[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptanalysis of S-1



[email protected] writes:
> Further we have a concrete design principle: the per-round sub-keys
> should not repeat.

Right.  In fact, this design principle has been known for a long time:
the earliest reference I know of is

@inproceedings{subkeys-important,
        author = {Edna K. Grossman and Bryant Tuckerman},
        title = {Analysis of a Weakened {Feistel}-like Cipher},
        booktitle = {1978 International Conference on Communications},
        pages = {46.3.1--46.3.5},
        publisher = {Alger Press Limited},
        year = {1978},
        annote = {Feistel ciphers with identical subkeys in each round
                        are very weak}
}

-------------------------------------------------------------------------------
David Wagner                                             [email protected]