From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Date: Wed, 16 Dec 1998 04:13:03 +0800
To: cypherpunks@cyberpass.net
Subject: WEAK3-EX -- A Layman's 56-bit Data Encryption Algorithm
Message-ID: <3676B5B3.E37D80C@stud.uni-muenchen.de>
MIME-Version: 1.0
Content-Type: text/plain



In the previous products of my WEAK series of data encryption 
algorithms I have very strongly exploited the possibility of using 
arbitrarily long keys. Since this conflicts with the recent 
requirement of using 56-bit keys, a new program, WEAK3-EX, has been 
designed specifically for users that can only use 56-bit encryption 
keys. The design draws upon various techniques that have been 
accumulated in the course of the development of the previous WEAK3-E.

Besides employing constant length 56-bit keys, a new feature that is 
introduced in WEAK3-EX is a user choosable scaling factor for the
initialization time of the algorithm. Normally the initialization
time of crypto algorithms are small and is for obvious reasons to be
reduced as far as technically possible. In fact, the initialization
time of almost all known encryption algorithms is negligible compared
to the proper record processing time. Our algorithm, which contains
author's compound PRNG, is however an exception to the rule. For,
depending on the number of the constituent generators of the compound
PRNG used, this can under circumstances indeed attain a non-trivial
value. This is till present a necessary evil of our WEAK3-E which now
fortunately in the special case of key length restriction (with the
obvious accompanying unfavourable strength reduction effect) can be
turned into a virtue of our new WEAK3-EX. In fact, if the (variable) 
parameters to be chosen by the user (in particular the number of rounds)
of our algorithm are adequate, brute force would be the only feasible
method of attack. Now the average time for brute force is equal to the
time of running a single encryption/decryption process multiplied by
one half of the size of the key space. If the initialization time of the
algorithm is increased, the time for brute forcing correspondingly
increases so that through suitable choice of the said scaling factor it
can reach practically infeasible value for analysis without however
on the other hand rendering the total processing time of the user 
(which of course also augments) to amounts entirely inacceptable for 
him. (The multiplying factor of one half of the key space is the 
leverage we exploit here.)

Technically, the scaling factor determines the number of pseudo-random
numbers retrieved from the shuffling buffer (of Bays and Duncan) that
are to be combined into one pseudo-random number through the addition
mod 1 operation (device of Wichmann and Hill) for subsequent
utilization in building up the constituent generators of author's
compound PRNG. The larger the scaling factor, the longer it will take
to build up the compound PRNG.

The multiple-seed standard PRNG employed in WEAK3-E is abandoned in
WEAK3-EX in order to comply with the 56-bit key restriction. In
its place is a standard PRNG that consists of two internal (single-seed)
PRNGs which are activated alternatingly and which each accepts a seed
of 28 bits, totalling 56 bits.

An implementation in Fortran 90 is given in

     http://www.stud.uni-muenchen.de/~mok-kong.shen/#paper13

Both source and a binary executable file for PC can be downloaded via
my main Web page.

I wish to thank CWL and ZFS for suggesting the use of the scaling
factor.

Constructive critiques, comments and suggestions for improvements are
sincerely solicited.

M. K. Shen


P.S. For space and obvious reasons, I plan to remove the code and
binaries of WEAK1, WEAK2, WEAK3 and WEAK3-E from my Web page this
Friday, leaving in future WEAK3-EX the single encryption software
accessible.