Re: QC-proof cipher?



Unruh wrote:
Ie, the search requires 2^256 queries of the encryption function if you
know what the plaintext is (known plaintext attack).

You don't need to know the plaintext, just be able to algorithmically
distinguish it from pseudorandom bits.

a way of getting it to evaluate the encryption function in a reversible
manner must be found (Probably not difficult).

Trivial. Building the computer is the only hard part here. That and the 2^256 complexity of the attack, of course.

-- Ben
.



Relevant Pages

  • Re: Countering chosen-plaintext attacks
    ... > If one passes the same plaintext to a encryptor X times, ... > means that we now have X ciphertexts that all decrypt to the same ... plaintext attack. ... "Her failure to do so meant that she was masking her Midway preparation ...
    (sci.crypt)
  • Re: Dynamic Hill cipher
    ... plaintext attack, since with plaintext materials of an amount equal ... Why base a modern cipher on an old and broken idea such as Hill's?. ... the fact that you do not see an attack on some method would ... Purely linear ciphers are ...
    (sci.crypt)
  • Re: A basic cryptanalysis question
    ... >> appear out of his attack, he assumes he's recovered the plaintext. ... >include the keys in your construction. ... such a function look at my second order bijective compression of english ...
    (sci.crypt)
  • Re: Matrixview SWISH almost two times better compression then GZIP and much faster
    ... like open source, chosen plaintext, lots of computing power. ... the ciphertext was encrypted with ME6 -- or simply encrypt the ME6 ... computing power and lots of crypto experts to help. ... If ME6 can't withstand such an attack, ...
    (comp.compression)
  • Re: Countering chosen-plaintext attacks
    ... > Paul Pires wrote: ... One way would be to eliminate the property that the attack ... Choosing the plaintext or ciphertext. ...
    (sci.crypt)