Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 From: ggr@xxxxxxxxxxxxx (Greg Rose)
 Date: Fri, 20 Aug 2010 20:50:45 +0000 (UTC)
In article <i4maqi$1cip$1@xxxxxxxxxxxxxxxxxxxx>,
Tran Ngoc Duong <tranngocduong@xxxxxxxxx> wrote:
"Maaartin" <grajcar1@xxxxxxxxx> wrote in message
What about the following PRNG repeating these steps:
 Generate x using a secure PRNG.
 Generate y using a trivial PRNG.
 Output 2*x+y where the computation gets performed in GF.
 Output x+2*y where the computation gets performed in GF.
Instead of (x, y) > (2*x+y, x+2*y) you can take any other MDS
function.
Given all outputs you can invert the output transform and get to the
values generated by the trivial PRNG. Given only each second output
you can do nothing at all.
I think, it is a semisecure PRNG according to you definition. I don't
think, semisecure PRNGs occur in reality.
Yes. I think it could be considered semisecure. I don't think it is
practically usable since it is constructed from a secure PRNG. If I have
a truly secure PRNG, I would surely find a better way to use it. No MDSs
or other such jokes.
But maybe they do? Aren't there attacks which can be stopped by
decimating the sequence?
If one actually uses the sequence I'm sure there are easy attacks (not
much more complicated than attacking a XOR stream cipher that uses the
same key stream twice). I see no such attacks with the decimated
sequence.
True, but I also don't see any advantages over
just outputting the sequence of x's. What does the
extra work of generating the y's, combining, and
then decimating, add? Assuming the existence of
the secure PRNG sort of begs the question.
That, to me, is the point. Schneier once said "anyone
can make a secure cipher; the hard part is making
it fast enough to be interesting." Or something like
that anyway.
Greg.

.
 References:
 [long] C code of PEARL1, a block encryption algorithm emphasising simplicity
 From: MokKong Shen
 Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 From: Tran Ngoc Duong
 Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 From: Maaartin
 Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 From: Tran Ngoc Duong
 [long] C code of PEARL1, a block encryption algorithm emphasising simplicity
 Prev by Date: Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 Next by Date: Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 Previous by thread: Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 Next by thread: Re: C code of PEARL1, a block encryption algorithm emphasising simplicity
 Index(es):
Relevant Pages
