Shai wrote:
> The plaintext is randomized, but this still leaves malleability
> issues as described (for example) in the annex of the standard.
Just so I am clear: by standard to you mean "the draft text for
the P1619 standards proposal" or do you mean some other adopted
standard? If you mean some other standard, which one?
> Discussing when these issues pose real problems and what can be
> done to counter such problems would be valuable (both to the group
> and potentially to your customers). Claiming that the plaintext.
> is not randomized is just a false statement which is not valuable.
> to anyone.
If I understand the point at issue here, the question involves
changing a bit in the ciphertext, decrypting and comparing the
result to the original plaintext. Correct me if I am wrong.
If I am wrong then please pardon the rest of this message:
I would not use the word "randomized" without having first tested
such a claim.
The decrypted plaintext would be scrambled certainly, but in a
completely deterministic fashion. One might be able to claim that
the change is a pseudo-random transform of some unknown quality.
I would be happy to perform the detailed statistical analysis
of, say 10^9 bits produced by:
xor( plaintext_block,
decrypt( xor( 1<<x, encrypt( plaintext_block )))
)
where: plaintext_block is a single cipher block filled with
data from a cryptographically sound random number
generator
where: 0 <= x < bits_in_the_cipher_block, also selected
by a cryptographically sound random number generator
NOTE: Or something similar to the above (suggestions welcome).
applying some 179,000 tests of 15 different types of tests of the
billion bit test based on the NIST 800-22 test suite:
http://www.lavarnd.org/what/billion_bit.html
It would take a few days. I would be happy to do such a test and
share the results if there was of interest. We would need to
specify the block encryption algorithm and how the keys should be
selected (say by a cryptographically sound random number generator?).
chongo (Landon Curt Noll) /\oo/\
