Re: C code of PEARL1, a block encryption algorithm emphasising simplicity




"Maaartin" <grajcar1@xxxxxxxxx> wrote in message

What about the following PRNG repeating these steps:
- Generate x using a secure PRNG.
- Generate y using a trivial PRNG.
- Output 2*x+y where the computation gets performed in GF.
- Output x+2*y where the computation gets performed in GF.

Instead of (x, y) -> (2*x+y, x+2*y) you can take any other MDS
function.

Given all outputs you can invert the output transform and get to the
values generated by the trivial PRNG. Given only each second output
you can do nothing at all.

I think, it is a semi-secure PRNG according to you definition. I don't
think, semi-secure PRNGs occur in reality.

Yes. I think it could be considered semi-secure. I don't think it is
practically usable since it is constructed from a secure PRNG. If I have
a truly secure PRNG, I would surely find a better way to use it. No MDSs
or other such jokes.

But maybe they do? Aren't there attacks which can be stopped by
decimating the sequence?

If one actually uses the sequence I'm sure there are easy attacks (not
much more complicated than attacking a XOR stream cipher that uses the
same key stream twice). I see no such attacks with the decimated
sequence.

Regards,

Tran Ngoc Duong.



--- news://freenews.netfront.net/ - complaints: news@xxxxxxxxxxxx ---
.



Relevant Pages