[Cryptography] Gates are cheap. Should cipher design change?

Jon Callas jon at callas.org
Tue Mar 29 19:11:29 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


> On Mar 29, 2016, at 12:01 PM, Jerry Leichter <leichter at lrw.com> wrote:
> 
>> In addition, the original thought was about a "modern cipher”. There are three such reasons I believe Simon meets this criteria. 1) Many would consider a cipher that is relatively trivial to analyze for security would be an advancement over many other ciphers. Algorithms with “expensive” gates (I read as complicated primitives) are harder to analyze. 2) S-Boxes have a significant amount of “magic” in the choice of the S-Box....
> I don't have a reference, but as I recall, S-box design is hard *for small S-boxes*.  Once S-boxes get large enough, getting the necessary properties becomes much easier.

SP networks often don't have S-boxes per se. Many of them have a set of rotation constants that function the same way. But in any event, the design is both hard and easy.

More coming.

	Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: utf-8

wsBVAwUBVvsLp/D9H+HfsTZWAQioXAf/cjxPrbDyuKnkm7yF07+h6om2XSuIgth7
bvIkIGAsqQIAj347jV02oU0rNAGnSb7e8kkkjYaf9ckNgjuiRzujVsr0pF+mTMTz
ywbJM7MNXIJ+EIoS4AZjtR2d6P6WVrlRJQ14Iy9kVcGHTyWALqJ7dbXoO9bOAmaS
QWDnrDJachk3UwSl50qojTaLkrtMvW/WE7pfVkiF6uinPbkfbbxY7rwAYCP1DuW3
TXbo5gSh21O/ITJk2XmzH/naVv9J85uWgBUrbXmZWOW27qM2h/xRzcXz+LGbLmMu
FKj95yYXHnJXSMQHi0oa5ngCkBodJN+rRD80SDRZfn8M0Jvq9bDhKw==
=++9w
-----END PGP SIGNATURE-----


More information about the cryptography mailing list