Are current predominant cryptographic functions the most optimal?

Ryan Carboni ryacko at gmail.com
Mon Apr 10 15:53:43 PDT 2017


The AES round function for instance is not the most optimal, just altering
add round key (Transposition of AES Key Schedule) can significantly improve
security. While cryptanalyzing one cipher is hard enough, cryptoanalyzing
any minor change in construction would be very difficult. Times have
changed since the only good cipher was DES, and cryptographers were
examining alternative DES constructions such as Ladder-DES proposed on
sci.crypt. It was a good thing that the Threefish team had to justify their
design decisions since it was very hard to prove security for an ARX cipher.

It still becomes an open question as to whether current knowledge is being
applied most optimally.

Just how much additional security does a tweakable block cipher provide?
Would Madryga even be secure under a tweak construction?

Would a CBC-MAC be immune to Simon’s algorithm if it was truncated?

Wouldn't for wide block encryption, instead of Bear and Lion, be better to
just use an envelope MAC over the plaintext and use half of the MAC output
as the encryption key and the other half as the MAC? Actually ZFS does
something similar.... A search for "zfs" on iacr doesn't reveal anything.

Could the Simon cipher use a stronger 3 to 1 function? Reuse the same
function for the key schedule?

Just how many NSA key schedules did Bruce Schneier see? Should be about
four. He's impressed with all four of them. Impressive.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1604 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170410/8ea5cf03/attachment.txt>


More information about the cypherpunks mailing list