Yesterday I mentioned that I'd noticed that "S-1" has a non-uniform distribution of F (Sbox?) outputs - some values appear far more often than others. This means that some values are more likely to be XORed against the cleartext than others. Needless to say, this is a very unusual (and presumably very bad) property - in DES, for example, the Sbox outputs are completely flat. I've been avoiding real work today, so here's a breakdown of the distribution of output values for F0-F3 by value and by bit position, as well as the total for all four. (The expected numbers are 16 for the outputs by value and 128 for the outputs by bit). If I get more time, I'll try to figure out how to do a structure a differential attack (which will be a little bit tricky given the G function). I'm not sure this is worth putting much effort into, however, given that the closer I look the more hoax-like this seems. Much as I'd like to think this is a version of Skipjack, it's getting pretty hard to suspend disbelief. I might be willing to believe, however, that this is some kind of proprietary industrial cipher; perhaps the poster added the "TOP SECRET" stuff to attract additional attention to it. All in all, this is a most unusual cipher. On the surface at least, it has many elements of a really bad design. On the other hand, some of the other ideas are novel enough that I wonder why its inventors wouldn't want to be associated with them. -matt ---F0 output distribution--- F0:0 = 18 (1.12) ****************** F0:1 = 10 (0.62) ********** F0:2 = 17 (1.06) ***************** F0:3 = 15 (0.94) *************** F0:4 = 13 (0.81) ************* F0:5 = 12 (0.75) ************ F0:6 = 18 (1.12) ****************** F0:7 = 14 (0.88) ************** F0:8 = 17 (1.06) ***************** F0:9 = 18 (1.12) ****************** F0:a = 14 (0.88) ************** F0:b = 17 (1.06) ***************** F0:c = 18 (1.12) ****************** F0:d = 12 (0.75) ************ F0:e = 19 (1.19) ******************* F0:f = 24 (1.50) ************************ ---by bit--- F0:1 = 122 (0.95) *************** F0:2 = 138 (1.08) ***************** F0:4 = 130 (1.02) **************** F0:8 = 139 (1.09) ***************** ---F1 output distribution--- F1:0 = 21 (1.31) ********************* F1:1 = 13 (0.81) ************* F1:2 = 15 (0.94) *************** F1:3 = 20 (1.25) ******************** F1:4 = 22 (1.38) ********************** F1:5 = 15 (0.94) *************** F1:6 = 8 (0.50) ******** F1:7 = 22 (1.38) ********************** F1:8 = 19 (1.19) ******************* F1:9 = 18 (1.12) ****************** F1:a = 15 (0.94) *************** F1:b = 13 (0.81) ************* F1:c = 10 (0.62) ********** F1:d = 12 (0.75) ************ F1:e = 9 (0.56) ********* F1:f = 24 (1.50) ************************ ---by bit--- F1:1 = 137 (1.07) ***************** F1:2 = 126 (0.98) *************** F1:4 = 122 (0.95) *************** F1:8 = 120 (0.94) *************** ---F2 output distribution--- F2:0 = 16 (1.00) **************** F2:1 = 13 (0.81) ************* F2:2 = 16 (1.00) **************** F2:3 = 13 (0.81) ************* F2:4 = 12 (0.75) ************ F2:5 = 17 (1.06) ***************** F2:6 = 16 (1.00) **************** F2:7 = 16 (1.00) **************** F2:8 = 14 (0.88) ************** F2:9 = 22 (1.38) ********************** F2:a = 27 (1.69) *************************** F2:b = 19 (1.19) ******************* F2:c = 14 (0.88) ************** F2:d = 16 (1.00) **************** F2:e = 11 (0.69) *********** F2:f = 14 (0.88) ************** ---by bit--- F2:1 = 130 (1.02) **************** F2:2 = 132 (1.03) **************** F2:4 = 116 (0.91) ************** F2:8 = 137 (1.07) ***************** ---F3 output distribution--- F3:0 = 23 (1.44) *********************** F3:1 = 20 (1.25) ******************** F3:2 = 11 (0.69) *********** F3:3 = 23 (1.44) *********************** F3:4 = 17 (1.06) ***************** F3:5 = 15 (0.94) *************** F3:6 = 13 (0.81) ************* F3:7 = 17 (1.06) ***************** F3:8 = 15 (0.94) *************** F3:9 = 11 (0.69) *********** F3:a = 9 (0.56) ********* F3:b = 19 (1.19) ******************* F3:c = 14 (0.88) ************** F3:d = 16 (1.00) **************** F3:e = 14 (0.88) ************** F3:f = 19 (1.19) ******************* ---by bit--- F3:1 = 140 (1.09) ***************** F3:2 = 125 (0.98) *************** F3:4 = 125 (0.98) *************** F3:8 = 117 (0.91) ************** ===overall sum=== ---F* output distribution--- F:0 = 78 (1.22) ******************* F:1 = 56 (0.88) ************** F:2 = 59 (0.92) ************** F:3 = 71 (1.11) ***************** F:4 = 64 (1.00) **************** F:5 = 59 (0.92) ************** F:6 = 55 (0.86) ************* F:7 = 69 (1.08) ***************** F:8 = 65 (1.02) **************** F:9 = 69 (1.08) ***************** F:a = 65 (1.02) **************** F:b = 68 (1.06) ***************** F:c = 56 (0.88) ************** F:d = 56 (0.88) ************** F:e = 53 (0.83) ************* F:f = 81 (1.27) ******************** ---by bit--- F:1 = 529 (1.03) **************** F:2 = 521 (1.02) **************** F:4 = 493 (0.96) *************** F:8 = 513 (1.00) ****************