Newsgroups: sci.crypt
Path: cactus.org!ritter
From: ritter@cactus.org (Terry Ritter)
Subject: Re: Block Mixing Transformations
Message-ID: <1994Mar16.222218.29957@cactus.org>
Keywords: DES replacement, Large blocks
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
References: <1994Mar13.051515.27175@cactus.org>
Date: Wed, 16 Mar 1994 22:22:18 GMT
In pdc@dcs.ed.ac.uk (Paul Crowley) writes:
>>
>> And, sci.crypt is not a refereed publication. I do not expect
>> to treat it like one.
>
>I'm with Colin on this one. Since sci.crypt isn't a refereed
>publication, don't try to make your articles look like "reports" when
>they have such clear defects.
I'm with me on this one. Since sci.crypt isn't a refereed
publication, I'll format my reports however I like.
But since this is apparently the sole remaining issue of
disagreement, my thanks to Crowley for conceding that:
1) Reversible, non-expanding block mixing is a reasonable
cryptographic tool, one well worth bringing to the
attention of the group.
2) Fast, weak mixing may be more important in actual use
than slow comprehensive mixing.
3) The attempt to separate "strength" from "mixing" demands
consideration from everyone who pursues the goal of
proving ciphers strong.
As for "clear defects," it certainly is true that I over-estimated
the "strength" of the mixing structure. But consider this quote
from the article:
". . . it is not at all clear that 'stronger' is what we need
in a mixing transform. Presumably, 'strength' can be provided
more efficiently by some other function, like DES, or a
substitution table. Thus, we may really want a modest-strength
extremely-fast mixing solution . . . ."
Since the point of the article was not to produce a strong mixer,
it is not "clear" to me that not doing so is a "defect." In fact,
the approach remains valid, and the mixer I proposed remains the
*best* solution so far for the most interesting applications.
>I doubt you would have been flamed if
>you'd said "Hey, here's an idea everyone ... what do people think? Is
>it new? Is it secure?"
Apparently Crowley likes the fawning, whining approach.
I don't.
Of course, those who have actually been reading the material
are already aware that the article is not about being "secure."
It is about a new--or at least not well known--tool which
might be useful in block cipher design. That tool works and
is almost certainly *better* than the proposed alternative (which
had the advantage of "20-20 hindsight"), in the given application.
Various examples of possible application were included.
The mechanism almost certainly is not "new" in the sense of never
being thought of before. It might be "new" in the sense of never
being thought worth publishing before. (Before, that is, some
interesting cryptographic applications were proposed.) But it
almost certainly *was* "new" to many readers. At the very least
it was a different way of seeing block structures.
>In the way you format your articles, you give yourself airs.
The way I format my articles shows that I've spent more than
five minutes on the project. It organizes the thoughts. It also
provides references to, and indication of, the sources I had.
That is Science. I recommend it.
---
Terry Ritter ritter@io.com
ritter@rtc.com