Earlier today some folks published a paper that claims the SIMON cipher from the NSA has been broken, at least for the 32/64 variant. I've spent the last hour reading the paper, https://eprint.iacr.org/2019/474.pdf , there's some really strange things in there ...
-
Show this thread
-
Regular math notation doesn't work like this ...pic.twitter.com/Q7phjd5CXW
4 replies 0 retweets 1 likeShow this thread -
There is no value of x that equals 2^x. Maybe it's a weird say that by 'size' they mean the size in bits, which has 2^size number of possibilities, but anyway, it's weird. That's just the first weird thing ...pic.twitter.com/LKsE40n4Px
3 replies 0 retweets 4 likesShow this thread -
1 and 2 make a sort of sense. 3 is just ... wut. It's like defining a Function where keys can be mapped directly to cipher texts? The next section makes it seem like some kind of trial of all keys ...pic.twitter.com/9THIjP1rIr
3 replies 0 retweets 2 likesShow this thread -
The next section is basically the Chewbacca defense. Focus on Yi. There is no other mention of Yi in this paper. Is it a typo? Was it meant to be Xi? If so ... Xi is uniformly distributed, it says so right above, not binomially.pic.twitter.com/JHYdE6QJzT
2 replies 0 retweets 1 likeShow this thread -
Is this next bit basically saying that if the key size and the block size are the same, then some keys must produce identical cipher texts? Under what conditions? Obviously this is not true of a crappy block cipher that just uses the key directly as the cipher block!pic.twitter.com/omzm3BvcBJ
4 replies 0 retweets 3 likesShow this thread -
-
Replying to @BenLaurie @colmmacc
This number comes up quite a lot - its also how much a hash function contracts on each iteration. Probably for the same reason (too lazy to think about it right now). Perhaps unsurprisingly it is 1 - 1/e. :-)
1 reply 0 retweets 1 like -
Replying to @BenLaurie @colmmacc
I lack context here, but it should hold for an ideal cipher. Basic problem is that given a fixed plaintext block P, then if you sample N random permutations (cipher keys), there is a non-zero chance that at least two permutations will collide on P.
1 reply 0 retweets 0 likes -
So if N <= then the number of possible outputs, these collisions mean that you won’t get some possible outputs, even if you go through all N keys.
1 reply 0 retweets 0 likes
This seems basic to me, same underlying reason why gcm tags can collide, it’s the weird error ridden imprecise way of getting to it I find weird.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.