CRYPTO: Small cryptosystems

John K Clark (
Mon, 30 Dec 1996 13:23:39 -0800 (PST)


On Sun, 29 Dec 1996 Eugene Leitl <> Wrote:

>I don't think that being small/neat are properties of good

There are two problems with messy crypto algorithms.

1) They tend to be slow. DES is extremely complex and extremely slow, a
serious problem if you want to encrypt a lot of data like video.

2) In an algorithm that is large, complex and messy, it's very easy to make a
blunder. When you add yet another wheel within a wheel you may think you're
making it more secure, but you may be doing the opposite, it's hard to
know how the change will react with all the other parts of a very messy
algorithm. You may have actually have created a small hole in the system
through which an attacker can extract a little piece of information,
information he shouldn't have, information he can use to expand the hole
until he can drive a truck through it.

You certainly want your crypto function to have an extremely complex output,
but that doesn't mean that the function itself must be complex. The very first
computer program I ever wrote had as its output what some have said is the
most complex object in mathematics, The Mandelbrot Set, yet It was easy and
just a few lines long, it only took me a few minutes to write and I didn't
know which way was up. Things are different now, I've purchased an up

The IDEA algorithm is just the opposite of DES, it's small, fast and elegant,
yet is almost certainly more secure than DES. RC4 is incredibly simple,
yet is very nonlinear, has no cycles that anybody can find, and can be in
256!*256^2 states, that's about 2^1700. If RC4 has flaws it can't have many,
it's just too simple to hide more than a few, a complex algorithm has room to
hide tons of bugs because nobody understands very well how the damn thing

John K Clark

Version: 2.6.i