Talk:Topics in cryptography
|
Contents |
accuracy problem
Some of the items on this page don't match their catagories. Thus Engima is/was not a stream cypher, but a polyaphabetic substitution cypher. I've changed some of these, but much remains. New categories are needed as well. JN-25 is an historically important crypto system, but is a superencyphered code, akin to some of the Royal Navy Cyphers in the interwar period. Some thought needs to be devoted to cleaning this up, for the potential for confusion amongst readers is high in an obscure technical field.
Help please.
ww
Enigma is stream cypher or Engima <> stream cypher
In a message on ww:Talk, Securiger asks why Enigma is not a stream cypher (see above). Informally, the answer is that Enigma machines are mechanical substitution cyphers in which (given a particular state of the machine -- the states being 'alphabetical' relations between some substitution alphabet and plaintext characters) some cyphertext letter is substituted for another. Some Enigma models did this more than once (the stecker arrangements were a 'fixed' substitution cypher for any given ground setting). Whereupon, the state of the machine changed (in most of the Enigma models) and the same input letter would be substituted with different output letter from a new substitution alphabet.
In a stream cypher, some key stream (for our purposes just now it doesn't matter how generated) combined (bit by bit, or nybble by nybble, or byte by byte) with the plaintext stream. No such key stream is used in any of the Engimas.
The Engimas were essentially really complex Alberti polyalphabetic cyphers, with some additions in some models. And, overall, pretty good ones too.
Does this make the reasoning clear?
ww
- Ww, it seems to me that your definition is narrower than usual usage today. To make the distinction, the type to which you refer are sometimes called keystream, CSPRNG or XOR stream ciphers. These invest all their complexity in producing a complex keystream, then have a relatively simple combiner function to combine it with the plaintext. But there are also ciphers like WAKE and the PKZip cipher, which everyone seems happy to call stream ciphers. In these, some state function changes the process of the plaintext with every elementary symbol enciphered; nevertheless, they encipher one elementary symbol per operation, and are considered to be stream ciphers. The distinction is more semantic than anything, in that it easily blurs at the edges. For example, imagine a proto-rotor machine with only one rotor. Its next state function is a simple counter mod 26, and its combiner function is a simple tableau (albeit a scrambled one). Now we can imagine two simple ways to improve this cipher. One way would be to keep the counter (but increased to mod 676, and so on) and make the combiner more complex by adding more rotors, maybe some fixed permutations, and so. Pretty soon we have a typical rotor machine. Alternatively, we could leave just one rotor but provide a next state function more complex than a counter; we end up with a keystream generator with a simple combiner - a stream cipher as defined above. But then we can mix both ideas and come up with ideas like SIGABA. And in any case, more links are always better! Securiger 12:34, 1 Mar 2004 (UTC)
- Securiger,
- It's possible to sufficiently abstractly define cypher classes in such a way that a block cypher (in an example from Schneier) like Skipjack is rather like a stream cypher in detailed approach. Schneier thought the NSA stream cypher tradition was permeating even its block cypher designs.
- From a sufficiently abstract perspective, you are certainly correct in your observation. And indeed, at some sufficiently abstract level most cyphers would, presumably, be stream cyphers, (or alternatively) block cyphers, I suppose. But that perspective of limited use in this (non-specialist) context, and is more likely to cause confusion than assist in dispelling it. The more concrete a distinction, the more accessible to a less than specialist audience. Hence my reliance on a definition less abstract than what may be currently used in some circles.
- Can you suggest a way to cover crypto in the WP in such a way as to do injustice neither to (general) reader comprehension nor to specialist perspectives? I have been unable to find satisfactory ones (or indeed any) in some years of writing on the topic. I have resolved the problem to "worry more about reader comprehension and clarity than specialist perspective". Help would be appreciated, anc comment would be interesting. Don't hold back.
- ww
esoteric construct?
This may be more esoteric than is necessary to accomodate, but my memory suggests that there are several ways to build block cyphers, not all of which use symmetric keys. A block cypher built using, for instance, RSA, might be impractically slow, but would be possible I seem to remember. First is my memory of theoretical constructs (admittedly dim at this moment) correct, and second, should this be noted here as a possibility. Perhaps, as I began, it may be too esoteric a point. On the other hand, accuracy is a Good Thing, so... ww
- Schneier defines block ciphers to be a subclass of symmetric ciphers, so RSA proper would be excluded. You could coerce RSA (or any asymmetric cipher) into behaving as a symmetric cipher, though: just make the shared key be the public key / private key pair. As you note, noone does this in practice because RSA et al. are dog slow; if you don't need public key, you might as well use a fast symmetric primitive. So real world block ciphers are all bit-twiddly things like DES, without exception, it would seem. I think most people in practice use "block cipher" to mean "DES-like thing", rather than the more general textbook definitions of "something which operates on a block". Matt 17:11, 17 Mar 2004 (UTC)
- Let's leave it so then. What is my memory telling me?? Ah well, the glories of unreliable wetware.... ww
typo & weird names/humour??
Matt, Thanks for catching the sneferu typo. I've had digital discussions with my fingers numerous times, but... ww
- Ah, no problem; why can't cryptographers give their designs nice, reasonable names? Snefru is better than Snafu, at any rate...! — Matt 17:00, 23 Mar 2004 (UTC)
- Matt, It's an amusement thing, I'm confident. Donnish humor or something like it. See the entry on magic in the Jargon file for a particularly amusing instance. As for choosing Snefru, I'm also reasonably confident that the resemblance to snafu is not unconnected. (reasonable / unreasonable) = (tasty / non tasty).
- We have an instance in your recent edit at the cryptographer list. The intro noted that home pages would be given when known (and we can discuss why -- or why not -- that was included), and in several of the medieval entries, I noted explicitly that there is no home page. Same sort of harmless humor, of which you disapprove I gather. Do you like limericks, or maybe puns, or knock knock jokes, or ... instead? You certainly hastened to correct an unintended pun recently. I take the position, with Douglas Adams, that it's "mostly harmless". ww 18:39, 23 Mar 2004 (UTC)
- --> Reply at Talk:List of cryptographers, — Matt 19:42, 23 Mar 2004 (UTC)
Magenta not AES finalist?
Matt, Just off the top of my head, I seem to remember that Magenta was broken at the first (or maybe second) AES conference and never became a finalist. Are you sure? ww 17:28, 15 Apr 2004 (UTC)
- Didn't make it past the first round; my brain was on auto cut and paste .... — Matt 17:32, 15 Apr 2004 (UTC)