[Cryptography] Wring isn't as secure on big messages as I thought

[Pierre Abbat]

On Friday, May 10, 2024 4:16:23 PM EDT Pierre Abbat wrote:
> Can you think of a better mix3parts pattern, or should I simply increase the
> number of rounds?

The mix3parts pattern, with the number near len/φ (len is 1/3 of the message 
size) that's of maximal order (a primitive root of len, if there are any), is 
not the problem. I ran a simulation of enciphering a megabyte, assuming that 
mix3 results in any byte affecting all three. With all rotations being by 
integral numbers of bytes, the number of affected bytes grew as 1, 3, 9, 27, 
27, 81, 243, 729, 2187, 6546. At this point there were collisions of the 
affected bytes. With rotations being by any number of bits, the growth factor 
was between 4.42 and 4.72.

I think the slow growth is due to two factors:

1. When the rotation is by 8n±1, a changed byte affects one byte most of the 
time, and a single bit of another byte half the time.

2. When three bytes are mixed, a single bit change in one byte either affects 
that byte or affects the other two bytes, but not both.

I'm going to increase the number of rounds.

Pierre
-- 
li fi'u vu'u fi'u fi'u du li pa