Comments on: Avalanche functions http://www.snell-pym.org.uk/archives/2005/07/04/avalanche-functions/ Sarah and Alaric Snell-Pym living in interesting times Tue, 06 Jan 2009 06:17:18 +0000 http://wordpress.org/?v=2.7 hourly 1 By: alaric http://www.snell-pym.org.uk/archives/2005/07/04/avalanche-functions/comment-page-1/#comment-36452 alaric Thu, 10 May 2007 16:30:23 +0000 http://snell-pym.org.uk/archives/2005/07/04/avalanche-functions/#comment-36452 <p>Yep - it's not a cryptosystem in itself (there's no key, for a start!). It's just a way of diffusing changes. There's certainly no advantage in multiple repetitions since it's self inverting...</p> <p>However, if you have a small fixed-block-size cipher with decent properties (eg, AES) and want to apply it to an arbitrarily sized block, you can apply it to each subblock in parallel, then diffuse dependencies by using the XOR avalanche function, then apply AES to each subblock once more, diffuse again, AES again. Three rounds of AES is certainly the minimum required for security, maybe more.</p> <p>Think of it as a mode rather than as a cipher ;-)</p> Yep - it's not a cryptosystem in itself (there's no key, for a start!). It's just a way of diffusing changes. There's certainly no advantage in multiple repetitions since it's self inverting...

However, if you have a small fixed-block-size cipher with decent properties (eg, AES) and want to apply it to an arbitrarily sized block, you can apply it to each subblock in parallel, then diffuse dependencies by using the XOR avalanche function, then apply AES to each subblock once more, diffuse again, AES again. Three rounds of AES is certainly the minimum required for security, maybe more.

Think of it as a mode rather than as a cipher ;-)

]]> By: Ketos http://www.snell-pym.org.uk/archives/2005/07/04/avalanche-functions/comment-page-1/#comment-36142 Ketos Tue, 08 May 2007 21:56:13 +0000 http://snell-pym.org.uk/archives/2005/07/04/avalanche-functions/#comment-36142 <p>This function really doesn't work very well. What has happened is that each output subblock is the input subblock XORed with the sum of all of the input subblocks. Hence you retain pattern: (I_i is the ith input block. O_i is the ith output block) O_i = I_1 + ... + I_i-1 + I_i+1 +... + I_n = = I_1 + ... + I_i-1 + I_i+1 +... + I_n + I_i + I_i because XORing twice makes no difference = Sum + I_i</p> <p>Hence O_i + O_j = Sum + I_i + Sum + I_j = I_i + I_j This property will be retained through multiple repetitions. For lots of data (esp. text or other structured stuff) these XOR differences let you reproduce the plaintext.</p> This function really doesn't work very well. What has happened is that each output subblock is the input subblock XORed with the sum of all of the input subblocks. Hence you retain pattern: (I_i is the ith input block. O_i is the ith output block) O_i = I_1 + ... + I_i-1 + I_i+1 +... + I_n = = I_1 + ... + I_i-1 + I_i+1 +... + I_n + I_i + I_i because XORing twice makes no difference = Sum + I_i

Hence O_i + O_j = Sum + I_i + Sum + I_j = I_i + I_j This property will be retained through multiple repetitions. For lots of data (esp. text or other structured stuff) these XOR differences let you reproduce the plaintext.

]]>