From: Bill Stewart <stewarts@ix.netcom.com>
To: “Nobuki Nakatuji” <cypherpunks@toad.com
Message Hash: 47a02f1c10b63e6a3ccb39212ab772a375cdfb277f41c94126e21935f7a65809
Message ID: <3.0.3.32.19970906142615.0069ff20@popd.ix.netcom.com>
Reply To: <19970906073720.3185.qmail@hotmail.com>
UTC Datetime: 1997-09-06 21:38:02 UTC
Raw Date: Sun, 7 Sep 1997 05:38:02 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 7 Sep 1997 05:38:02 +0800
To: "Nobuki Nakatuji" <cypherpunks@toad.com
Subject: Re: Gao's Chaos Cryptosystem
In-Reply-To: <19970906073720.3185.qmail@hotmail.com>
Message-ID: <3.0.3.32.19970906142615.0069ff20@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 12:37 AM 9/6/97 PDT, Nobuki Nakatuji wrote:
>GCC(Gao's Chaos Cryptosystem)
>GCC uses the newest chaos logic and is conventional cryptosystem
>stream cipher encryption. It is high speed and allows variable-length keys,
>making it very reliable and suitable for use in multimedia.
>http://www.iisi.co.jp/reserch/GCC-over.htm
>[Products using it, user-friendliness, etc.]
Good user interfaces and high speed are important, but not enough.
How strong is the cypher? Where is the academic research behind it?
What is the algorithm? Why should we trust it? Who else has tested it?
Other people have built cyphers based on chaotic systems, and found
they were weak when analyzed properly. Building good cryptosystems is
difficult.
The web page doesn't give any details about the algorithm,
except saying that it uses chaos and strange attractors,
uses variable-length keys, and has a structure that uses
XOR of the stream cypher with the plaintext.
It does say the algorithm has a 0-1 balance of 0.5/0.5
(which any good cryptosystems do) and has a medium-sized state space (2**96).
It claims that because it's a one-way stream cypher, that makes it
safe against chosen plaintext attacks. That's not true.
Choose a plaintext of all zeros, and that gives you the
output of the chaotic system which you can analyze for patterns.
If you know the structure of the chaotic system, you can
analyze the mathematics to see how to find the state space,
and how to find the future output from the current output and
the state space - if the algorithm is strong, this is difficult,
but if the algorithm is weak, this is easy. If you don't publish
the algorithm, nobody can prove that it's strong, and in the
world of cryptosystems, that means nobody will trust it,
because we know how weak many other strong-looking algorithms are.
Return to September 1997
Return to ““Nobuki Nakatuji” <bd1011@hotmail.com>”