[18175] in cryptography@c2.net mail archive
Re: Number of rounds needed for perfect Feistel?
daemon@ATHENA.MIT.EDU (Tim Dierks)
Fri Aug 12 16:25:53 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20050812191403.GA39884@pit.databus.com>
Date: Fri, 12 Aug 2005 15:53:10 -0400 (EDT)
From: "Tim Dierks" <tim@dierks.org>
To: "Barney Wolff" <barney@databus.com>
Cc: "Tim Dierks" <tim@dierks.org>, cryptography@metzdowd.com
Reply-To: tim@dierks.org
Barney Wolff wrote:
> On Fri, Aug 12, 2005 at 11:47:26AM -0400, Tim Dierks wrote:
>> I'm attempting to design a block cipher with an "odd" block size (34
>> bits). I'm planning to use a balanced Feistel structure with AES as the
>> function f(), padding the 17-bit input blocks to 128 bits with a pad
>> dependent on the round number, encrypting with a key, and extracting the
>> low 17 bits as the output of f().
>
> Pardon a dumb question, but how do you plan on avoiding collisions in
> the encrypted values, independent of the number of rounds? Seems to me
> that even if the 128-bit encryption is guaranteed to be 1-to-1 with the
> plaintext, there is no such guarantee on any subset of the 128 bits.
A Feistel network doesn't depend on lack of collision in f(). The Handbook
of Applied Cryptography,
http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdf describes it pretty
well.
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
