Earlier today some folks published a paper that claims the SIMON cipher from the NSA has been broken, at least for the 32/64 variant. I've spent the last hour reading the paper, https://eprint.iacr.org/2019/474.pdf , there's some really strange things in there ...
Me too, but this obviously isn't true for a trivial insecure crappy counter example, but it's made as a general statement. There's no need for a long-winded explanation to establish that there are birthday bounds for ciphertext collisions. And the explanation isn't even precise!
-
-
Thinking about it, I bet Y_i is the number of bins with non-zero count of balls and this is all just a really convoluted formalization of birthday bounds as you said
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Somehow they are assuming the map from K to E_K(P) is a random function, which I guess is a fine heuristic for a good cipher, but not sure it makes sense when attacking a specific one.
-
In principle, if it consistently doesn't hold for a specific one then you have a distinguisher, right?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.