Bruce Schneier (schneier@counterpane.com)
Sat, 18 Jul 1998 00:06:52 -0400
At 08:02 PM 7/17/98 -0600, Michael Paul Johnson wrote:
>At 09:26 PM 7/16/98 -0500, Bruce Schneier wrote:
>>>I belive newness to be neither an advantage or disadvantage. Analysis is
>an advantage. Analysis often comes with age. IDEA, for example, is well
>analyzed. Diamond, as far as I know, has not received any serious
>analysis. (Nothing personal, mind you. I haven't looked at it primarily
>because an analysis would not be accepted at any conference. If the design
>gets published somewhere, that would be different.)<<
>
>Feel free to publish it. :-) Come to think of it, you already have... in
>the Applied Cryptography disk set.
That's not publication. I mean a paper in an academic conference. There is
no way in the world a committee will accept a cryptanalysis paper on an
algorithm that is not published. Given that, it makes much more sense for
me to attempt to cryptanalyze published algorithms and not unpublished ones.
If you want Diamond cryptanalyzed, get the algorithm published.
>My current documentation of the design
>could use some sprucing up and additions, admittedly, but I've been
>exceedingly busy with other things besides cryptographic publication.
>Anyway, the fact that it is immune to every kind of attack I'm aware of is
>comforting to me. Indeed, the only credible attacks I've seen are on
>reduced round versions (i. e. 3 or fewer).
>
>Analysis is indeed an advantage. Of course, not having a cipher be heavily
>used or highly political is a slight advantage, too.
Disagree.
>DES is DEAD. Long live
>AES and all the worthy contestants. Anyway, Diamond2 has had some analysis
>by several people, a few of which I respect as cryptanalysts (a couple of
>which are highly qualified). None of this has been published, though, in
>traditional forums. Diamond2 is really the fourth generation (I count
>funny) of the same design concept, though, based on the same initial idea,
>and incorporates some feedback from others. Now is a bad time to try to
>attract much more analysis, though, because Diamond 2 isn't officially in
>the running for AES (although it could have been if I put the time into
>writing it up and porting it to Java, etc.), and there is where much of the
>energy is going.
Pity. I think you should have put it up as a candidate. I found that the AES
submission process tought me more about block cipher design than anything
else I did.
>Here is the pedigree of Diamond:
>MPJ block cipher -> invented as part of my Master's Thesis. Fixed key
>length of 128 bits, 10 rounds (double rounds if comparing to DES), block
>size 128 bits. No problems with the algorithm found, except that the key
>was fixed length.
I use the term "cycles" to compare ciphers with different definitions of round.
>MPJ2 block cipher -> replaced key expansion with faster CRC stream
>generator and made keys variable length. Problem: key XYZ was the same as
>key XYZXYZ. This variant had a very short "life" before being revised.
>Diamond -> Fixed problem with keys that are repetitions of shorter keys
>being equivalent. Kept fast key expansion basically intact, though.
>Diamond2 -> Went back to key expansion that is substitution array dependent
>to avoid one in more than 2^32 keys resulting in all substitution arrays
>being identical, and allowed for more rounds. Also defined a subset called
>Diamond Lite that used only 64 bit blocks. Defined extensions for more
>rounds, if desired. There are faster algorithms -- especially for key
>generation -- in the same class, but I consider slow key setup to be an
>anti-cracking feature. I'd hate to have to build a good brute force engine
>for Diamond2. Even if you restricted the key size to 56 bits, it would
>likely cost an order of magnitude more than a DES cracker. (Who in their
>right mind would restrict key size to less than 128 bits, unless coding
>under the influence of drugs, alcohol, or bad laws, anyway?)
>
>Enough tooting of my own horn. If you are even mildly curious about Diamond
>2, check out the published design of Diamond 2 at
>ftp://ftp.ebible.org/pub/public/diamond2.pdf
Honestly, there are just so many cryptanalysis hours in a day, and there are
fourteen other AES submissions that deperately need to be broken.
Good luck.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:36 ADT