Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Tue, 22 Dec 1998 18:24:43 +0100
In order to cope with the 56-bit key length restriction, I have
recently released a 56-bit data encryption algorithm, WEAK3-EX, based
on prior work on my WEAK series of software which has as its original
basic design paradigm 'security through variability', including, in
particular, variable (unlimited) key length which unfortunately
conflicts with the current restriction. WEAK3-EX, by design, works only
with fixed key length of 56 bits. In order to somehow compensate for
the high reduction in strength due to the key length limitation I have
made use of a new, paradox sounding, paradigm, namely 'security through
inefficiency'. On the assumption that brute force is the only viable
attack, which could be easily ensured in my type of algorithms through
using a sufficiently high number of rounds (this being a user chosen
configuration variable), it is easy to show that by suitably setting a
scaling factor for the initialization time of the algorithm (see my
paper on WEAK3-EX for the mechanism connected with the scaling factor)
the average time required for brute forcing by the analyst can attain
any practically infeasible bounds.
There is, however, unfortunately one fairly unfavourable aspect of
WEAK3-EX: Its programming is a non-trivial task (mainly because of the
part implementing my compound PRNG) and hence the algorithm is very
unlikely to meet the requirements of a poorman's environment, namely
when (despite the fact that export of 56-bit hardware/software to his
(crypto-)technically underdeveloped country is legal) for one reason
or another no encryption hardware/software is available for use and he
has to quickly write an encryption program himself for confidential
communication with his partners. WEAK2-EX, a 56-bit stream encoding
scheme with fairly simple programming logic and small code volume, has
therefore been specifically developed to satisfy this need.
Globally speaking, WEAK2-EX is WEAK3-EX minus all its block encoding
features and minus my compound PRNG. What remains is in fact not very
much and consists basically of a standard PRNG (comprising of two
internal PRNGs each accepting a 28-bit seed) that is used to deliver
pseudo-random bit sequences to perform additon mod 2^32 operations
(we use this instead of the more common XOR) on groups of 20 input
words in a (user-selectable variable) number of rounds.
The same mechanism of scaling factor as used in WEAK3-EX is applicable
in WEAK2-EX. However, since there is no longer my compound PRNG, the
scaling factor now affects the record processing time instead of the
initialization time of the algorithm. This means that, while with
WEAK3-EX the user can pay once the price of the high initialization
time without slowing down the proper processing of the records, the
scaling factor in WEAK2-EX actually slows down the processing of these,
so that its function is less favorable if there are a large number of
records to be processed. Fortunately, however, it could be assumed that
precisely in a poorman's environment it is unlikely that messages are
voluminous and that furthermore longer processing time can usually be
tolerated in view of the likely prevailing exceptional severity of
one's needs in matters of communication.
Another scaling factor of processing time that one can employ in
WEAK2-EX is the number of rounds. (In WEAK2-EX stream encoding is
repeatedly applied to groups of twenty 32-bit words as many times as the
user specifies, up to an implementation defined limit). This feature is
of course also available in WEAK3-EX but plays there only a minor role
since it is less efficient (in time) compared to the scaling factor for
initialization time. The number of rounds is directly proportional to
the record processing time and hence can be used to influence the
encryption process in our present case just as well as using the
aforementioned scaling factor. In other words, the user of WEAK2-EX
can judiciously choose an arbitrary combination of the two said
scaling factors to achieve his goal of defeating brute forcing attempts
of the analyst.
An implementation in Fortran 90 and a binary executable file for PC can
be downloaded via my main Web page.
I wish to thank TPS for suggesting this work and examining the program
code.
Construtive critiques, comments and suggestions for improvements are
sincerely solicited.
M. K. Shen
------------------------------------------------------
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany
+49 (89) 831939 (6:00 GMT)
mok-kong.shen@stud.uni-muenchen.de
http://www.stud.uni-muenchen.de/~mok-kong.shen/
(Last updated: 22nd December 1998. Origin site of
WEAK2-EX -- A Poorman's 56-bit Data Encryption Algorithm. (22 Dec 98)
WEAK3-EX -- A Layman's 56-bit Data Encryption Algorithm. (22 Dec 98)
Containing 2 mathematical problems with rewards totalling US$500.)
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:38