Re: Chosen plaintext attacks



On 18 Sep, 15:39, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:
"JT" <jonas.thornv...@xxxxxxxxxxx> wrote in message

news:3cff2629-abd4-4631-b3a5-b316843bb5d4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 15 Sep, 11:55, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:
The first thing i would start with if i tried to break my
cipher would be to analyse how many possible combinations of (XOR)
A^B^D = D that can produce a specific D.

So the first thing you would do is ignore everything I said, and make the
worst possible mistake.


That is not even an argument, just losely connected words.

That is an indication of how hard the cipher will be to break, if the
number of combinations is *bigger then the keysize*, that would mean
trouble.

It is trivial to prove that your approach will fail completely. If there is
more data available than length(key)/2 then you immediately determine that
there is trouble. The opposite is true, read up a bit on the unicity
distance, by the unicity distance you'll need slightly over length(key) data
to make it possible to attack the key.

You seem to have no clue, you to not have the key, you can bruteforce
it in 256! tries or lless (depending on if you feel lucky). there is
more work to bruteforce the internal states 256!*256!*2^2048, you can
not make a mathematical correlation between the blocks.
A chosen plaintext attack on this cipher would just not make sense,

So you didn't read anything I wrote. I'll explain it again more briefly this
time.

I did and it do not make a single bit of sense just lose words
stringed toghether.


what i try to figure out here is the strength of the pseudo random
permutation stream the CSPRNG.

No, all you're doing is not understanding anything.

Oh i do i understand that you have no idea.

So we go direct on the CSPRNG skip the
salt

No, the salt is the critical point to the attack.

Well i give you the CSPRNG without the salt and you cannot even attack
that, why should i need to use a salt to make your attack even more
out of reach.

and so on just analyse our pseudorandom XOR stream.

Wrong, you don't analyze the stream, you analyze the cipher.

Well i can do my cipher with or without a salt, and as i said i prefer
showing that you cannot even attack the CSPRNG, the salt takes you
even further away from an attack.

You can not attack it, you are just dreaming.

So we check if there is any mathematical way to describe the relations
between the output of the CSPRNG blocks,

This is a trivial step, the way to describe the relationship is given by the
cipher, this is why the attack is on the cipher, not on the stream.

No there is no single mathematical function that can describe an
complex algorithms behaviour.

and since this is not a PRF
but a PRP.

That statement is absolutely and completely false. Every PRP is a PRF. As
usual you are ignoring everything I said, and ignoring every bit of reality.
No a PRP can be any number of PRFif the PRF have a single mathematical
function as base.

There seem to be no single mathematical formula or function
that can describe the relation between the blocks.

Actually it is exactly describable, the simple fact that it has been
computed reveals that there is a formula.

No that would be an algorithm my friend you should learn a bit of math
there is problems that can not be broken with standard mathematical
formulas or functions, you have to use an recursive algorithm.

It is just an PRP
algorithm that do not express itself as a mathematical function.

The only thing a computer does is math, so you have effectively claimed that
a computer can't do the encryption.

Welll a PRP is not a mathematical formula and can not be expressed as
one, it is an algorithm.

So what is left is to look for weaknesses in the keysetup, when the
permutation buffers is created from the key.

No, what is left is to do anything that might resemble cryptanalysis.

Well you have not even started, just thrown a lot of lose words in the
air, i feel a small breeze ohh what a shame your arguments are void,
did you ever have any?


Now to explain again.

Every XOR combined stream cipher can be expressed as
Output[I] = Input[I]^F(Key, I)

I have deliberately avoided the terms ciphertext and plaintext because that
is part of your problem, you don't understand what the plaintext is. When
attacking F() THE PLAINTEXT IS I. Now since the attacker very often has the
ability to choose the beginning I there is the ability to mount a chosen
plaintext attack.

There is clearly something wrong with your logic, you can *NEVER*
recover the plaintext without the CSPRNG material.
I do not need to say anymore to show how far away from an attack you
are, this cipher only use XOR.

It is your unability to create my CSPRNG stream that make it
impossible for you to break, i give you mashed potato, you have to
find small potato.

You either find key or internal states, the rest is just dreaming on
your part.

So, if you actually pay attention to what has been written, you will see
that every single statement you made is completely incorrect.
                    Joe

Yes you are Joe, but that is not the point, the point is your
inability to deal with reality, instead you dream up attacks similarly
to attack an OTP with a known plaintext attack.

Goddluck!!!

JT
.



Relevant Pages

  • Re: Dynamic Hill cipher
    ... plaintext attack, since with plaintext materials of an amount equal ... Why base a modern cipher on an old and broken idea such as Hill's?. ... the fact that you do not see an attack on some method would ... Purely linear ciphers are ...
    (sci.crypt)
  • Re: Countering chosen-plaintext attacks
    ... >> I know this variant of the chosen dialog attack. ... You cannot cite your inability to mount your chosen plaintext ... attack on your cipher as proof that the cipher is safe from anyone ...
    (sci.crypt)
  • Re: Small streamcipher MiniTrixor 48-bit
    ... >> It would be nice to be the first to publish the plaintext, ... I will perform that attack tonight, ... > I do not think you understand the cipher correct, ... > try to run just the xor part and look at the output. ...
    (sci.crypt)
  • Re: Powerful New Discovery.
    ... cipher goes back to 1981. ... The use of a "salt" to make encryptions ... simply adding random stuff to the front of plaintext ... other ways to conduct a known-plaintext attack. ...
    (sci.crypt)
  • Re: Countering chosen-plaintext attacks
    ... >> attack on your cipher as proof that the cipher is safe from anyone ... > So we have a disagreement as you said. ... This is why it is called a chosen plaintext attack. ...
    (sci.crypt)