[Cryptography] Imitation Game: Can Enigma/Tunney be Fixed?

Ryan Carboni ryacko at gmail.com
Thu Jan 8 21:08:51 EST 2015

> If you go further and look at a tweakable block cipher, you get even
better stuff. I'm one of the co-authors of Threefish, and let's look at
that for a moment. It has a large block size -- 512 or 1024 bits (I'm
ignoring the 256 bit one) -- and runs at twice the speed of AES *because*
it has a larger block size. In fact, the 1024 bit variant runs slower on an
Intel processor than 512 only because the processor doesn't have enough
registers to hold the state -- and even then, it's only like 10% slower.

XXTEA is the fastest of all (and to my knowledge, differential
cryptanalysis has yet to be applied to partial blocks, thus it would be
secure in a non-naive implementation (it is still secure for many other
uses as well) ). But it was designed during an era when cryptography was
immature and many did not like block ciphers that were overly simple, such
a stigma continued to this day sadly.
"I have never been a TEA fan, although 64 rounds can cure a lot of sins.''
- Bruce Schneier

Naturally Threefish uses more rounds.

It would be trivial to manufacture an authenticated encryption construct
out of XXTEA, just reserve the first four 32-bit words as the
authentication key (same amount of data as HMAC-MD5, without the
computational overhead), if the first four words don't match, the message
would be rejected. Including a nonce would secure it for a larger number of
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150108/f5a50ed4/attachment.html>

More information about the cryptography mailing list