Re: advice sought on key/data histogram analysis of rijndael/128 and serpent

lkcl@lkcl.net wrote:
> the basic premise of the test i am performing is to pick an initial
> key with only one bit set, to encrypt some input data, to XOR in one
> bit
> into the output, then to use the output as the KEY for the next
> encrypt,
> repeat the process N times.
>
> the outputs from this process i am chaining together and performing a
> simple bit-count and statistical test to produce a p-value: the code
> is ripped wholesale from STS, using erfc().
>
> the STS bit-count test documentation notes two things: firstly, that
> you shouldn't attempt to test less than 100 bits (okay - so that means
> that if testing a 128-bit block cipher, we can test 1 block. hooray).
> secondly, that a p-value of less than 0.01 indicates a bit of a problem
> with your data. _especially_ if you end up with large numbers of <0.01
> p-values.

What is the output specifically? The entire block of ciphertext?
Pseudo code would help here. From what I see it's

1. key = 2^(rand() % 128)
2. for i = 0 to n do
2.1 out[i] = encrypt(SOMEDATA[i], key)
2.2 key = out[i] xor 2^(rand() % 128)

Well first off, 128^3 is only 2 million bits. You should be doing
testing on larger sample sets.

That said, changing one key bit should have a drastic effect on the
input even if SOMEDATA[i] = SOMEDATA[j] for all i != j. So the
observed output entropy should be fairly high for 16384 blocks.

Tom
Received on Mon Oct 17 20:48:35 2005