Re: CAST (and random AES chatter)

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Bruce Schneier (schneier@counterpane.com)
Thu, 16 Jul 1998 22:39:45 -0500

Next message: Perry E. Metzger: "Re: CAST (and random AES chatter)"
Previous message: Perry E. Metzger: "Re: CAST"
In reply to: Bruce Schneier: "CAST"
Next in thread: Ian Clysdale: "RE: linux kernel loopback encryption"

At 11:37 PM 7/16/98 -0400, Perry E. Metzger wrote:
>
>Bruce Schneier writes:
>> My main complaint about MARS is that I cannot keep the entire design
>> in my head. One of the Twofish design goals was to create a cipher
>> that could be easily memorized. I find that I can imagine new
>> attacks, and carry out analysis, easier if the cipher is easy to
>> conceptualize. With MARS I am continually going back to the paper
>> to remember how something works. I am much less likely to find good
>> analyses.
>
>I do understand the complaint -- it makes some considerable sense.
>
>It certainly is a rather complex cipher. Of course, the design
>document explains the reason behind all the complexities. The
>observations about attempting to thwart early and late round attacks
>by special mechanisms seemed to warrant some of the complexity
>(although the use of whitening in other designs at least weakly
>addresses this as well.)

Whitening basically does the work of one round, at considerable less
latency cost.

>> >Coolest of the recent AES batch seemed to be RC6, but the paper also
>> >left a bit to be desired in the way of transparency in describing
>> >attacks. I liked the design methodology description, though.
>>
>> Data dependent rotations worry me,
>
>They seem to be another new trend in several designs, though,
>including MARS. Now that techniques have been pioneered to assure that
>the rotations don't only depend on the low order bits of the data
>(done in very different ways in both MARS and RC6), I think it may be
>an effective new tool (although I obviously have no proof that the
>technique isn't vulnerable.)

But in RC5 that's all you've got. In RC6 there is a little more, but not
much.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com

Next message: Perry E. Metzger: "Re: CAST (and random AES chatter)"
Previous message: Perry E. Metzger: "Re: CAST"
In reply to: Bruce Schneier: "CAST"
Next in thread: Ian Clysdale: "RE: linux kernel loopback encryption"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:31 ADT