# Re: C code of PEARL1, a block encryption algorithm emphasising simplicity

*From*: ggr@xxxxxxxxxxxxx (Greg Rose)*Date*: Fri, 20 Aug 2010 20:50:45 +0000 (UTC)

In article <i4maqi$1cip$1@xxxxxxxxxxxxxxxxxxxx>,

Tran Ngoc Duong <tranngocduong@xxxxxxxxx> wrote:

"Maaartin" <grajcar1@xxxxxxxxx> wrote in message

What about the following PRNG repeating these steps:

- Generate x using a secure PRNG.

- Generate y using a trivial PRNG.

- Output 2*x+y where the computation gets performed in GF.

- Output x+2*y where the computation gets performed in GF.

Instead of (x, y) -> (2*x+y, x+2*y) you can take any other MDS

function.

Given all outputs you can invert the output transform and get to the

values generated by the trivial PRNG. Given only each second output

you can do nothing at all.

I think, it is a semi-secure PRNG according to you definition. I don't

think, semi-secure PRNGs occur in reality.

Yes. I think it could be considered semi-secure. I don't think it is

practically usable since it is constructed from a secure PRNG. If I have

a truly secure PRNG, I would surely find a better way to use it. No MDSs

or other such jokes.

But maybe they do? Aren't there attacks which can be stopped by

decimating the sequence?

If one actually uses the sequence I'm sure there are easy attacks (not

much more complicated than attacking a XOR stream cipher that uses the

same key stream twice). I see no such attacks with the decimated

sequence.

True, but I also don't see any advantages over

just outputting the sequence of x's. What does the

extra work of generating the y's, combining, and

then decimating, add? Assuming the existence of

the secure PRNG sort of begs the question.

That, to me, is the point. Schneier once said "anyone

can make a secure cipher; the hard part is making

it fast enough to be interesting." Or something like

that anyway.

Greg.

--

.

**References**:**[long] C code of PEARL1, a block encryption algorithm emphasising simplicity***From:*Mok-Kong Shen

**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity***From:*Tran Ngoc Duong

**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity***From:*Maaartin

**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity***From:*Tran Ngoc Duong

- Prev by Date:
**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity** - Next by Date:
**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity** - Previous by thread:
**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity** - Next by thread:
**Re: C code of PEARL1, a block encryption algorithm emphasising simplicity** - Index(es):