[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Skipjack extensibility




NSA made a claim that Skipjack couldn't be extended past 80 bits of key. Most
plausible explanation to my mind is that they're lying. Second is that there is
an attack against a class of Skipjack-like ciphers that requires only a few
plaintexts and 2^80 operations. Third is that some common key-lengthening
tricks like those for 2-key-3DES, DES-X, and DEAL fail when applied to
Skipjack. I can hardly fathom one resistant to all three, but I guess it's
possible with NSA.

Seems to me that you could always figure out some construct so that no
practically-secure cipher with Skipjack's observable properties could evade
having its key lengthened with much probability. Or maybe not. IANAC.

Besides, it's impossible to make a cipher that can't be used to construct
constructs with bigger key lengths: Skipjack(cryptovariable, IDEA(key,
plaintext)) -- terminology jab intended -- provably has an effective key length
as long as IDEA's. Even if that is cheating...