[Cryptography] Gates are cheap. Should cipher design change?

Jon Callas jon at callas.org
Tue Mar 29 19:09:19 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Funny you should say that.  I had remembered a cipher - described, I think, in Scheier's book - which allowed arbitrary (or at least highly variable) block sizes.  I couldn't remember the name nor find a reference (and I couldn't quickly get my hands on the book) so didn't mention in my message.

You might be thinking of The Hasty Pudding Cipher by Rich Schroeppel which is in my opinion the most brilliant of the AES submissions. My comment at the time was that it didn't meet any of the requirements NIST had, but it met requirements they should have had. It's also the first cipher that had what we now call "tweaks."

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii

wsBVAwUBVvsLIPD9H+HfsTZWAQjXWgf/b7rSzULAVPyhOhAmCFSAE6eQumADvl58
8GF3VQPdG7TkZGwAoZ+osEskbs2DPop2uYdIfMgb4sTbFB9iXQS2bbYmb5SMH6PV
90vGB3p63n3Gvnpe0n9toNzSKk1BhtvmWyQJ4UUrEs6MLPlB569KDum7rl1hTABV
+cF5A/LM3z+UohzOvYeVaz4hHd9yLqZWL2CB8MszkToT+BvVhnX+lbqxT0/iNxpx
TeD0Bu8WD+6UWpI074oXtgdrhGP7a3jc9x21aBwyNRMAmP4j12HUT0nFlUIr5xpA
8Xhetz7F09kZRWXCFxHU6zccVQ/TNti+EKJtAoIgSMOzCQUNnHJ/rg==
=hD6/
-----END PGP SIGNATURE-----


More information about the cryptography mailing list