Re: SPES (my new encryption) one of its kind

I'll tell you, but I don't think you'll like it. Standard disclaimer when
I'm talking to someone who proposes a new cipher around here: Your design
will be torn to little tiny pieces. If these little tiny pieces are
insecure, your system is insecure. If the little tiny pieces are secure,
well we won't have to worry about that.


Start with a better name, this one shows you don't understand what >>>security
or priority is.

it just a name that looks fancy , do ot worry

Work on some real asumptions, this was just some random statements.

can you explain more please ?

Key length has nothing to do with difficulty of cryptanalysis. Just to >>>give
a trivial example, remove the subkey generation procedure form AES,
substitute with a key large enough to simply be split between the subkeys,
it will still offer the same strength as before even though the key is now
many times larger.

true.. which is stronger 192-bit AES or 256-bit AES ???

does really "Key length has nothing to do with difficulty of

Further difficulty in performing cryptanalysis is actually a bad thing.
Because of cryptography's position it is easiest to understand things from >>>a
kill vs be killed scenario. Which would you want in a fight:
1) A well made, fully loaded gun
2) A device I make that I certify will never jam and fail to fire. Can be
used at any speed you can handle. Capable of penetrating any armor. Is so
forward looking that the US military is only recently looking at it as a
possibility for the future of combat.
I'll give you a hint, device 2 is walkman with some speakers (it's good to
20,000 per second!!!!, and it's true that the US military is looking at
sound for weapons, just their designs are more substantial). All I did was
make analysis of the risks involved difficult, and in so doing many people
would have entered combat with a walkman.

ok .. this is true

but my system belongs to type #1 not type #2 ,however it is somehow
more than one gun

Marketing excretia is not a good way to discuss cryptography. Either give >>>a
solid reason why 2^256 is not a big enough number, or change your concept >>>to
line up with the truth.

there is a good reason which is : you can not be sure 100% that current
AES system for example is flawless (even if the greatest cryptanalysis
people torn it into peices)

holes may exist , can you prove otherwise?

Actually, take a look at the complexity involved. If we take the sum of >>>the
complexity of brute force search for all key lengths < K, we have a >>>maximum
complexity of (2^K)-1 in a brute force search. It is far better to simply
design the system with a K-bit key (with brute force complexity of 2^K), >>>so
that, going back to point 1, proper analysis can be made.

i agree , but i am using arbitrary length for other reason also (more
to come when i descripe my system)

Again, this is actually a good thing. Making complex designs leads very
quickly to the marketing excretia problem in 1. By making a system that >>>can
be analyzed in depth you can make sure that every known attack fails >>>against it.

what about unknown attacks yet to be discovered ?

You do have a small point here but you picked the wrong place for it.There
is a philosophy of cipher design that says make the key function compute
intensive. The idea being that the legitimate user will only be doing it
once, but that the attacker will payit over and over.
Unfortunately, this
philosophy has fallen out of common use because all the attacker needs to >>>do
is break the key generator in such a way that generating K processed keys
does not take K*generating 1 processed key, RC2 makes a good example of >>>this
flaw. The end result is that you may actually give the attacker a greater
advantage because the user will try to save processing time by reducing >>>key strength.

be assured that because of the way my system in designed it is very
difficult to break the generator (more to come when i descripe my

please ... remind me to answer these hanged issues

I realize it is counter-intuitive, but because users will optimize their
experience, it very often leads to actually weakening the security.

do you mean that people will choose short keys ??

So basically your argument against block ciphers is that cryptanalysts
exist. I've got news for you, no matter what system you design, we exist.

sure ... you will be there but ...

how many times you think breaking a system is harder than making it?

The Unicity Distance says differently. In fact if one makes full use of >>>the
unicity distance in the design of a system you can actually reach a state
where even a very long ciphertext actually cannot be broken. Of course >>>this
level of work is rarely worth it, and will very often be counter->>>productive,
but it is possible.

well , i assume it is possible ,and because my hacker is very powerful
i prefere to take the safe side

File ciphers don't work well in practice for many reasons, the biggest of
which is streaming. Let's say I'm chatting with Tom, a file cipher is
ineffective because the entire text of the session is not available. The
best you can do in this case is to drop down to fixed sized (or variable
sized) chunks of text.
Of course the method of preference (because mathematical proofs exist for
this) is to use a secure chaining mode which allows the designer to build
things in arbitrarily sized blocks.

every encryption system has advantages and dis-advantages ,and every
system has its use

my system is not for chat ... it is for high security ,slow encryption

The problem with these designs is not that you don't have some portion of >>>keys that are secure, but that making sure every key result in a secure >>>construction becomes effectively impossible.
In the worst case your design gets whittled
away until only 1 key remains strong, from there brute force is trivial.

there are counter measures built-in the system ... wait and we shall
disscuss that in details

This actually won't work. The reason is quite simple, at a certain level
your key selects a permutation, that is, there exist no inputs i,j such >>>that
i<>j and F(i)=F(j). From there it is reasonably easy to prove that even if
your plaintext is incorporated into your cipher design is some way, there >>>is
an expression of your design that does not have this behavior.

well .. i have to admit i did not get the point

however ,the way my text affect the encryption is so simple but
effective ,no need for your assumptions

Actually not really, at least in most cases. You would have to >>>cryptanalyze
the source of random bits as well in order to see whether or not that >>>system
could be compromised. If the attacker con compromise your source of bits >>>he
can now push the unicity distance in his favor instead of yours.

he will not have the chance to do so
(more to come when i descripe my system)

please ... remind me to answer these hanged issues

8- the encryption system should not depend only on one or few math

The problem with this is that you have to prove that you rely on A OR B >>>OR C OR D being true, but history says that is difficult, and you will end >>>up
with relying on A AND B AND C AND D being true, so the attacker only has >>>to
break one of these to break your system. The problem many people don't
realize is in cryptography is that putting all your eggs in one basket >>>tells
you very easily if your eggs are broken, but with multiple baskets it is
harder to check them all.

the way the system implemented make the hacker in need of breaking all
the ciphers

hint : if you are hacking a text encrypted with DES for example : how
do you know that you did reached the correct key ?


Relevant Pages

  • Re: SPES (my new encryption) one of its kind
    ... I'm talking to someone who proposes a new cipher around here: Your design ... cryptanalysis also can reduce this huge number considerably making this ... unit mandatory (to be explained during explaining my encryption system) ...
  • Re: simple math question
    ... cases harder to attack than a block cipher. ... Attacking the key stream generator this way is harder. ... Generally speaking the attacks which break something like FEAL ... You have design elements that you probably don't fully appreciate ...
  • Re: Symetric encryption : DES or not DES ?
    ... >> willing to invest rather heavily in consulting and design (which you ... >> symmetric encryption. ... > But isn't there still a possibility for the attacker to crack this ... and hashing place the data beyond brute fore attack. ...
  • Re: Dynamic "One-time-pad"
    ... > a single character in the cipher array. ... Why should I use your construction over AES, ... If you really believe in the security of your design you'd do well to ...
  • Re: Stream Cipher Like SEAL Wanted ....
    ... Though in crypto circles thats weak because just because your design ... > Did I say a PRNG was a cipher? ... RC4 is a cipher. ... PRNG tests and its a HORRIBLE cipher. ...