| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Cbc Query | |
|---|---|
| Topic Started: Jan 19 2007, 07:39 PM (334 Views) | |
| insecure | Jan 19 2007, 07:39 PM Post #1 |
|
Elite member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
Consider IBC-3. First, increase the number of rounds from 3 to 7. Now replace the key with a 192-bit key divided into three parts. 64 of the bits are used as the key proper, and the remaining 128 are split into two 64-bit chunks, as follows (where T is a 64-bit unsigned integer type): T PerformCrypto(T input, T *k) { T intermediate = ((input ^ k[0]) * k[1] + k[2]) & 0xFFFFFFFFFFFFFFFF; T output = Transpose(intermediate); return output; } Transpose(), as you will undoubtedly recall, was a 4x2 S-box. Change it to 8x8. In your view, would these changes render the ciphertext reasonably secure against the following threat model: Large organisation (budget for this exercise vastly unlikely to be as much as one million pounds, so call it ten million), ethics of a stoat, likelihood of gaining access to ciphertext relatively high, time of data sensitivity a maximum of 20 years. |
 |
 
|
| loki | Jan 20 2007, 01:34 PM Post #2 |
|
Advanced Member
|
What are the advantages of 7 rounds over 3? has the block size increased? I like it better then ibc2, encryption has more to do with the key instead of a fixed value. how is the sbox created? fixed or key driven? Its sounds like a dirty organization, and I am paranoid about security. I wouldn't trust it over rijndeal if it were available. I would like to see multiple sboxes. beef up to PCBC mode, but fix the padding. make the remaining key into 4 32bit values and have a delta decide which of the four to use. Or try this. key_decision[4][2] = { {0x0, k[1]}, {0x0, k[2]}, {0x0, k[3]}, {0x0, k[4]} }; input can be from an sbox, its a quick conditional even odd decider, even do nothing, odd then use this key. (((input ^ k[0]) * k[1] + k[2]) ^ key_decision[sboxa][input & 1]) & 0xFFFFFFFFFFFFFFFF; |
| c(x) = 3x3 + x2 + x + 2; Find the inverse | |
|
|
|
| insecure | Jan 26 2007, 05:03 PM Post #3 |
|
Elite member
|
The reason for increasing the number of rounds from 3 to 7 is to improve avalanching. The block size has increased from 32 bits to 64. The S-box is fixed, but I'm tempted to make it key-driven. On the other hand, I can't help wondering whether to do so would /weaken/ the cipher, by leaking information about the key via the S-box selected for a given encryption. On the other hand, I could easily use a number of S-boxes, and may well do so. The problem with using different keys (or parts of the key) for different rounds is that I don't see how to do that without breaking the Feistel Network. Yes, it does sound like a dirty organisation, doesn't it? Furthermore, although it is external to the organisation for whom I am developing this program, it has a machine sat on the LAN and a connection to the Internet - so this machine can see every packet, and it can "phone home". For reasons which I mustn't go into, AES is not an option. |
|
|
|
| Donald | Jan 29 2007, 01:26 PM Post #4 |
|
Elite member
|
And neither is twofish or serpent? This is incredibly intriguing, now I'm going to be staying up all night wondering about a question you can't answer. Ah, but thats the world of crypto! 
|
|
|
|
| insecure | Jan 29 2007, 02:41 PM Post #5 |
|
Elite member
|
Right. Sorry to sound mysterious, but I'm sure you've worked under NDAs before, so I guess you know the score. Basically, it's a paranoia issue. Not on my part, I hasten to add. |
|
|
|
| loki | Jan 30 2007, 11:12 AM Post #6 |
|
Advanced Member
|
Multiple sbox's, I would incorporate Gost's, DES, and Rijndaels. Increased rounds 32 or so, and use a buffed-up TDES scheme, if security is a factor speed shouldn't be. Use incompatable mixing operations, xor and addition. Bob Jenkins has some weird mixing functions that I use often in my own experiments, his site is burtleburtle something, a google would find it. I am becoming fond of huge blocks, currently I am attempting a 16384bit transposition cipher, Though I might suggest a 8192 which is equivalent to two disk sectors. Has any tried to use more then three encryption modes? CBC, OFB and CTR in the same scheme? I know it sounds silly and I have no basis that is anymore secure then just one mode but its gotta at least increase the difficulty of the breaking it. |
| c(x) = 3x3 + x2 + x + 2; Find the inverse | |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General · Next Topic » |
1:43 PM Nov 28
