Re: Provable security against differential cryptanalysis
From: Foo Bar (foobar965_at_hotmail.com)
Date: 10/31/03
- Previous message: Mxsmanic: "Re: How long to break a 512 bit RSA key?"
- In reply to: Tom St Denis: "Re: Provable security against differential cryptanalysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Oct 2003 10:32:43 GMT
"Tom St Denis" <tomstdenis@iahu.ca> writes:
> "Benjamin Choi" <nospam@technosoft21.com> wrote in message
> news:7eeb3109.0310300445.27a3d131@posting.google.com...
> > I read that provable security against differential cryptanalysis can
> > be achieved using a Feistel cipher in which the F-function is itself a
> > series of Feistel rounds. However, for the cipher to be secure, how
> > strong must the internal cipher be? Is there some general way to
> > determine roughly the difficulty of applying differential
> > cryptanalysis to a particular cipher based on the number of rounds of
> > that cipher and the strength in the mini-Feistel making up the
> > F-function?
>
> Don't use a feistel. That being said the design of recursive feistels is
> actually a design of Matt Blaze [turtle] which I accidentaly copied [TC5] a
> while later.
Don't forget MISTY by Matsui. I actually don't know which of MISTY and
Turtle was first, but the Turtle paper cites Matsui.
/FB
-- Foo Bar (foobar965@hotmail.com)
- Previous message: Mxsmanic: "Re: How long to break a 512 bit RSA key?"
- In reply to: Tom St Denis: "Re: Provable security against differential cryptanalysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
