On Tue, Sep 23, 2014 at 2:47 AM, Ryan Carboni <rya...@gmail.com> wrote: > Just found about Even-Mansour scheme. Simplest possible cryptosystem, > xor-permute-xor, and for a single round it is roughly as secure as half the > block size, while two rounds have brute force security. If one only desires > confidentiality against attacks faster then brute force, can't one generate > subkeys using RC4, and use a two round substitution-permutation block cipher > with key-dependent permutations and substitutions? Would only be useful for > communication or storage, not hashing. > > Would be faster than AES, but AES needs to be secure against even > distinguishing attacks while consumer crypto doesn't need as much security.
For one application, see: https://aezoo.compute.dtu.dk/doku.php?id=enchilada _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography