Cryptography-Digest Digest #570, Volume #14 Fri, 8 Jun 01 21:13:00 EDT
Contents:
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and (Mok-Kong
Shen)
Re: Alice and Bob Speak MooJoo ("Douglas A. Gwyn")
Re: new NSA/echelon rant ("Douglas A. Gwyn")
Re: new NSA/echelon rant (Mok-Kong Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Any Informed Opinions? ("Douglas A. Gwyn")
Re: Any Informed Opinions? ("Douglas A. Gwyn")
Re: Hehehe I found out who David Scott is ("Douglas A. Gwyn")
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and ("Douglas
A. Gwyn")
Re: Algorithms ("Joseph Ashwood")
Re: Algorithms ("Sam Simpson")
Re: Algorithms ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: National Security Nightmare? (SCOTT19U.ZIP_GUY)
cubing modulo 2^w - 1 as a design primitive? ("Tom St Denis")
Re: National Security Nightmare? (Jim D)
Re: National Security Nightmare? (Jim D)
Re: Hehehe I found out who David Scott is ([EMAIL PROTECTED])
Re: National Security Nightmare? ("Tom St Denis")
Re: new NSA/echelon rant ([EMAIL PROTECTED])
Re: Alice and Bob Speak MooJoo ("Robert J. Kolker")
Re: cubing modulo 2^w - 1 as a design primitive? ("Tom St Denis")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and
Date: Fri, 08 Jun 2001 22:11:09 +0200
"Douglas A. Gwyn" wrote:
>
> Mark Wooding wrote:
> > Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> > > Take a simpler problem 1+1=2, ... it takes a doctorate in mathematics,
> > > and a few hundred pages of very intricate math to prove it without
> > > assuming things.
> > I don't have such a doctorate, but... What other meaning of the symbol
> > `2' did you have in mind that might conflict with it being the value
> > formed by adding the multiplicative identity of the ring of integers to
> > itself? (Proof that 1 + 1 is not equal to 0 or 1, the two integers
> > actually named in the integer axioms, is immediate from the properties
> > of the ordering on integers, so a separate symbol is justified.)
>
> I think Joseph overstated the case, but usually 2 is defined as the
> successor of 1, and connecting that with addition is tedious when
> successor is not defined in terms of addition. More accurate would
> have been "Every schoolchild learns mathematical 'facts' that he
> can't even come close to proving rigorously." Indeed, many such
> "facts" turn out to be false, or at best misleadingly expressed.
As I pointed out, Joseph Ashwood was referring to the
proof in Principia Mathematica. I have no personal
knowledge of that celebrated work, but basically what
Ashwood wrote was told to me by several persons who
have studied math.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Fri, 8 Jun 2001 19:49:31 GMT
"Robert J. Kolker" wrote:
> Then all their plaintexts would be perfectly
> secure. No crypto necessary at all.
Not so. There is enough common ("cultural") context to
infer some things by analyzing the plaintexts, and language
is largely constrained by innate properties of our brains.
Theoretical linguists can tell you more about this.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: new NSA/echelon rant
Date: Fri, 8 Jun 2001 19:57:26 GMT
"V.Z. Nuri" wrote:
> the idea is to get the most closeminded denunciation
> of the idea possible to show it in contrast with
> new information about echelon/carnivore/CIA
> datamining capabilities. useful propaganda.
Useless propaganda. You have a set agenda and are not seeking
truth, just the worst possible presentation of the opposite
point of view in order to trick people into supporting you.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: new NSA/echelon rant
Date: Fri, 08 Jun 2001 22:41:34 +0200
"Douglas A. Gwyn" wrote:
>
> "V.Z. Nuri" wrote:
> > the idea is to get the most closeminded denunciation
> > of the idea possible to show it in contrast with
> > new information about echelon/carnivore/CIA
> > datamining capabilities. useful propaganda.
>
> Useless propaganda. You have a set agenda and are not seeking
> truth, just the worst possible presentation of the opposite
> point of view in order to trick people into supporting you.
