Re: Modulo instead of XOR in CFB

From: Gregory G Rose (ggr_at_qualcomm.com)
Date: 08/10/05


Date: 10 Aug 2005 08:24:55 -0700

In article <42f9f6c0$0$8411$79720d31@newsreader.inode.at>,
Thomas <arot.ts@gmx.net> wrote:
>In CFB mode usually the plain text is XORed with the encrypted queue
>bit. However, I want encrypt only bytes below 0xFF and the cipher should
>not contain any 0xFF.
>Therefore I thought of replacing the XOR with (mod 255).
>Are there any security concerns I might hav overseen?

Assuming that the generator is good, you'll
introduce a bias by doing this. That's because
the generator will generate 0 and 255 with equal
probability, both of which will encrypt the
plaintext the same way (in fact, by not changing
it). That means that a ciphertext byte is twice
as likely to be the same as the plaintext as it
is to be any other byte. This is a staggeringly
large bias, by crypto standards.

Greg.

-- 
Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au