Re: Some empirical results of random S-boxes
From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 09/30/04
- Next message: Mok-Kong Shen: "Re: Some empirical results of random S-boxes"
- Previous message: Giorgio Tani: "Re: What is a "perfect secret" ?"
- In reply to: Terry Ritter: "Re: Some empirical results of random S-boxes"
- Next in thread: Tom St Denis: "Re: Some empirical results of random S-boxes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 12:05:32 +0200
Terry Ritter wrote:
> Most differential and linear attacks on conventional
> block ciphers depend upon knowing the contents of fixed
> boxes so their probabilities can be pre-computed and
> used in the attack. They are thus "known s-box" attacks.
>
> But when boxes are constructed for each key, the contents
> are NOT known to the attacker, and probabilities can NOT be
> pre-computed for use (beyond the distribution expected from
> random construction). It is thus the random construction
> itself which demands more advanced "unknown s-box" attacks,
> and those may not be differential or linear in nature.
>
> It seems to me that s-box structure is a fundamentally
> different and less significant issue for keyed s-boxes
> than in the popular cipher designs.
This is indeed an essential point to be noted, I believe.
M. K. Shen
- Next message: Mok-Kong Shen: "Re: Some empirical results of random S-boxes"
- Previous message: Giorgio Tani: "Re: What is a "perfect secret" ?"
- In reply to: Terry Ritter: "Re: Some empirical results of random S-boxes"
- Next in thread: Tom St Denis: "Re: Some empirical results of random S-boxes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
