# Re: Weakness of Feistel ciphers

*From*: Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx>*Date*: 19 Apr 2006 12:20:40 -0700

kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:

It has to work modula a Mersenne prime, product of primes, or similar.

OK. It sounds like you're asking for a bijection from Z//p to Z//p

where you can quickly compute both the encryption and its inverse. Is

that right?

That is straightforward to do using AES or SHA or whatever as a

building block. Schroeppel's paper about the Hasty Pudding Cipher

explains how.

I am not a rookie. I have worked professionally with crypto for over

4 years now, and have made stuff like the fastest RSA for the ARM

processor, and a system which converts fingerprints to crypto keys.

The kinds of questions you're asking make it sound like you may

understand how to implement math algorithms, but you don't actually

understand crypto. There's nothing wrong with that, but it means

you're not yet in a position to roll your own.

.

**Follow-Ups**:**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**References**:**Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**Re: Weakness of Feistel ciphers***From:*tomstdenis

**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

**Re: Weakness of Feistel ciphers***From:*Jean-Luc Cooke

**Re: Weakness of Feistel ciphers***From:*Kim G. S. Øyhus

- Prev by Date:
**Re: AES Timing Attack Implementation & Karl Malbrain code...** - Next by Date:
**Re: Weakness of Feistel ciphers** - Previous by thread:
**Re: Weakness of Feistel ciphers** - Next by thread:
**Re: Weakness of Feistel ciphers** - Index(es):