[3848] in cryptography@c2.net mail archive
Cascades ( was: On living with the 56-bit key...)
daemon@ATHENA.MIT.EDU (Michael Motyka)
Thu Dec 24 15:55:25 1998
Date: Wed, 23 Dec 1998 18:53:10 -0800
From: Michael Motyka <mmotyka@lsil.com>
Reply-To: mmotyka@lsil.com
To: jim@acm.org
Cc: cryptography@c2.net
Jim,
Since you're addressing "this thread" today, here's more. This is an
idea of mine that's somewhat related to the cascade question. It's very
simple to code; my version of a block cipher cascade.
Choose a block cipher, block 2^(m+n) bits, key K bits
Make a 2^m x 2^m data array with elements size 2^n bits
Use a different key for each of the 3 * 2^m block cipher iterations
Encrypt 2^m rows
Encrypt 2^m columns
Encrypt 2^m rows
Done
Block size = 2^(m+m+n)
Key size = 3 * 2^m * K
A real-life example -
DES 2^6 bits, m = 3, n = 3 ==> 8 x 8 array of bytes
Block size = 512 bits - perfect for disk sectors
Key size = 1344 bits - more than plenty
At the extreme you could ( especially in HW ) make n = 0.
Block size = 4096 bits
Key size = 10752 bits
3DES is the m = 0 case.
Speed should be comparable to 3DES. Roughly, anyway.
It's easy to generalize it to multiple dimensions - to what end I'm not
sure. It's also easy to think of things you might do to data as it winds
its way through, like array element rotations and row or column rotates,
shuffles or swaps. Again, unnecessary? You could repeat more times to
grow the key: -|-|-. You could do diagonals: -\|/- , instead of: -|- to
improve(?) the mixing. Yada yada yada...
Intuitively it looks like a reasonable way to expand an existing block
cipher: the block is large, the key is large and a single bit change in
the input is nicely avalanched to the output array. It looks stronger
than a simple cascade. Maybe you could even expand the expanded cipher.
Or start with a very small, more easily-studied cipher and iterate the
expansion to the desired size...
I don't know if these are relevant or if there are easy answers to these
but, what the hell.
My questions are :
Where are the problems?
How many of the key bits are unwarranted?
Are useful properties of the base cipher true of the expanded cipher?
Can an expansion be iterated with any useful results?
Regards,
Mike
