Preview of New Block Cipher 232
flaws writes "Secure Science Corp. is offering a preview of one of the 3 ciphers they will be publishing througout the year. The CS2-128 cipher is a 128-bit block cipher with a 128 bit key. This cipher is proposed as a hardware alternative to AES, being that it is more efficient in hardware, simpler to implement, and comparably secure to AES-128.
The preview of the CS2-128 cipher proposed is in html form and will be available in a published format at the end of April. At this time, requests are made for casual peer review and implementation. Secure Science will be offering a challenge at the end of April, introducing the cipher to the public. This ciphers implementation and usage will be offered in multiple hardware devices, such as wireless routers, cell-phones, and storage management hardware."
Re:Snake-oil... (Score:2, Interesting)
I wonder... (Score:3, Interesting)
...how badly patent-encumbered these ciphers are going to end up being?
Re:Well....maybe (Score:1, Interesting)
You can prove that an algorithm is immune to DC by proving that the number of plaintext/ciphertext pairs needed is greater than the number of possible plaintexts and ciphertexts. Immunity to LC can also be proven. Cryptography prior to DES was largely unmathematical juju. Cryptography today is a thing of math and science. The techniques for breaking an algorithm are known mathematical formulas, and these can be designed against.
So, why would you use a cipher that doesn't do this?
Comment removed (Score:3, Interesting)
Re:does this mean (Score:2, Interesting)
Re:Snake-oil... (Score:3, Interesting)
Re:Ugh (Score:3, Interesting)
1) You don't have a one-to-one mapping of inputs to outputs, which makes this more like the compression function of a hash function, but will certainly be weaker than optimal for the intended purpose (we could then talk about how much weaker, but at the very least we no longer have a pseudo-random permutation, and it's not even a proper pseudo-random function, which means none of our traditional block cipher proofs will hold as is).
2) The one-to-one mapping exists, but there's a hard problem making it difficult to invert, in which case you have invented a public key cryptosystem (highly unlikely)
or
3) The inversion is possible and not computationally hard, the designer just wasn't clueful enough.
There's also the possibility that the poster wasn't the designer, wasn't correct, and it is a plain ol' invertible block cipher.
Re:Go with what is widely used (Score:5, Interesting)
Whenever a 40 bit cipher turns up the most likely reason is the export restrictions. When TI was doing its work they could not stick to the standard.
Plus 3DES is not exactly a great cipher, the small block size means that certain attacks become possible after 2^32 blocks of ciphertext, that is only 32 Gb of data which is not a lot of data.
The TI problem was due to using the same cipher for 15 years without periodic security reviews.
Re:Go with what is widely used (Score:3, Interesting)