Re: A poorman's block encryption algorithm



Mok-Kong Shen wrote:
Consider the admittedly rather rare but not totally unrealistic
scenario where two partners agree on a secret key for block encryption
under the circumstance that one of them has to implement the algorithm
from scratch without the kind of very difficult to memorize algorithm
descriptions commonly found with the well-known block algorithms. That
is, the logic of the algorithm used should be simple enough to be kept
in one's head and comparatively easy to be programmed on a computer.

In my humber view, one practically viable approach is to use a class of
nonlinear functions F_K(X) as the E(K,X) in the (revised) code [1]
given in the thread "Composing large block cipher from smaller ones"
initiated by me. Since, for efficiency reasons, on 32-bit computers
it is advantageous to work with 32-bit unsigned integers, F_K(X) can be
a polynomial of X of degree n (n>=2) mod 2^32, with its coefficients
constituting the K. (Personaly I would prefer to use a permutation
polynomial with full cycle in [0, 2^32-1] for F_K(X)). These
coefficients can be generated from the given (master) secret key by
using it (together with some time-varying data specific to the session)
as the coefficients (and starting value) of a polynomial of X mod 2^32
(i.e. used as a PRNG). Evidently, the requirements depicted above are
fairly well met.

There's a problem with polynomials you was already told about: They
propagate only towards higher bits (unless you use non-power of two
modulus which is slow). So you can be sure, that a couple of least
significant bits can be found out easily, no matter how many rounds
you do. Starting from them, higher bit can be found, etc. I already
recomennded a remedy, so use it or find another.

Of course, a sufficiently large number of rounds would be needed for
security. (High computing efficiency isn't likely to be required
in our context.) One may also advantageously employ dynamics to render
analysis hard. (See the thread "Introducing dynamics into block
encryptions". For authentication see also the thread "Using a kind of
running accumulation of ciphertext as chaining value of encryption".)

I should be grateful for critiques and comments and for ideas of better
alternatives.

Thanks,

M. K. Shen
-------------------------------------------------------------------------------------------

[1]

for (i=0; i<numberofrounds, i++)
{
Cn = IVMK + i;
k0i = E(MK0,Cn); k1i = E(MK1,Cn); K2i = E(MK2,Cn); K3i = E(MK3,Cn);
}

for (i=0; i<numberofrounds, i++)
{
B_0 ^= E(K1i,B_1); B1 ^= E(K0i,B0); B_2 ^= E(K3i,B_3); B3 ^= E(K2i,B2);
B_0 ^= E(K2i,B_2); B2 ^= E(K0i,B0); B_1 ^= E(K3i,B_3); B3 ^= E(K1i,B1);
}

-------------------------------------------------------------------------------------------

[OT, personal note:] I am unfortunately forced by recurrent personal
insults to use kill-file. That is, I would not read, not to say answer,
posts of some who have the mean habit of frequently abuse this
sci-group that way. Anyone who doesn't like my posts for whatever
reasons is strongly advised to put me in his kill-files as well.

I wouldn't describe it as an insult. You was mainly told to try harder
(learn, read papers, think more before you ask) which is a good
advice, isn't it?
.



Relevant Pages

  • A poormans block encryption algorithm
    ... scenario where two partners agree on a secret key for block encryption ... under the circumstance that one of them has to implement the algorithm ... coefficients can be generated from the given secret key by ...
    (sci.crypt)
  • Re: Pin generation algorithm question
    ... the pin-generation system. ... PINs required becomes important. ... By "the algorithm," do you mean the PIN-generating algorithm, ... And you use the same algorithm and secret key in the field to verify ...
    (sci.crypt)
  • Re: Learning cryptanalysis
    ... he picks an algo in function of the date/time and the secret key, ... Even you idea of a one time algorithm is flawed and I will give you the complete reason: There has been available for more than a century a perfect algorithm which is totally unbreakable - it is the One Time Pad. ... The OTP is rarely or never used because the problem of distributing the keys is insolvable - the cost is so prohibitive that only governments use it and even then they use it only for their most important messages, certainly much less than one message in a million. ...
    (sci.crypt)
  • Re: HELP: Need a simple hash function
    ... >> folding rather than truncating. ... only one algorithm in use in 2G cellphones that ... CAVE for "Cellular Authentication and Voice ... inputs except for the 64-bit secret key, ...
    (sci.crypt)
  • Re: A question about passwords and login/authentication
    ... The DES algorithm is a secret key algorithm (so the same key is used ... comunication between Windows and SAMBA and "how does one determine ... For SAMBA on a linux: the authentification is determinate by the ...
    (Focus-Linux)