Re: Short blocksize ciphers

David Wagner (daw@CS.Berkeley.EDU)
11 Jan 1999 11:29:19 -0800

• Next message: Perry E. Metzger: "Re: On the Construction of Pseudo-OTP"
• Previous message: Ge' Weijers: "Re: Short blocksize ciphers"
• In reply to: Greg Rose: "Short blocksize ciphers"
• Next in thread: Ge' Weijers: "Re: Short blocksize ciphers"
• Reply: Ge' Weijers: "Re: Short blocksize ciphers"

In article <19990111124831.A6100@progressive-systems.com>,
Ge' Weijers <ge@Progressive-Systems.Com> wrote:
> You would not be able to use this block cipher in any standard modes,
> unless you have only a short block to encrypt. A 2-byte block cipher in
> CBC mode would show duplicate values in the output after O(sqrt(2^16))
> blocks, i.e. O(256), which is not that much. After that you have to
> change the key. A way out would be to use a pseudo-random function in
> CFB mode.

Surely you mean a pseudo-random function in counter mode?
A PRF in CBC mode will also leak information after about
256 blocks of ciphertext, due to the same effect.

• Next message: Perry E. Metzger: "Re: On the Construction of Pseudo-OTP"
• Previous message: Ge' Weijers: "Re: Short blocksize ciphers"
• In reply to: Greg Rose: "Short blocksize ciphers"
• Next in thread: Ge' Weijers: "Re: Short blocksize ciphers"
• Reply: Ge' Weijers: "Re: Short blocksize ciphers"