[Cryptography] Nu supr unbrakable cripto
John-Mark Gurney
jmg at funkthat.com
Thu Dec 31 15:37:47 EST 2015
Bill Cox wrote this message on Thu, Dec 31, 2015 at 10:01 -0800:
> def E(key, data):
> if key >= (1 << 256) or data >= (1 << 512):
> raise Exception("E input data too large")
> dlow = data & ((1<<256)-1)
> dhigh = data >> 256
> for i in range(4):
> dlow ^= H(key, dhigh)
> dhigh ^= H(key, dlow)
> dlow ^= H(key, dhigh)
> return (dhigh << 256) | dlow
>
> Assuming H acts as an ideal cryptographic hash function, then after the
> first iteration of the for loop, the output is scrambled beyond
> recognition. However, at that point, the output is "malleable", meaning
> that an attacker can flip bits of the dhigh output, and the same bits of
> the dhigh input will be flipped when decrypted. This gives an attacker too
> much control, so we need at least one more iteration, and just to be
> paranoid, I did 4, though I think technically only 2 are required. The
> last XOR is just to make this function the inverse of itself so that I do
> not need a separate encrypt and decrypt function.
This is also known as a Feistel cipher to help people look up literature
on this, such as the original Luby-Rackoff paper... I believe that the
key in each round needs to be independant for it to be secure...
The wikipedia article on Feistel cipher has more info:
https://simple.wikipedia.org/wiki/Feistel_cipher
And says that 3 rounds is required to make it a PRP, and 4 rounds to
make it strong...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list