Secure ciphersuite from security-wise sub-optimal unkeyed permutation?

DannyNiu

4/14/24, 8:49 AM

Hypothetically,

IF we were to create a SSL/TLS or QUIC ciphersuite from a single (unkeyed) permutation operating in sponge mode to provide hashing and duplex mode to provide AEAD cipher,
AND IF the permutation is wide enough, and the capacity in both modes are large enough,
THEN, to what extent can capacity make-up for mathematical weakness in the permutation? AND by how much?

The inspiration was that, the permutation fully mix up all bits in its linear layers, but isn't as non-linear enough to deter linearization. This way, the security of the whole construction would be more dependent on the part of the permutation state not controlled by the adversary. Other diffusion and confusion weaknesses are also my concern.

0 + 2

permutation

cryptanalysis

authenticated-encryption

ciphersuite

poncho

4/14/24, 4:23 PM

I imagine that the answer would depend somewhat on the nature of the 'mathematical weakness' we're talking about...

DannyNiu

4/15/24, 3:16 AM

@poncho Added details.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Secure ciphersuite from security-wise sub-optimal unkeyed permutation?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.