Re: "Alien" cryptanalysis

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 05/21/03 

Date: 21 May 2003 03:54:03 -0700

Tom St Denis <tomstdenis@iahu.ca> writes:
> Skipjack is not an elegant design by any respects. First off its
> horribly slow in software. Second the key is fixed at 80-bits.

Does it occur to you that the NSA may consider both of the above to be
advantages? Anyway, even on 8 bit microcontrollers it's fast enough
for the purpose it was developed for, which was DMS and the clipper
chip, for phone encryption. On the PIC it's faster than even single DES.
They didn't care about 32-bit workstation implementations.

> There is no published cryptanalysis of Skipjack from the NSA

There's no published cryptanalysis of anything else from the NSA either.

> or any proponent of it. Nowadays academic papers on block ciphers
> that don't include at least briefs on 8 different types of attacks
> are not accepted [I should know].

NSA doesn't publish academic papers. NSA is a trapdoor function when
it comes to publications. They go in, they don't come out.

> So it really falls on the fact that you guys are basing an entire
> argument on an unproven assumption while calling my proven statements
> "snake oil"... hmm...

Well, if you can extend Shamir et al's attack past 31 rounds, THEN
you'll have a proven statement.

Quantcast