[math-fun] Simply recursively described secret key cryptosystem
MIke Stay: That's not RSA, that's just a strange one-time pad.
--no, it (RSA for secret key use) is a secret key cryptosystem. It is much more secure against repeated use, than a 1-time pad. I just pointed out, it is much less secure than the usual secret key systems are generally thought to be.
At this point, it seems to me this has become a discussion for sci.crypt. You'll need to post your own cryptanalysis with the design (e.g. prove it's secure against differential, linear, saturation, boomerang, and whatever number-theoretic attacks you can come up with), as well as explain why anyone should care about it.
--the recursive system I described was more a skeleton of a design, than a design. I have no idea how secure it is against those attacks. The reason anybody should care about it, is this skeleton permits the design of very simple cryptosystems. Can you be more precise about what "sci.crypt" is?
On Tue, Aug 20, 2013 at 10:04 AM, Warren D Smith <warren.wds@gmail.com> wrote:
MIke Stay: That's not RSA, that's just a strange one-time pad.
--no, it (RSA for secret key use) is a secret key cryptosystem. It is much more secure against repeated use, than a 1-time pad. I just pointed out, it is much less secure than the usual secret key systems are generally thought to be.
If M is public, then E is a one-time pad. If M is secret, then I guess you'll get a little more protection, but as you said, not much. Eugene Salamin was suggesting the use of RSA, which is OAEP plus exponentiation modulo the product of two strong primes. If you use RSA, it doesn't matter if M,E are public or not since as far as anyone knows, it's hard to break.
At this point, it seems to me this has become a discussion for sci.crypt. You'll need to post your own cryptanalysis with the design (e.g. prove it's secure against differential, linear, saturation, boomerang, and whatever number-theoretic attacks you can come up with), as well as explain why anyone should care about it.
--the recursive system I described was more a skeleton of a design, than a design. I have no idea how secure it is against those attacks. The reason anybody should care about it, is this skeleton permits the design of very simple cryptosystems.
Designing good ciphers is really hard. Simplicity is one of the major concerns of cipher designers for precisely the reasons you state; it was a major criticism of IBM's MARS proposal for AES. If you want to feel confident in a cipher, pick one that has received a lot of cryptanalytic attention over a decade or more.
Can you be more precise about what "sci.crypt" is?
It's a newsgroup for talking about cryptography. http://www.contrib.andrew.cmu.edu/~shadow/crypt.html https://groups.google.com/forum/#!forum/sci.crypt People often propose ciphers there; the typical response is, "Here are two envelopes; each contains an attack against your cipher. Pick one; come back when you've discovered the other one." -- Mike Stay - metaweta@gmail.com http://www.cs.auckland.ac.nz/~mike http://reperiendi.wordpress.com
participants (2)
-
Mike Stay -
Warren D Smith