[Cryptography] how to detect breakage -- lures etc.??
Ray Dillinger
bear at sonic.net
Tue Jan 7 21:43:19 EST 2020
On Mon, 2020-01-06 at 11:54 +0000, Peter Fairbrother wrote:
>
> Lorenz used different-sized (well they were the same physical size,
> but
> with different numbers of pins) rotors. Five rotors moved together
> at
> every character, with a period of 22 million, and some other rotors
> moved sometimes. It was of course broken.
Lorenz is probably a poor example, as each rotor's effect was applied
independently to one bit of a 5-bit signal. The effects were separable
because the signal itself was separable. If it had simultaneously
stepped through the possible permutations of the 5 input bits, would
the pattern have ever been detected at all?
> I don't think anybody has ever built a rotor machine with variable
> length permuting rotors and reuse of the unused rotor inputs and
> outputs, either with or without intervening permutations. If you did
> some input characters would necessarily be treated differently to
> others, so eg a message of zzzzz's might not involve the first rotor
> at all.
Point. I hadn't considered some of the "bad idea" configurations this
makes possible. As you point out there's some amazing ones. There are
obvious mitigating measures like a designated "entry rotor" to handle
all inputs uniformly and a designated "output rotor" to handle all
outputs uniformly, interval-wired rotors to insure that every input to
a rotor gets connected to every possible output as it turns, etc. But
non-uniform processing, with some periodicities, is part of the basic
design concept.
So the question is whether it's detectable and exploitable more or less
easily than the non-uniform movement in conventional rotor machines.
Thanks for pointing that out - that's an important question.
My thought had been to make the key affect the signal routing between
wheels, but that obviously requires attention to prevent classes of
weak keys from emerging - ie, the key "plugin blocks" should control
only permutations that can't shortcut or significantly bias the signal
routes.
I think I'll code up a simulator for machines of a few different
complexities built along these lines ("rational" designs with interval-
wired rotors, some precautions like no routes from input to output ever
going via less than 3 rotors, etc) and then try out some "standard"
rotor machine attacks like hill-climbing, cycle counting,
compressibility checks, etc.
Bear
More information about the cryptography
mailing list