.
>
> An immediate question could be whether two or more keys used with a
> distinct algorithm could be simplified to perhaps a single key and
> single use, or new sets of multiple keys might give the same result
> as those used before. If so, multiple encryptions might have no real
> advantage at all for that algorithm; it's commutative.

You have two separate questions here-- Are the keys commutative, and do
the encryptions form a group. (C(k1)C(K2)=C(k3))

The second has nothing to do with the first (C(k1)C(k2)=C(k2)C(k1))


>
> If different algorithms could be combined to a single one that would
> be complex than the sum of the contributers, it would be because of
> some commutative property amongst them. There are several examples,

Nope.

> specifically various "table" ciphers which are minor variations of the
> same sympathetic ideas.
>
> If we specifically desire stronger results, we should steer clear of
> commutative designs. There are examples of individual algorithms which
> do not have this flaw when used with different keys. An awkward

almost all modern block cyphers are probably not a group and certainly
are not commutative. Stream cyphers often are commutative, but almost
certainly are not a group, although the OTP IS both commutative and
forms a group ( and is the only provably unbreakable cypher).

Ie, neither commutativity or group properties have anything to do with
strength of the cypher.


> example of non-communtive is the less than perfect BLT. By easy trial,
> two different keys can be used in two passes of encryption and the
> results can be decrypted with the same keys. If the decryptive keys

But different algorithms.
Otherwise you would be claiming that C(k1)C(k1)=Identity.

> are used in reverse order, the original plaintext, or facsimile of it
> would be recovered. (Facsimile allows digits for example to be spelled
> out when recovered.) If the keys are used in decryption in the same
> order as in encryption, the result would be best classed as garbage,
> and against odds that you will repeat obtaining the same results
....
From: WTShaw on 12 Mar 2010 03:23
On Mar 9, 9:12 pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
> On 2010-03-09, WTShaw <lure...(a)gmail.com> wrote:


I'll work through your comments, and see if I unintentionally erred.
Much of what I say is based on experimental examples as I have
implemented literally hundreds of working algorithms, from winners to
wieners.

> You have two separate questions here-- Are the keys commutative, and do
> the encryptions form a group. (C(k1)C(K2)=C(k3))

Those are both good questions. What are you working with? Then, what
makes it so?

> The second has nothing to do with the first (C(k1)C(k2)=C(k2)C(k1))

The hazard of not knowing is assuming. Certain instances require the
different keys to be the same length to be communicative and others
are blind to that difference.

> > If different algorithms could be combined to a single one that would
> > be complex than the sum of the contributers, it would be because of
> > some commutative property amongst them. There are several examples,
>
> Nope.

The property may be merely that the key can be in the same format, the
one algorithm could build on the other. An internal property of one
algorithm that otherwise would be disregarded or transitional could be
saved as extraneous information that could be pipelined into the
other, i.e. ciphertext presented from the first to the second in more
complex form. I return here to electronic circuits, active filters,
phase locked confining mechanisms. My work here was really esoteric,
around 1980. Then, I saw I could program the parallel effect. Welcome
to neural nets and fuzzy logic.

> almost all modern block cyphers are probably not a group and certainly
> are not commutative. Stream cyphers often are commutative, but almost
> certainly are not a group, although the OTP IS both commutative and
> forms a group ( and is the only provably unbreakable cypher).

OTP is an enigma, best and worst and exceptions to and reasons for
seemingly all rules. And it is not the only unbreakable cipher as it
is one most voted likely to...real world meets design flaw.

Complex looping rules tend to say that repetition of any ductive
logical progression will repeat itself unless the constant data trails
off to nothing or migrates to a maximum. Do it on a small scale, scale
it up, and only forget the fact if the loop is made absurdly large.
Change the elements in the aquarium and the system merely changes the
manner and duration of it's response. This is conservation of data
like conservation of mass, rather Newtonian. Now if the data the
algorithm can grow, even a little it suffers not this problem, rather
embodying Einstein's different appreciations, dynamic relativism where
things are not what they seem to be in conventional linear terms. The
data dies, reproduces itself, outgrows useful differences, or can
assimilate randomness into itself in an inductive way that can be
recovered and removed in a corresponding deductive process. I can
explode data where randomness interacts rather efficiently to lose
itself in unfathomable results, and in the reverse, bury meaning in an
unrecoverable hash using the same algorithm. Working examples are
available.

> Ie, neither commutativity or group properties have anything to do with
> strength of the cypher.

Full analysis means understanding, classifying, seeing how to do
things and how not to do them. It's all about everything, not how to
throw things in arbitrary piles but to see infinite valid collections
based on varied criteria. It's through recombination techniques that
new patterns arise, the essence of creativity.

> > example of non-communtive is the less than perfect BLT. By easy trial,
> > two different keys can be used in two passes of encryption and the
> > results can be decrypted with the same keys. If the decryptive keys
>
> But different algorithms.
> Otherwise you would be claiming that C(k1)C(k1)=Identity.

