[Cryptography] cryptography Digest, Vol 16, Issue 11

Jerry Leichter leichter at lrw.com
Thu Aug 14 17:37:31 EDT 2014 

On Aug 14, 2014, at 1:51 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> What kind of argument is this?
> "Cryptography is all about safety margins. If you can break n round of a cipher, you design it with 2n or 3nrounds." - Schneier https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
> 
> On this basis, Threefish/Skein is worthless. So is Skipjack.
Schneier's argument is very weak.  Without some idea of the kinds of attacks you are defending against, the notion that you can get a safety margin by just "doing more of the same" is nonsense.  It's like saying you can make ROT-13 safer by just repeating it a couple of times.

The fact is, Skipjack at 31 rounds has a weakness; Skipjack at 32 rounds has survived unscratched for 15+ years.  We have no idea if adding another round would increase the "safety margins," whatever exactly that might mean.  For all we know, it might *decrease* them:  The round function is among the harder parts of designing an iterated block cipher, and for all we know extending Skipjack's round function and using the same key bits over one more time might leak more information than it protects.

Before differential cryptography was published, there were proposals to use the DES innards but discard the round function:  Just supply a full (448 bit?  I no longer recall and don't care to go compute it) key, i.e., supply all the sub keys that will be needed in all the rounds.  Enough "safety margin"?  Well ... in fact, the security (against differential cryptography) is still about 56 bits worth.
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140814/18e01708/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140814/18e01708/attachment.bin>

More information about the cryptography mailing list