[Cryptography] RFC: block cipher randomization

Dennis E. Hamilton dennis.hamilton at acm.org
Mon Jun 27 20:15:50 EDT 2016

> -----Original Message-----
> From: cryptography [mailto:cryptography-
> bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of Jeff Burdges
> Sent: Monday, June 27, 2016 15:35
> To: cryptography at metzdowd.com
> Subject: Re: [Cryptography] RFC: block cipher randomization
> On Mon, 2016-06-27 at 11:10 -0700, Ray Dillinger wrote:
> > On 06/27/2016 02:03 AM, Vlad wrote:
> > > Please review my proposals for block cipher randomization.
> It's unclear if you're talking about using a single large block cypher,
> but assuming yes..
> It's unclear what you're protecting against.  I'd recommend reading Ross
> Anderson's The Dancing Bear :
> http://cs.uccs.edu/~cs591/securityEngineering/grizzle.pdf
> You could likely achieve whatever you want with either some grizzle
> construction, or maybe some fixed none, mac, etc. encrypted along with
> the plain text.

Because there are known characteristics of many plaintexts (e.g., XML streams, Zip packages, even compressed streams), I have always fancied shuffling the ciphertext or the plaintext, as most appropriate, and having the means of determining the permutation obtained by key expansion or something equally devious.  Chaff can be easier but, again, there needs to be a way to verify the chaff and it should not allow arbitrary content chosen by the sender either.

Thanks for this thread.  I hadn't considered the covert channel aspect.
> Jeff

More information about the cryptography mailing list