It that coaxing in of randomness that means BLT is not a linear
cipher. I wrote the key in a line, someone else wrote it as a two
dimensional array, but it's a cube. The ciphertext groups are merely
ordered coordinates within the key cube. I know people who think that
spacial way about ciphers and they could see in their minds the
solution as a reasonable pattern to generate reasonable text. It's not
a putdown to say such people might not know how to tie their own
shoes, but one of them probably use the same spacial abilities to
design a zipper, or velcro not realizing that nature had already done
it as a reasonable application of natural laws. Now, nature could
never have invented something as daunting as an impeller in a
hydraulic motor.

I look at ideas that are said as dogma, and I try them, and try them
again. Nature allows that willingly, some people not so freely as
lying is considered more clever. Some also are not so thrilled as
they would like to make arbitrary rules because of whim or capricious
aspirations. Secrets or reality and relationships such as should
interest us are there to be discovered and there is an endless
available supply.

From: WTShaw on 15 Mar 2010 01:41
On Mar 9, 9:12 pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:

>
> almost all modern block cyphers are probably not a group and certainly
> are not commutative. Stream cyphers often are commutative, but almost
> certainly are not a group, although the OTP IS both commutative and
> forms a group ( and is the only provably unbreakable cypher).
>
> ...
Even while concerned with other matters, I've been thinking of the
best way to use simple logic to address this issue.

Concerning AES, for example since I am somewhat rusty on it these
days.:

1. Are all combinations of bits allowed as input data?

2. Are all combinations of bits allowed as output data?

3. if using a single key and repeatedly encrypting with it while
moving output bits to input bits, do you pass through all combinations
of data, a single grand loop, or do you circuit through lesser
combinations with the same key or different numbers of combinations in
the loops with different keys?

I am well aware of how these matter with different base number
systems. And, that my research results with different bases were very
strange, not what I expected at all. C

Changing the boxes in AES might affect #3. Another questions would
be:

4. What do we know about NSA's recommended changes to these boxes,
why, and how would any specific desired effects be confirmed?


From: Greg Rose on 15 Mar 2010 02:06
In article <5d1bc45d-11fe-4fa8-bc49-d46ce4e271d1(a)g26g2000yqn.googlegroups.com>,
WTShaw <lurens1(a)gmail.com> wrote:
>On Mar 9, 9:12�pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
>
>>
>> almost all modern block cyphers are probably not a group and certainly
>> are not commutative. Stream cyphers often are commutative, but almost
>> certainly are not a group, although the OTP IS both commutative and
>> forms a group ( and is the only provably unbreakable cypher).

I don't know what you (unruh) mean about stream
ciphers and OTP forming a group. What is the
operation in this context? If you mean XOR to
combine keystream with plaintext, it is a group,
for both OTP and any additive stream cipher. If
that isn't what you mean I don't understand.

>> ...
>Even while concerned with other matters, I've been thinking of the
>best way to use simple logic to address this issue.
>
>Concerning AES, for example since I am somewhat rusty on it these
>days.:
>
>1. Are all combinations of bits allowed as input data?

Yes.

>2. Are all combinations of bits allowed as output data?

Yes.

>3. if using a single key and repeatedly encrypting with it while
>moving output bits to input bits, do you pass through all combinations
>of data, a single grand loop, or do you circuit through lesser
>combinations with the same key or different numbers of combinations in
>the loops with different keys?

It is extremely unlikely that AES forms a single
cycle for any key, let alone in general. But I
don't think anyone knows for sure. A random
permutation wouldn't, in general, and AES seems to
model a random permutation.

>I am well aware of how these matter with different base number
>systems. And, that my research results with different bases were very
>strange, not what I expected at all. C

I don't know what this means either. AES is
defined on 128-bit blocks. Number systems don't
come into it.

>Changing the boxes in AES might affect #3. Another questions would
>be:
>
>4. What do we know about NSA's recommended changes to these boxes,
>why, and how would any specific desired effects be confirmed?

I don't think NSA recommended any changes
to the AES S-box. I think you're confusing it
with DES. And the effect of their changes is
well understood, in that case, to strengthen
DES against differential cryptanalysis.

Greg.
--
From: Phoenix on 15 Mar 2010 08:43
On 9 Mar, 23:00, WTShaw <lure...(a)gmail.com> wrote:

>An immediate question could be whether two or more keys used with a
>distinct algorithm could be simplified to perhaps a single key and
>single use, or new sets of multiple keys might give the same result
>as those used before. If so, multiple encryptions might have no real
>advantage at all for that algorithm; it's commutative.

I absolutly agree with "no real advantage" in encryption.

See:
Encrypt a commutative algorithm with i.e 3 keys:

K1,K2,K3

We can decrypt with

K1,K2,K3 The original
K1,K3,K2
K2,K1,K3
K2,K3,K1
K3,K1,K2
K3,K2,K1

With a total 6 possible permutations (3!), and all are not simple (at
least in size)

Making a key attack based in this principle (commutative weackness),
are no advantage.
At the end, we still need to now K1, K2 and K3.

Commutativity on encryption, don't means weakness.

 |  Next  |  Last
Pages: 1 2 3 4 5 6
Prev: Volume on Advanced Linear Cryptanalysis -- Contributions sollicited
Next: OAEP vs. PSS in PKCS#1