Path: illuminati.io.com!uunet!news.mathworks.com!hookup!uwm.edu!cs.utexas.edu!
+     swrinde!pipex!sunsite.doc.ic.ac.uk!lyra.csx.cam.ac.uk!news
From: Andrew Haley 
Newsgroups: sci.crypt.research

Subject: SAFER K-64
Date: 30 Nov 1994 14:35:29 GMT
Organization: None
Lines: 17
Approved: crypt@cs.aukuni.ac.nz
Message-ID: <3bi2jh$drk@lyra.csx.cam.ac.uk>
NNTP-Posting-Host: enigma.cl.cam.ac.uk

In _Fast Software Encryption_, James Massey proposes a block cipher
which uses FFT-like permutations combined with 8 -> 8-bit S-boxes derived
from the function n -> (45^n mod 257).
 
The idea of using the FFT-like permutations for rapid diffusion is
rather nice, but the choice of the S-box is a bit of an enigma.
Granted, this function is highly nonlinear with respect to 8 bit XOR,
but wouldn't a "near-bent" function without the unfortunate properties
of this S-box be a better choice?  For example, S(i+j) = S(i)*S(j).
 
Is there any really strong reason for the chice of this function?
 
Andrew.
 
Ref: SAFER K-64, A Byte-Oriented Block Ciphering Algorithm, pp 1-17 in
Fast Software Encryption, ed. Ross Anderson, Springer-Verlag 1994.