[Cryptography] Clutch cryptanalysis bar graphs: kurtosis or what?

Pierre Abbat phma at bezitopo.org
Mon Apr 15 03:39:25 EDT 2024 

http://bezitopo.org/~phma/Crypto/WringTwistree/clutch.html
I've been running clutch cryptanalysis of Wring. So far the results look 
pretty good: the fraction of pairs of messages that rotate together for five 
rounds is less than a millionth, and messages that rotate the same total 
number of bits in the first two rounds, but a different number of bits in the 
first round, look no more similar than random bit strings.

I made violin plots of the matching of pairs of 2-round ciphertexts that 
rotated the same total bits in the first two rounds versus the difference 
between the number of bits they rotated in the first round. The violins in the 
middle look normal, while those at the ends look blebby, because they have few 
data. When making violin plots, I discarded any group that had less than three 
different data, because plotting them resulted in violins so thin they're 
invisible. (I'm guessing that Makie's violin function makes all the violins 
have equal area, and a violin with only one datum is just a horizontal line 
segment.)

Then I made a bar graph of the number of data in each violin. These graphs 
look vaguely like binomial density graphs with the middle bar missing. 
However, the middle four bars of the graph of key96_0 look quite different from 
the middle four bars of the graph of key30_0, and I'd like to quantify it. The 
first thing I thought of is the kurtosis, but then I thought that the kurtosis 
may not be meaningful with the middle bar missing. (The violin in the middle, 
which would represent those pairs that rotated together for both rounds, would 
be just under 40000, so I didn't bother computing it.) So I added some code to 
compute how tall the middle bar would be, and it would be taller than the rest 
of the bars combined. That would throw off the kurtosis even worse than not 
having the middle bar. Should I compute the kurtosis or something else?

Final results will take a few more weeks. Running cryptanalysis on one key and 
message size takes several hours and over 10 GB of RAM, I have eight more keys 
to run with 10 kB, and I'd like to do two other message sizes (I'm thinking 
8192 and 7776 bytes) to check whether the differences between keys depend on 
the message size.

Pierre
-- 
ro nu co'i cortu cu nu co'a certu

More information about the cryptography mailing list