[Cryptography] Simple non-invertible function?
John Gilmore
gnu at toad.com
Fri Sep 19 23:15:35 EDT 2014
I don't get this non-invertible thing (sorry, haven't read Bart
Preneel's paper). I don't see why Sandy is trying to glue this
concept into /dev/random, either. Here's a counterexample.
Sandy says:
> For example, given a secure block cipher, encrypt( x, key) xor x
> works.
OK, so make a secure block cipher with a 16-bit block. Do
"encrypt(x, key) xor x". Sandy says that this is somehow magically
non-invertible, but if I just run it for every value of X (all
65536 of them), I can build a table that DOES let me invert it.
So, just "encrypt(x,key) xor x" is not good enough, but the security
depends on some unstated properties of "encrypt". And it appears that
the security of this construct isn't categorical or theoretical,
merely practical, if it depends on how wide the blocks are (or on how
big a table one can easily populate with current generation hardware).
John
More information about the cryptography
mailing list