[Cryptography] cryptography Digest, Vol 16, Issue 11
Benjamin Kreuter
brk7bx at virginia.edu
Thu Aug 14 19:20:10 EDT 2014
On Thu, 2014-08-14 at 10:51 -0700, Ryan Carboni wrote:
> What kind of argument is this?
> "Cryptography is all about safety margins. If you can break n round of a
> cipher, you design it with 2n or 3nrounds." - Schneier
> https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
>
> On this basis, Threefish/Skein is worthless. So is Skipjack.
That philosophy motivated the choice of 32 rounds for Serpent: the
authors deemed 16 rounds sufficient and chose twice as many to improve
the security margin. Rijndael was selected for AES despite having a
smaller security margin, and one of the important reasons was
performance. Rijndael's better performance allows it to be used in more
applications, which is a good thing.
Skipjack was meant to be used in a real-time application, so performance
was important. It was meant to be implemented in hardware, which makes
chip area important. The combination of those requirements makes extra
rounds very costly, and those costs have to be weighed against the
potential security advantage of extra rounds. What makes Skipjack so
remarkable is that it has exactly the number of rounds needed to be
secure (as far as the public scrutiny has revealed), which suggests that
the NSA has highly advanced cipher design techniques (no surprises
there).
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140814/924a2b98/attachment.sig>
More information about the cryptography
mailing list