mrtg
+ Reply to Thread
Results 1 to 3 of 3

Thread: cryptanalysis of blowfish

  1. #1
    Join Date
    Jun 2001
    Posts
    398

    cryptanalysis of blowfish

    hi,

    PRNG-Pseudo random number generators
    PRNG's -will- repeat in one of these two ways. RNG's will
    repeat
    strictly speakin only for small k-distributions of characters. The
    smaller
    the better.

    As to the second, pi has lots of examples of repeats (visit the
    Pi
    page and see for yourself) at different k-distribution scales. What pi
    won't do is repeat the entire sequence; **4*5*...........**4*5*...

    If it did that would make it rational (eg 66666 or
    *28*28*28*28...*28...).

    Not the same thing at all.
    I wonder how long the blow fish will stay secure.
    Its P-array can be obtained with 2^(8*r+*) chosen plain text attack.(The reference to it is hard to get as the paper on cryptanalysis of blow fish was not as such released.)

    where r indicate rounds.
    For blow fish r=*6
    A large corprate is certainly going to obtain the p-array used.

    Another idea which doesn't look good is using strings from the pi for the initial p-array & 4 s-boxes.

    The problem is thiugh pi is irrational(non-repeating non-terminating) u cant determine the degree of randomness of the strings of pi over a certain digit of numbers.
    Say pi=*.*4*5...
    IF i choose the *st 4 decimals of pi *,4,*,5 for ur p-box,it will have a certain degree of randomness,for a different set of decimals of pi it will have a different degree of randomness.
    We would need to use those with low K-Distribution
    More over since the S-Boxes & P-array are generated using the blow fish algorithm by encrypting 0 vectors,it doesn't have the strength the conventional des S-Boxes have.
    No S-BOX design criteria is met.
    By using a pseudo RNG or RNG -to create the S-Box does not mean the design criteria for S-Box is met and makes the S-Box weak.
    More over since the p array is easily obtained as earlier mentioned-I really doubt how wise it is actually continue with *6 rounds of the blow fish


    Data.
    Last edited by DATA; 05-07-2002 at 09:44 AM.

  2. #2
    Unreggie Guest

    Thumbs up HI DATA

    I don't understand a word you wrote but am convinced you know what you're talking about :-) What is your opinion of twofish?

  3. #3
    Join Date
    Jun 2001
    Posts
    398
    HI unreggie,

    the 2 fish is pretty secure algorithm.
    First let me say that I,m no expert cryptographer and my opinion doesn,t count.
    The 2 fish was a finalist contestent for (AES)-Advanced Encryption Standards.

    here is a good reading
    [url]www.cs.virginia.edu/~evans/cs588/lectures/lecture6.pdf[/url]

    read page 6 & 7 escpecially.

    page 6 says that mathametical constants have good pseudo random distribytion which is not always true.

    See page 7-even they agree the s-boxes are not secure.

    For the time neither blow fish or 2 fish has been known to be broken in public to its full number of rounds.


    The encryption scheme that no * can break is called the "one time pad"
    the security of one time pads lies on the pseudo random number generated for it.

    Although u may claim it is impossible to generate true random numbers(I agree with that) but our purpose can be acheived through cryptographically secure pseudo random number generators).

    u might say since a computer is a finite state machine-it is not a good idea to generate pseudo random numbers from a computer but this is not true.
    Though it is a finite state machine we can obtain large numbers of pseudo random numbers which repeat only over a very large period which is enough for practically application.
    This not the only criterian-there are methods to distill randomness and de-skewing.
    a good reading is

    [url]http://www.ietf.org/rfc/rfc*750.txt[/url]

    Regards Data.
    Last edited by DATA; 05-09-2002 at 03:14 AM.

+ Reply to Thread

Similar Threads

  1. help With 256 bit BLOWFISH block cipher ??????
    By Mat Lampitt in forum Security & Encryption
    Replies: 1
    Last Post: 05-16-2008, 01:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts