Cryptanalysis of S-1

hallam at w3.org hallam at w3.org
Fri Aug 25 13:20:47 PDT 1995



OK lets turn this on its head, I think we now have a good idea of how to build a 
cipher in clean room conditions such that nobody is aware of the full details of 
the algorithm.

Team 1: Develop an encryption network, implement as hardware

Team 2: Test various combinations of keyspace.features without being exposed to
	inner workings of the cipher.

Develop your Clipper chip this way and nobody can reveal the source. Fun huh?


I think we are about to see a cascade of Skipjack hoaxes regardless of the 
provenance of the original. Now people have the idea the clueless newbies will 
try.

I'm suprised nobody has tried before, I thought of constructing a Skipjack hoax 
based on DES but with larger S boxes. S1 could be made to run very fast, a 
straight through pipeline would be very nice in hardware. Anyone care to suggest 
how a secure cipher might be based on it (ie appart form the clearly bogus key 
schedule)?

I think a score sheet is in order, marks out of 5 for what? Distribution, 
technical ingenuity, credibility, annoying Dorothy, hardware suitability, 
software suitability... ?

Perhaps the NSA might volunteer to serve the page with the cumulative judgments.

		Phill






More information about the cypherpunks-legacy mailing list