[Cryptography] New block cipher competition

[Ray Dillinger]

On 02/06/2016 06:29 AM, Henry Baker wrote:

> Consequently, you are cordially invited to submit a proposal for a block cipher that : 
> Works on block sizes of 1 kbytes, 4 kbytes, 16 kbytes and 64 kbytes. Bonus points for ciphers that work on an arbitrary block size. 
> Use a 64 kbyte key. 
> Fits In Head

I have sometimes thought it would be worthwhile to create a block
cipher that could be used on very large blocks. The 64-kbyte
block requirement is actually justified in some applications.

The requirement for a 64Kbyte key (and the insistence, on the blog
page, that that is the *EFFECTIVE* key size, not just the size of
input to a key derivation function), leads me to believe that
either the person proposing the contest does not understand the
relationship between key size and security in a symmetric cipher,
or he has some deeply peculiar protocol in mind which relies on
the keys serving some set of additional purposes - perhaps as
secret splits, or as encrypted messages, or as one-time pads,
or as stegotexts within which other keys can be hidden, or for
some reason he must be able to use output blocks including
the 64-kbyte blocks as keys for a different operation, or ...

It is interesting to speculate about what such a protocol entails
or what it would be trying to accomplish, but so far I can't think
of a blessed thing that it would be the *best* design for. The
requirement is clearly silly if the block cipher is all he's doing.

That said, working key management that handles 64Kbyte keys
(actually, arbitrary-size keys), while ridiculous in the context
of a block cipher, could be useful in conjunction with some
types of post-quantum asymmetric-key systems.

				Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160207/b22da70e/attachment.sig>