Are current predominant cryptographic functions the most optimal?
The AES round function for instance is not the most optimal, just altering add round key (Transposition of AES Key Schedule) can significantly improve security. While cryptanalyzing one cipher is hard enough, cryptoanalyzing any minor change in construction would be very difficult. Times have changed since the only good cipher was DES, and cryptographers were examining alternative DES constructions such as Ladder-DES proposed on sci.crypt. It was a good thing that the Threefish team had to justify their design decisions since it was very hard to prove security for an ARX cipher. It still becomes an open question as to whether current knowledge is being applied most optimally. Just how much additional security does a tweakable block cipher provide? Would Madryga even be secure under a tweak construction? Would a CBC-MAC be immune to Simon’s algorithm if it was truncated? Wouldn't for wide block encryption, instead of Bear and Lion, be better to just use an envelope MAC over the plaintext and use half of the MAC output as the encryption key and the other half as the MAC? Actually ZFS does something similar.... A search for "zfs" on iacr doesn't reveal anything. Could the Simon cipher use a stronger 3 to 1 function? Reuse the same function for the key schedule? Just how many NSA key schedules did Bruce Schneier see? Should be about four. He's impressed with all four of them. Impressive.
participants (1)
-
Ryan Carboni