1996-04-09 - Re: RC4 improvement idea

Header Data

From: nyap@mailhub.garban.com (Noel Yap)
To: cypherpunks@toad.com
Message Hash: 3d92ebca62a7958629333f64d98c6fcc132ba328bf40bbf0e152fde18908b76d
Message ID: <9604082133.AA15440@mailhub.garban.com>
Reply To: N/A
UTC Datetime: 1996-04-09 02:52:45 UTC
Raw Date: Tue, 9 Apr 1996 10:52:45 +0800

Raw message

From: nyap@mailhub.garban.com (Noel Yap)
Date: Tue, 9 Apr 1996 10:52:45 +0800
To: cypherpunks@toad.com
Subject: Re: RC4 improvement idea
Message-ID: <9604082133.AA15440@mailhub.garban.com>
MIME-Version: 1.0
Content-Type: text/plain


> I got a paper from the cryptography technical report server  
> "http://www.itribe.net/CTRS/" about a weak class of RC4 keys.  The 
> report said that with some keys, it was possible to predict what some 
> parts of the State-Box would be.  I was thinking of a way to fix this, 
> and had this idea:
> 
> do some sort of hashing function with the key that derives a number 
> between 55 and 500 or something like that, then scrabmle the S-box that 
> many times.  In this way, the chances that the State-Box will have any 
> correlation becomes extremely small.  I think it is 1/125 to begin with 
> anyway, so this would make it around  1/(125*NumPasses).  And since the 
> exact number of passes is a function of the key, the cracker won't know 
> how many times it went through.   I tried this out and having 1000s of 
> passes doesn't effect the randomness of the state-box in any negative 
> way, possibly it makes it more random? If anyone has any thoughts I'd 
> love to hear them.

The S-Boxes in DES were optimized to hinder Differential Cryptanalysis.  I've seen no studies on the effectiveness of jumbling the S-Boxes during encryption -- even Biham and Shamir's book doesn't mention it -- but, I figure, if it helps, DES would probably already be doing it (unless of course the NSA thought the jumbling would make too good an algorithm).





Thread