Ben.Goren@asu.edu wrote: | However, as Bruce Schneier points out (p. 242), *variable* S-boxes make | | differential cryptanalysis impossilbe, as such an adaptive plaintext attack | | relies on knowledge of the composition of the S-boxes. If the boxes and | | their contents change with both keys used and plaintext--probably with the | | help of a strong RNG--then the only way such an attack could work would be | | by first figuring out what causes the changes in the S-boxes; in that case, | | the attack is probably already finished, by other means. Perhaps, even, the | | S-boxes could change with so many chunks of text--again, variable, of | | course. | You should take a look at Michael Paul Johnson's Diamond Encryption Algorithm. It uses variable S-boxes as you describe. Source code and documentation is availiable on ftp csn.org. /pub/mpj/...