Re: C code of PEARL1, a block encryption algorithm emphasising simplicity

Maaartin wrote:
Mok-Kong Shen wrote:
It is well known that a system of linear equations doesn't have a
determined solution, if the determinant is zero. I am making use
essentially of an akin argument. If one thus can't even find a "path"
to the generation process of a PRNG, how could one start to break it
at all?

There's no established cryptosystem build on a zero-determinant matrix
and I'd say, there can't be any. Given enough input/output pairs you
always get enough equations. When the determinant is zero, it means
there are equivalent keys, and this is a weakness. The attacker can't
determine the key uniquely, but they don't need to; each one of them

I was employing for conveninece an analogy whose name everybody knows.
Actually in the present case the issue is well-known in linear algebra.
If one has less equations than variables, then the system is simply
indeterminate. (It's a consideration of ranks, if my poor math doesn't
betray me.) But see below.

BTW, a historical remark: Actually the idea of exploiting
"indeterminancy" was present in a thread months ago, where I argued
with Maaatin whether a simple scheme of mine could be cracked. Maaartin
wrote a program which he reported to be capable of very speedily
breaking that in some 10 of test cases. There should however be in fact
nonetheless some errors in his work. For there was a negotiation of a
challenge prize between him and me and my challlenge offer was later
not taken up by him.

There were no errors in my program, it just took too long in some
cases. Most instances were solved much faster than you'd imagine. To
my surprise, the hard instances were the ones NOT having the maximum

I never cared about the challlenge, but I'll publish the program some

The challenge is no longer relevant. So you could certainly reveal now,
for the interest of readers, with a couple of lines at least the
"strategy" you employed to attack that scheme, don't you? IMHO, if your
program worked right, that would have been a basic contradiction to the
indeterminancy issue.

M. K. Shen