Preview of New Block Cipher 232
flaws writes "Secure Science Corp. is offering a preview of one of the 3 ciphers they will be publishing througout the year. The CS2-128 cipher is a 128-bit block cipher with a 128 bit key. This cipher is proposed as a hardware alternative to AES, being that it is more efficient in hardware, simpler to implement, and comparably secure to AES-128.
The preview of the CS2-128 cipher proposed is in html form and will be available in a published format at the end of April. At this time, requests are made for casual peer review and implementation. Secure Science will be offering a challenge at the end of April, introducing the cipher to the public. This ciphers implementation and usage will be offered in multiple hardware devices, such as wireless routers, cell-phones, and storage management hardware."
"provably just as secure as AES-128"? Bah. (Score:5, Informative)
Re:Worse than previewing non-existant products... (Score:3, Informative)
Re:Go with what is widely used (Score:1, Informative)
Re:Maybe there's something I'm not getting here, (Score:1, Informative)
Re:Hardware based? (Score:2, Informative)
Software based standards are not practical for large scale deployment, the time to encrypt can often become a serious bottleneck. It's a major reason why public key cryptography, implemented in software, is frequently used only for the initial key exchange for a hardware based cryptographic scheme like DES or AES.
-ShadowRanger
Re:Well....maybe (Score:5, Informative)
Re:Hardware acceleration (Score:3, Informative)
Re:Snake Oil? (Score:5, Informative)
Re:PGP: A Dangerous Program for a Dangerous Time (Score:3, Informative)
Re:"provably just as secure as AES-128"? Bah. (Score:1, Informative)
Also the fact the round function is complete (say unlike AES) "integration style" attacks are not applicable.
Keep in mind this is based on the research of the CS-Cipher (Vaudenay) and this [iacr.org].
Re:PGP: A Dangerous Program for a Dangerous Time (Score:0, Informative)
Re:Snake-oil... (Score:3, Informative)
Re:Go with what is widely used (Score:3, Informative)
The attack on it finds two messages that hash to the same value. (Strong collision resistance) The attack does not work when trying to find a message the matches a specified hash value. (Weak collision resistance).
I don't think the attack on SHA-1 gives anyone a warm fuzzy feeling. But the current attack isn't a huge attack and it still is largely impractical. Additionally there are three other algorithms defined in FIPS PUB 180, SHA-256, SHA-384 and SHA-512. (-512 and -384 are the same algorithm, except 384 just truncates the answer from the -512 algorithm.)
I'm not aware of any attacks on the DSA algorithm. I believe there were some attacks particular implementations of the pseudo-random number generator. In addition FIPS 186 defines two other algorithms for digital signatures, RSA and ECDSA. I don't believe there are any known practical attacks on either RSA or the Elliptic Curve DSA.
Compared to... (Score:2, Informative)
Company link:
http://www.whitenoiselabs.com/
Cryptographic analysis link:
http://www.whitenoiselabs.com/papers/Wagne
Performance anaylysis link:
http://www.whitenoiselabs.com/papers/UVIC%
So whitenoise encryption offers a cheaper solution that is mathematically stronger, and computationally order log n complexity where n is filesize (therefore faster too)
and please tell me why anyone in their right mind would still bother using this shoddy, expensive, slow method for cell phone encryption?
Re:Snake Oil? (Score:3, Informative)
Domain Name: SECURESCIENCE.NET
Registered through: GoDaddy.com
Created on: 24-Oct-03
A quick search through the sci.crypt archives suggests that they employ at least one cryptographer who ought to be qualified to tell if it's clearly clearly.
But my own inexperienced mind tells me that a 4x4 sbox seems awfully small, and that they've put an awful lot of effort into making it efficient in hardware requiring a minimal number of gates. It's not hard to just make a secure cipher, but it is extremely difficult to make one that's fast and simple while still being secure. IANAC (I am not a cryptoanalyst) though, so only time will tell.
A patent search for "Secure Science Corporation" does not return any results.
Re:PGP: A Dangerous Program for a Dangerous Time (Score:2, Informative)
and realized it was meant to be funny. I hope.
Re:Review Expertise. (Score:3, Informative)
Re:I wonder... (Score:3, Informative)
Re:I stand corrected! (Score:2, Informative)
Re:Review Expertise. (Score:3, Informative)
Not in my book or anyone else's. It is a block cipher with a key size and a block size of 128 bits, but it is designed to be used in chaining mode which a one time pad ain't.
Now I'm assuming this isnt a one time pad so I'm also assuming the same key will be used many times considering it may act as a wireless key similar to WEP keys right now.
The problem with WEP was not the reuse of the key, it was the modification of RC4 so that it did not discard the initial bits from the PRG. These were known to be weak when RC4 was designed.
The secure science people are not well known on slashdot but in the field they are very well known and they have a pretty high reputation for their work on anti-phishing. Now that does not mean that I would put them in the same class as Rivest, Biham and Shamir when it comes to cipher design.
There is an argument to be made that it is better to use a block cipher with a possibly inadequate number of rounds than risk using a stream cipher. Block ciphers are much better understood and their failure modes are much less likely to be catastrophic. A poor 128 bit block cipher is likely to result in an effective cipher strength of maybe 80 bits. A poor stream cipher can collapse to an effective cipher strength of 16 bits or less, particularly if it is not used properly.
So this is a bit like if Schneier or Kocher came up with a cipher, they are not a Rogaway or a Rivest but they are not exactly flakes peddling snake oil. I suspect that their work will receive significant attention.
Re:I wonder... (Score:2, Informative)
Re:Compared to... (Score:2, Informative)
Look here: http://eprint.iacr.org/2003/250 [iacr.org]
tsk...tsk...tsk..
Crypto Law Public Domain vs. Copyright P.D. (Score:3, Informative)
Re:I stand corrected! (Score:3, Informative)
Though there is good work that has been done on CS, most of it appears to be done by the creators of it. Finally, from the article:
As of yet no full cryptanalysis of the CS-Cipher is known to exist.
Re:Review Expertise. (Score:3, Informative)