Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:37
Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Mon, 07 Dec 1998 12:43:32 +0100
In Bruce Schneier's book on p.289 it is stated:
Differential analysis works against DES and other similar
algorithms with constant S-boxes. The attack is heavily
dependent on the structure of the S-boxes.
On the otherhand it is known (see www.counterpane.com) that
V. Rijmen did a differential analysis of Blowfish whose S-boxes
are non-constant. Would someone please explain this apparent paradox?
My (pure) conjecture is that Rijmen's success could be an indication
of the fact that although Blowfish's S-boxes are non-constant they
are very far from the case if they were obtained randomly without
constraints and therefore the space of the possible S-boxes is
rather limited. In other words there is something quasi-'constant'
that an analyst could use to his profit. Should this be indeed the
case, then it would be conceivable that loosening some appropriate
constraints could eventually improve the strength of Blowfish
(i.e. the design is not optimal).
I should also appreciate to be able to see a very brief sketch of
the technique of Rijmen and an explanation why that can't be extended
to work against Blowfish with more than 4 (a fixed number!!)
rounds as claimed in the Web page cited above.
M. K. Shen
------------------------------------------------------
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Last updated:
10th October 1998. Origin site of WEAK1, WEAK2, WEAK3 and WEAK3-E.)
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:37