Re: Chosen plaintext attacks



"JT" <jonas.thornvall@xxxxxxxxxxx> wrote in message news:3cff2629-abd4-4631-b3a5-b316843bb5d4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 15 Sep, 11:55, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:

The first thing i would start with if i tried to break my
cipher would be to analyse how many possible combinations of (XOR)
A^B^D = D that can produce a specific D.

So the first thing you would do is ignore everything I said, and make the worst possible mistake.

That is an indication of how hard the cipher will be to break, if the
number of combinations is *bigger then the keysize*, that would mean
trouble.

It is trivial to prove that your approach will fail completely. If there is more data available than length(key)/2 then you immediately determine that there is trouble. The opposite is true, read up a bit on the unicity distance, by the unicity distance you'll need slightly over length(key) data to make it possible to attack the key.

A chosen plaintext attack on this cipher would just not make sense,

So you didn't read anything I wrote. I'll explain it again more briefly this time.

what i try to figure out here is the strength of the pseudo random
permutation stream the CSPRNG.

No, all you're doing is not understanding anything.

So we go direct on the CSPRNG skip the
salt

No, the salt is the critical point to the attack.

and so on just analyse our pseudorandom XOR stream.

Wrong, you don't analyze the stream, you analyze the cipher.

So we check if there is any mathematical way to describe the relations
between the output of the CSPRNG blocks,

This is a trivial step, the way to describe the relationship is given by the cipher, this is why the attack is on the cipher, not on the stream.

and since this is not a PRF
but a PRP.

That statement is absolutely and completely false. Every PRP is a PRF. As usual you are ignoring everything I said, and ignoring every bit of reality.

There seem to be no single mathematical formula or function
that can describe the relation between the blocks.

Actually it is exactly describable, the simple fact that it has been computed reveals that there is a formula.

It is just an PRP
algorithm that do not express itself as a mathematical function.

The only thing a computer does is math, so you have effectively claimed that a computer can't do the encryption.

So what is left is to look for weaknesses in the keysetup, when the
permutation buffers is created from the key.

No, what is left is to do anything that might resemble cryptanalysis.

Now to explain again.

Every XOR combined stream cipher can be expressed as
Output[I] = Input[I]^F(Key, I)

I have deliberately avoided the terms ciphertext and plaintext because that is part of your problem, you don't understand what the plaintext is. When attacking F() THE PLAINTEXT IS I. Now since the attacker very often has the ability to choose the beginning I there is the ability to mount a chosen plaintext attack.

So, if you actually pay attention to what has been written, you will see that every single statement you made is completely incorrect.
Joe

.



Relevant Pages

  • Re: Dynamic Hill cipher
    ... plaintext attack, since with plaintext materials of an amount equal ... Why base a modern cipher on an old and broken idea such as Hill's?. ... the fact that you do not see an attack on some method would ... Purely linear ciphers are ...
    (sci.crypt)
  • Re: Countering chosen-plaintext attacks
    ... >> I know this variant of the chosen dialog attack. ... You cannot cite your inability to mount your chosen plaintext ... attack on your cipher as proof that the cipher is safe from anyone ...
    (sci.crypt)
  • Re: Chosen plaintext attacks
    ... the salt is the critical point to the attack. ... Wrong, you don't analyze the stream, you analyze the cipher. ... you don't understand what the plaintext is. ...
    (sci.crypt)
  • Re: Powerful New Discovery.
    ... cipher goes back to 1981. ... The use of a "salt" to make encryptions ... simply adding random stuff to the front of plaintext ... other ways to conduct a known-plaintext attack. ...
    (sci.crypt)
  • Re: Small streamcipher MiniTrixor 48-bit
    ... >> It would be nice to be the first to publish the plaintext, ... I will perform that attack tonight, ... > I do not think you understand the cipher correct, ... > try to run just the xor part and look at the output. ...
    (sci.crypt)