kelsey
9af38baf3a4c963a85760bd55ade4f1becdda475c8ef0fb07988fe21f3db8b92
From: John Kelsey <jmkelsey@delphi.com>
Newsgroups: sci.crypt
Subject: The S1 cipher posted two days ago
Date: Sun, 13 Aug 95 00:49:43 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Subject: S1 cipher
1. The cipher runs an unbalanced Feistel network from 48 bits to
16 bits. However, the 16 bits that were most-recently
encrypted are basically used to provide only two bits of
choice of s-box. Also, there isn't a bit permutation here,
which would mix the outputs from different s-boxes and
dramatically improve diffusion. In a hardware implementation,
this would be free.
2. I think it will take at least three cycles (12 rounds) for
everything to get well-mixed, in the sense that every input
bit has a chance to affect every output bit. I think it will
take four or more cycles to get full statistical independence
between input and output. It might be interesting to run this
code through Crypt-X and see what drops out after three or
four cycles. If it takes four cycles (16 rounds) to get full
statistical diffusion, it makes some sense for the cipher to
use 32 rounds.
3. I think this is someone's joke. (Or maybe it's someone's way
of getting his homemade cipher looked over by other people.)
I could be completely wrong, I just have a feeling this isn't
for real. I think I or anyone else familiar with the research
in block cipher design that's widely published could (with
some work) come up with a block cipher that would be more
convincing. Of course, "more convincing" doesn't map directly
onto "more like NSA work," about which I know nothing that
hasn't been published somewhere.
4. On the other hand, I might have said the same thing about
GOST, whose operations aren't anything remarkable at all.
GOST with reasonable s-box choices is probably not too bad a
cipher with 32 rounds. I wonder if the same can be said about
this cipher.
--John Kelsey, jmkelsey@delphi.com
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMCzu7UHx57Ag8goBAQHxKgQAnaGBXn0t2UM3eTi7SHUaPqn/3dQr97KH
olO/J9gWWzchX3r25RLAgGtkL08ekBAaCykUUWfxTQs2w0AAWOuC92mndz0Ieq4k
k+ppLJjfe5H2thJBjtt6pYBZkg/vw6uetRFBGExouAyHtCjo6ZW6OZgUNfeZlhL1
jziS2E29eLc=
=PLaT
-----END PGP SIGNATURE-----