I'm attempting to design a block cipher with an "odd" block size (34 bits). I'm planning to use a balanced Feistel structure with AES as the function f(), padding the 17-bit input blocks to 128 bits with a pad dependent on the round number, encrypting with a key, and extracting the low 17 bits as the output of f().
If I use this structure, how many rounds do I need to use to be secure (or can this structure be secure at all, aside from the obvious insecurity issues of the small block size itself)? I've been told that a small number of rounds is insecure (despite the fact that f() can be regarded as "perfect") due to collisions in the output of f(). However, I don't understand this attack precisely, so a reference would be appreciated. Thanks, - Tim --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]