Re: Formulae for Latin squares of size 2^n
From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 12/22/03
- Next message: Sebastian Gesemann: "Re: Encrypted IM program"
- Previous message: John E. Hadstate: "Re: attack against ElGamal (and related algorithms)"
- In reply to: Tom St Denis: "Re: Formulae for Latin squares of size 2^n"
- Next in thread: Tom St Denis: "Re: Formulae for Latin squares of size 2^n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Dec 2003 00:17:12 +0100
Tom St Denis wrote:
>
> "Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote:
> >
> > Tom St Denis wrote:
> > >
> > > "Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote:
> >
> > > > I don't know what you mean. A 32*32 S-box, for example,
> > > > clearly mean a transformation of 32 input bits to 32
> > > > output bits. What kind of transformation that is, is
> > > > another issue. The point is that the unit is in bits.
> > >
> > > Correct use of lingo is a good idea. S stands for Substitution. So if
> you
> > > perform a 32x32 substitution yeah that would mean a 32-bit input/output.
> > > Transform implies a linear process [Discrete Cosine Transform, Fast
> Fourier
> > > Transform, etc...] and therefore inherits the matrix notation as far as
> > > dimensions goes.
> >
> > So we do agree that, when we talk about 32*32, the
> > unit is 'bit', right? Transform is a general term.
> > Without appropriate context, it needn't even e.g. be
> > bijective, not to mention linearity.
>
> Transform doesn't imply bijective. But vastly it implies a linear function.
Simply wrong. Transform is a generic term, just like
function is a generic term. If you need to say linear
function, you would need similarly to say linear transform.
>
> > > > In that case, if the Latin squre is of size 2^32, what
> > > > is the size of the MDS that you propose to replace it?
> > > > (In particular, how many bits are there in the matrix?)
> > >
> > > A latin square doesn't exist over a single input though. So maybe
> you're
> > > just all confused?
> >
> > But look at what you wrote:
> >
> > I was suggesting to use a MDS to replace a latin square.
> >
> > So it seems that you are confused? (See also below.)
>
> A Latin square is a (2,1)-multipermutation. Presumably you will do somethin
> with the other input. Why not just use a 2x2 MDS? [or scale up and use
> larger MDS transforms?]
I admit that I don't understand the term (2,1)-
multipermutation. But a Latin square is at first a
table with certain required property. For a given value
of the column, one has a bijective mapping of the values
of the row to the table entry. My formula gives a
non-linear expression that can be simply computed for any
entry on the fly without having the whole table. That's
the essence of the proposal.
>
> > > So in other words you have no good reason whatsoever. Gotcha.
> >
> > Variability could replace fixed optimality in my view.
>
> Because you don't understand cryptography.
>
> > I believe that a good scheme is to employ combination
> > of stream and block techniques, i.e. with a PRNG
> > to determine the parameters of an otherwise block
> > operation (determining the substitutions, subkeys etc.).
> > That wouldn't be good for hardware, but for software,
> > which one uses at least also quite a lot, there is no
> > problem at all with that kind of variability.
>
> Um even in software. What about embedded platforms with limited
> ram/cache/cpu speed?
>
> Also you have to drop this "key dependence". For example, there is no such
> thing as a key dependent sbox. Look at Twofish for instance. You could
> model the sbox completely in which case it's fixed 4x4s and a SPN.
How about Blowfish?
>
> > > Well I doubt #1 is true, it happens but not that often. I doubt #4 is
> true
> > > since I have experience in this very subject. So it's either #2 or #3.
> If
> > > you can provide a concrete reference [instead of handwaving] we can rule
> out
> > > #3 probably fairly quickly.
> >
> > I didn't understand the paper much, as said, nor do I
> > understand coding theory in general. That's my big
> > problem here. Since you have experience in this very
> > subject, could you kindly explain at least what does
> > the name MDS concretely signify? Doesn't that mean some
> > optimal property in the sense of coding theory, i.e.
> > what a good code should possess?
>
> I'm no coding theory expert either however....
>
> MDS matrices come from RS matrices [I can't recall what RS stands for] which
> are linear codes and (n,m)-multipermutations for n>m. They have the
> property that there are always at least m+1 different bytes on the input or
> output sides [summed together]. I don't know all the theory behind them
> [I'm gonna go study them when I get back home tonight since clearly I'm not
> that familiar either]. Anyways, a MDS is a special form of RS matrix where
> n == m [e.g. square].
>
> Vaudenays paper covers some basics of multipermutations which you should
> read.
But, if that's a special form of RS, then that presumably
implies that it's a good code in the sense of coding
theory, isn't it? In that case there seems to be certain
connection (via 'good code') between MDS and 'random
code', assuming the paper I mentioned is correct.
M. K. Shen
- Next message: Sebastian Gesemann: "Re: Encrypted IM program"
- Previous message: John E. Hadstate: "Re: attack against ElGamal (and related algorithms)"
- In reply to: Tom St Denis: "Re: Formulae for Latin squares of size 2^n"
- Next in thread: Tom St Denis: "Re: Formulae for Latin squares of size 2^n"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
