2010-02-18

designing/certifying an encryption algorithm

[sometimes I write emails that are pedagogic enough that I like to blog the main points of it for my future quick reference].

Dear [elided],

Designing a crypto algorithm is not easy.  There's a saying in the crypto world: "anyone can create an algorithm that he himself cannot break".  The point is to design it so that no one else can break it.

Which brings us to certifying someone else's algorithm...  Certifying an encryption algorithm is not easy either.  In fact, it is never done by a single individual, but by a large, public, peer review process.  NIST spent more than 3 years from initial proposal to final selection of AES (see http://csrc.nist.gov/archive/aes/index2.html#overview ).

An honest cryptographer or a conscientious security analyst will refuse to design or certify any crypto algorithm on his personal say so.  That's just not the way things work in the crypto world.  If you want to know how many facets there are to actual cryptanalysis, and how much deep mathematics is involved in doing a good job of analysing a cipher, skim through section 6 of http://www.schneier.com/paper-self-study.pdf .  Once that has suitably scared you, read section 7 ("Conclusion", page 15) properly.  It's just 2 paras :-)

A more well known page, for someone wanting to become a cryptographer, is http://www.schneier.com/crypto-gram-9910.html#SoYouWanttobeaCryptographer

And finally, I just love this one: http://www.schneier.com/crypto-gram-9902.html#snakeoil!

Now, I realise that all 3 of my referenced links come from the same guy, but that's Bruce Schneier -- he writes well, and is willing to descend to the level of mere mortals like you and me to say what he needs to say in a way that we can understand it!

To come back to your problem, therefore, I'd be more comfortable trying my damnedest to fit TEA (or XTEA, or XXTEA) into the platform you're constrained to use, than try to design a new algorithm that is smaller than those *and* is secure enough for me (or TCS) to stand behind it.

Regards,

Sita

No comments: