[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Quor's cipher




[email protected] (Matt Ghio) writes:

> What about this:

> If (a+b)^(a0+b0) == 0, then the plaintext is the same as the ciphertext.
> This happens for one out of every 256 bytes.  Ordinarilly this isn't a
> problem, but if the key is reused, and there is no IV, it can leak a byte
> of plaintext.

> So it seems that you would need to change the key for each message, or at
> least use a random initialization vector.

How are you planning to detect which bytes are passed in this way ?
Chosen plaintext attacks would do it, and show where (a+b)^(a0+b0) == 0.
Looks like you've just doubled our progress.

If the key is reused with a different message I don't think there's a
weakness.  An IV is a good idea, but aren't we _attacking_ this thing ?

I've grabbed a few search-engine hits and not read them yet.  I'll be
looking for clues there.


--
##############################################################
# Antonomasia   [email protected]                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################