Newsgroups: sci.crypt
From: (Terry Ritter)

Subject: Re: Block Mixing Transformations
Message-ID: <>
Keywords: DES replacement, Large blocks
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
References: <> 
Date: Wed, 16 Mar 1994 22:22:18 GMT

 In (Paul Crowley) writes:

>> And, sci.crypt is not a refereed publication.  I do not expect
>> to treat it like one.
>I'm with Colin on this one.  Since sci.crypt isn't a refereed
>publication, don't try to make your articles look like "reports" when
>they have such clear defects.

 I'm with me on this one.  Since sci.crypt isn't a refereed
 publication, I'll format my reports however I like.

 But since this is apparently the sole remaining issue of
 disagreement, my thanks to Crowley for conceding that:

      1)  Reversible, non-expanding block mixing is a reasonable
          cryptographic tool, one well worth bringing to the
          attention of the group.

      2)  Fast, weak mixing may be more important in actual use
          than slow comprehensive mixing.

      3)  The attempt to separate "strength" from "mixing" demands
          consideration from everyone who pursues the goal of
          proving ciphers strong.

 As for "clear defects," it certainly is true that I over-estimated
 the "strength" of the mixing structure.  But consider this quote
 from the article:

    ". . . it is not at all clear that 'stronger' is what we need
    in a mixing transform.  Presumably, 'strength' can be provided
    more efficiently by some other function, like DES, or a
    substitution table.  Thus, we may really want a modest-strength
    extremely-fast mixing solution . . . ."

 Since the point of the article was not to produce a strong mixer,
 it is not "clear" to me that not doing so is a "defect."  In fact,
 the approach remains valid, and the mixer I proposed remains the
 *best* solution so far for the most interesting applications.

>I doubt you would have been flamed if
>you'd said "Hey, here's an idea everyone ... what do people think?  Is
>it new?  Is it secure?"

 Apparently Crowley likes the fawning, whining approach.

 I don't.

 Of course, those who have actually been reading the material
 are already aware that the article is not about being "secure."
 It is about a new--or at least not well known--tool which
 might be useful in block cipher design.  That tool works and
 is almost certainly *better* than the proposed alternative (which
 had the advantage of "20-20 hindsight"), in the given application.
 Various examples of possible application were included.

 The mechanism almost certainly is not "new" in the sense of never
 being thought of before.  It might be "new" in the sense of never
 being thought worth publishing before.  (Before, that is, some
 interesting cryptographic applications were proposed.)  But it
 almost certainly *was* "new" to many readers.  At the very least
 it was a different way of seeing block structures.

>In the way you format your articles, you give yourself airs.

 The way I format my articles shows that I've spent more than
 five minutes on the project.  It organizes the thoughts.  It also
 provides references to, and indication of, the sources I had.
 That is Science.  I recommend it.

 Terry Ritter