Re: AES 256 key and anti-key
- From: biject <biject.bwts@xxxxxxxxx>
- Date: Thu, 3 Apr 2008 15:36:57 -0700 (PDT)
On Apr 3, 8:31 am, Ertugrul Söylemez <e...@xxxxxxxx> wrote:
biject <biject.b...@xxxxxxxxx> wrote:
Sorry, of course 1/N was meant instead of (N-1)/N.
Actually its rare peole admit to mistakes on this forum its an ego
thing
Not admitting to mistakes makes the point of open information sharing
and discussion questionable. That's why I do it. I know that many
others don't, but they don't get taken too seriously most of the time
anyway.
But picking on people for their daily little mistakes will not make
you any more knowledgable. 1/N is greater than 0 for every positive
N, no matter what you do. There is a chance that two keys map to
the same permutation, and there is nothing wrong about that.
Of coure 1/N is not zero so what.
The point is I would suggest that instead of assigning K keys where
K > N to a random 1/N each time and hoping for a low number of repeats
one could assign the first key to set of N items and then the next key
to the set of N-1 items where used one is out and then next a random
pick of 1 out of N-2 items and so on till each key i covered. Where
does it say in the literature in designing ciphers to do otherwise.
[...]
I am just trying to state that there seems to be at least 2 schools of
thought in crypto. One school old school which I belong has more fairh
in informational theory that is SHannon like. And the other puts more
faith on so called complexity which could careless if there is an
information break they trust in complexity making the break
impossible.
Both lead to the same result: There is nothing wrong with picking
permutations randomly. Guaranteeing a surjective mapping from the set
of keys to the set of permutations might even introduce information
disclosure.
I am not sure why asking about Shanon ( bad spelling ) is personal.
It sounded like an offense.
If you belive a perfect cipher should close to a random one it
would be better each time you picked a random permutation to
associate with next key that you check to see if its alreasy used
in which case you select again till each key has a unique :"random
permutation". Again for the lookeloos we are not talking about
just one 128bit buffer but the whole set of transforms for each
key.
Since that is practically impossible, we need to emulate it. That's
pseudo-randomness.
Yes but that still leaves at least 2 way to pick which permutaion
to which key, I don't see where you get the idea that you have to pick
in a random way to allow for a nonzero chance of repeat when its not
nexessiary
That non-zero chance is a natural consequence of picking randomly. The
point is that picking randomly is the method with least possible side
effects. With every bit of structure you introduce, you give a
potential attacker information.
That is where we differ i think you can always decrease your set by
the amount of mappings that go to other keys. I agree that structure
in the permutations can be a weakness. But not allowing duplicate
mappings is not reduceing structure in my view. But maybe I am wrong.
But it appears so balck and white I am willing to live with the
difference until someone shows a proof or example where it would
weaken it.
The probability of such a repetition is so small that you really don't
need to worry about it. Imagine, for example, a very bad case, where
for each key, there exists exactly one other key, which maps to the same
permutation. That would reduce the cipher's strength by merely one bit
in information theory. Practically it wouldn't reduce its strange at
all, as long as you don't know the structure of these equivalent key
pairs (so you can limit your search).
One doesn't even need to worry about anyting. I use to worry that
huffman was a totally false waste in compression till I made it
bijective. Same with Burrows Wheeler compression systmes it bugged me
since the late 90's that it wasted space with that silly extra index.
Till I figuered out a way to make it bijective same with LZW
compression I Listen to a different drummer than most.
And maybe your right maybe there is a weakness not allowing two keys
two go to the same mapping but not only do I not see it I wonder what
others see. In many things I am alone or in the small crowd. What do
others think that read our rants don't be silent. What do you the
masses feel. Should each key be forced by design or whatever to have a
different mapping for each key or should it be random has Ertugrul
thinks. I wont be offeneded if I am in the minority I often am. But it
would surprise be a little if most don't feel the same way I do on
this issue.
Regards,
Ertugrul.
--http://ertes.de/
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
.
- Follow-Ups:
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- References:
- Re: AES 256 key and anti-key
- From: biject
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- From: biject
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- From: biject
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- From: biject
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- From: biject
- Re: AES 256 key and anti-key
- From: Ertugrul Söylemez
- Re: AES 256 key and anti-key
- Prev by Date: Stainless Steel with Rubber Bracelet KB754 Wholesaler
- Next by Date: Wholesale Hamilton-Khaki-Mens-Watch-H68411733 Cheapest
- Previous by thread: Re: AES 256 key and anti-key
- Next by thread: Re: AES 256 key and anti-key
- Index(es):
Relevant Pages
|
