Newsgroups: sci.crypt Path: cactus.org!ritter From: ritter@cactus.org (Terry Ritter) Subject: Re: Block Mixing Transformations Message-ID: <1994Mar16.222218.29957@cactus.org> Keywords: DES replacement, Large blocks Organization: Capital Area Central Texas UNIX Society, Austin, Tx References: <1994Mar13.051515.27175@cactus.org>Date: Wed, 16 Mar 1994 22:22:18 GMT In pdc@dcs.ed.ac.uk (Paul Crowley) writes: >> >> And, sci.crypt is not a refereed publication. I do not expect >> to treat it like one. > >I'm with Colin on this one. Since sci.crypt isn't a refereed >publication, don't try to make your articles look like "reports" when >they have such clear defects. I'm with me on this one. Since sci.crypt isn't a refereed publication, I'll format my reports however I like. But since this is apparently the sole remaining issue of disagreement, my thanks to Crowley for conceding that: 1) Reversible, non-expanding block mixing is a reasonable cryptographic tool, one well worth bringing to the attention of the group. 2) Fast, weak mixing may be more important in actual use than slow comprehensive mixing. 3) The attempt to separate "strength" from "mixing" demands consideration from everyone who pursues the goal of proving ciphers strong. As for "clear defects," it certainly is true that I over-estimated the "strength" of the mixing structure. But consider this quote from the article: ". . . it is not at all clear that 'stronger' is what we need in a mixing transform. Presumably, 'strength' can be provided more efficiently by some other function, like DES, or a substitution table. Thus, we may really want a modest-strength extremely-fast mixing solution . . . ." Since the point of the article was not to produce a strong mixer, it is not "clear" to me that not doing so is a "defect." In fact, the approach remains valid, and the mixer I proposed remains the *best* solution so far for the most interesting applications. >I doubt you would have been flamed if >you'd said "Hey, here's an idea everyone ... what do people think? Is >it new? Is it secure?" Apparently Crowley likes the fawning, whining approach. I don't. Of course, those who have actually been reading the material are already aware that the article is not about being "secure." It is about a new--or at least not well known--tool which might be useful in block cipher design. That tool works and is almost certainly *better* than the proposed alternative (which had the advantage of "20-20 hindsight"), in the given application. Various examples of possible application were included. The mechanism almost certainly is not "new" in the sense of never being thought of before. It might be "new" in the sense of never being thought worth publishing before. (Before, that is, some interesting cryptographic applications were proposed.) But it almost certainly *was* "new" to many readers. At the very least it was a different way of seeing block structures. >In the way you format your articles, you give yourself airs. The way I format my articles shows that I've spent more than five minutes on the project. It organizes the thoughts. It also provides references to, and indication of, the sources I had. That is Science. I recommend it. --- Terry Ritter ritter@io.com ritter@rtc.com