Re: (newbie) question on modification of polyalphabetic substitution cipher

vedaal_at_hush.com
Date: 03/29/04 

Date: 29 Mar 2004 05:51:28 -0800

Joe Peschel <jpeschel@no.spam.org> wrote in message news:<Xns94BB930DDE73fa0khgj7ji8i8jo9@216.168.3.44>...
> vedaal@hush.com (vedaal@hush.com) wrote in
> news:52a1833e.0403280826.6e0f2efe@posting.google.com:

> Then you would have a plaintext autokey cipher.

yes,
but somewhat different than the ones i've read about,
in that there is no repetition of the key anywhere, no matter how long
the plaintext

> > how complex should 'f(n)' be to withstand a brute force attack?
>
> Why worry only about brute-force attacks?

sorry, i was not clear,
i meant brute force attacks in the sense of trying each value of the
constants,

> > since the attacker needs only to try a few small values of n,
> > the strength is dependent upon the amount of work needed to try
> > the different possible f(n)'s
> >
> > if f(n) is of the the form
> >
> > f(n) = [a[(b)^(n+c)] + d[(k)^(n+g)] + r]mod(256)
> >
> > where the constants a, b, c, d, k, g, and r,
> > can have any value from 0 to 9999,
> >
> > then,
> > if this would be attacked using brute force,
> > it would be about as difficult as cracking a 7 word diceware
> > passphrase
> > ( 10000^7 > 7776^7 )
> >
> >
> > the communicators agree beforehand on the above f(n), with initial
> > values of the constants, and can include instructions in the plaintext
> > message
> > about how often to change any or all of the 7 constants
> >
> >
> > is there a mode of attack against this that would be better than brute
> > force?
> >
>
> I think you have to assume that the algorithm and f(n) are known to the
> attacker. So, brute-force isn't the best attack.

yes,
assuming the attacker knows the algorithm, knows n,
but does not know any of the constants, ( a, b, c, d, g, k, or r)

is there a better mathematical attack
than just trying each value for each constant?
(brute-forcing the 'algorithm space')

[btw - what is the correct terminology for this type of 'brute
forcing'? ]

if not,
then is the proposed form of f(n) complex enough to be
as acceptably secure as a symmetrical cipher whose waekest link is the
passphrase?

(assume also, that the communicators agree in each message, to change
at least
one of the constants in the next message,

that way, if there are identical letters/words/spaces in the same nth
position in the plaintext, they will still appear as different in the
ciphertext of the next message)

TIA
vedaal

Relevant Pages

  • Re: Countering chosen-plaintext attacks
    ... > If one passes the same plaintext to a encryptor X times, ... > means that we now have X ciphertexts that all decrypt to the same ... plaintext attack. ... "Her failure to do so meant that she was masking her Midway preparation ...
    (sci.crypt)
  • Re: Encryption provably free of trapdoors
    ... sense against every form of attack other than a brute force ... That would require that there is no algorithm that will produce the key ... The next best thing would be an encryption algorithm with a small and known ...
    (sci.crypt)
  • Re: A basic cryptanalysis question
    ... >> appear out of his attack, he assumes he's recovered the plaintext. ... >include the keys in your construction. ... such a function look at my second order bijective compression of english ...
    (sci.crypt)
  • Re: Matrixview SWISH almost two times better compression then GZIP and much faster
    ... like open source, chosen plaintext, lots of computing power. ... the ciphertext was encrypted with ME6 -- or simply encrypt the ME6 ... computing power and lots of crypto experts to help. ... If ME6 can't withstand such an attack, ...
    (comp.compression)
  • [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
    ... obtain plaintext of SSL/TLS communication ... Ilion) describe and demonstrate a timing-based attack on SSL/TLS ... Select the updated source RPM appropriate for your OpenPKG release ...
    (Bugtraq)
Quantcast