Re: VMPC Stream Cipher - ideas on potential weaknesses?
From: Bartosz Zoltak ()_at_vmpcfunction.com)
Date: 09/30/03
- Next message: Mxsmanic: "Re: controversial paper"
- Previous message: Bartosz Zoltak: "NIST randomness-tests - EXE?"
- In reply to: Gregory G Rose: "Re: VMPC Stream Cipher - ideas on potential weaknesses?"
- Next in thread: Scott Fluhrer: "Re: VMPC Stream Cipher - ideas on potential weaknesses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Sep 2003 10:58:18 +0200
Gregory G Rose wrote:
> Just for fun, I implemented VMPC and pushed 4
> terabytes of bytes and digraphs through our
> statistics program (that easily detects RC4
> biases). No significant results were detected.
>
> During that process, I actually understood what it
> was all about, and I'm impressed. Someone should
> do the sort of analysis you guys did with RC4, but
> I'm not at all sure that it will show anything.
> The big question remaining in my mind is whether
> it's possible for it to fall into short cycles; I
> don't *think* it is but it would appear to be a
> possibility.
It would be interesting to know about the possible short cycles. Do you have
anything particular in mind? One could easily show theoretically the Finney
states for RC4 but for VMPC, thanks to the s=P[s+P[n]] instead of s=s+P[n]
opeartion, situations like Finney states appear to be impossible.
Do you suspect one could show short cycles theoretically or you mean
test-finding them, like using the Floyd cycle finding algorithm?
I thought I could implement an attempt of cycle-finding when doing the
digraphs-on-given-positions tests (and possibly also trigraphs - frequencies
for three consecutive outputs) I could program it also to search for
repeated sequences in the genrated output, I only don't know how informative
it would be regarding the short-cycles-question.
My geuss is that the algorithm mixes the permutation well enough to avoid
occurrence of short cycles, but any test to support or abolish this guess
would be much more valuable.
> Conceptually, what he's done is to use a single
> permutation array to simulate two independent
> permutations.
In fact - a permutation (P[x]+1 mod 256), even tough trivially derived from
P[x], is a new permutation - it cannot be derived by simple
permutation-operations, like swapping of a few elements of P or composing P.
-- Bartosz Zoltak http://www.vmpcfunction.com QPbzoltak@vmpcfunction.com without "QP"
- Next message: Mxsmanic: "Re: controversial paper"
- Previous message: Bartosz Zoltak: "NIST randomness-tests - EXE?"
- In reply to: Gregory G Rose: "Re: VMPC Stream Cipher - ideas on potential weaknesses?"
- Next in thread: Scott Fluhrer: "Re: VMPC Stream Cipher - ideas on potential weaknesses?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
