1995-08-25 - Re: Cryptanalysis of S-1

Header Data

From: hallam@w3.org
To: dawagner@tucson.princeton.edu (David A. Wagner)
Message Hash: 4eb5fa508b7985d3c5c2c0ac0d386156a6a88a3d3455fc1088be0647988dc769
Message ID: <9508252019.AA25288@zorch.w3.org>
Reply To: <41l6u3$852@cnn.Princeton.EDU>
UTC Datetime: 1995-08-25 20:20:47 UTC
Raw Date: Fri, 25 Aug 95 13:20:47 PDT

Raw message

From: hallam@w3.org
Date: Fri, 25 Aug 95 13:20:47 PDT
To: dawagner@tucson.princeton.edu (David A. Wagner)
Subject: Re: Cryptanalysis of S-1
In-Reply-To: <41l6u3$852@cnn.Princeton.EDU>
Message-ID: <9508252019.AA25288@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain

OK lets turn this on its head, I think we now have a good idea of how to build a 
cipher in clean room conditions such that nobody is aware of the full details of 
the algorithm.

Team 1: Develop an encryption network, implement as hardware

Team 2: Test various combinations of keyspace.features without being exposed to
	inner workings of the cipher.

Develop your Clipper chip this way and nobody can reveal the source. Fun huh?

I think we are about to see a cascade of Skipjack hoaxes regardless of the 
provenance of the original. Now people have the idea the clueless newbies will 

I'm suprised nobody has tried before, I thought of constructing a Skipjack hoax 
based on DES but with larger S boxes. S1 could be made to run very fast, a 
straight through pipeline would be very nice in hardware. Anyone care to suggest 
how a secure cipher might be based on it (ie appart form the clearly bogus key 

I think a score sheet is in order, marks out of 5 for what? Distribution, 
technical ingenuity, credibility, annoying Dorothy, hardware suitability, 
software suitability... ?

Perhaps the NSA might volunteer to serve the page with the cumulative judgments.