[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards
Ray Dillinger
bear at sonic.net
Sat May 16 17:11:44 EDT 2015
On 05/13/2015 01:46 PM, dj at deadhat.com wrote:
>Bear at sonic.net wrote:
>> How about "The block size is exactly the same as the message
>> size no matter what the message size happens to be?"
...
>> No block boundaries inside the message, and every bit of the
>> ciphertext depending on every bit of the plaintext, means
>> entire classes of attacks just don't have anything to work
>> with.
>
> I would like such a thing to exist. Do you have an algorithm handy? The
> closest thing I can think of is format preserving encryption, like
> Rogaway's Sometimes Recurse Shuffle. That can work on arbitrary string
> sizes.
I think I have something. An algorithm which can be fast in
hardware or software, is adaptable to operations on data of
different power-of-2 sizes (larger powers will be doing mostly
table lookups on precomputed tables to duplicate what smaller
powers would achieve in more steps) and is well-defined on
cipher blocks of any size that is a multiple of 8 bits. It
can be done using custom hardware on predefined block sizes
using a reasonably small gate count for the round function.
Key agility will be terrible, but it won't be as bad as what
I came up with initially. Given a block and a key it will
still take at least ten times as long as if given a block
and reusing an already set up key.
I will code it up, write a detailed description, post the
code somewhere, and wait for you guys to demolish it. :-)
Hmmm. How bad, in theory, would ECB mode really be on
512Kbyte blocks when doing disk encryption? Because after
setting up the key, 512Kbyte blocks could be encrypted/
decrypted in custom hardware comfortably faster than
disk speed.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150516/24b2820d/attachment.sig>
More information about the cryptography
mailing list