|
|
|
|
|
|
by owenmarshall
2239 days ago
|
|
|
> Because they are known in advance That's the point. The stated design - which I haven't reviewed in depth, but let's roll with it - is predicated on the use of a random s-box. Their goal is to have half zeros, half ones. That strikes me as strange, because my understanding is that confusion typically comes from balancing output bits for any given input bit. But fine, we'll take it. I'm willing to bet the first 2^13 digits of pi are as balanced as any random number you use to bootstrap this thing. FWIW, AIUI, totally random S-boxes typically give great non-linearity but perform poorly against differential cryptography. I'd bet that if anyone tested this one out that's where it would fail. |
|
|