On 26 December 2013 19:56, Aaron Toponce <aaron.topo...@gmail.com> wrote:
> On Thu, Dec 26, 2013 at 02:53:06PM -0500, Jeffrey Walton wrote: > > On Thu, Dec 26, 2013 at 2:44 PM, Aaron Toponce <aaron.topo...@gmail.com> > wrote: > > BBS is not practical in practice due to the size of the moduli > > required. You could probably go outside, take an atmospheric reading, > > and then run it through sha1 quicker. See, for example, > > > http://crypto.stackexchange.com/questions/3454/blum-blum-shub-vs-aes-ctr-or-other-csprngs > . > > Understood. BBS was only an example of some way to modify the algorithm to > introduce non-linearity into the system. I thought I had it, but it's > apparent I don't. I'm just grateful I'm not getting shamed and flamed by > cryptographers on this list much stronger in the field than I. :) > > Ok, I've only skim-read the blog page that describes the algorithm but on a cursory reading it seems trivially weak/breakable. If you view the moving-the-bishop as an s-box lookup, and apply it to itself three times (composition), you end up with another s-box of the same size, lets call it S. Given S doesn't change, things should be rather easy indeed. If your cipher is then roughly akin to C[n] = P[n] + S[ C[n-1] ] with all operations taken modulo 2^6 the problem should now be a little more obvious. While I very much like the idea of using a standard chessboard to run a cipher - it's innocuous and the key could be hidden almost in plain-sight - the actual cipher isn't much use, at least not if I've got the gist of it. If I've misunderstood the description, please correct me (preferably in a more terse description). Can I suggest doing some preliminary reading on group theory and finite-field maths, and also paying more attention to how existing strong steam ciphers are constructed. One of the reasons Solitaire is useful is because you can mathematically prove certain properties about the cipher operation; also you'll note the entire internal state of Solitaire changes, while your design stays static.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
