Re: "Small" problem

• Previous message: Peter Fairbrother: "Re: License questions"
• In reply to: Gregory G Rose: "Re: "Small" problem"
• Next in thread: Mark Wooding: "Re: "Small" problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 17 Aug 2003 15:53:05 +0000 (UTC)

According to Gregory G Rose <ggr@qualcomm.com>:
>In article <bhguhr$vl9$1@anderson.hrz.tu-chemnitz.de>,
>Ulrich Elsner <sci.crypt@elsner.org> wrote:
>
>You could replace the MAC function with a 26-bit
>block cipher, encrypt {date, state, zeros}, and
>at the remote side verify that date and zeros
>are correct. I think this is better because you
>don't do a loop at the receiver and there's no
>chance of a collision. The probability of
>accepting a bogus message is the same, though.
>
>You can construct a 26-bit block cipher out of
>4-round Luby-Rackov and a hash function or block
>cipher.

Oh, I finally caught up with my copy of Applied Cryptography
(with dead trees, it is not enough to own a copy, one has to
be in the same place) and read up on the Luby-Rackoff construction.
This seems quite simple (esp. since I'll need a keyed hash function
anyway) but I have one question. You mention a 4-round Luby-Rackoff
while the algorithm described in Schneier is a three round (or 1.5
round, depending on how one counts). Generalization to more rounds
is of course trivial but my understanding is that the strength of
Luby-Rackoff lies in the construction of the hash-function/ keyed
RNG and not in the number of rounds. Has there been some result
since the publication of Applied Cryptography (2nd ed. in 1996)
that recommends more rounds or is the higher number of rounds just
a safety precaution?

Thanks in Advance,

Ulrich Elsner

• Previous message: Peter Fairbrother: "Re: License questions"
• In reply to: Gregory G Rose: "Re: "Small" problem"
• Next in thread: Mark Wooding: "Re: "Small" problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]