As time goes on, I increasingly doubt whether truth
could be found in the world, excepting in such abstract
and exact natural sciences like math. Very long ago, while
learning English, I read Bacon's essay 'On Truth' but at
that time I didn't capture much of its meaning.
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 21:03:45 GMT
Mark Wooding <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> wrote:
:> Firstly, Rijndael doesn't use an random IV. It uses a fixed one which
:> is (I believe) wired into the algorithm.
: [pedantry] Rijndael is a block cipher; it says nothing about an IV. IVs
: are chaining mode concepts. CBC mode has an IV.
A sort of typographical error. I /meant/ to write:
``BICOM doesn't use an random IV. It uses a fixed one which
is (I believe) wired into the algorithm.''
:> In order to disguise the first blocks of the message it uses a
:> whitening step, which preprocesses the plaintext by appling unkeyed
:> diffusion to the first few K of the plaintext - not /quite/ the same
:> as an IV - but good enough for many purposes.
: No. This can't be secure in the real-or-random model, since encrypting
: equal plaintexts yields equal ciphertexts.
I'm well aware of the shortcomings of the method - and believe BICOM
should probably have an option for prepending a random IV - despite
the fact that this would destroy BICOM's bijectivity.
However, I believe saying that it's "good enough for many purposes"
was a fair comment on my part.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Any Informed Opinions?
Date: Fri, 8 Jun 2001 20:02:25 GMT
Dirk Bruere wrote:
> There is a 'no cloning' theorem in QM which makes it secure. However, it is
> known that QM is not the last word in desriptions of nature, especially
> where the crucial 'measurement process' (collapse of the wave function) is
> concerned. This is at the heart of quantum computing and is not understood,
> despite plenty of speculation, incluing consciousness as the agent.
It is well understood that the essential properties are unavoidable.
Consciousness has nothing to do with it; that was the main point of
Schroedinger's cat.
> > A quantum computer will probably break all classical computer based
> > cryptosystems. Mollin, An Introduction to Cryptography, p.267.
Mollin is making an unsubstantiatable claim, even allowing for the
poor phrasing.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Any Informed Opinions?
Date: Fri, 8 Jun 2001 20:10:52 GMT
Dirk Bruere wrote:
> It depends on outside influences performing a QM 'measurement'.
> Nobody knows for sure what that actual process entails.
Sure we do. Transition between mixed and pure states, i.e.
projection by a measurement operator (with a well-known set
of requirements). It seems that you think a reduction to
actions of some more elementary "components" is necessary,
but we know that that is not possible. What *might* be
possible would be a better way to *understand* the known
properties, which are far removed from most people's
everyday experience.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Hehehe I found out who David Scott is
Date: Fri, 8 Jun 2001 20:16:44 GMT
Tom St Denis wrote:
> > > Note how "Gene Ray" writes just like David Scott. hehehehe
> Any long term reader would have found that slightly funny.
Really? Why?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 8 Jun 2001 20:32:05 GMT
Tom St Denis wrote:
> I still think something like "A bunch" should be plural.
In context it was formally a collective noun,
but what you actually meant was that "many people are wrong",
because it was not about the bunch-as-such performing a
single wrong action, but rather about the separate actions
of individual members.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Fri, 8 Jun 2001 21:09:00 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : In the contrived "yes" vs "no" case you could simply always send four
:> : byte blocks (null padded). That would then be provably
:> : secure. Hence an OTP
:> : can be made into something perfectly secure. Of course in this case you
:> : could aim to keep your job by not wasting 31 bits of the pad!
:>
:> Yes - if you pad all messages to the same length you can give the OTP
:> perfect secrecy. That was never under dispute.
: Actually you did say earlier that padding is not enough.
I was not then dealing with the case where there are only two possible
plaintexts.
