[Cryptography] Shortening block cipher length...
Phillip Hallam-Baker
phill at hallambaker.com
Mon Mar 29 19:53:53 EDT 2021
On Mon, Mar 29, 2021 at 6:48 PM Jon Callas <jon at callas.org> wrote:
>
>
> > On Mar 29, 2021, at 08:42, Phillip Hallam-Baker <phill at hallambaker.com>
> wrote:
> >
> > The simplest clean option is to write a very simple block cipher using a
> key derivation function to provide a schedule of XOR masks combined with n
> bit rotations. That would make it easy to create a permutation algorithm
> for an arbitrary length bit string.
> >
>
> What's wrong with CFB mode? There are indeed short CFB modes that let you
> take even one bit per block cipher iteration. Seems to me that that's not
> only easiest, but has security guarantees.
>
> For that matter, what's wrong with Counter Mode?
>
Same problem as with a stream cipher.
The problem here is to use a single key to permute 2^n identifiers so that
nothing is given away from the sequences.
If we use a stream cipher (or CTR mode, CFB, GCM, etc) we are effectively
XORing every value with the same mask.
Permute (0) = 0 XOR k
Permute (1) = 1 XOR k
Permute (2) = 2 XOR k
What I want is for Permute (x) to be an unpredictable bijection and to be
able to do it in 8, 16, 24, 32, 40, etc chunks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210329/aa676ef6/attachment.htm>
More information about the cryptography
mailing list