Michael Paul Johnson (mpj@ebible.org)
Fri, 17 Jul 1998 20:02:26 -0600
At 09:26 PM 7/16/98 -0500, Bruce Schneier wrote:
>>I belive newness to be neither an advantage or disadvantage. Analysis is
an advantage. Analysis often comes with age. IDEA, for example, is well
analyzed. Diamond, as far as I know, has not received any serious
analysis. (Nothing personal, mind you. I haven't looked at it primarily
because an analysis would not be accepted at any conference. If the design
gets published somewhere, that would be different.)<<
Feel free to publish it. :-) Come to think of it, you already have... in
the Applied Cryptography disk set. My current documentation of the design
could use some sprucing up and additions, admittedly, but I've been
exceedingly busy with other things besides cryptographic publication.
Anyway, the fact that it is immune to every kind of attack I'm aware of is
comforting to me. Indeed, the only credible attacks I've seen are on
reduced round versions (i. e. 3 or fewer).
Analysis is indeed an advantage. Of course, not having a cipher be heavily
used or highly political is a slight advantage, too. DES is DEAD. Long live
AES and all the worthy contestants. Anyway, Diamond2 has had some analysis
by several people, a few of which I respect as cryptanalysts (a couple of
which are highly qualified). None of this has been published, though, in
traditional forums. Diamond2 is really the fourth generation (I count
funny) of the same design concept, though, based on the same initial idea,
and incorporates some feedback from others. Now is a bad time to try to
attract much more analysis, though, because Diamond 2 isn't officially in
the running for AES (although it could have been if I put the time into
writing it up and porting it to Java, etc.), and there is where much of the
energy is going.
Here is the pedigree of Diamond:
MPJ block cipher -> invented as part of my Master's Thesis. Fixed key
length of 128 bits, 10 rounds (double rounds if comparing to DES), block
size 128 bits. No problems with the algorithm found, except that the key
was fixed length.
MPJ2 block cipher -> replaced key expansion with faster CRC stream
generator and made keys variable length. Problem: key XYZ was the same as
key XYZXYZ. This variant had a very short "life" before being revised.
Diamond -> Fixed problem with keys that are repetitions of shorter keys
being equivalent. Kept fast key expansion basically intact, though.
Diamond2 -> Went back to key expansion that is substitution array dependent
to avoid one in more than 2^32 keys resulting in all substitution arrays
being identical, and allowed for more rounds. Also defined a subset called
Diamond Lite that used only 64 bit blocks. Defined extensions for more
rounds, if desired. There are faster algorithms -- especially for key
generation -- in the same class, but I consider slow key setup to be an
anti-cracking feature. I'd hate to have to build a good brute force engine
for Diamond2. Even if you restricted the key size to 56 bits, it would
likely cost an order of magnitude more than a DES cracker. (Who in their
right mind would restrict key size to less than 128 bits, unless coding
under the influence of drugs, alcohol, or bad laws, anyway?)
Enough tooting of my own horn. If you are even mildly curious about Diamond
2, check out the published design of Diamond 2 at
ftp://ftp.ebible.org/pub/public/diamond2.pdf
A reference implementation is available at
http://www.alcrypto.co.uk/cryptocd/source/programs/dlock/2_0/ (individual
files) or http://cryptography.org/cgi-bin/crypto.cgi/mpj/dlock2.zip (one
.zip file for shorter download time).
_______
Michael Paul Johnson
mpj@ebible.org http://ebible.org http://cryptography.org
PO BOX 1151, Longmont CO 80502-1151, USA Jesus Christ is Lord!
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:35 ADT