[Cryptography] Gates are cheap. Should cipher design change?
Jerry Leichter
leichter at lrw.com
Wed Mar 30 12:54:19 EDT 2016
>> You might be thinking of The Hasty Pudding Cipher by Rich Schroeppel which is in my opinion the most brilliant of the AES submissions. My comment at the time was that it didn't meet any of the requirements NIST had, but it met requirements they should have had. It's also the first cipher that had what we now call "tweaks."
>
> Curious - what requirements should NIST have had?
Jon will have to answer that.
> And, what are tweaks?
An extra parameter, kind of like a second key, which changes the encryption. What distinguishes a tweak from the key is that it's very cheap to change. You can think of a tweak as kind of like the IV in CBC mode. (Not a great analogy, but it gives the idea.)
The original paper is https://www.cs.berkeley.edu/~daw/papers/tweak-crypto02.pdf
-- Jerry
More information about the cryptography
mailing list