From: nobody@REPLAY.COM (Anonymous)
Date: Thu, 25 Jun 1998 00:04:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Skipjack extensibility
Message-ID: <199806250705.JAA31711@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



NSA made a claim that Skipjack couldn't be extended past 80 bits of key. Most
plausible explanation to my mind is that they're lying. Second is that there is
an attack against a class of Skipjack-like ciphers that requires only a few
plaintexts and 2^80 operations. Third is that some common key-lengthening
tricks like those for 2-key-3DES, DES-X, and DEAL fail when applied to
Skipjack. I can hardly fathom one resistant to all three, but I guess it's
possible with NSA.

Seems to me that you could always figure out some construct so that no
practically-secure cipher with Skipjack's observable properties could evade
having its key lengthened with much probability. Or maybe not. IANAC.

Besides, it's impossible to make a cipher that can't be used to construct
constructs with bigger key lengths: Skipjack(cryptovariable, IDEA(key,
plaintext)) -- terminology jab intended -- provably has an effective key length
as long as IDEA's. Even if that is cheating...