This time, you stated that we are dealing with:
``the contrived "yes" vs "no" case''
...a domain where padding can be sufficient to rectify the problem.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and
Date: Fri, 8 Jun 2001 20:45:58 GMT
Mok-Kong Shen wrote:
> ... Whitehead and Russell's famous book 'Principia
> Mathematica' ... is a work well respected by
> mathematicians, as far as I am aware.
Well, not exactly. PM is famous because it was an ambitious
attempt to implement a model of mathematics which we now know
to be wrong. PM is also known for introducing the "ramified
theory of types", which has not generally been deemed to
properly solve the kind of problem that motivated it.
PM has no practical value for working mathematicians.
> I am sure that
> there are very good reasons (though I am ignorant of these)
> why a foundation of a couple of hundred pages is needed
> in order to rigorously prove 1+1=2.
The goal wasn't simply to rigorously prove 1+1=2; it doesn't
take hundreds of pages to do that, even along the lines of PM.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Algorithms
Date: Fri, 8 Jun 2001 15:02:33 -0700
Well if you want the algorithms for Digital Signatures, there are 3 of them
in FIPS 186-2, those are a good beginning, you can them compare these to NSS
(from NTRU www.ntru.com), various PKCS1 versions, ACE Sign, ESIGN, FLASH,
QUARTZ, SFLASH (all 5 available from
https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions.html), and
the fairly sizable implementations list from www.cryptopp.com, and last but
not least XTR (http://www.ecstr.com/). That should give you a rather
complete view of signature algorithms, and a quick search on Google should
show implementations for most of them, for NSS you will have to contact NTRU
directly for source code and they may be hesitant to supply it, some of the
cryptonessie entries may also be difficult to find implementations of. Hope
this helps.
Joe
"abhijeet" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
> I am writing my thesis on cryptography in Digital signature.
> Can anyone suggest me of any book or paper where I can get
> the full C or C++ code for the algorithms.
> thanking you
> regards
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Algorithms
Date: Thu, 7 Jun 2001 23:50:00 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:FV1U6.57422$[EMAIL PROTECTED]...
>
> "abhijeet" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hi,
> > I am writing my thesis on cryptography in Digital signature.
> > Can anyone suggest me of any book or paper where I can get
> > the full C or C++ code for the algorithms.
> > thanking you
> > regards
>
> What algorithms?
>
> Get
>
> Applied Cryptography -- Bruce Schneier
> Handbook of Applied Crypto -- CRC Press
> A Course in Number Theory and Cryptography -- Neal Koblitz
Out of interest Tom, what did you think of the Koblitz text? Last time we
'spoke' about it you had ordered but not received it.
Cheers,
--
Sam Simpson
http://www.scramdisk.clara.net/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Algorithms
Date: Fri, 08 Jun 2001 23:10:50 GMT
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:wEcU6.20648$[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:FV1U6.57422$[EMAIL PROTECTED]...
> >
> > "abhijeet" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Hi,
> > > I am writing my thesis on cryptography in Digital signature.
> > > Can anyone suggest me of any book or paper where I can get
> > > the full C or C++ code for the algorithms.
> > > thanking you
> > > regards
> >
> > What algorithms?
> >
> > Get
> >
> > Applied Cryptography -- Bruce Schneier
> > Handbook of Applied Crypto -- CRC Press
> > A Course in Number Theory and Cryptography -- Neal Koblitz
>
> Out of interest Tom, what did you think of the Koblitz text? Last time we
> 'spoke' about it you had ordered but not received it.
I got it around May 5th. I have read through it (neat book). Some of the
math I don't get yet, but it's well laid out and a really good review of
number theory.
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 8 Jun 2001 23:50:45 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>
>I'm well aware of the shortcomings of the method - and believe BICOM
>should probably have an option for prepending a random IV - despite
>the fact that this would destroy BICOM's bijectivity.
>
Actually I like the purity of Matts work. But since one has
access to the soucrce code there is no reason someone could
modify it on there own. Such that a different inital IV could
be assumed. Sort of like a secondary password if you wish.
>However, I believe saying that it's "good enough for many purposes"
>was a fair comment on my part.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: National Security Nightmare?
