Thursday, December 11, 2014

[sgtynumo] Tweaks known to weaken a cipher

When specifying a cipher, perhaps for a competition like AES, the submitter should enumerate tweaks to the cipher that are known to weaken it, especially tweaks that might be tempting but cause counterintuitive or non-obvious weaknesses.  Other cryptanalysts can discover other such bad tweaks.

All this is a radical departure from current practice which seems to encourage ignorance about why a cipher is constructed the way it is, and implementors are strongly encouraged not to modify a cipher from its accepted design.  An attitude of contempt seems to have become acceptable toward implementers making ad hoc modifications to a cipher: you're an idiot, and you're on your own with regards to cryptanalysis of your modified version.  This contempt may also be connected to cults of personality around cipher designers.  Such an atmosphere is toxic.  Modifying a cipher to suit the needs of a given application is a worthwhile goal, so knowing what modifications are safe or unsafe is something the community should facilitate.

No comments :