[Cryptography] basic cryptography ... was: key breaking
Sandy Harris
sandyinchina at gmail.com
Tue Nov 24 11:16:34 EST 2015
On Sun, Nov 22, 2015 at 4:05 PM, John Denker <jsd at av8n.com> wrote:
> It seems obvious that if we wanted to do the Right Thing™ we
> would use a separate key for each block of the message.
Sounds like a stream cipher. If having key as long as the
message was practical, we could go to one time pads,
but it isn't so use a keyed PRNG to give enough key.
I do not think that, in general, that is enough. Most stream
ciphers just XOR to mix generator output with plaintext, so
any enemy with known plaintext can recover generator
output at trivial cost.
> 3) This isn't new; a while back Sandy Harris proposed "enchilada"
> which can be seen as an optimized version of scheme (2):
>
> session key ----\
> \
> preliminary
> block # ------> ChaCha ------\ (round key array for AES)
> \
> \
> plaintext -----------------> guts of AES --> ciphertext
>
> It bypasses all of the Rijndael key schedule, and instead relies
> on ChaCha to directly generate all 11 (or 15) of the AES round
> keys.
For details, see:
https://aezoo.compute.dtu.dk/doku.php?id=enchilada
Enchilada also uses ChaCha to generate different whitening
for every block and I claim, based on the Even-Mansour
proof for XOR-permutation-XOR, that it therefore gives
provable /minimum/ security of 2^n where n is the block
cipher's block size.
That claim needs more analysis and it is worth noting that
Enchilada did not make it into the second round of the
CAESAR competition.
More information about the cryptography
mailing list