Re: A poorman's block encryption algorithm



On Mar 12, 6:24 pm, Mok-Kong Shen <mok-kong.s...@xxxxxxxxxxx> wrote:
Maaartin wrote:
There's a problem with polynomials you was already told about: They
propagate only towards higher bits (unless you use non-power of two
modulus which is slow). So you can be sure, that a couple of least
significant bits can be found out easily, no matter how many rounds
you do. Starting from them, higher bit can be found, etc. I already
recomennded a remedy, so use it or find another.

Extremely sorry for my poor memory. Could you kindly sketch your remedy
once again or provide a pointer? Concerning predictability of
congruential PRNGs, I previously suggested to use (pseudo-random)
cyclic shift of bits in computer words of the output as a counter-
measure. That could also be done in the present context.

I can't find the link anymore, but it was very simple: Using something
like
rotate(p(x), distance)
or
p(x) ^ (p(x) >> distance)
or
p(x) + (p(x) >> distance)
with 0<distance && distance<32 propagates the higher order bits to the
lower order bits, Fixed distance makes it easier to analyse, while
variable distance makes the lowest 5 bits to influence the result in
quite an "unpredictable" way.

For an algorithm using both fixed and variable rotations and
multiplication see
http://en.wikipedia.org/wiki/RC6

.