Re: Stream Cipher Like SEAL Wanted ....

From: Mrsjunecarey (mrsjunecarey_at_aol.com)
Date: 06/12/03 

Date: 12 Jun 2003 13:17:05 GMT

>Subject: Re: Stream Cipher Like SEAL Wanted ....
>From: Rick Wash rwash@citi.umich.edu
>Date: 6/11/03 11:44 PM GMT Daylight Time
>Message-id: <slrnbefc64.6m.rwash@elysium.citi.umich.edu>
>
>Looking at the Leopard, this particular problem with the KSA appears fixed
>(since the KSA uses the key length in addition to the key in a complex
>mannor).
>
>However, this doesn't yet justify the claim that it "is about as good as it
>possibly good be." What makes you say this?

Because:

(a) there are no weak keys as there was with (A)RC4

and

(b) its as simple as it could possibly be
(simple == good, for me).

>I would disagree. Consider AES. For every binary operation in the cipher
>(with the sole exception of key addition), one of the two operands is a
>constant.
> [ ... ]

Sorry I don't know anything about AES and have no interest in block-ciphers.

>This isn't a proof. It's empirical evidence that the period is sometimes
>(frequently?) greater than 2^32 (which is a short period for a cipher).
>It doesn't say anything about what "always" happens.

The testing program I used uses entropy generated keys, and I tested with
variable length keys, so I am convinced that this is indeed what always
happens.

>
>> The other proof is simply down to the fact that Leopard uses a
>mathematically
>> perfect permutation algorithm which has a minimum cycle length of about 176
>> million.
>> [ But the cycle length of the Leopard PRNG is much larger than 176 million.
>]
>> This was one of the things I discovered early on during the development of
>> Leopard.
>
>What makes you think this? From looking quickly at the algorithm, this
>fact wasn't intuitively obvious to me. Can you give an explanation of why
>you think this is so?

As I said this was something I discovered early on with one of the bad designs.
And I don't "think" this is so, I know that this is so, due to the tests I ran
on that bad design.

It's due to the "perfect permutation algorithm" which has a period of about 176
million (from memory).

>No, but no one is (anymore) claiming that RC4 is a great cipher.

I like RC4.
It's simple and effective.
And simple == good for me :)

>I think the question that ink really wanted answered is not "why is this
>good" but "how do you know that you didn't open up some other security
>hole?"

Erm. Well. I really don't see how this could open up some other security hole,
and I have an intimate knowledge of the design of Leopard, seeing as how I
designed it :)

>OK. Here's a harder question along these lines. What size of key would
>you recommend as the maximum keysize? aka, what is the design strength of
>Leopard? AES has a stated design > [....]

There is no "design strength".
It simply schedules arbitrary sized keys and that's all there is to it.

Obviously since the size of the state is 256, a key-size beyond a certain point
is useless because there are a finite number of permutations for a state of 256
bytes.

>
>Its good that you believe your cipher to be strong. But, its commonly
>known that its not hard for a person to design a cipher they themselves
>can't break. Its much harder to design one that no one can break. If you
>think you've done that (or come close, or made a positive contribution to
>cryptography with this design), try writing a paper on why you think such
>things and try to get it published. Getting your design published will
>encourage others (such as myself) to analyze it, since breaking a published
>design is usually a publishable paper itself.

As I've already mentioned, I'm quite prepared to issue a challenge to sci.crypt
using e.g. Leopard13 and we'll see if anyone can break it.

>I've been busy with other things. And, when asked for my profession, I
>usually answer "student" right now. Though I am studying cryptography, I'm
>sure I still have a lot to learn.

Aha, modesty :)
I'm the same, I _know_ that I'm not an expert, but I'm not a clueless newbie
either :)

cheers,
robin@wizardsworks.org

>
> Rick

Relevant Pages

  • Re: Stream Cipher Like SEAL Wanted ....
    ... The ARC4 KSA is weak and bad. ... The Leopard KSA is effective and is about ... Kerkoff's principle tells us that the security of a cipher should lie solely ... you could design a cipher with a HUGE state of ...
    (sci.crypt)
  • Re: design question
    ... Are you sure you don't mean "primary keys made up by composing several ... The second stage was logical database design, ... SQL modeling and relational modeling that I've since seen in this newsgroup. ...
    (comp.databases.theory)
  • Re: Query to split one table into 2
    ... Unfortunately it's a design problem. ... Lack of keys makes many things in SQL ...
    (microsoft.public.sqlserver.programming)
  • Re: [OT] Normalization
    ... >> primary keys on every database table. ... >> changed the database design for those situations was to provide a better ...
    (comp.lang.php)
  • Re: Input issues - key down with no key up
    ... Yep, the design is clean. ... > additional keys and buttons. ... At least we can disable the translation in the ...
    (Linux-Kernel)