Re: Weakness of Feistel ciphers

In article <7xodyx74on.fsf@xxxxxxxxxxxxxxxxxxx>,
Paul Rubin <> wrote:
kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:
It has to work modula a Mersenne prime, product of primes, or similar.

OK. It sounds like you're asking for a bijection from Z//p to Z//p
where you can quickly compute both the encryption and its inverse. Is
that right?

Yes, and perhaps other fields or semigroups as well, as you guessed.

That is straightforward to do using AES or SHA or whatever as a
building block. Schroeppel's paper about the Hasty Pudding Cipher
explains how.

Thank you for your advice. I will examine that.

I am not a rookie. I have worked professionally with crypto for over
4 years now, and have made stuff like the fastest RSA for the ARM
processor, and a system which converts fingerprints to crypto keys.

The kinds of questions you're asking make it sound like you may
understand how to implement math algorithms, but you don't actually
understand crypto. There's nothing wrong with that, but it means
you're not yet in a position to roll your own.

Since I do not need strong crypto, I think it is perfectly all right
to make my own. I just need something that is strong enough, stronger
than ordinary pseudo random generators. My tests say I have achieved
that, but they can be wrong.


Relevant Pages

  • Re: Quadruple Algorithms
    ... occurring" (a fatal flaw being found in AES, ... If you really want secure crypto use various layers of encryption ... with the output of one cipher feeding ...
  • Re: AES and Diehard
    ... >you could employ kill file, ... The result of encryption which might eventually develop ... a standard for crypto the 'diversity' of interests is ... compression algorithm could exploit in order to compress. ...
  • Re: TrueCrypt or DiskCryptor?
    ... Have been using TrueCrypt for at least two years. ... source review breaks down. ... So a high level of crypto ... One should instead "nest" the encryption (at ...
  • Re: Infinite One-Time Pad, is this product BS?
    ... the encryption any stronger than admitting that all of it together ... information needed to properly decrypt a message) and post it. ... I ran a contest here several years ago using ... my crypto and some people tried. ...
  • Re: Crypto implementation in consumer encryption software
    ... >literally hundreds of encryption programs using AES, Twofish, ... too many also put every concevable feature in the product - giving ... reasonable risk, and find a product that does what you want. ... most 'consumer' crypto apps don't seem to understand ...