> Isn't what you are referring to called "secure number of rounds"? In other > words the number of rounds after which no known attack exists that can break > the cipher faster than brute-forcing the key? > > It looks like I have no choice but to invent a new term, "PRF rounds" - the > number of rounds after which each function that defines the value of each > bit of the block/state/output is a pseudo-random function (PRF) of all the > bits of the block/state/key/input, in other words a function > indistinguishable from random by any existing general purpose randomness > tests. Of course dedicate randomness tests exploiting the cipher structure > and utilising a significant amount of computational resources could be > effective in distinguishing a larger number of rounds from random, but > that's in the area of the "secure number of rounds" research.
Can you briefly explain how you determine the PRF rounds value? William --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]