1995-09-01 - Re: Cryptanalysis of S-1

Header Data

From: “David A. Wagner” <dawagner@phoenix.Princeton.EDU>
To: Ted_Anderson@transarc.com
Message Hash: 91ab1919dd16c1589ea7130690ef91d2ab2537a0f51e3ef6fe69195286539b91
Message ID: <9509012308.AA17004@tucson.Princeton.EDU>
Reply To: <skEmR=X0BwwMM0o3Im@transarc.com>
UTC Datetime: 1995-09-01 23:10:20 UTC
Raw Date: Fri, 1 Sep 95 16:10:20 PDT

Raw message

From: "David A. Wagner" <dawagner@phoenix.Princeton.EDU>
Date: Fri, 1 Sep 95 16:10:20 PDT
To: Ted_Anderson@transarc.com
Subject: Re: Cryptanalysis of S-1
In-Reply-To: <skEmR=X0BwwMM0o3Im@transarc.com>
Message-ID: <9509012308.AA17004@tucson.Princeton.EDU>
MIME-Version: 1.0
Content-Type: text/plain

Ted_Anderson@transarc.com writes:
> Further we have a concrete design principle: the per-round sub-keys
> should not repeat.

Right.  In fact, this design principle has been known for a long time:
the earliest reference I know of is

        author = {Edna K. Grossman and Bryant Tuckerman},
        title = {Analysis of a Weakened {Feistel}-like Cipher},
        booktitle = {1978 International Conference on Communications},
        pages = {46.3.1--46.3.5},
        publisher = {Alger Press Limited},
        year = {1978},
        annote = {Feistel ciphers with identical subkeys in each round
                        are very weak}

David Wagner                                             dawagner@princeton.edu