Re: A basic cryptanalysis question
From: Anton Stiglic (stiglic_at_cs.mcgill.ca)
Date: 07/10/03
- Next message: Anton Stiglic: "Re: A basic cryptanalysis question"
- Previous message: John Navas: "Re: Cell Phone Encryption/Security in The USA"
- In reply to: David Wagner: "Re: A basic cryptanalysis question"
- Next in thread: Mark Wooding: "Re: A basic cryptanalysis question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jul 2003 15:56:37 -0400
Maybe Marc confused with the results from Kilian and Rogaway on DESX
in the paper "How to Protect DES Against Exhaustive Key Search".
In that paper they prove that if E is an idealized block cipher,
then EX (DESX like construction but with E) has an effective key
length of at least k + n -1 -lg m bits, where k is the key length of
E, n the block size and m the maximum number of plaintext/ciphertext
pairs the adversary can obtain.
In the open problems section they say, I quote:
"...it would be interesting to apply this model to bound the maximal
advantage an adversary can get for triple DES with three distinct keys,
or triple DES with the first and third keys equal...."
--Anton
- Next message: Anton Stiglic: "Re: A basic cryptanalysis question"
- Previous message: John Navas: "Re: Cell Phone Encryption/Security in The USA"
- In reply to: David Wagner: "Re: A basic cryptanalysis question"
- Next in thread: Mark Wooding: "Re: A basic cryptanalysis question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
