Earlier today some folks published a paper that claims the SIMON cipher from the NSA has been broken, at least for the 32/64 variant. I've spent the last hour reading the paper, https://eprint.iacr.org/2019/474.pdf , there's some really strange things in there ...
-
-
There is no value of x that equals 2^x. Maybe it's a weird say that by 'size' they mean the size in bits, which has 2^size number of possibilities, but anyway, it's weird. That's just the first weird thing ...pic.twitter.com/LKsE40n4Px
Show this thread -
1 and 2 make a sort of sense. 3 is just ... wut. It's like defining a Function where keys can be mapped directly to cipher texts? The next section makes it seem like some kind of trial of all keys ...pic.twitter.com/9THIjP1rIr
Show this thread -
The next section is basically the Chewbacca defense. Focus on Yi. There is no other mention of Yi in this paper. Is it a typo? Was it meant to be Xi? If so ... Xi is uniformly distributed, it says so right above, not binomially.pic.twitter.com/JHYdE6QJzT
Show this thread -
Is this next bit basically saying that if the key size and the block size are the same, then some keys must produce identical cipher texts? Under what conditions? Obviously this is not true of a crappy block cipher that just uses the key directly as the cipher block!pic.twitter.com/omzm3BvcBJ
Show this thread -
-
O.k. so https://www.gutenberg.org/cache/epub/10/pg10.txt … is 4,452,069 bytes long, that's 556,509 64-bit blocks. Should there really be some kind of analysis of Birthday bounds?pic.twitter.com/5y4ClVDcU3
Show this thread -
There's a few other typos, it says 54-bits in one place, for example. My point with these weirdnesses isn't that they are flat-out wrong, it's that they are imprecise and missing links, and if you just broke an encryption algorithm, it's not helpful to convince the reader!
Show this thread -
Btw "Alba" is just the Scottish Gaelic word for "Scotland" ... so Alba3 means "Scotland 3". The authors claim to be in Edinburgh, but they use "ize" suffixes throughout, like "optimize".
Show this thread
End of conversation
New conversation -
-
-
The two Cs aren't the same -- the first is \mathcal{C} and the second is regular C. Later on it's explained that |C| is the ciphertext size, and \mathcal{C} is defined to be the "ciphertext space". Not sure about the other stuff, though.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
That is a subtley different type-face for the 2^|C|. The big C is the set of all ciphertexts. The littler C is (I think) a variable representing some particular ciphertext, so |C| in that case is the bitlength of the block cipher output. Not at all clear though.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.