From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Sat, 3 Feb 1996 02:52:35 +0800
To: cypherpunks@toad.com
Subject: RC2 technical questions
Message-ID: <9601028232.AA823283956@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain


        In a shameless attempt to move the discussion of RC2 into
a more technical arena, here are some interesting questions to
explore about RC2.
                --Bob

Key expansion
- How can you tell whether the permutation is based on
  some sequence of digits from PI?
- What are the diffusion and avalanche properties of
  this permutation?
- What are the linear characteristics of this permutation?
- What are the properties of the compression function
  that maps 16 bits (bytes X and Y) to 8 bits (byte Z)
  via Z = P[X + Y]?
- How does the length of the key influence the mixing
  of bits during each pass of the expansion algorithm?
  - Is this a non-linear feedback shift register over
    the field GF(256)?
- If the first pass of expansion is viewed as a hash
  function that produces 40 or 128 bits out, what are
  its properties?

Round Functions
- What are the diffusion and avalanche properties of
  the two round functions?
- What are the linear approximations and how good are they?
- What characteristics can be preserved by the round
  function that performs rotations?
  - With what probability?
  - Does the amount of rotation influence the security?
- What characteristics can be preserved by the round
  function that performs the data dependent selection
  of the expanded key?
  - With what probability?
- Are there any "weak" keys?  
  - Will the expansion algorithm produce them?