Re: Cube cryptanalysis?

2008-10-25 Thread James Muir
Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 Given all the

Re: Cube cryptanalysis?

2008-10-24 Thread James Muir
Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 Given all the

Re: Cube cryptanalysis?

2008-09-22 Thread James Muir
Paul Hoffman wrote: At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 I just noticed

Re: Cube cryptanalysis?

2008-09-14 Thread Paul Hoffman
At 11:08 AM -0700 8/21/08, Greg Rose wrote: Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. There now: http://eprint.iacr.org/2008/385 --Paul Hoffman, Director --VPN

Re: Cube cryptanalysis?

2008-08-21 Thread David Wagner
Steve Bellovin writes: Greg, assorted folks noted, way back when, that Skipjack looked a lot like a stream cipher. Might it be vulnerable? I'm still absorbing Adi's new ideas, and I haven't looked at this in any detail, so anything I say should be taken with an enormous grain of salt. But,

Re: Cube cryptanalysis?

2008-08-21 Thread Greg Rose
David Wagner wrote: It's a brilliant piece of research. If you weren't at CRYPTO, you missed an outstanding talk (and this wasn't the only one!). Yes, the program chair and committee did a great job. Whatsisname? Oh, yeah, David Wagner. Greg.

Re: Cube cryptanalysis?

2008-08-21 Thread Greg Rose
Yes, of course Adi is correct, but I blame you for reading what I wrote and not what I meant... :-) Adi mentioned that the slides and paper will go online around the deadline for Eurocrypt submission; it will all become much clearer than my wounded explanations then. thanks and regards,

Re: Cube cryptanalysis?

2008-08-20 Thread Greg Rose
Steven M. Bellovin wrote: Greg, assorted folks noted, way back when, that Skipjack looked a lot like a stream cipher. Might it be vulnerable? Hmmm, interesting. I'm getting increasingly closer to talking through my hat, but... Skipjack has an 8x8 S-box, so by definition the maximum degree

Re: Cube cryptanalysis?

2008-08-20 Thread Greg Rose
someone wrote: what about RC4, the most important stream cipher in the Internet world? So I cornered Adi for a while. Of course he'd thought of almost everything I wanted to ask. You're not the first to think of RC4 (I confess I wasn't either). No, if you try to express shuffling as a

Re: Cube cryptanalysis?

2008-08-20 Thread Greg Rose
James Muir wrote: Greg Rose wrote: Basically, any calculation with inputs and outputs can be represented as an (insanely complicated and probably intractable) set of binary multivariate polynomials. So long as the degree of the polynomials is not too large, the method allows most of the

Cube cryptanalysis?

2008-08-19 Thread Perry E. Metzger
According to Bruce Schneier... http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html ...Adi Shamir described a new generalized cryptanalytic attack at Crypto today. Anyone have details to share? Perry - The

Re: Cube cryptanalysis?

2008-08-19 Thread Greg Rose
Perry E. Metzger wrote: According to Bruce Schneier... http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html ...Adi Shamir described a new generalized cryptanalytic attack at Crypto today. Anyone have details to share? Stunningly smart, and an excellent and understandable

Re: Cube cryptanalysis?

2008-08-19 Thread Perry E. Metzger
Greg Rose [EMAIL PROTECTED] writes: His example was an insanely complicated theoretical LFSR-based stream cipher; recovers keys with 2^28 (from memory, I might be a little out), with 2^40 precomputation, from only about a million output bits. They are working on applying the technique to real

Re: Cube cryptanalysis?

2008-08-19 Thread Greg Rose
Perry E. Metzger wrote: Greg Rose [EMAIL PROTECTED] writes: His example was an insanely complicated theoretical LFSR-based stream cipher; recovers keys with 2^28 (from memory, I might be a little out), with 2^40 precomputation, from only about a million output bits. They are working on applying

Re: Cube cryptanalysis?

2008-08-19 Thread Steven M. Bellovin
Greg, assorted folks noted, way back when, that Skipjack looked a lot like a stream cipher. Might it be vulnerable? --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe