[Cryptography] Random permutation model for encryption as a teaching tool?
Sandy Harris
sandyinchina at gmail.com
Fri Oct 26 23:04:29 EDT 2018
John Denker via cryptography <cryptography at metzdowd.com> wrote:
> > I'm teaching a class on IT security generally,
Best book I know:
https://www.cl.cam.ac.uk/~rja14/book.html
> > and crypto plays not a small part in it.
>> The original lecture had a lot of historical context ...
I'd be inclined to treat transposition & substitution briefly & go from
them to confusion & diffusion, then modern ciphers. I think both
the key-chooses-a-permutation model & the SP network design
go back to Shannon. Cover those briefly, then Feistel & DES,
(round function is an SPN), finally a bit about AES.
An encyclopedia article that is largely my writing is far from
complete, but I think a reasonable example of a logical
approach:
http://en.citizendium.org/wiki/Block_cipher
> Any crypto *system* worthy of the name doesn't just substitute
> blocks according to a fixed permutation, but uses a different
> permutation for each block in the message. This is where IVs
> and chaining modes come in. ...
>
> I've often said you really want a new key for each block.
> ChaCha can be very cheaply rekeyed from scratch, which is a
> virtue. Typical chaining modes are a quick-and-dirty way
> of getting approximately what you want, without the cost of
> fully rekeying the underlying block cipher component, but
> I've never been completely happy with this.
Nor I. My Enchilada submission to the CAESAR authenticated cipher
competition has a possible solution. Run a block cipher (AES) in a
variant of counter mode to get a stream cipher. Embed the block cipher
in an XOR-permutation-XOR structure (proven secure by Even & Mansour)
with another stream cipher (ChaCha) generating a new XOR key per block
cipher block.
https://aezoo.compute.dtu.dk/doku.php?id=enchilada
Enchilada did not make it out of the first round of the competition.
More information about the cryptography
mailing list