Re: Weakness of Feistel ciphers



kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:

In article <7xodyx74on.fsf@xxxxxxxxxxxxxxxxxxx>,
Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> wrote:
kim@xxxxxxxxxxx (Kim G. S. Øyhus) writes:
It has to work modula a Mersenne prime, product of primes, or similar.

OK. It sounds like you're asking for a bijection from Z//p to Z//p
where you can quickly compute both the encryption and its inverse. Is
that right?

Yes, and perhaps other fields or semigroups as well, as you guessed.


That is straightforward to do using AES or SHA or whatever as a
building block. Schroeppel's paper about the Hasty Pudding Cipher
explains how.

Thank you for your advice. I will examine that.


I am not a rookie. I have worked professionally with crypto for over
4 years now, and have made stuff like the fastest RSA for the ARM
processor, and a system which converts fingerprints to crypto keys.

The kinds of questions you're asking make it sound like you may
understand how to implement math algorithms, but you don't actually
understand crypto. There's nothing wrong with that, but it means
you're not yet in a position to roll your own.

Since I do not need strong crypto, I think it is perfectly all right
to make my own. I just need something that is strong enough, stronger
than ordinary pseudo random generators. My tests say I have achieved
that, but they can be wrong.

Designing good pseudo random number generators is, like crypt, a field
littered with the carcases of ideas of people who thought they had improved
on the field. And "your tests" are almost certainly wrong. There is no way
to test the output to decide if it is cryptographically strong PRG.
(Of course it depends on what you mean by "ordinary". If you mean circa
1940 generators, probably yes. If you mean current state of the art, almost
certainly no.)


Kim0
.



Relevant Pages

  • Re: ----- Mersenne Twister -----
    ... A crypto number is cleansed of any statistical nonrandomness that could exists in the number, while a pseudo random number is not free of that can be determined by way of different algorithms. ... Many cryptographically strong random number generators are pseudo-random number generators, though they may be seeded from "true" sources of randomness. ... This is because cryptographically strong PRNGs are typically based on ciphers or secure hash algorithms (the default Java SecureRandom implementation, on Windows platforms at least, is based on SHA-1). ...
    (comp.lang.java.programmer)
  • Re: Weakness of Feistel ciphers
    ... I just need something that is strong enough, stronger ... than ordinary pseudo random generators. ... Designing good pseudo random number generators is, like crypt, a field ...
    (sci.crypt)
  • Re: Bells Theorem?
    ... Since the pseudo random number generators are initialised with the ... number generator to a two valued set. ... common cause model. ...
    (sci.physics.research)
  • Re: Random numbers?
    ... Don't be put off by the "pseudo" in pseudo random numbers. ... conform in an apparently random sequence to a certain distribution. ... Where greater randomness is wanted the generators can ... but, then again, the repeatability of PRNGs does have some uses in other ...
    (comp.lang.asm.x86)
  • Re: Gaussian Noise Generation
    ... interesting form of sample to sample correlation. ... consecutive numbers from such a generator, form x-y pairs from them ... experience with making pseudo random number generators pass the ...
    (comp.dsp)