Re: SPES (my new encryption) one of its kind

<doctoresam@xxxxxxxxx> wrote in message
Work on some real asumptions, this was just some random statements.

can you explain more please ?

A real assumption ends up at the form:
The expected opponents will be able to perform Y amount of work in the time

We generally don't state these as blatantly as that in the cipher design,
but in any cipher offering 2^128 work to break the assumption is that the
expected opponents will be able to perform < 2^128 work

Other assumptions are things like: Users aren't necessarily stupid, but they
will do just about anything to undermine your security.

Key length has nothing to do with difficulty of cryptanalysis. Just to
a trivial example, remove the subkey generation procedure form AES,
substitute with a key large enough to simply be split between the
it will still offer the same strength as before even though the key is
many times larger.

true.. which is stronger 192-bit AES or 256-bit AES ???

256. That's an easy question, 256-bit AES has more rounds (making it
stronger) and more bits of the key (making it stronger). That's why I had to
detail things the way I did, I specifically did not change the number of

does really "Key length has nothing to do with difficulty of

Key size only has to do with brute force. Other forms of cryptanalysis may
make use of biases exposed by the key size, but that is not a key size
matter, rather it is a key schedule matter.

1) A well made, fully loaded gun
2) A device I make that I certify will never jam and fail to fire. Can
my system belongs to type #1 not type #2 ,however it is somehow
more than one gun

And yet you claimed exactly the opposite. You claimed that your design would
make "cryptanalysis ... difficult or impossible" (original post in this
subject, 12 May 2006 12:28PM according to my NNTP host). This statement puts
you exactly into type 2, where we are unable to determine anything about the
reality of your design, but the failing will still be there.

Marketing excretia is not a good way to discuss cryptography. Either
give >>>a
solid reason why 2^256 is not a big enough number, or change your
concept >>>to
line up with the truth.

there is a good reason which is : you can not be sure 100% that current
AES system for example is flawless (even if the greatest cryptanalysis
people torn it into peices)

holes may exist , can you prove otherwise?

This has absolutely nothing to do with my statement, so once again:

Either give a solid reason why 2^256 is not a big enough number, or change
your concept to line up with the truth.

Attempting to sidetrack the conversation won't do you any good against me,
it will only discredit you further.

Actually, take a look at the complexity involved. If we take the sum of
complexity of brute force search for all key lengths < K, we have a
complexity of (2^K)-1 in a brute force search. It is far better to
design the system with a K-bit key (with brute force complexity of 2^K),
that, going back to point 1, proper analysis can be made.

i agree , but i am using arbitrary length for other reason also (more
to come when i descripe my system)

You are using arbitrary length for absolutely no reason, all you're doing is
sacrificing security for some arbitrary, and completely false, belief. I
welcome you to attempt to prove otherwise, but this "I know better than
everyone else" doesn't fly, it only serves to show that you really have no
clue about modern cryptography.

Again, this is actually a good thing. Making complex designs leads very
quickly to the marketing excretia problem in 1. By making a system that
be analyzed in depth you can make sure that every known attack fails
against it.

what about unknown attacks yet to be discovered ?

There is plenty of evidence around that simple designs have fewer flaws.
Look at the AES selection process, and the Cryptonessie process, the more
complex the design the quicker it actually fell because the easier it was to
make mistakes in the design, this is not just a theme in those two public
venues, it is a consistent theme in the entire history of cryptography.
Cryptographic design is now past the stage where it is an art, and is almost
entirely a science, if you don't understand the science don't try to pretend
that your art is science.

be assured

I'm far from assured.

that because of the way my system in designed it is very
difficult to break the generator (more to come when i descripe my

please ... remind me to answer these hanged issues

Let me save everyone some time, your system is weak against a linear
cryptanalytic attack. I can saw this with confidence even though I have not
seen your system for a simple reason; because unless you know how to mount a
linear attack you will fail to design against it.

I realize it is counter-intuitive, but because users will optimize their
experience, it very often leads to actually weakening the security.

do you mean that people will choose short keys ??

I mean: people will choose short keys, they will choose keys that are
faster, they will do everything in their power to weaken your security, and
that's the good guys, the bad guys simply make use of that.

So basically your argument against block ciphers is that cryptanalysts
exist. I've got news for you, no matter what system you design, we

sure ... you will be there but ...

how many times you think breaking a system is harder than making it?

Making a strong system is much harder than breaking a weak one. Until you
understand this you will fail each and every time.

The Unicity Distance says differently. In fact if one makes full use of
unicity distance in the design of a system you can actually reach a
where even a very long ciphertext actually cannot be broken. Of course
level of work is rarely worth it, and will very often be
but it is possible.

well , i assume it is possible ,and because my


That is your entire problem. You're attempting to make this a "hacker"
thing. Do you really think I would follow the general rules of hacking when
attacking your system? Of course I wouldn't, I have a significant number of
systems at my disposal, a knowledge of the inherent biases in human beings,
cryptanalytic skill, etc. Someone like me makes hackers look tame. Instead
you need to actually learn cryptographic theory, your own handwaving that
you think is good is preventing you from building anything even remotely

i prefere to take the safe side

Then I strongly suggest you stop now, your attempts will not be anything
even remotely resembling the "safe side." Until you learn the proper theory
you will fail, you will fail utterly and completely at every attempt.

