+     net!!!!!newsfeed.
From: (Terry Ritter)
Newsgroups: sci.crypt

Subject: Variable Size Block Ciphers
Date: 20 Aug 1995 18:18:12 -0500
Organization: UTexas Mail-to-News Gateway
Lines: 81
Message-ID: <>

 For some time now I have been working with some apparently new
 ciphering structures which I call "Variable Size Block Ciphers."
 As the name suggests, these constructs can be made to cipher blocks
 of essentially arbitrary size (typically in byte-size steps),
 *without* changing the number of layers or "rounds" in the cipher.
 And, while the variable size feature has some unexpected advantages,
 these ciphers are also the fastest ciphering construct that I know.

 A number of different designs have been realized and tested for
 overall diffusion in both 80-bit and 1600-bit forms.  The best
 designs appear to perform as one would expect from a random
 permutation of the indicated size.  (Worse designs don't.)

 The VSBC construction is based on a column of operations, usually
 including four different substitutions and mixing or combining
 connections to adjacent columns.  (The substitutions are shuffled
 by an RNG initialized from a Key for primary keying.  Inexpensive
 dynamic block-by-block keying is also available.)  The simplest
 effective scheme I have found looks like this:

                   input byte
  (left-adjacent       v       (right-adjacent
      column)          S0          column)
         from XOR0 -> XOR0
                       + -> to XOR0
                      XOR1 <- from XOR1
            to XOR1 <- +
                      XOR2 <- from XOR2
            to XOR2 <- +
                   output byte

 where S0..S3 are byte-wide substitution tables.  This particular
 version shares information between columns by means of
 exclusive-OR chains.  This is experimentally sufficient to make
 single-bit changes in the input value appear to select a byte at
 random from each column in the block.  There are better diagrams in
 the VSBC paper on my web page:

 These variable size block constructs are very different from the
 fixed size DES-like designs we now know, and they open up a broad
 range of opportunities:

 SPEED:  VSBC's are the fastest ciphering construct I know.
 FLEXIBILITY:  The variable-size feature is a better interface to
    other systems, especially database fields and perhaps voice
    CODECs.  The very same design can be used as a conventional
    64-bit block cipher.
 ARCHITECTURAL REGULARITY:  VSBC's are far easier to implement, and
    far more effective in the use of silicon real estate than, say,
    DES-style ciphers.
 SCALABILITY:  Small blocks, and related versions with small columns,
    can be investigated experimentally and results extrapolated to
    real ciphers.  (There is no small DES which is indisputably
    related to DES.)
 STRENGTH FLEXIBILITY:  Additional layers can be added as needed,
    without a total re-design of the cipher.
 SIZE:  A large block of plaintext generally is more unique and
    harder to attack than a small block of plaintext.
 POTENTIALLY ZERO BLOCK EXPANSION:  For messages of at least modest
    size, it may be possible to avoid having a partially-filled last

 For further details, please see my web page.
 Terry Ritter