On Wed, 7 Jun 2006 15:02:35 -0500, "Marcos el Ruptor" <[EMAIL PROTECTED]> wrote:
> > Right. But can you explain *why* you strongly believe in it? > > In the last 10 years it never failed to tell the difference between good and > bad ciphers. The only thing that makes it controversial is its ability to > detect flaws in ciphers believed to be strong simply because no attacks > against them are found yet. I shouldn't pursue this, but I will. This is still proof by blatant assertion. It isn't "controversial" because it's not even worth thinking about. You've claimed that (a) you have a powerful but secret method for analyzing ciphers, and (b) AES fails your tests. That's nice. Suppose I said that when I calculated SHA-512 of the pdf version of the AES standard mod 257 and found that it was prime (it's 5, if my script is correct), and therefore AES was insecure. You'd laugh at me, and rightly so. You say you have a method to evaluate ciphers. Without full details, no one can form their own judgment if it's valid or not. (My "proposal" clearly isn't valid.) You say you've evaluated AES and other ciphers. Without full details, we don't know if your evaluation is correct. By contrast, see the controversy over the XSL attack an AES. (The Wikipedia article, http://en.wikipedia.org/wiki/XSL_attack, is a good summary.) There are claims and counterclaims, but everything is public. Note in particular Coppersmith's claim that Courtois and Pieprzyk overcounted the number of linearly independent equations -- their basic method may or may not be correct -- Coppersmith himself says that the "method has some merit, and is worth investigating" -- but they apparently applied it incorrectly. You should also explain why you're keeping the details secret. The market for new block ciphers is tiny. No credible vendor is going to rely on a cipher evaluated by an unproven technique. (For that matter, the near-universal consensus in the open community is proprietary ciphers are generally worthless.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
