1997-10-04 - Re: Quor’s cipher

Header Data

From: Antonomasia <ant@notatla.demon.co.uk>
To: cypherpunks@ssz.com
Message Hash: d29a54d861371635ed240e5912eb060b5ca11d30ff9a724e7bac947ed2314960
Message ID: <199710042151.WAA03454@notatla.demon.co.uk>
Reply To: N/A
UTC Datetime: 1997-10-04 23:01:35 UTC
Raw Date: Sun, 5 Oct 1997 07:01:35 +0800

Raw message

From: Antonomasia <ant@notatla.demon.co.uk>
Date: Sun, 5 Oct 1997 07:01:35 +0800
To: cypherpunks@ssz.com
Subject: Re: Quor's cipher
Message-ID: <199710042151.WAA03454@notatla.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



ghio@temp0126.myriad.ml.org (Matt Ghio) writes:

> What about this:

> If (a+b)^(a0+b0) == 0, then the plaintext is the same as the ciphertext.
> This happens for one out of every 256 bytes.  Ordinarilly this isn't a
> problem, but if the key is reused, and there is no IV, it can leak a byte
> of plaintext.

> So it seems that you would need to change the key for each message, or at
> least use a random initialization vector.

How are you planning to detect which bytes are passed in this way ?
Chosen plaintext attacks would do it, and show where (a+b)^(a0+b0) == 0.
Looks like you've just doubled our progress.

If the key is reused with a different message I don't think there's a
weakness.  An IV is a good idea, but aren't we _attacking_ this thing ?

I've grabbed a few search-engine hits and not read them yet.  I'll be
looking for clues there.


--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################






Thread