File ciphers don't work well in practice for many reasons

every encryption system has advantages and dis-advantages ,and every
system has its use

Actually there is reason to have very, very few ciphers available. The
reason is fairly simple, the attacker can put all their efforts into
attacking a single point, the attacked have to defend every point. By
narrowing the number of ciphers available the attacked effectively force a
level playing field and can then depend on overwhelming force to win. This
is another point that you very much need to understand.

my system is not for chat ... it is for high security ,slow encryption

Your system is not for anything useful.

The problem with these designs is not that you don't have some portion
of >>>keys that are secure, but that making sure every key result in a
secure >>>construction becomes effectively impossible.
In the worst case your design gets whittled
away until only 1 key remains strong, from there brute force is trivial.

there are counter measures built-in the system ... wait and we shall
disscuss that in details

Have you proven that all paths through the system resist all known attacks?
I didn't think so, therefore your alleged "counter measures" will fail.

[>>Cryptography is bijective, therefore your claim is false]

well .. i have to admit i did not get the point

If you do not understand bijectivity across identical sets and how this
means that you are completely wrong, then stop now.

however ,the way my text affect the encryption is so simple but
effective ,no need for your assumptions

Here once again you prove that you are not compotent to design a
cryptosystem. If you do not understand something as simple as bijectivity
and how it means that your claim is completely false, then you have no hope
of understanding cryptography. All you can do is wave your hands and pretend
you have something useful.

Actually not really, at least in most cases. You would have to
the source of random bits as well in order to see whether or not that
could be compromised. If the attacker con compromise your source of bits
can now push the unicity distance in his favor instead of yours.

he will not have the chance to do so

You really have no clue do you? This statement is so wrong in so many ways
that it's not even worth the discussion of how wrong it is.

8- the encryption system should not depend only on one or few math

The problem with this is that you have to prove that you rely on A OR B
OR C OR D being true, but history says that is difficult, and you
will end >>>up
with relying on A AND B AND C AND D being true, so the attacker only has
break one of these to break your system. The problem many people don't
realize is in cryptography is that putting all your eggs in one basket
you very easily if your eggs are broken, but with multiple baskets it is
harder to check them all.

the way the system implemented make the hacker in need of breaking all
the ciphers

Ok, now we're getting somewhere. You've decided that multi-encryption is the
only safe route. There's a paper out there titled "The importance of being
first" I don't remember the author, read it, understand it, understand that
you have failed already.

hint : if you are hacking a text encrypted with DES for example : how
do you know that you did reached the correct key ?

So now you're implying equivalence to the OTP. You will lose on this front
as well. Allow me to show you why:

"encrypt" using your system, the following two statements:
1) You are completely wrong on every point, and your system is pathetically
2) Hey look at me, I broke yet another weak system

Now determine which of the two statements was made. You'll see that it is
miraculously easy.

Now as to why you are wrong, and the exact nature of the exploit that I made
use of. It's called chosen-plaintext, I (as the attacker) get to choose what
gets encrypted. Once again, you have demonstrated a complete lack of
knowledge about cryptography, and have shown that you are about the least
qualified person here to design a crypto-system.

I also noticed that you deleted my comment where I said rather forthrightly
that your claimed experts were faked, and so implied that you are yourself
fraudulent in this. Fraud is not a good way to build trust.

Have any of the other old folks around here begun to realize that this is
starting to sound a lot like talking to David Scott?


Relevant Pages

  • Re: Signs of Deliberate Artifact?
    ... The argument from design was demolished more than 200 years ago: ... Here's Kant arguing against the teleological argument for the existence ... and human reason can never do without ... that is, the nature of different things could never spontaneously, by ...
  • Re: OT - Cant we all agree????
    ... The reason is that so many decent, honorable, ... I've observed your thoughtful and measured responses to Powell over ... Jeff is who he is. ... Is he the most important design engineer in the ...
  • Re: OT - Cant we all agree????
    ... posters, why is it that I keep wandering into threads which they have ... The reason is that so many decent, honorable, ... I've observed your thoughtful and measured responses to Powell over ... Is he the most important design engineer in the ...
  • Re: OpenVMS Seminar in Toronto (2005-02-24) a few points
    ... > of the alpha systems, except the DS15, were essentially completely ... > designed before the HP-Compaq merger. ... > engineers did not have access to the design specs from the other group. ... that others have good reason to feel differently about. ...
  • Re: Quad Core PC for less than a Mac Mini
    ... All the design work is done by the MB and case manufacturers. ... only a dual core on this page, no CPU for this motherboad can be ... Because *all* of the CPU options for this motherboard suck. ... So your answer is you're just bending over backwards to find a reason ...