Re: Algorithms to generate permutations

From: Tom St Denis (
Date: 08/02/05

Date: 2 Aug 2005 06:00:02 -0700

Unruh wrote:
> It IS. Most block cyphers are concatenations of primative encryption steps
> (rounds). YOu could stop after 1,2,3,4 rounds and you would have an
> encryption. Usually weak. It is the concatenation of the mutiple
> encryptions that is strong.

There is a difference between adding rounds to AES and adding CAST5 to

AES has a well defined round structure [e.g. branch=25 over 4R]. This
makes the analysis much easier. There is a reason why it has 10 rounds
and not 4 or 3 or 7 or 5 or ... What does tacking on CAST5 buy you
that you can actually sit here and prove?

Does that mean AES is provably CCA-IND immune? No. But it's among the
best we can do with the resource constraints in place.

And frankly, I'd be really surprised if AES-128 is broken [*] in the
next 10 years, broken to the point of unusable in the next 20.

I mean of all the attacks out there none of them can actually break the
design. * So a totally new line of attack will have to be devised. Do
I think this is possible? Yes. Does this make it the likely threat
vector? No.

There are way more things to concern yourself with then what cipher you

If you're really that threaten then design a protocol that is agnostic
to the underlying cipher/hash/etc and upgrade as required.