Author: Chris SteeleChris Steele
Date: Jul 23, 2008 04:57
I am currently going through the Schneier self-study course, and have
managed now to break several of the recommended early breaks.
However, I am learning enough to know that there are some big holes in
my basic technique that I should be patching. The biggest of these is
in characteristic determination.
To be sure, one can make some intelligent guesses as to some emergent
characteristics just after reading the algorithm description (ie, the
1-round characteristic with p=1 in DES pops right out at you), but for
the more complicated ones, I'm confident that there is a method better
than a kind of linear cryptanalysis -- examining the relationship
between every possible plaintext under every possible key (in fact, if
you do this once you will never need it, even if it completed, due to
just being able to look up the plaintext/ciphertext combination).
I have been reading some of the papers on differential cryptanalysis,
including Biham and Shamir, but they tend to present cryptanalysis
with the characteristic more as a given and then discuss determining
right pairs to meet said characteristic, which is only helpful if you
are trying to extend or reproduce their attacks, not create new ones.
| 
