Re: Weakness of Feistel ciphers

In article <1145475273.800259.286050@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<tomstdenis@xxxxxxxxx> wrote:
Kim G. S. Øyhus wrote:
??? You mean you verified your tests? [verified != test]

Tests of crypto, and tests of tests, and tests of tests of tests, etc.

Well then, that answers that. Clearly this means Feistels are flawed.

That conclusion do not belong there.


So you used your own round functions [possibly flawed ones] and from
this you conclude that Feistels are weak?

Definitely flawed ones, but very fast, and sufficiently good for my
purpose when I abandoned Feistels.

Stop right there. You admit you used flawed round functions but then
insist it's a flaw in the Feistel network?

You fail it.

Yet my cipher now works like it should, after I abandoned Feistel for
something more entropic.


Using information theory, a cipher is better the more random it is.
To make a cipher random, some randomness must be put into it.
Some ways of putting randomness in is: S-boxes, round-keys, xor-keys, masks.

Um, what? The only entropy in a block cipher would be the key material
and plaintext [or ciphertext depending on direction]. s-boxes are
typically fixed design elements.

Fixed design elements and the algorithm itself contributes entropy.


By randomness I think you're talking about non-linearity and
differential immunity [for starters].

I am talking about computationally limited algorithmic information theory.


Swapping half blocks do not put randomness in, but shifting the block does.
Multiplying the block also does that.

Um? Say who what? Why would a shift "put randomness in" [whatever
that means]?

It means: The simplest algorithm implementing the cipher is more
complex when the reference code defining it uses shifting or
multiplication instead of only swapping.


So: Feistels put less entropy into the cipher than other schemes.

That's entirely possible given I have no f'ing idea what you're talking
about.

Too bad. Algorithmic information theory is quite usefull stuff like that,
and other stuff as well.

Did you see the cryptographic function in "A new kind of science"?


Um ... not from any cipher worth speaking about. This isn't a property
of DES, Twofish, CAST or others.

Good for them. Are you sure that is true when they use few rounds?
And I abandoned S-boxes to make my cipher faster.

I don't get your point. SPNs use more than a few rounds as well. The
simple matter of the fact is that small sboxes means you need multiple
rounds to make the attack complexity high enough.

And I have noticed that supposedly faster ciphers have a tendency of
requiring more rounds, resulting in about the same speed as other
ciphers, as if there were some hard computational lower limit on how
fast good ciphers can be.

So I changed the Feistel to get more entropy for less calculation time
than S-boxes would have required.


Not practical? But DES and others use them.

DES is not theoretically secure. It's heuristically secure.

Well, I do not thik I understand what you mean here.
Somewhat paradoxical use of "practical*".

That's because you need to learn the subject material.

A true random round function is huge, seven rounds of which makes a
secure Feistel.

That's not practical.

So DES doesn't follow information theory. It follows heuristics. That
is, all attempts to break 16 rounds have by computational means [e.g.
finding differentials, linear hulls, etc] have had limited success.

Ah. So by "practical" in the removed text, you meant "theoretical".
And as I have said, my cipher do not need to be theoretically secure.
It just needs to be random enough.


You sir need more hugs or something.

Why did you write that?

Because you're a retard but we love you just the same.

And how did you reach the conclusion that I am a retard?

Because if you had two clues about cryptography this thread would not
exist.

You have a mental defect: You believe wrong stuff about people,
specifically me.

I am not a retard, but a M.Sc. in physics and math, with a high IQ.
I designed the worlds fastest RSA for ARM, a sign of having clues about
cryptography.
I also invented a system which can translate fingerprints into cryptographic
codes. This also needed understanding of cryptography. I have not seen
anyone else do this. But I have seen a number of faulty patents on it.
As for hugs, I get lots of them every day, significantly more than average.


I hope your judgement of cryptography is better than your judgement of
people.

Kim0
.

Relevant Pages

  • Re: Provable security against differential cryptanalysis
    ... > be achieved using a Feistel cipher in which the F-function is itself a ... > series of Feistel rounds. ... However, for the cipher to be secure, how ...
    (sci.crypt)
  • Techincal Error in Steven Levys "Crypto"
    ... reading its version of the story of Horst Feistel, ... as the source quoted in Bruce Schneier's _Applied Cryptography_ for the ... A block cipher that performs the ... author Steven Levy, ...
    (sci.crypt)
  • Re: attacking a re-used OTP // is it possible if it is changed with a random key each time ?
    ... defined by a block cipher should be indistinguishable from the ... cryptography in practice does not ... exploit this weakness now, I find it a great deal more ... some detail by NSA, because OTP cipher failure ...
    (sci.crypt)
  • Re: Crypto Mini-FAQ
    ... may be superceded by Practical Cryptography, ... easy to make a cipher that can't be broken from a sample message, ... : Q: How large should my keys be? ... : Q: Will quantum computers make all this crypto obsolete? ...
    (sci.crypt)
  • Re: Novelist thanks the group
    ... as a ringing endorsement of the Administration's cryptography policy as ... non-historical cryptography novel - making a modern cipher breakable ... ending - like that of Rainbow Six - lacked moral tone. ... Usenet Zone Free Binaries Usenet Server ...
    (sci.crypt)