# Re: A poorman's block encryption algorithm

*From*: Maaartin <grajcar1@xxxxxxxxx>*Date*: Thu, 11 Mar 2010 11:18:24 -0800 (PST)

Mok-Kong Shen wrote:

Consider the admittedly rather rare but not totally unrealistic

scenario where two partners agree on a secret key for block encryption

under the circumstance that one of them has to implement the algorithm

from scratch without the kind of very difficult to memorize algorithm

descriptions commonly found with the well-known block algorithms. That

is, the logic of the algorithm used should be simple enough to be kept

in one's head and comparatively easy to be programmed on a computer.

In my humber view, one practically viable approach is to use a class of

nonlinear functions F_K(X) as the E(K,X) in the (revised) code [1]

given in the thread "Composing large block cipher from smaller ones"

initiated by me. Since, for efficiency reasons, on 32-bit computers

it is advantageous to work with 32-bit unsigned integers, F_K(X) can be

a polynomial of X of degree n (n>=2) mod 2^32, with its coefficients

constituting the K. (Personaly I would prefer to use a permutation

polynomial with full cycle in [0, 2^32-1] for F_K(X)). These

coefficients can be generated from the given (master) secret key by

using it (together with some time-varying data specific to the session)

as the coefficients (and starting value) of a polynomial of X mod 2^32

(i.e. used as a PRNG). Evidently, the requirements depicted above are

fairly well met.

There's a problem with polynomials you was already told about: They

propagate only towards higher bits (unless you use non-power of two

modulus which is slow). So you can be sure, that a couple of least

significant bits can be found out easily, no matter how many rounds

you do. Starting from them, higher bit can be found, etc. I already

recomennded a remedy, so use it or find another.

Of course, a sufficiently large number of rounds would be needed for

security. (High computing efficiency isn't likely to be required

in our context.) One may also advantageously employ dynamics to render

analysis hard. (See the thread "Introducing dynamics into block

encryptions". For authentication see also the thread "Using a kind of

running accumulation of ciphertext as chaining value of encryption".)

I should be grateful for critiques and comments and for ideas of better

alternatives.

Thanks,

M. K. Shen

-------------------------------------------------------------------------------------------

[1]

for (i=0; i<numberofrounds, i++)

{

Cn = IVMK + i;

k0i = E(MK0,Cn); k1i = E(MK1,Cn); K2i = E(MK2,Cn); K3i = E(MK3,Cn);

}

for (i=0; i<numberofrounds, i++)

{

B_0 ^= E(K1i,B_1); B1 ^= E(K0i,B0); B_2 ^= E(K3i,B_3); B3 ^= E(K2i,B2);

B_0 ^= E(K2i,B_2); B2 ^= E(K0i,B0); B_1 ^= E(K3i,B_3); B3 ^= E(K1i,B1);

}

-------------------------------------------------------------------------------------------

[OT, personal note:] I am unfortunately forced by recurrent personal

insults to use kill-file. That is, I would not read, not to say answer,

posts of some who have the mean habit of frequently abuse this

sci-group that way. Anyone who doesn't like my posts for whatever

reasons is strongly advised to put me in his kill-files as well.

I wouldn't describe it as an insult. You was mainly told to try harder

(learn, read papers, think more before you ask) which is a good

advice, isn't it?

.

**Follow-Ups**:**Re: A poorman's block encryption algorithm***From:*Mok-Kong Shen

**Re: A poorman's block encryption algorithm***From:*Phoenix

**References**:**A poorman's block encryption algorithm***From:*Mok-Kong Shen

- Prev by Date:
**Linear Equivalence and Involutions** - Next by Date:
**Re: A poorman's block encryption algorithm** - Previous by thread:
**A poorman's block encryption algorithm** - Next by thread:
**Re: A poorman's block encryption algorithm** - Index(es):