Re: Weakness of Feistel ciphers



Kim G. S. Øyhus <kim@xxxxxxxxxxx> wrote:
In article <7xmzeh5s5z.fsf@xxxxxxxxxxxxxxxxxxx>,
Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> wrote:
You could also look at the Hasty Pudding Cipher, one of the AES
submissions.

I need a cipher modula a Mersenne prime, prime products, or similar.

Suppose your modulus satisfies 2^(l-1) < n < 2^l. First you select
an l-bit block cipher (HPC may be a good candiate). To encrypt, you
iterate your block cipher repeatedly until the result is below n.
If your block cipher is any good at all, this will work.

This is the HPC trick. You could already have looked it up.

--
Kristian Gjøsteen
.



Relevant Pages

  • Re: Weakness of Feistel ciphers
    ... I need a cipher modula a Mersenne prime, prime products, or similar. ... iterate your block cipher repeatedly until the result is below n. ... This is the HPC trick. ... And how am I to know how many times i must iterate to decrypt? ...
    (sci.crypt)
  • Re: Weakness of Feistel ciphers
    ... I need a cipher modula a Mersenne prime, prime products, or similar. ... iterate your block cipher repeatedly until the result is below n. ... This is the HPC trick. ... And how am I to know how many times i must iterate to decrypt? ...
    (sci.crypt)
  • Re: Pin generation algorithm question
    ... > A suitable PRF can be constructed easily from a block cipher like ... > Rijndael (we assume the sequence number space is somewhat smaller than ... Let R_Kbe a Rijndael application. ... just iterate the decryption until y < max again. ...
    (sci.crypt)
  • Re: Generation of range permutations?
    ... > Let's suppose that you want to generate a permutation of integers in the ... and E_k is a 64-bit block cipher? ... You really need special small-block ciphers like HPC, for that scheme ...
    (sci.crypt)
  • Re: Generation of range permutations?
    ... > Let's suppose that you want to generate a permutation of integers in the ... and E_k is a 64-bit block cipher? ... You really need special small-block ciphers like HPC, for that scheme ...
    (sci.crypt)