CRYPTO: Small cryptosystems

John K Clark (johnkc@well.com)
Mon, 30 Dec 1996 13:23:39 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Guru George: "MISC: Morphing"
Previous message: Anders Sandberg: "Re: old jokes revived (was: extropian humour)"
Next in thread: Eliezer Yudkowsky: "Re: CRYPTO: Small cryptosystems"
Maybe reply: Eliezer Yudkowsky: "Re: CRYPTO: Small cryptosystems"

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 29 Dec 1996 Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de> Wrote:

>I don't think that being small/neat are properties of good
>cryptoalgorithms.

There are two problems with messy crypto algorithms.

1) They tend to be slow. DES is extremely complex and extremely slow, a
serious problem if you want to encrypt a lot of data like video.

2) In an algorithm that is large, complex and messy, it's very easy to make a
blunder. When you add yet another wheel within a wheel you may think you're
making it more secure, but you may be doing the opposite, it's hard to
know how the change will react with all the other parts of a very messy
algorithm. You may have actually have created a small hole in the system
through which an attacker can extract a little piece of information,
information he shouldn't have, information he can use to expand the hole
until he can drive a truck through it.

You certainly want your crypto function to have an extremely complex output,
but that doesn't mean that the function itself must be complex. The very first
computer program I ever wrote had as its output what some have said is the
most complex object in mathematics, The Mandelbrot Set, yet It was easy and
just a few lines long, it only took me a few minutes to write and I didn't
know which way was up. Things are different now, I've purchased an up
indicator.

The IDEA algorithm is just the opposite of DES, it's small, fast and elegant,
yet is almost certainly more secure than DES. RC4 is incredibly simple,
yet is very nonlinear, has no cycles that anybody can find, and can be in
256!*256^2 states, that's about 2^1700. If RC4 has flaws it can't have many,
it's just too simple to hide more than a few, a complex algorithm has room to
hide tons of bugs because nobody understands very well how the damn thing
works.

John K Clark johnkc@well.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQCzAgUBMsg3On03wfSpid95AQEs8wTwpf+nf8XMEv38PGPQPo+A2q1WPZZjeZ+J
5xtQ9Q+mkZgyH6/jWV9RaWu8XA/LHG0TAm0S4Z3B/YF7eZx3JXkGJIEYTd/plLKJ
58FNbbr8q2mhMcG4v8hhBbqbHMxd2iTrGVKcbNkoMELIK50k3CQHwtoXhuVKhPh7
Sro0sREcfqKUVc9arg0V3sldU5iwYKdpVWnlqiyazsoTjKuBx5c=
=TtsP
-----END PGP SIGNATURE-----

Next message: Guru George: "MISC: Morphing"
Previous message: Anders Sandberg: "Re: old jokes revived (was: extropian humour)"
Next in thread: Eliezer Yudkowsky: "Re: CRYPTO: Small cryptosystems"
Maybe reply: Eliezer Yudkowsky: "Re: CRYPTO: Small cryptosystems"