[Cryptography] cryptography Digest, Vol 16, Issue 11

Ryan Carboni ryacko at gmail.com
Thu Aug 14 13:51:47 EDT 2014 

What kind of argument is this?
"Cryptography is all about safety margins. If you can break n round of a
cipher, you design it with 2n or 3nrounds." - Schneier
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html

On this basis, Threefish/Skein is worthless. So is Skipjack.


On Thu, Aug 14, 2014 at 3:22 AM, Jerry Leichter <leichter at lrw.com> wrote:

> On Aug 13, 2014, at 7:07 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> > Novel forms of cryptography will be used to create new algorithms safe
> from new methods of crypt-analysis. It's a guessing race, and partly why
> Skipjack was found to be so vulnerable, a new form of cryptanalysis was
> discovered....
> It's not clear what point you're trying to make, but if it's that
> algorithms get broken, Skipjack is a poor example:  In the 15+ years since
> it was first published, no significant attack has been published against
> it.  The best published attacks are against reduced-round variants -
> including one against 31 rounds out of 32 using impossible differentials,
> an attack that gains no significant advantage over brute force that no one
> has been able to improve since it was published in 1999.  So, no, Skipjack
> is not *publicly* "broken" except in the sense that its 80-bit key is too
> short to survive modern brute force.
>
> BTW, the precision of the defense in Skipjack is remarkable:  32 rounds
> are safe, 31 rounds are not (at least "not safe" in the certification
> sense).  There's no publicly known methodology for skating so close to the
> edge - publicly designed ciphers seem to always tack on an extra couple of
> rounds "just to be sure".  Between Skipjack (fully NSA-designed) and DES
> (NSA-modified), we have two ciphers that have survived the best public
> cryptanalysis for many years, delivering *exactly* the level of security
> NSA promised, with the minimum resources needed.  (OK, DES isn't quite
> there as linear cryptanalysis gets a bit of a toe-hold.)  This suggests
> that NSA has some design tricks for block ciphers up its sleeve that the
> public world has yet to find.  (There are vaguer hints that they have some
> similar design secrets for stream ciphers:  No public stream cipher has
> survived public attack, but while we don't know how they work internally,
> NSA has continue to field stream ciphers for its own use, so it apparently
> thinks it can produce secure ones.)
>                                                         -- Jerry
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140814/7558fec7/attachment.html>

More information about the cryptography mailing list