A poorman's block encryption algorithm
 From: MokKong Shen <mokkong.shen@xxxxxxxxxxx>
 Date: Thu, 11 Mar 2010 17:26:33 +0100
Consider the admittedly rather rare but not totally unrealistic
scenario where two partners agree on a secret key for block encryption
under the circumstance that one of them has to implement the algorithm
from scratch without the kind of very difficult to memorize algorithm
descriptions commonly found with the wellknown block algorithms. That
is, the logic of the algorithm used should be simple enough to be kept
in one's head and comparatively easy to be programmed on a computer.
In my humber view, one practically viable approach is to use a class of
nonlinear functions F_K(X) as the E(K,X) in the (revised) code [1]
given in the thread "Composing large block cipher from smaller ones"
initiated by me. Since, for efficiency reasons, on 32bit computers
it is advantageous to work with 32bit unsigned integers, F_K(X) can be
a polynomial of X of degree n (n>=2) mod 2^32, with its coefficients
constituting the K. (Personaly I would prefer to use a permutation
polynomial with full cycle in [0, 2^321] for F_K(X)). These
coefficients can be generated from the given (master) secret key by
using it (together with some timevarying data specific to the session)
as the coefficients (and starting value) of a polynomial of X mod 2^32
(i.e. used as a PRNG). Evidently, the requirements depicted above are
fairly well met.
Of course, a sufficiently large number of rounds would be needed for
security. (High computing efficiency isn't likely to be required
in our context.) One may also advantageously employ dynamics to render
analysis hard. (See the thread "Introducing dynamics into block
encryptions". For authentication see also the thread "Using a kind of
running accumulation of ciphertext as chaining value of encryption".)
I should be grateful for critiques and comments and for ideas of better
alternatives.
Thanks,
M. K. Shen

[1]
for (i=0; i<numberofrounds, i++)
{
Cn = IVMK + i;
k0i = E(MK0,Cn); k1i = E(MK1,Cn); K2i = E(MK2,Cn); K3i = E(MK3,Cn);
}
for (i=0; i<numberofrounds, i++)
{
B_0 ^= E(K1i,B_1); B1 ^= E(K0i,B0); B_2 ^= E(K3i,B_3); B3 ^= E(K2i,B2);
B_0 ^= E(K2i,B_2); B2 ^= E(K0i,B0); B_1 ^= E(K3i,B_3); B3 ^= E(K1i,B1);
}

[OT, personal note:] I am unfortunately forced by recurrent personal
insults to use killfile. That is, I would not read, not to say answer,
posts of some who have the mean habit of frequently abuse this
scigroup that way. Anyone who doesn't like my posts for whatever
reasons is strongly advised to put me in his killfiles as well.
.
 FollowUps:
 Re: A poorman's block encryption algorithm
 From: MokKong Shen
 Re: A poorman's block encryption algorithm
 From: rossum
 Re: A poorman's block encryption algorithm
 From: Maaartin
 Re: A poorman's block encryption algorithm
 Prev by Date: Re: Server and Client Analogy – The New Cryptography Model
 Next by Date: Re: is the PGP signature format the most widely supported one?
 Previous by thread: Any recommendations for frequency analysis software?
 Next by thread: Re: A poorman's block encryption algorithm
 Index(es):
Relevant Pages
