Re: Idea for a slow block cipher with adjustable block length
From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 03/31/05
- Next message: ošin: "Re: Critiquing surrogate factoring"
- Previous message: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- In reply to: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Mar 2005 15:51:24 -0800
Antti Louko <alo@iki.fi.invalid> writes:
> In this case the only requirement is that if any number of mappings
> are revealed, this doesn't make arbitrary reverse (or direct) mappings
> easy to find.
OK. Note if you use a pseudorandom function as F, with such a small
block size (24 bits), you can get birthday collisions, which can make
their way to the output, so you may want to add a couple more rounds.
There have been some old sci.crypt threads about this but I don't
think it's really been analyzed much, since such small block sizes
are generally considered insecure to begin with.
The Feistel cipher you're describing is called the Luby-Rackoff
construction, by the way.
- Next message: ošin: "Re: Critiquing surrogate factoring"
- Previous message: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- In reply to: Antti Louko: "Re: Idea for a slow block cipher with adjustable block length"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