Date: 8 Jun 2001 23:52:28 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>Tom St Denis wrote:
>> I still think something like "A bunch" should be plural.
>
>In context it was formally a collective noun,
>but what you actually meant was that "many people are wrong",
>because it was not about the bunch-as-such performing a
>single wrong action, but rather about the separate actions
>of individual members.
I wish I could add useful comments in this area but I
got in the 17 percentile on english to into college.
99+ in math and science so I argue more on those topics.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: cubing modulo 2^w - 1 as a design primitive?
Date: Sat, 09 Jun 2001 00:29:27 GMT
I was wondering if anyone ever considered cubing modulo 2^w - 1 as a design
primitive?
It is a bijection since 3 does not divide the order for w=32 or w=64.
Daemen noted that multiplication modulo 2^w - 1 can be done via a
multiplication and shift. The x86 code for w=32 would be
MOV EAX,[a]
MUL DWORD [b]
ADD EAX,EDX
Which takes 2 cycles to complete on my Athlon (according to RDTSC and
calling the above code 2^24 times).
if this is true, a cubing would take 2 mults or about 4 cycles. According
to RDTSC it takes 5 cycles to complete a cubing.
Still thats not bad. AT 5 cycles per mult you could build a 64-bit Feistel
where the each round takes about 10 cycles. With say 16 rounds that would
be 160 cycles or 20 cycles per byte. Not the fastest cipher in the world
but a really simple one!
Or possible build a 128-bit cipher out of two cubings and a PHT. The
cubings will require about 12 cycles (10 for the cubings, 2 for moving stuff
around), and the PHT will take another 2 or so. The entire round function
would take about 16 cycles. At 16 rounds that's only 16 cycles per byte.
And still a really simple cipher!
Any comments? I think I will re-read Daemens papers, unfornately he (or
she? I can't tell from the first name! sorry I don't mean to be
disrespectful) only analyzes it wrt constants and not as a cubing or
polynomial function.
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Subject: Re: National Security Nightmare?
Date: Fri, 08 Jun 2001 18:53:46 GMT
Reply-To: Jim D
On 08 Jun 2001 16:51:27 GMT, [EMAIL PROTECTED] (JPeschel) wrote:
>No, Phil, the English of Americans and the British is one language.
Get away!
--
______________________________________________
Posted by Jim D.
Propino tibi salutem !
jim @sideband.fsnet.co.uk
dynastic @cwcom.net
___________________________________
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Subject: Re: National Security Nightmare?
Date: Fri, 08 Jun 2001 18:53:46 GMT
Reply-To: Jim D
On Fri, 08 Jun 2001 17:01:09 GMT, "Tom St Denis" <[EMAIL PROTECTED]>
wrote:
>"A bunch of people is wrong". Doesn't sound right since it is more than one
>person who is wrong.
There's only one bunch.
--
______________________________________________
Posted by Jim D.
Propino tibi salutem !
jim @sideband.fsnet.co.uk
dynastic @cwcom.net
___________________________________
------------------------------
Subject: Re: Hehehe I found out who David Scott is
From: [EMAIL PROTECTED]
Date: 08 Jun 2001 20:39:33 -0400
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> Tom St Denis wrote:
>>>> Note how "Gene Ray" writes just like David Scott. hehehehe
>> Any long term reader would have found that slightly funny.
> Really? Why?
Besides, "Gene Ray" doesn't sound like Scott anyway (except perhaps in
the minor matter of abusing superlatives). Scott passes the Turing
test, whereas I strongly suspect that the "Timecube" page was generated
by some sort of Markov Chain engine using a conspiracy-theory grammar.
Len.
--
Insinuation? You make it sound so subtle.
-- Dan Bernstein
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Sat, 09 Jun 2001 00:41:19 GMT
"Jim D" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 08 Jun 2001 17:01:09 GMT, "Tom St Denis" <[EMAIL PROTECTED]>
> wrote:
>
> >"A bunch of people is wrong". Doesn't sound right since it is more than
one
> >person who is wrong.
