From: Matthew Ghio <ghio@cmu.edu>
Date: Thu, 16 Jun 94 13:16:25 PDT
To: cypherpunks@toad.com
Subject: Re: DES w/ variable S-boxes
Message-ID: <9406162014.AA25892@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Ben.Goren@asu.edu wrote:

| However, as Bruce Schneier points out (p. 242), *variable* S-boxes make     |
| differential cryptanalysis impossilbe, as such an adaptive plaintext attack |
| relies on knowledge of the composition of the S-boxes. If the boxes and     |
| their contents change with both keys used and plaintext--probably with the  |
| help of a strong RNG--then the only way such an attack could work would be  |
| by first figuring out what causes the changes in the S-boxes; in that case, |
| the attack is probably already finished, by other means. Perhaps, even, the |
| S-boxes could change with so many chunks of text--again, variable, of       |
| course.                                                                     |

You should take a look at Michael Paul Johnson's Diamond Encryption Algorithm.
It uses variable S-boxes as you describe.  Source code and documentation is
availiable on ftp csn.org.  /pub/mpj/...