>
> There's only one bunch.
Yeah I agree the original is grammatically correct, it just doesn't sound
right.
Tom
------------------------------
Subject: Re: new NSA/echelon rant
From: [EMAIL PROTECTED]
Date: 08 Jun 2001 20:44:05 -0400
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>
> As time goes on, I increasingly doubt whether truth could be found
> in the world, excepting in such abstract and exact natural sciences
> like math...
Since we're talking religion here...I disagree. However, it seems that
humans are wired to treat "truth" with great suspicion whenever it is
found. The prevalence of crankery on sci.crypt and sci.math, persistent
conspiracy theories, "urban legends" that no amount of proof can kill...
We treat reality just as we treat morality: with selective blindness.
Len.
--
Frugal Tip #31:
Incrementally reduce your year-to-year operating expenditures while
aggressively recognizing unrealized receivables in the current quarter.
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: Alice and Bob Speak MooJoo
Date: Fri, 08 Jun 2001 20:47:13 -0400
"Douglas A. Gwyn" wrote:
> "Robert J. Kolker" wrote:
> > Then all their plaintexts would be perfectly
> > secure. No crypto necessary at all.
>
> Not so. There is enough common ("cultural") context to
> infer some things by analyzing the plaintexts, and language
> is largely constrained by innate properties of our brains.
> Theoretical linguists can tell you more about this.
The common context is ostention. The pointing finger.
All human children learn their first language with the
aid of the pointing finger (or something equivalent for
blind children). You can't start of defining basic words
with other words, else an infinite regress follows.
If two people share the referent and no one else does,
there is no way for an outsider to decode all of the
language.
Tell me if you can learn Swahili without either an English-Swahili
dictionary or learning Swahili as a child would. If your only
contact with Swahili or MooJoo was overheard conversation
with no indication of referents then you could not decode it.
If there were no Rosetta Stone Egyptian hieroglyphs would
be opaque to us.
Bob Kolker
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: cubing modulo 2^w - 1 as a design primitive?
Date: Sat, 09 Jun 2001 00:58:39 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:H5eU6.62238$[EMAIL PROTECTED]...
> I was wondering if anyone ever considered cubing modulo 2^w - 1 as a
design
> primitive?
Hmm I think I know why....
The input difference of -1 leads to an output difference of -1 with a prob
of (2^w - 2)/2^2w i.e about prob=1.
One would have to use addition or something other than XOR to mix the output
of the round function to avoid this.
Tom
>
> It is a bijection since 3 does not divide the order for w=32 or w=64.
> Daemen noted that multiplication modulo 2^w - 1 can be done via a
> multiplication and shift. The x86 code for w=32 would be
>
> MOV EAX,[a]
> MUL DWORD [b]
> ADD EAX,EDX
>
> Which takes 2 cycles to complete on my Athlon (according to RDTSC and
> calling the above code 2^24 times).
>
> if this is true, a cubing would take 2 mults or about 4 cycles. According
> to RDTSC it takes 5 cycles to complete a cubing.
>
> Still thats not bad. AT 5 cycles per mult you could build a 64-bit
Feistel
> where the each round takes about 10 cycles. With say 16 rounds that would
> be 160 cycles or 20 cycles per byte. Not the fastest cipher in the world
> but a really simple one!
>
> Or possible build a 128-bit cipher out of two cubings and a PHT. The
> cubings will require about 12 cycles (10 for the cubings, 2 for moving
stuff
> around), and the PHT will take another 2 or so. The entire round function
> would take about 16 cycles. At 16 rounds that's only 16 cycles per byte.
> And still a really simple cipher!
>
> Any comments? I think I will re-read Daemens papers, unfornately he (or
> she? I can't tell from the first name! sorry I don't mean to be
> disrespectful) only analyzes it wrt constants and not as a cubing or
> polynomial function.
> --
> Tom St Denis
> ---
> http://tomstdenis.home.dhs.org
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
